VeryVote A Voter Verifiable Code Voting System - PowerPoint PPT Presentation

About This Presentation
Title:

VeryVote A Voter Verifiable Code Voting System

Description:

Dino KAI. After the election end: ... Dino KAI. The APP 'cannot' modify the voter's choice because it does not know the vote codes. ... Dino KAI ... – PowerPoint PPT presentation

Number of Views:46
Avg rating:3.0/5.0
Slides: 19
Provided by: Rui58
Category:

less

Transcript and Presenter's Notes

Title: VeryVote A Voter Verifiable Code Voting System


1
VeryVoteA Voter Verifiable Code Voting System
  • Rui Joaquim rjoaquim_at_cc.isel.ipl.pt
    (INESC-ID \ ISEL)
  • Carlos Ribeiro carlos.ribeiro_at_ist.utl.pt
    (INESC-ID \ IST)
  • Paulo Ferreira paulo.ferreira_at_inesc-is.pt
    (INESC-ID \ IST)

2
Introduction
  • VeryVote is an Internet voting system.
  • Internet voting
  • () brings more convenience to voters, allowing
    to vote from anywhere with an Internet
    connection.
  • () suffers from the secure platform problem.
  • The client platform is not controlled nor
    trustworthy.
  • How to guarantee the election integrity in this
    setup?
  • () vote buying and coercion issues inherent to
    remote voting.

3
VeryVote Overview
  • VeryVote addresses the secure platform problem.
  • VeryVote uses a code voting approach.
  • Prevents the misbehavior of the not trusted
    client platform.
  • However, it does not provide mechanisms to
    verify if the vote is counted as intended by the
    voter.
  • VeryVote vote protocol is a fusion between a
    generic code voting protocol and the MarkPledge
    technique.
  • Cast-as-intended voter verification.
  • Universal count-as-cast verification.

end-to-end verifiability.
4
The Problem
Voter
Vote A
Vote A
Tally
Thank you!
Thank you!
A
B
Vote B
APP
Voters PC
5
Generic Code Voting Approach
Voter
Code Sheet Vote codes A 3WQ B M8W C
WAM Confirmation code JRF
3WQ
Tally
JRF
A
B
  • How we can verify the tally?
  • Publishing the received vote codes and associated
    candidates.
  • Each voter can verify her vote.
  • Anyone can do the vote count.
  • But, the voter cannot correct her vote. The
    election tally is already published!!!
  • Is there a better way?
  • Yes, VeryVote.

APP
Voters PC
6
MarkPledge Overview
  • MarkPledge is a cut-and-choose technique proposed
    to provide cast-as-intended verification to poll
    station voting, and works based on two functions
    BitEnc(b) and OpenBitEnc(BitEnc(b), challenge).
  • BitEnc(0)
  • BitEnc(1)

A3C 53W 8F9 324 SQ1 DHJ IPS E9F 287 KJL FXC ZPT
JRF JRF JRF JRF JRF JRF JRF JRF JRF JRF JRF JRF
encrypted value
7
MarkPledge Overview
  • MarkPledge is a cut-and-choose technique proposed
    to provide cast-as-intended verification to poll
    station voting, and works based on two functions
    BitEnc(b) and OpenBitEnc(BitEnc(b), challenge).
  • BitEnc(0)
  • BitEnc(1)
  • OpenBitEnc( BitEnc(0), c1 ) SQ1
  • OpenBitEnc( BitEnc(1), c1 ) JRF

A3C 53W 8F9 324 SQ1 DHJ IPS E9F 287 KJL FXC ZPT
JRF JRF JRF JRF JRF JRF JRF JRF JRF JRF JRF JRF
encrypted value
c1
decrypted value
8
MarkPledge Overview
  • MarkPledge is a cut-and-choose technique proposed
    to provide cast-as-intended verification to poll
    station voting, and works based on two functions
    BitEnc(b) and OpenBitEnc(BitEnc(b), challenge).
  • BitEnc(0)
  • BitEnc(1)
  • OpenBitEnc( BitEnc(0), c1 ) SQ1 OpenBitEnc(
    BitEnc(0), c2 ) IPS
  • OpenBitEnc( BitEnc(1), c1 ) JRF OpenBitEnc(
    BitEnc(1), c2 ) JRF

A3C 53W 8F9 324 SQ1 DHJ IPS E9F 287 KJL FXC ZPT
JRF JRF JRF JRF JRF JRF JRF JRF JRF JRF JRF JRF
encrypted value
c2
c1
decrypted value
9
MarkPledge Overview
  • MarkPledge is a cut-and-choose technique proposed
    to provide cast-as-intended verification to poll
    station voting, and works based on two functions
    BitEnc(b) and OpenBitEnc(BitEnc(b), challenge).
  • BitEnc(0)
  • BitEnc(1)
  • OpenBitEnc( BitEnc(0), c2 ) IPS
  • OpenBitEnc( BitEnc(1), c2 ) JRF

A3C 53W 8F9 324 SQ1 DHJ IPS E9F 287 KJL FXC ZPT
JRF JRF JRF JRF JRF JRF JRF JRF JRF JRF JRF JRF
encrypted value
c2
decrypted value
10
MarkPledge Vote/Receipt VerificationPoll station
voting (inside the voting booth)
Printer
Voter
Vote Machine
JRF
Random challenge (c)
Bob
Commit to c
MarkPledge Vote/Receipt MarkPledge Vote/Receipt MarkPledge Vote/Receipt MarkPledge Vote/Receipt
Candidates Vote Encryption (BitEnc) Vote Encryption (BitEnc) Vote Receipt (OpenBitEnc)
Alice
Bob
Charles
Dino

BitEnc(0)
BitEnc(1)JRF
BitEnc(0)
BitEnc(0)
W3E
JRF
R59
KMZ
  • After the election end
  • The Vote Machine publishes the MarkPledge
    vote/receipts.
  • External organizations verify the correctness of
    the published data.
  • The voter verify her receipt (and correct her
    vote if necessary).
  • The votes are tallied using a protocol with
    counted-as-cast verification.

Challenge c
11
Building Blocks And VeryVote Protocol Overview
Generic code voting MarkPledge VeryVote
Verifiability / Election integrity Prevents APP vote manipulations. Election server can manipulate the tally. End-to-end verifiable.
Voter interaction (while voting) Simple Only one input. Tricky 3 inputs (total). 2 non trivial inputs. Step order must be respected. Requires a printer while voting.
End-to-end verifiable.
Simple Only one input.
12
Election Preparation
  • A set of trustees create a threshold shared
    election key pair.
  • The Election Server (ES) pre-computes and commits
    to the votes to be used in the election.
  • The BitEnc(b) constructions are built using the
    election public key.
  • The code sheets are created and associated to a
    pre-computed vote.
  • The confirmation code is the value encrypted in
    the elements of the BitEnc(1) construction.

Pre-computed Vote BitEnc(0) BitEnc(0) BitEnc(1)JR
F BitEnc(0)
Code Sheet Vote codes Alice 3WQ Bob
M8W Charles WAM Dino QGH Confirmation
code JRF
13
Election Preparation
  • The code sheets are distributed to the voters
  • Anonymous distribution
  • ES does not know who the voters are (more
    privacy guarantees).
  • Allows the ES to add votes for the voters that
    did not vote.
  • Non anonymous distribution
  • Easier distribution process.
  • Prevents or makes detectable the addition of
    votes.
  • The ES knows who voted for who.
  • Just before the election, the trustees create and
    announce a Shared Random Election Value (SREV)
  • The SREV value is not known at the creation time
    of the pre-computed votes.
  • The SREV will be used as a random source in the
    challenge generation process.

14
VeryVote Vote Protocol
Voter
Code Sheet Vote codes Alice 3WQ Bob
M8W Charles WAM Dino QGH Confirmation
code JRF
Vote Receipt Alice JRF Bob I5W Charles
JCU Dino KAI
3WQ
Pre-computed Vote BitEnc(0) BitEnc(0) BitEnc(1)JR
F BitEnc(0)
  • After the election end
  • The ES publishes all the pre-computed votes and
    corresponding Final Votes and receipts.
  • The trustees verify the correctness of the
    published data.
  • The voters confirm their receipts with the
    verified receipts. If any error is detected they
    make correct vote, because the election tally is
    not yet published.
  • After the claiming stage, the votes are
    anonymized by a mix net and decrypted by the
    trustees.

Final Vote BitEnc(1)JRF BitEnc(0) BitEnc(0) BitEn
c(0)
APP
Voters PC
challenge hash( , SREV)
15
VeryVote Integrity Quick analysis
Voter
Code Sheet Vote codes Alice 3WQ Bob
M8W Charles WAM Dino QGH Confirmation
code JRF
Vote Receipt Alice JRF Bob I5W Charles
JCU Dino KAI
Pre-computed Vote BitEnc(0) BitEnc(0) BitEnc(1)JR
F BitEnc(0)
3WQ
  • The APP cannot modify the voters choice
    because it does not know the vote codes.
  • The ES cannot modify the voters choice because
    the process changes the vote receipt.

Final Vote BitEnc(1)JRF BitEnc(0) BitEnc(0) BitEn
c(0)
APP
Voters PC
challenge hash( , SREV)
16
VeryVote Integrity Quick analysis
Voter
Code Sheet Vote codes Alice 3WQ Bob
M8W Charles WAM Dino QGH Confirmation
code KJE
Vote Receipt Alice KJE Bob JRF Charles
JCU Dino KAI
Pre-computed Vote BitEnc(0) BitEnc(0) BitEnc(1)JR
F BitEnc(0)
3WQ
  • The ES can create a fake receipt if it can find
    the right permutation of the BitEnc(b) values.
  • The probability of this happening is
    approximately
  • P1 n! / CC
  • This probability can be made constant if we
    generate the challenge from the Pre-Computed
    Vote.
  • P2 (n 1) / CC

Final Vote BitEnc(0) BitEnc(1)JRF BitEnc(0) BitEn
c(0)
APP
Voters PC
challenge hash( , SREV)
17
Conclusions
  • VeryVote provides end-to-end verifiability in the
    Internet voting scenario.
  • The voter can privately verify and correct her
    vote before the tally publication.
  • The tally process is verifiable.
  • VeryVote successfully addresses one of the most
    important problems of remote electronic voting.
  • The secure platform problem.
  • VeryVote has a simple voter interaction, and
    therefore is very appealing for real use.
  • To the eyes of the voter, the VeryVote protocol
    is very similar to a generic code voting
    protocol.
  • VeryVote do not offer any special protection
    against vote buying and coercion.
  • It suffer from the problems of traditional remote
    voting systems, e.g. postal voting.
  • The verification mechanisms of VeryVote do not
    break the voters privacy per se.
  • Although, the voter can collaborate with the
    attacker to produce a convincing vote receipt.

Questions?
18
MarkPledge Vote/Receipt Privacy Safeguard
MarkPledge Vote/Receipt MarkPledge Vote/Receipt MarkPledge Vote/Receipt MarkPledge Vote/Receipt
Candidates Vote Encryption VoteEnc BitEnc Vote Encryption VoteEnc BitEnc Vote Receipt (OpenBitEnc)
Alice E(v0) BitEnc(0) W3E
Bob E(v1) BitEnc(1) JRF
Charles E(v0) BitEnc(0) R59
Dino E(v0) BitEnc(0) KMZ
Challenge c Challenge c Challenge c
Write a Comment
User Comments (0)
About PowerShow.com