Verifying a Secret-Ballot Election with Cryptography

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Verifying a Secret-Ballot Election with Cryptography"

Transcription

1 Verifying a Secret-Ballot Election with Cryptography Ben Adida PhD Thesis Defense Thesis Committee Ronald L. Rivest, Srini Devadas, Shafi Goldwasser 22 June 2006

2 Ostraka (sea shells)

3

4 Australian Ballot

5 The Breakfast Vote Croissant Eggs & Bacon Carl the Coercer Eggs&Bacon Lobby Valerie the Voter

6 Voting Interface Croissant Carl the Coercer Eggs&Bacon Lobby Valerie the Voter

7 The Ballot Handoff Croissant Eggs & Eggs & Bacon Bacon Croissant Croissant Croissant Valerie the Voter

8 The Cost of Secrecy

9 Chain of Custody Polling Location 4 3 Voting Machine 2 /* * source * code */ if (... 1 Vendor Valerie Results Ballot Box Collection

10 Secret ballots and transparency in government are mutually exclusive concepts. Lynn Landes - Nov evoting in Switzerland 95% of Geneva citizens vote by mail (and now Internet)

11 The Secret Ballot Matters Secret Ballot implemented in Chile in the secrecy of the ballot [...] has first-order implications for resource allocation, political outcomes, and social efficiency. [BalandRobinson 2004]

12 Secrecy vs. Audit-ability? Cryptography solves problems that seem contradictory. There s such a thing as just the right level of contradiction. Ronald L. Rivest (paraphrased)

13 End-to-End Verification [SRC81] Voting Machine /* * source * code */ if (... Vendor Polling Location Bulletin Board Results... Valerie 1 Receipt 2

14 A Bulletin Board? Bulletin Board Valerie: Croissant Vanessa: Croissant Victor: Eggs&Bacon Tally Croissant: 2 Eggs&Bacon: 1 Valerie

15 An Encrypted Bulletin Board! Bulletin Board Valerie: Croissant Vanessa: Croissant Ballot Casting Assurance Valerie Victor: Eggs&Bacon Tally Universal Verifiability Croissant: 2 Eggs&Bacon: 1

16 Crypto Voting Schemes decryption Valerie Vanessa encryption Encrypted Votes anonymization Victor Registration Database Results Tally

17 Contributions [ANa2006, ANb2006] decryption anonymization Valerie Vanessa encryption Encrypted Votes [AW2006] [AR2006] Victor Tally Registration Database Results

18 This Talk Introduction to Crypto Voting Scratch & Vote Public Mixing

19 Ryan Ballot [CRS2004, C2005] Croissant Eggs None Croissant Croissant Eggs Eggs None None 8c3859x0dfsw 8c3859x0dfsw Onion 8c3859x0dfsw

20 Onion Decryption Onion = Enc pk1 (r 1 ; Enc pk2 (r 2 ; Enc pk3 (r 3 ))) Croissant None Eggs Eggs Eggs None Eggs None r 1 r 2 r 3 Croissant Croissant Croissant None 8c3859x0dfsw 8c3859x0dfsw 8c3859x0dfsw 8c3859x0dfsw

21 Ryan Ballot: Verification Internet / Phone Bulletin Board Valerie Vanessa Victor 8c3859x0dfsw 8c3859x0dfsw b37c m4s6s Valerie the Voter Croissant Croissant Croissant Croissant Eggs Eggs Eggs NoneEggs None None None 8c3859x0dfsw 8c3859x0dfsw 8c3859x0dfsw 8c3859x0dfsw Verify half the ballots Ed the Election Official

22 What can we improve? Pre-voting auditing administrators involved for Ryan ballot individual voter verification unlikely Post-voting auditing administrators are highly involved

23 [B85, BT86, P99] Homomorphic Counters Vote for Croissant Vote for Eggs&Bacon Vote for None # US eligible voters < 2 28 (28 bits) Paillier Plaintext = 1024 bits

24 Scratch & Vote Ballot r 1 r 2 r 3 Croissant Eggs None Enc pk (2 56 ; r 1 ) Enc pk (2 28 ; r 2 ) Enc pk (2 0 ; r 3 ) Scratch Surface 2D barcode

25 Pre-Voting Verification Croissant None Eggs Croissant None Eggs Vote Valerie the Voter Audit

26 Casting Croissant Eggs None Croissant Croissant Eggs Eggs None None

27 Post-Voting Verification Internet / Phone Bulletin Board Valerie Vanessa Victor Valerie the Voter

28 Tally Bulletin Board Valerie Vanessa Victor Homomorphic Addition Single Decryption Croissant: 2 Eggs & Bacon: 1

29 Issues Under the Rug Voter/Official Collusion NIZK on bboard Casting a Ballot Pre/Double Tear More than one race? Chaum ballot Ballot Printers know the candidate orders Working on that!

30 This Talk Introduction to Crypto Voting Scratch & Vote Public Mixing

31 El Gamal Reencryption sk = x mod q pk = y = g x mod p Enc pk (m; r) = (α, β) = (g r, m y r ) Dec sk (c) = β α x Reenc pk (c; r ) = c Enc pk (1, r ) = (g r+r, m y r+r )

32 Reencryption Mixnet [PIK93, SK94] France USA Switzerland Each mix server shuffles and reencrypts inputs.

33 Proving the Mix [Neff2001, FS2001,...] c 1 c 1 c 2 c c i = Reenc(c π(i), r i) c n France c n ZKPoK [ π, {r i} ] France can t cheat! π and{r i} stay private!

34 Private vs. Public Private π, {r i} Public c 1 c 1 c 2 c 2... P... c n c n what if we could replace the private mixnet with a public program?

35 So What? c 1 π, {r i} c 1 c 2 c 2... P... c n c n public program anyone can run it pre-proven all proofs before mixing unbiased leaking permutation and random factors are fixed before inputs are provided. That s great, but can it really be done? [BG+2001, GK2005]

36 [BGN2005] BGN Cryptosystem G 1, G 2, order n = p 1 p 2 e : G 1 G 1 G 2 e(g a, h b ) = e(g, h) ab g a h b e Z ab G 1 G 2 pk = (n, g, h = u p 1 ) sk = p 2 Enc Dec sk (c) = log g (c p 2 pk (m) = g m h r ) p 2 Enc pk (m 1 ) Enc pk (m 2 ) = Enc pk (m 1 + m 2 ) e(enc pk (m 1 ), Enc pk (m 2 )) = Enc pk (m 1 m 2 )

37 Oblivious Cancellation / Selection Enc pk (m) Enc pk (0) = Enc pk (0) Enc pk (m) Enc pk (1) = Enc pk (m) Enc pk (0) and Enc pk (1) are indistinguishable Clearly Useful for PIR and OT [BGN2005]. In fact, it s more powerful still.

38 Matrix Multiplication a a 1l a a 2l..... b b 1n b b 2n..... = c c 1n c c 2n..... a n1... a nl b l1... b ln c m1... c mn c ij = l a ik b kj k=1 Degree is exactly 2: only one multiplication!

39 Homomorphic MM m 1 m 2 m 3 m 4 m 5 = m 3 m 1 m 5 m 2 m 4 Homomorphic matrix multiplication by an encrypted permutation matrix = Mixing!

40 Public Mixing Private π {r i } Public c 1 c P = c 1 c 2... c n c n

41 A Taste of the Proofs Deterministic Mixing functionality permutation-indistinguishable by a hybrid argument on semantic security. Proof of Correct Obfuscation simulator creates its own mixing matrix semantic security, thus adversary cannot distinguish

42 Why Did We Succeed? [BG+2001, GK2005] tell us generic obfuscation is hard. Functionality defined on the plaintexts; we re only dealing with ciphertexts covers of encryption We don t know that this is really a permutation matrix! We must prove correct functionality.

43 Proving the Matrix is an encrypted permutation matrix? Straight-forward proof: Use Proof of Partial Knowledge [CDS94] to show that each element is either 0 or 1. Homomorphically compute the row and column sums and prove that they re all equal to 1. n 2 proofs. Uggh.

44 Proving the Matrix (better) r 1... = c r n c n Proof by Random Vector Challenge Well-known techniques, O(n). n 2 computation, O(n) proof.

45 Mixing more than once? France USA Not with BGN bilinear map... Only one multiplication.

46 Distributed Generation France USA Use a Mixnet to shuffle the matrix rows Prove each one using Random Vector Test Remember, this is still before the inputs to mix are available.

47 Encapsulated Mixing Capture the actions of the various mixers. Prove that everything went well. Replay them on the encrypted votes when they re available.

48 [DJ2001] Generalized Paillier Enc pk (m) = g m r n mod n 2, m Z n Enc pk,2 (m) = h m r n2 mod n 3, m Z n 2 Enc pk,2 (Enc pk (m)) = h gm r n r n2 mod n 3 c = Enc pk (m) [ ] c Encpk,2 (0) = Encpk,2 (0) [ Encpk,2 (Enc pk (0)) ] c = Encpk,2 (c)

49 GP Homomorphisms 0 m = m 0 = 0 0 m = m 0 = 0 + m = m m 0 = 0+ m = m

50 GP Public Mixing m 1 m 2 m 3 = m 4 m 5 m 31 m 12 m 53 m 2 m 4 m 4 m 5 Full-length plaintexts Faster computation (modexp vs. BM) But... longer proofs (double discrete log) Composable via multiple layering?

51 Contributions Education Introduction to Crypto Voting Mixnet Review Ballot Casting Assurance [ANa2006] Practice Scratch & Vote [AR2006] Theory Public Mixing [AW2005] Assisted Human Interactive Proofs [ANb2006]

52 The Promise of Crypto Voting 1. Secrecy AND Audit-ability 2. End-to-end Verification

53 What s Holding This Up? Education remote voting is dangerous crypto is integral, so trust your cryptographer? Recovery if you know what went wrong, then you have to fix it. Future Research: recovery-centric schemes

54 So what next? New voting laws should encourage research and pilot deployments of direct voter verifiable voting techniques. VVPAT only is a missed opportunity.

55 Thanks!! Ron Shafi, Srini Andy, David, Douglas, Susan, David Steven, Seth, Rafael, Chris, Ran, Guy Hal, Danny, Eric, Ralph Zak, Ken, Pete Rita, Mom, Dad, Claire, Juliette

56 Questions?

A New Receipt-Free E-Voting Scheme Based on Blind Signature (Abstract)

A New Receipt-Free E-Voting Scheme Based on Blind Signature (Abstract) A New Receipt-Free E-Voting Scheme Based on Blind Signature (Abstract) Zhe Xia University of Surrey z.xia@surrey.ac.uk Steve Schneider University of Surrey s.schneider@surrey.ac.uk May 25, 2006 Abstract

More information

Ballot Casting Assurance

Ballot Casting Assurance Ballot Casting Assurance Ben Adida MIT C. Andrew Neff VoteHere Abstract We propose that voting protocols be judged in part on ballot casting assurance, a property which complements universal verifiability.

More information

Receipt-Free Homomorphic Elections and Write-in Voter Verified Ballots

Receipt-Free Homomorphic Elections and Write-in Voter Verified Ballots Receipt-Free Homomorphic Elections and Write-in Voter Verified Ballots Alessandro Acquisti April 2004 CMU-ISRI-04-116 Institute for Software Research International and H. John Heinz III School of Public

More information

Verifiable Voting Systems

Verifiable Voting Systems Chapter 69 Verifiable Voting Systems Thea Peacock 1, Peter Y. A. Ryan 1, Steve Schneider 2 and Zhe Xia 2 1 University of Luxembourg 2 University of Surrey 1 Introduction The introduction of technology

More information

Internet Voting Protocols with Everlasting Privacy

Internet Voting Protocols with Everlasting Privacy Internet Voting Protocols with Everlasting Privacy Jeroen van de Graaf Joint work with Denise Demirel e Roberto Samarone jvdg@dccufmgbr Lleida, July 2013 Jeroen van de Graaf Joint work with Denise Demirel

More information

Le vote électronique : un défi pour la vérification formelle

Le vote électronique : un défi pour la vérification formelle Le vote électronique : un défi pour la vérification formelle Steve Kremer Loria, Inria Nancy 1 / 17 Electronic voting Elections are a security-sensitive process which is the cornerstone of modern democracy

More information

VoteID 2011 Internet Voting System with Cast as Intended Verification

VoteID 2011 Internet Voting System with Cast as Intended Verification VoteID 2011 Internet Voting System with Cast as Intended Verification September 2011 VP R&D Jordi Puiggali@scytl.com Index Introduction Proposal Security Conclusions 2. Introduction Client computers could

More information

Vinodu George 1 and M P Sebastian 2. vinodu.george@gmail.com. sebasmp@nitc.ac.in

Vinodu George 1 and M P Sebastian 2. vinodu.george@gmail.com. sebasmp@nitc.ac.in Vinodu George 1 and M P Sebastian 2 1 LBS College of Engineering, Kasaragod, Kerala, India vinodu.george@gmail.com 2 National Institute of Technology, Calicut, Kerala, India sebasmp@nitc.ac.in ABSTRACT

More information

E-Democracy and e-voting

E-Democracy and e-voting E-Democracy and e-voting How to make them secure and transparent August 2013 Jordi Puiggali CSO and SVP R&D Jordi.puiggali@scytl.com Index Introduction e-democracy Security and Transparency in e-voting

More information

On Coercion-Resistant Electronic Elections

On Coercion-Resistant Electronic Elections On Coercion-Resistant Electronic Elections with Linear Work Stefan G. Weber, Roberto Araújo, Johannes Buchmann Darmstadt University of Technology Department of Computer Science Hochschulstrasse 10, 64289

More information

End-to-End Verifiability for Optical Scan Voting Systems. Emily Shen

End-to-End Verifiability for Optical Scan Voting Systems. Emily Shen End-to-End Verifiability for Optical Scan Voting Systems by Emily Shen Submitted to the Department of Electrical Engineering and Computer Science in partial fulfillment of the requirements for the degree

More information

3-6 Toward Realizing Privacy-Preserving IP-Traceback

3-6 Toward Realizing Privacy-Preserving IP-Traceback 3-6 Toward Realizing Privacy-Preserving IP-Traceback The IP-traceback technology enables us to trace widely spread illegal users on Internet. However, to deploy this attractive technology, some problems

More information

General Framework of Electronic Voting and Implementation thereof at National Elections in Estonia

General Framework of Electronic Voting and Implementation thereof at National Elections in Estonia Electronic Voting Committee General Framework of Electronic Voting and Implementation thereof at National Elections in Estonia Document: IVXV-ÜK-0.98 Date: 23 May 2016 Tallinn 2016 Annotation This paper

More information

Electronic Voting Protocol Analysis with the Inductive Method

Electronic Voting Protocol Analysis with the Inductive Method Electronic Voting Protocol Analysis with the Inductive Method Introduction E-voting use is spreading quickly in the EU and elsewhere Sensitive, need for formal guarantees Inductive Method: protocol verification

More information

Secure Electronic Voting

Secure Electronic Voting 7 th Computer Security Incidents Response Teams Workshop Syros,, Greece, September 2002 Secure Electronic Voting New trends, new threats... Prof.. Dr. Dimitris Gritzalis Dept. of Informatics Athens University

More information

Cryptographic Voting Protocols: A Systems Perspective

Cryptographic Voting Protocols: A Systems Perspective Cryptographic Voting Protocols: A Systems Perspective Chris Karlof Naveen Sastry David Wagner {ckarlof, nks, daw}@cs.berkeley.edu University of California, Berkeley Abstract Cryptographic voting protocols

More information

Ballot privacy in elections: new metrics and constructions.

Ballot privacy in elections: new metrics and constructions. Ballot privacy in elections: new metrics and constructions. Olivier Pereira Université catholique de Louvain Based on joint works with: D. Bernhard, V. Cortier, E. Cuvelier, T. Peters and B. Warinschi

More information

How to prove security of communication protocols?

How to prove security of communication protocols? 1/37 Introduction on security protocols Modeling Verification Towards cryptographic guarantees How to prove security of communication protocols? Véronique Cortier, LORIA - CNRS, Nancy Colloquium Morgenstern,

More information

Efficient construction of vote-tags to allow open objection to the tally in electronic elections

Efficient construction of vote-tags to allow open objection to the tally in electronic elections Information Processing Letters 75 (2000) 211 215 Efficient construction of vote-tags to allow open objection to the tally in electronic elections Andreu Riera a,,joseprifà b, Joan Borrell b a isoco, Intelligent

More information

Cryptanalysis and security enhancement on the generation of Mu-Varadharajan electronic voting protocol. Vahid Jahandideh and Amir S.

Cryptanalysis and security enhancement on the generation of Mu-Varadharajan electronic voting protocol. Vahid Jahandideh and Amir S. 72 Int. J. Electronic Governance, Vol. 3, No. 1, 2010 Cryptanalysis and security enhancement on the generation of Mu-Varadharajan electronic voting protocol Vahid Jahandideh and Amir S. Mortazavi Department

More information

Reusable Anonymous Return Channels

Reusable Anonymous Return Channels Reusable Anonymous Return Channels Philippe Golle Stanford University Stanford, CA 94305, USA pgolle@cs.stanford.edu Markus Jakobsson RSA Laboratories Bedford, MA 01730, USA mjakobsson@rsasecurity.com

More information

An Electronic Voting System Based On Blind Signature Protocol

An Electronic Voting System Based On Blind Signature Protocol CSMR, VOL. 1, NO. 1 (2011) An Electronic Voting System Based On Blind Signature Protocol Marius Ion, Ionuţ Posea University POLITEHNICA of Bucharest Faculty of Automatic Control and Computers, Computer

More information

Fully Auditable Electronic Secret-Ballot Elections

Fully Auditable Electronic Secret-Ballot Elections Internet Technology Fully Auditable Electronic Secret-Ballot Elections Berry Schoenmakers What could be easier than counting a bunch of votes! is a natural thought when one first thinks of the problem

More information

1 Public-Key Encryption in Practice

1 Public-Key Encryption in Practice CS 120/CSCI E-177: Introduction to Cryptography Salil Vadhan and Alon Rosen Nov. 16, 2006 Lecture Notes 15: Public-Key Encryption in Practice Recommended Reading. KatzLindell, Sections 9.4, 9.5.3 1 Public-Key

More information

Privacy and Security in Cloud Computing

Privacy and Security in Cloud Computing Réunion CAPPRIS 21 mars 2013 Monir Azraoui, Kaoutar Elkhiyaoui, Refik Molva, Melek Ӧnen Slide 1 Cloud computing Idea: Outsourcing Ø Huge distributed data centers Ø Offer storage and computation Benefit:

More information

Cryptography: Authentication, Blind Signatures, and Digital Cash

Cryptography: Authentication, Blind Signatures, and Digital Cash Cryptography: Authentication, Blind Signatures, and Digital Cash Rebecca Bellovin 1 Introduction One of the most exciting ideas in cryptography in the past few decades, with the widest array of applications,

More information

Computing on Encrypted Data

Computing on Encrypted Data Computing on Encrypted Data Secure Internet of Things Seminar David Wu January, 2015 Smart Homes New Applications in the Internet of Things aggregation + analytics usage statistics and reports report energy

More information

Associate Prof. Dr. Victor Onomza Waziri

Associate Prof. Dr. Victor Onomza Waziri BIG DATA ANALYTICS AND DATA SECURITY IN THE CLOUD VIA FULLY HOMOMORPHIC ENCRYPTION Associate Prof. Dr. Victor Onomza Waziri Department of Cyber Security Science, School of ICT, Federal University of Technology,

More information

Lecture 3: One-Way Encryption, RSA Example

Lecture 3: One-Way Encryption, RSA Example ICS 180: Introduction to Cryptography April 13, 2004 Lecturer: Stanislaw Jarecki Lecture 3: One-Way Encryption, RSA Example 1 LECTURE SUMMARY We look at a different security property one might require

More information

A Survey of Current Secret-Ballot Systems David Chaum

A Survey of Current Secret-Ballot Systems David Chaum A Survey of Current Secret-Ballot Systems David Chaum WOTE ANALYSIS Outline Models, Taxonomy of Tools, Key Technologies, Paradigms, Composition, etc SYSTEMS Mainstream US deployed (with comparison) New/proposed

More information

Overview of the proposed solution

Overview of the proposed solution Overview of the proposed solution The proposed voting system will be based on Scytl Online Voting, the leading product in the electronic voting sector for executing transparent and secure elections. Scytl

More information

Oblivious Transfer. Sven Laur University of Tartu

Oblivious Transfer. Sven Laur University of Tartu Oblivious Transfer Sven Laur swen@math.ut.ee University of Tartu Ideal implementation b x 0, x 1 b x 0, x 1 x b Ideal ( 2 1) -OT The protocol is always carried out between a client P 1 and a sender P 2.

More information

Online Voting Project. New Developments in the Voting System an Consequently Implemented Improvements in the Representation of Legal Principles.

Online Voting Project. New Developments in the Voting System an Consequently Implemented Improvements in the Representation of Legal Principles. New Developments in the Voting System an Consequently Implemented Improvements in the Representation of Legal Principles. Introduction. Since 2001 T-Systems made research on secure online voting systems

More information

Real World Experiences with Bingo Voting and a Comparison of Usability

Real World Experiences with Bingo Voting and a Comparison of Usability Real World Experiences with Bingo Voting and a Comparison of Usability Michael Bär 1, Christian Henrich 1, Jörn Müller-Quade 1, Stefan Röhrich 2 and Carmen Stüber 1 1 Institut für Algorithmen und Kognitive

More information

An electronic scheme for the Farnel paper-based voting protocol

An electronic scheme for the Farnel paper-based voting protocol An electronic scheme for the Farnel paper-based voting protocol R. Araújo 1, R. Custódio 2, A. Wiesmaier 1, and. akagi 3 1 echnische Universität Darmstadt, Germany 2 George Washington University, USA 3

More information

Lecture 17: Re-encryption

Lecture 17: Re-encryption 600.641 Special Topics in Theoretical Cryptography April 2, 2007 Instructor: Susan Hohenberger Lecture 17: Re-encryption Scribe: Zachary Scott Today s lecture was given by Matt Green. 1 Motivation Proxy

More information

1 Message Authentication

1 Message Authentication Theoretical Foundations of Cryptography Lecture Georgia Tech, Spring 200 Message Authentication Message Authentication Instructor: Chris Peikert Scribe: Daniel Dadush We start with some simple questions

More information

Overview of CryptDB. CPSC 5670 Term Paper. Dhaval Patel, Yi Jiang 11/22/2013

Overview of CryptDB. CPSC 5670 Term Paper. Dhaval Patel, Yi Jiang 11/22/2013 Overview of CryptDB CPSC 5670 Term Paper Dhaval Patel, Yi Jiang 11/22/2013 1 Introduction In the face of snooping Database Administrators (DBAs) and compromise from attackers, confidentiality in Database

More information

University of Surrey. Software Requirements Specification for VEC vvote System. Matthew Casey, Chris Culnane, James Heather and Steve Schneider

University of Surrey. Software Requirements Specification for VEC vvote System. Matthew Casey, Chris Culnane, James Heather and Steve Schneider University of Surrey Software Requirements Specification for VEC vvote System Department of Computing Matthew Casey, Chris Culnane, James Heather and Steve Schneider July 5, 2013 Computing Sciences Report

More information

(personal) Lessons from Brazil's pioneering experience with e-vote

(personal) Lessons from Brazil's pioneering experience with e-vote sep 2007 Mexico (personal) Lessons from Brazil's pioneering experience with e-vote Prof. Pedro A. D. Rezende Computer Science University of Brasília Colaboration: Forum do Voto Seguro - CIVILIS It's not

More information

Lecture 10: CPA Encryption, MACs, Hash Functions. 2 Recap of last lecture - PRGs for one time pads

Lecture 10: CPA Encryption, MACs, Hash Functions. 2 Recap of last lecture - PRGs for one time pads CS 7880 Graduate Cryptography October 15, 2015 Lecture 10: CPA Encryption, MACs, Hash Functions Lecturer: Daniel Wichs Scribe: Matthew Dippel 1 Topic Covered Chosen plaintext attack model of security MACs

More information

Requirements for common data formats and standards for e-voting. The OASIS View

Requirements for common data formats and standards for e-voting. The OASIS View An OASIS White Paper Requirements for common data formats and standards for e-voting The OASIS View Submitted for NIST Workshop on a Common Data Format for Electronic Voting Systems Abstract Voting is

More information

Message Authentication Code

Message Authentication Code Message Authentication Code Ali El Kaafarani Mathematical Institute Oxford University 1 of 44 Outline 1 CBC-MAC 2 Authenticated Encryption 3 Padding Oracle Attacks 4 Information Theoretic MACs 2 of 44

More information

A Linked-List Approach to Cryptographically Secure Elections Using Instant Runoff Voting

A Linked-List Approach to Cryptographically Secure Elections Using Instant Runoff Voting A Linked-List Approach to Cryptographically Secure Elections Using Instant Runoff Voting Jason Keller and Joe Kilian Abstract. Numerous methods have been proposed to conduct cryptographically secure elections.

More information

Analysis of an internet voting protocol

Analysis of an internet voting protocol Analysis of an internet voting protocol Kristian Gjøsteen March 9, 2010 Abstract The Norwegian government will trial internet voting in the 2011 local government elections. We describe and analyse a simplified

More information

Analysis of Security Requirements for Cryptographic Voting Protocols (Extended Abstract)

Analysis of Security Requirements for Cryptographic Voting Protocols (Extended Abstract) Analysis of Security Requirements for Cryptographic Voting Protocols (Extended Abstract) Orhan Cetinkaya Institute of Applied Mathematics, METU, Ankara, Turkey e113754@metu.edu.tr Abstract Electronic voting

More information

Verification and Validation Issues in Electronic Voting

Verification and Validation Issues in Electronic Voting Verification and Validation Issues in Electronic Voting Orhan Cetinkaya 1, and Deniz Cetinkaya 2 1 Institute of Applied Mathematics, METU, Ankara, Turkey 2 Computer Engineering, METU, Ankara, Turkey e113754@metu.edu.tr

More information

Secure Computation Martin Beck

Secure Computation Martin Beck Institute of Systems Architecture, Chair of Privacy and Data Security Secure Computation Martin Beck Dresden, 05.02.2015 Index Homomorphic Encryption The Cloud problem (overview & example) System properties

More information

The Mathematics of the RSA Public-Key Cryptosystem

The Mathematics of the RSA Public-Key Cryptosystem The Mathematics of the RSA Public-Key Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through

More information

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23 Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

More information

Dealing Cards in Poker Games

Dealing Cards in Poker Games 1 Dealing Cards in Poker Games Philippe Golle Palo Alto Research Center pgolle@parc.com Abstract This paper proposes a new protocol for shuffling and dealing cards, that is designed specifically for games

More information

Post-Quantum Cryptography #4

Post-Quantum Cryptography #4 Post-Quantum Cryptography #4 Prof. Claude Crépeau McGill University http://crypto.cs.mcgill.ca/~crepeau/waterloo 185 ( 186 Attack scenarios Ciphertext-only attack: This is the most basic type of attack

More information

Cryptography CS 555. Topic 3: One-time Pad and Perfect Secrecy. CS555 Spring 2012/Topic 3 1

Cryptography CS 555. Topic 3: One-time Pad and Perfect Secrecy. CS555 Spring 2012/Topic 3 1 Cryptography CS 555 Topic 3: One-time Pad and Perfect Secrecy CS555 Spring 2012/Topic 3 1 Outline and Readings Outline One-time pad Perfect secrecy Limitation of perfect secrecy Usages of one-time pad

More information

Overview of Public-Key Cryptography

Overview of Public-Key Cryptography CS 361S Overview of Public-Key Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.1-6 slide 2 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows

More information

Secure and Verifiable Electronic Voting in Practice: the use of vvote in the Victorian State Election. DRAFT of July 15, 2015

Secure and Verifiable Electronic Voting in Practice: the use of vvote in the Victorian State Election. DRAFT of July 15, 2015 Secure and Verifiable Electronic Voting in Practice: the use of vvote in the Victorian State Election Craig Burton 1, Chris Culnane 2 and Steve Schneider 2 1 formerly Victorian Electoral Commission, Victoria,

More information

Paillier Threshold Encryption Toolbox

Paillier Threshold Encryption Toolbox Paillier Threshold Encryption Toolbox October 23, 2010 1 Introduction Following a desire for secure (encrypted) multiparty computation, the University of Texas at Dallas Data Security and Privacy Lab created

More information

Talk announcement please consider attending!

Talk announcement please consider attending! Talk announcement please consider attending! Where: Maurer School of Law, Room 335 When: Thursday, Feb 5, 12PM 1:30PM Speaker: Rafael Pass, Associate Professor, Cornell University, Topic: Reasoning Cryptographically

More information

COM S 687 Introduction to Cryptography October 19, 2006

COM S 687 Introduction to Cryptography October 19, 2006 COM S 687 Introduction to Cryptography October 19, 2006 Lecture 16: Non-Malleability and Public Key Encryption Lecturer: Rafael Pass Scribe: Michael George 1 Non-Malleability Until this point we have discussed

More information

A Secure and Efficient Voter-Controlled Anonymous Election Scheme

A Secure and Efficient Voter-Controlled Anonymous Election Scheme A Secure and Efficient Voter-Controlled Anonymous Election Scheme Thomas E. Carroll Dept. of Computer Science Wayne State University 5143 Cass Avenue, Detroit, MI 48202. tec@cs.wayne.edu Daniel Grosu Dept.

More information

Obfuscated Ciphertext Mixing

Obfuscated Ciphertext Mixing Obfuscated Ciphertext Mixing Ben Adida and Douglas Wikström Abstract. Mixnets are a type of anonymous channel composed of a handful of trustees that, each in turn, shuffle and rerandomize a batch ciphertexts.

More information

Proofs in Cryptography

Proofs in Cryptography Proofs in Cryptography Ananth Raghunathan Abstract We give a brief overview of proofs in cryptography at a beginners level. We briefly cover a general way to look at proofs in cryptography and briefly

More information

KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE. Mihir Bellare UCSD 1

KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE. Mihir Bellare UCSD 1 KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE Mihir Bellare UCSD 1 The public key setting Alice M D sk[a] (C) Bob pk[a] C C $ E pk[a] (M) σ $ S sk[a] (M) M, σ Vpk[A] (M, σ) Bob can: send encrypted data

More information

Capture Resilient ElGamal Signature Protocols

Capture Resilient ElGamal Signature Protocols Capture Resilient ElGamal Signature Protocols Hüseyin Acan 1, Kamer Kaya 2,, and Ali Aydın Selçuk 2 1 Bilkent University, Department of Mathematics acan@fen.bilkent.edu.tr 2 Bilkent University, Department

More information

1 Pseudorandom Permutations

1 Pseudorandom Permutations Theoretical Foundations of Cryptography Lecture 9 Georgia Tech, Spring 2010 PRPs, Symmetric Encryption 1 Pseudorandom Permutations Instructor: Chris Peikert Scribe: Pushkar Tripathi In the first part of

More information

CS 758: Cryptography / Network Security

CS 758: Cryptography / Network Security CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html

More information

Privacy Preserving Similarity Evaluation of Time Series Data

Privacy Preserving Similarity Evaluation of Time Series Data Privacy Preserving Similarity Evaluation of Time Series Data Haohan Zhu Department of Computer Science Boston University zhu@cs.bu.edu Xianrui Meng Department of Computer Science Boston University xmeng@cs.bu.edu

More information

Boosting Linearly-Homomorphic Encryption to Evaluate Degree-2 Functions on Encrypted Data

Boosting Linearly-Homomorphic Encryption to Evaluate Degree-2 Functions on Encrypted Data Boosting Linearly-Homomorphic Encryption to Evaluate Degree-2 Functions on Encrypted Data Dario Catalano 1 and Dario Fiore 2 1 Dipartimento di Matematica e Informatica, Università di Catania, Italy. catalano@dmi.unict.it

More information

Du-Vote: Remote Electronic Voting with Untrusted Computers

Du-Vote: Remote Electronic Voting with Untrusted Computers Du-Vote: Remote Electronic Voting with Untrusted Computers Gurchetan S. Grewal School of Computer Science, University of Birmingham, UK research@gurchetan.com Mark D. Ryan School of Computer Science, University

More information

Verifiable Outsourced Computations Outsourcing Computations to Untrusted Servers

Verifiable Outsourced Computations Outsourcing Computations to Untrusted Servers Outsourcing Computations to Untrusted Servers Security of Symmetric Ciphers in Network Protocols ICMS, May 26, 2015, Edinburgh Problem Motivation Problem Motivation Problem Motivation Problem Motivation

More information

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the

More information

IT Networks & Security CERT Luncheon Series: Cryptography

IT Networks & Security CERT Luncheon Series: Cryptography IT Networks & Security CERT Luncheon Series: Cryptography Presented by Addam Schroll, IT Security & Privacy Analyst 1 Outline History Terms & Definitions Symmetric and Asymmetric Algorithms Hashing PKI

More information

Tackling The Challenges of Big Data. Tackling The Challenges of Big Data Big Data Systems. Security is a Negative Goal. Nickolai Zeldovich

Tackling The Challenges of Big Data. Tackling The Challenges of Big Data Big Data Systems. Security is a Negative Goal. Nickolai Zeldovich Introduction is a Negative Goal No way for adversary to violate security policy Difficult to achieve: many avenues of attack 1 Example: Confidential Database Application server Database server Approach:

More information

Lecture 25: Pairing-Based Cryptography

Lecture 25: Pairing-Based Cryptography 6.897 Special Topics in Cryptography Instructors: Ran Canetti and Ron Rivest May 5, 2004 Lecture 25: Pairing-Based Cryptography Scribe: Ben Adida 1 Introduction The field of Pairing-Based Cryptography

More information

Advanced Cryptography

Advanced Cryptography Family Name:... First Name:... Section:... Advanced Cryptography Final Exam July 18 th, 2006 Start at 9:15, End at 12:00 This document consists of 12 pages. Instructions Electronic devices are not allowed.

More information

Provably Secure Cryptography: State of the Art and Industrial Applications

Provably Secure Cryptography: State of the Art and Industrial Applications Provably Secure Cryptography: State of the Art and Industrial Applications Pascal Paillier Gemplus/R&D/ARSC/STD/Advanced Cryptographic Services French-Japanese Joint Symposium on Computer Security Outline

More information

MACs Message authentication and integrity. Table of contents

MACs Message authentication and integrity. Table of contents MACs Message authentication and integrity Foundations of Cryptography Computer Science Department Wellesley College Table of contents Introduction MACs Constructing Secure MACs Secure communication and

More information

Multi-Authority Secret-Ballot Elections with Linear Work

Multi-Authority Secret-Ballot Elections with Linear Work In Advances in Cryptology EUROCRYPT 96, Vol. 1070 of Lecture Notes in Computer Science, Springer-Verlag, 1996. pp. 72-83. Multi-Authority Secret-Ballot Elections with Linear Work Ronald Cramer Matthew

More information

Internet voting solution

Internet voting solution i-vote: heart of e-democracy Internet voting i-voting allows voters to participate in an election over the Internet using their PC or notebook. i-voting is used as an additional voting method to better

More information

Secret Ballot Elections with Unconditional Integrity

Secret Ballot Elections with Unconditional Integrity Secret Ballot Elections with Unconditional Integrity David Chaum, Jeroen van de Graaf, Peter Y. A. Ryan, Poorvi L. Vora Abstract This paper presents a voting scheme that allows voters to verify that their

More information

The Vector-Ballot E-Voting Approach

The Vector-Ballot E-Voting Approach The Vector-Ballot E-Voting Approach Aggelos Kiayias 1 and Moti Yung 2 1 Computer Science and Engineering, University of Connecticut Storrs, CT, USA. aggelos@cse.uconn.edu 2 Computer Science, Columbia University

More information

An Anonymous Endorsement System

An Anonymous Endorsement System JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 18, 107-114 (2002) Short Paper An Anonymous Endorsement System Department of Electrical Engineering National Taiwan University Taipei, 106 Taiwan E-mail:

More information

SELS: A Secure E-mail List Service *

SELS: A Secure E-mail List Service * SELS: A Secure E-mail List Service * Himanshu Khurana NCSA Work done with Adam Slagell and Rafael Bonilla * To appear in the Security Track of the ACM Symposium of Applied Computing (SAC), March 2005.

More information

SECURITY IN NETWORKS

SECURITY IN NETWORKS SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond confidentiality Authentication Message integrity Security in practice: Security in application,

More information

Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG

Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG 1 Security Analytics Crypto and Privacy Technologies Infrastructure Security 60+ members Framework and Taxonomy Chair - Sree Rajan, Fujitsu

More information

Attribute-Based Cryptography. Lecture 21 And Pairing-Based Cryptography

Attribute-Based Cryptography. Lecture 21 And Pairing-Based Cryptography Attribute-Based Cryptography Lecture 21 And Pairing-Based Cryptography 1 Identity-Based Encryption 2 Identity-Based Encryption In PKE, KeyGen produces a random (PK,SK) pair 2 Identity-Based Encryption

More information

Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur

Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Module No. # 01 Lecture No. # 05 Classic Cryptosystems (Refer Slide Time: 00:42)

More information

Efficient and Robust Secure Aggregation of Encrypted Data in Wireless Sensor Networks

Efficient and Robust Secure Aggregation of Encrypted Data in Wireless Sensor Networks Efficient and Robust Secure Aggregation of Encrypted Data in Wireless Sensor Networks J. M. BAHI, C. GUYEUX, and A. MAKHOUL Computer Science Laboratory LIFC University of Franche-Comté Journée thématique

More information

The Elements of Cryptography

The Elements of Cryptography The Elements of Cryptography (March 30, 2016) Abdou Illia Spring 2016 Learning Objectives Discuss Cryptography Terminology Discuss Symmetric Key Encryption Discuss Asymmetric Key Encryption Distinguish

More information

Fuzzy Identity-Based Encryption

Fuzzy Identity-Based Encryption Fuzzy Identity-Based Encryption Janek Jochheim June 20th 2013 Overview Overview Motivation (Fuzzy) Identity-Based Encryption Formal definition Security Idea Ingredients Construction Security Extensions

More information

Preliminary Voting Prevoting

Preliminary Voting Prevoting Preliminary Voting Prevoting Ronald L. Rivest CalTech/MIT Voting Technology Project MIT Computer Science and Artificial Intelligence Laboratory Cambridge, MA 02139 rivest@mit.edu August 6, 2005 Abstract

More information

Introduction to Security Proof of Cryptosystems

Introduction to Security Proof of Cryptosystems Introduction to Security Proof of Cryptosystems D. J. Guan November 16, 2007 Abstract Provide proof of security is the most important work in the design of cryptosystems. Problem reduction is a tool to

More information

Lecture 2: Complexity Theory Review and Interactive Proofs

Lecture 2: Complexity Theory Review and Interactive Proofs 600.641 Special Topics in Theoretical Cryptography January 23, 2007 Lecture 2: Complexity Theory Review and Interactive Proofs Instructor: Susan Hohenberger Scribe: Karyn Benson 1 Introduction to Cryptography

More information

Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg

Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg Outline CSc 466/566 Computer Security 8 : Cryptography Digital Signatures Version: 2012/02/27 16:07:05 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian

More information

Public-Key Encryption (Asymmetric Encryption)

Public-Key Encryption (Asymmetric Encryption) Public-Key Encryption (Asymmetric Encryption) Summer School, Romania 2014 Marc Fischlin 13. Oktober 2010 Dr.Marc Fischlin Kryptosicherheit 1 The story so far (Private-Key Crypto) Alice establish secure

More information

Helios: Web-based Open-Audit Voting

Helios: Web-based Open-Audit Voting Helios: Web-based Open-Audit Voting Ben Adida ben adida@harvard.edu Harvard University Abstract Voting with cryptographic auditing, sometimes called open-audit voting, has remained, for the most part,

More information

cryptography s642 computer security adam everspaugh

cryptography s642 computer security adam everspaugh cryptography s642 adam everspaugh ace@cs.wisc.edu computer security today Cryptography intro Crypto primitives / Symmetric and asymmetric crypto / MACs / Digital signatures / Key exchange Provable security

More information

Chapter 7: Network security

Chapter 7: Network security Chapter 7: Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport

More information

Keywords: Authentication, Third party audit, cloud storage, cloud service provider, Access control.

Keywords: Authentication, Third party audit, cloud storage, cloud service provider, Access control. Volume 5, Issue 3, March 2015 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Identity Based

More information

Information Security Theory vs. Reality

Information Security Theory vs. Reality Information Security Theory vs. Reality 0368-4474-01, Winter 2011 Lecture 14: More on vulnerability and exploits, Fully homomorphic encryption Eran Tromer Slides credit: Vinod Vaikuntanathan (U. Toronto)

More information

Fully homomorphic encryption equating to cloud security: An approach

Fully homomorphic encryption equating to cloud security: An approach IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661, p- ISSN: 2278-8727Volume 9, Issue 2 (Jan. - Feb. 2013), PP 46-50 Fully homomorphic encryption equating to cloud security: An approach

More information