74 research outputs found

    Shorter lattice-based zero-knowledge proofs for the correctness of a shuffle

    Get PDF
    In an electronic voting procedure, mixing networks are used to ensure anonymity of the casted votes. Each node of the network re-encrypts the input list of ciphertexts and randomly permutes it in a process named shuffle, and must prove (in zero-knowledge) that the process was applied honestly. To maintain security of such a process in a post-quantum scenario, new proofs are based on different mathematical assumptions, such as lattice-based problems. Nonetheless, the best lattice-based protocols to ensure verifiable shuffling have linear communication complexity on N, the number of shuffled ciphertexts. In this paper we propose the first sub-linear (on N) post-quantum zero-knowledge argument for the correctness of a shuffle, for which we have mainly used two ideas: arithmetic circuit satisfiability results from Baum et al. (CRYPTO'2018) and Beneš networks to model a permutation of N elements. The achieved communication complexity of our protocol with respect to N is O(v(N)log^2(N)), but we will also highlight its dependency on other important parameters of the underlying lattice ingredients.The work is partially supported by the Spanish Ministerio de Ciencia e Innovaci´on (MICINN), under Project PID2019-109379RB-I00 and by the European Union PROMETHEUS project (Horizon 2020 Research and Innovation Program, grant 780701). Authors thank Tjerand Silde for pointing out an incorrect set of parameters (Section 4.1) that we had proposed in a previous version of the manuscript.Postprint (author's final draft

    Seventh International Joint Conference on Electronic Voting

    Get PDF
    This volume contains papers presented at E-Vote-ID 2022, the Seventh International JointConference on Electronic Voting, held during October 4–7, 2022. This was the first in-personconference following the COVID-19 pandemic, and, as such, it was a very special event forthe community since we returned to the traditional venue in Bregenz, Austria. The E-Vote-IDconference resulted from merging EVOTE and Vote-ID, and 18 years have now elapsed sincethe first EVOTE conference in Austria.Since that conference in 2004, over 1500 experts have attended the venue, including scholars,practitioners, authorities, electoral managers, vendors, and PhD students. E-Vote-ID collectsthe most relevant debates on the development of electronic voting, from aspects relating tosecurity and usability through to practical experiences and applications of voting systems, alsoincluding legal, social, or political aspects, amongst others, turning out to be an importantglobal referent on these issues

    Verifiable Mix-Nets and Distributed Decryption for Voting from Lattice-Based Assumptions

    Get PDF
    Cryptographic voting protocols have recently seen much interest from practitioners due to their (planned) use in countries such as Estonia, Switzerland, France, and Australia. Practical protocols usually rely on tested designs such as the mixing-and-decryption paradigm. There, multiple servers verifiably shuffle encrypted ballots, which are then decrypted in a distributed manner. While several efficient protocols implementing this paradigm exist from discrete log-type assumptions, the situation is less clear for post-quantum alternatives such as lattices. This is because the design ideas of the discrete log-based voting protocols do not carry over easily to the lattice setting, due to specific problems such as noise growth and approximate relations. In this work, we propose a new verifiable secret shuffle for BGV ciphertexts and a compatible verifiable distributed decryption protocol. The shuffle is based on an extension of a shuffle of commitments to known values which is combined with an amortized proof of correct re-randomization. The verifiable distributed decryption protocol uses noise drowning, proving the correctness of decryption steps in zero-knowledge. Both primitives are then used to instantiate the mixing-and-decryption electronic voting paradigm from lattice-based assumptions. We give concrete parameters for our system, estimate the size of each component and provide implementations of all important sub-protocols. Our experiments show that the shuffle and decryption protocol is suitable for use in real-world e-voting schemes

    SoK: Secure E-Voting with Everlasting Privacy

    Get PDF
    Vote privacy is a fundamental right, which needs to be protected not only during an election, or for a limited time afterwards, but for the foreseeable future. Numerous electronic voting (e-voting) protocols have been proposed to address this challenge, striving for everlasting privacy. This property guarantees that even computationally unbounded adversaries cannot break privacy of past elections. The broad interest in secure e-voting with everlasting privacy has spawned a large variety of protocols over the last three decades. These protocols differ in many aspects, in particular the precise security properties they aim for, the threat scenarios they consider, and the privacy-preserving techniques they employ. Unfortunately, these differences are often opaque, making analysis and comparison cumbersome. In order to overcome this non-transparent state of affairs, we systematically analyze all e-voting protocols designed to provide everlasting privacy. First, we illustrate the relations and dependencies between all these different protocols. Next, we analyze in depth which protocols do provide secure and efficient approaches to e-voting with everlasting privacy under realistic assumptions, and which ones do not. Eventually, based on our extensive and detailed treatment, we identify which research problems in this field have already been solved, and which ones are still open. Altogether, our work offers a well-founded reference point for conducting research on secure e-voting with everlasting privacy as well as for future-proofing privacy in real-world electronic elections

    Post-Quantum Era Privacy Protection for Intelligent Infrastructures

    Get PDF
    As we move into a new decade, the global world of Intelligent Infrastructure (II) services integrated into the Internet of Things (IoT) are at the forefront of technological advancements. With billions of connected devices spanning continents through interconnected networks, security and privacy protection techniques for the emerging II services become a paramount concern. In this paper, an up-to-date privacy method mapping and relevant use cases are surveyed for II services. Particularly, we emphasize on post-quantum cryptography techniques that may (or must when quantum computers become a reality) be used in the future through concrete products, pilots, and projects. The topics presented in this paper are of utmost importance as (1) several recent regulations such as Europe's General Data Protection Regulation (GDPR) have given privacy a significant place in digital society, and (2) the increase of IoT/II applications and digital services with growing data collection capabilities are introducing new threats and risks on citizens' privacy. This in-depth survey begins with an overview of security and privacy threats in IoT/IIs. Next, we summarize some selected Privacy-Enhancing Technologies (PETs) suitable for privacy-concerned II services, and then map recent PET schemes based on post-quantum cryptographic primitives which are capable of withstanding quantum computing attacks. This paper also overviews how PETs can be deployed in practical use cases in the scope of IoT/IIs, and maps some current projects, pilots, and products that deal with PETs. A practical case study on the Internet of Vehicles (IoV) is presented to demonstrate how PETs can be applied in reality. Finally, we discuss the main challenges with respect to current PETs and highlight some future directions for developing their post-quantum counterparts

    Aura: Programming with Authorization and Audit

    Get PDF
    Standard programming models do not provide direct ways of managing secret or untrusted data. This is a problem because programmers must use ad hoc methods to ensure that secrets are not leaked and, conversely, that tainted data is not used to make critical decisions. This dissertation advocates integrating cryptography and language-based analyses in order to build programming environments for declarative information security, in which high-level specifications of confidentiality and integrity constraints are automatically enforced in hostile execution environments. This dissertation describes Aura, a family of programing languages which integrate functional programming, access control via authorization logic, automatic audit logging, and confidentially via encryption. Aura\u27s programming model marries an expressive, principled way to specify security policies with a practical policy-enforcement methodology that is well suited for auditing access grants and protecting secrets. Aura security policies are expressed as propositions in an authorization logic. Such logics are suitable for discussing delegation, permission, and other security-relevant concepts. Aura\u27s (dependent) type system cleanly integrates standard data types, like integers, with proofs of authorization-logic propositions; this lets programs manipulate authorization proofs just like ordinary values. In addition, security-relevant implementation details---like the creation of audit trails or the cryptographic representation of language constructs---can be handled automatically with little or no programmer intervention

    Ordinos: A Verifiable Tally-Hiding E-Voting System

    Get PDF
    Modern electronic voting systems (e-voting systems) are designed to provide not only vote privacy but also (end-to-end) verifiability. Several verifiable e-voting systems have been proposed in the literature, with Helios being one of the most prominent ones. Almost all such systems, however, reveal not just the voting result but also the full tally, consisting of the exact number of votes per candidate or even all single votes. There are several situations where this is undesirable. For example, in elections with only a few voters (e.g., boardroom or jury votings), revealing the complete tally leads to a low privacy level, possibly deterring voters from voting for their actual preference. In other cases, revealing the complete tally might unnecessarily embarrass some candidates. Often, the voting result merely consists of a single winner or a ranking of candidates, so revealing only this information but not the complete tally is sufficient. This property is called tally-hiding and it offers completely new options for e-voting. In this paper, we propose the first provably secure end-to-end verifiable tally-hiding e-voting system, called Ordinos. We instantiated our system with suitable cryptographic primitives, including an MPC protocol for greater-than tests, implemented the system, and evaluated its performance, demonstrating its practicality. Moreover, our work provides a deeper understanding of tally-hiding in general, in particular in how far tally-hiding affects the levels of privacy and verifiability of e-voting systems

    Secret texts and cipherballots: secret suffrage and remote electronic voting

    Get PDF
    Una de les principals preocupacions sobre el vot telemàtic és com preservar el sufragi secret. La llista d’estudis que afirmen que el vot per Internet és incompatible amb el secret del vot és força extensa. Si bé estudis posteriors sobre experiències reals han tingut resultats més matisats, les preocupacions sobre el sufragi secret i el vot telemàtic es mantenen. Abordar aquestes preocupacions esdevé una obligació ineludible. En aquest context, la nostra recerca és novadora. En primer lloc, el nostre punt de partida no es basa en definicions legals preexistents que s'accepten com a donades. Partint de l'enfocament universalista del dret constitucional comparat, hem entès que el principi del sufragi secret transcendeix les opinions i convencions lligades a comunitats polítiques concretes. Aquesta concepció comú i bàsica s'ha traduït en tres estàndards: individualitat, confidencialitat i anonimat. Aquests estàndards s’han de satisfer en qualsevol canal de votació. En segon lloc, hem adoptat un enfocament més ampli en l’aplicació d’aquest principi al vot telemàtic. Hem demostrat que el sufragi secret es pot garantir mitjançant la llei, el codi informàtic, les normes i fins i tot el mercat. La normativa actual tendeix a ser limitada perquè recorre a analogies amb els canals de votació en paper i no reconeix les especificitats del vot telemàtic. Per contra, aquí hem examinat el paper que exerceixen (i les limitacions pròpies) del xifrat asimètric, l'anonimització basada en mix-nets o el recompte homomòrfic, i el vot múltiple.Una de las principales preocupaciones sobre el voto telemático es cómo garantizar el secreto del voto. La lista de autores que afirman que el voto por Internet es incompatible con el sufragio secreto es considerable. Aunque las conclusiones de estudios posteriores sobre experiencias reales hayan sido más matizadas, las preocupaciones sobre el sufragio secreto y el voto telemático se mantienen. Abordar estas preocupaciones constituye en una obligación ineludible. En este contexto, nuestra investigación es novedosa. En primer lugar, nuestro punto de partida no se basa en definiciones legales preexistentes que se aceptan como dadas. Partiendo del enfoque universalista del derecho constitucional comparado, hemos entendido que el principio del sufragio secreto trasciende las opiniones y convenciones ligadas a la cultura de comunidades políticas concretas. Esta concepción se ha traducido en tres normas: individualidad, confidencialidad y anonimato. Estas normas deberían aplicarse a cualquier canal de votación. En segundo lugar, hemos adoptado un enfoque más amplio sobre la aplicación de este principio. Hemos demostrado que el sufragio secreto puede garantizarse mediante la ley, el código, las normas e incluso el mercado. La normativa actual tiende a ser limitada porque recurre a analogías con los canales de votación en papel y no reconoce las especificidades del voto telemático.One of the key concerns about remote electronic voting is how to preserve secret suffrage. The list of authors who claim that Internet voting is incompatible with the secrecy of the vote is actually quite long. Even if later studies that analysed the actual implementation of remote electronic voting in public political elections had more nuanced findings, concerns about secret suffrage and remote electronic voting remain. Addressing these concerns becomes an inescapable obligation. In this context, our research is quite novel. First and foremost, our starting point is not based on pre-existing legal definitions that are accepted as given. Drawing from the universalist approach to comparative constitutional law, we have understood that the principle of secret suffrage exists in such a way that it transcends the culture bound opinions and conventions of particular political communities. This core understanding has been translated into three standards: individuality, confidentiality, and anonymity. These standards should apply to any voting channel. Second, we have taken a wider approach at the enforcement of this principle. We have showed that secret suffrage may be enforced through law, code, norms, and even the market. Current regulations tend to be constrained because they resort to analogies with paper-based voting channels and fail to acknowledge the specificities of remote electronic voting. In contrast, we have examined the role played by (and the limitations of) asymmetric encryption, anonymization based on mix-nets or homomorphic tallying, and of multiple voting to enforce secret suffrage

    Kryvos: Publicly Tally-Hiding Verifiable E-Voting

    Get PDF
    Elections are an important corner stone of democratic processes. In addition to publishing the final result (e.g., the overall winner), elections typically publish the full tally consisting of all (aggregated) individual votes. This causes several issues, including loss of privacy for both voters and election candidates as well as so-called Italian attacks that allow for easily coercing voters. Several e-voting systems have been proposed to address these issues by hiding (parts of) the tally. This property is called tally-hiding. Existing tally-hiding e-voting systems in the literature aim at hiding (part of) the tally from everyone, including voting authorities, while at the same time offering verifiability, an important and standard feature of modern e-voting systems which allows voters and external observers to check that the published election result indeed corresponds to how voters actually voted. In contrast, real elections often follow a different common practice for hiding the tally: the voting authorities internally compute (and learn) the full tally but publish only the final result (e.g., the winner). This practice, which we coin publicly tally-hiding, indeed solves the aforementioned issues for the public, but currently has to sacrifice verifiability due to a lack of practical systems. In this paper, we close this gap. We formalize the common notion of publicly tally-hiding and propose the first provably secure verifiable e-voting system, called Kryvos, which directly targets publicly tally-hiding elections. We instantiate our system for a wide range of both simple and complex voting methods and various result functions. We provide an extensive evaluation which shows that Kryvos is practical and able to handle a large number of candidates, complex voting methods and result functions. Altogether, Kryvos shows that the concept of publicly tally-hiding offers a new trade-off between privacy and efficiency that is different from all previous tally-hiding systems and which allows for a radically new protocol design resulting in a practical e-voting system
    corecore