Authentication with Weaker Trust Assumptions for Voting Systems

Some voting systems are reliant on external authentication services. Others use cryptography to implement their own. We combine digital signatures and non-interactive proofs to derive a generic construction for voting systems with their own authentication mechanisms, from systems that rely on external authentication services. We prove that our construction produces systems satisfying ballot secrecy and election verifiability, assuming the underlying voting system does. Moreover, we observe that works based on similar ideas provide neither ballot secrecy nor election verifiability. Finally, we demonstrate applicability of our results by applying our construction to the Helios voting system

Non-malleable encryption with proofs of plaintext knowledge and applications to voting

Non-malleable asymmetric encryption schemes which prove plaintext knowledge are sufficient for secrecy in some domains. For example, ballot secrecy in voting. In these domains, some applications derive encryption schemes by coupling malleable ciphertexts with proofs of plaintext knowledge, without evidence that the sufficient condition (for secrecy) is satisfied nor an independent security proof (of secrecy). Consequently, it is unknown whether these applications satisfy desirable secrecy properties. In this article, we propose a generic construction for such a coupling and show that our construction produces non-malleable encryption schemes which prove plaintext knowledge. Furthermore, we show how our results can be used to prove ballot secrecy of voting systems. Accordingly, we facilitate the development of applications satisfying their security objectives

A Usable Android Application Implementing Distributed Cryptography For Election Authorities

Although many electronic voting protocols have been proposed, their practical application faces various challenges. One of these challenges is, that these protocols require election authorities to perform complex tasks like generating keys in a distributed manner and decrypting votes in a distributed and verifiable manner. Although corresponding key generation and decryption protocols exist, they are not used in real-world elections for several reasons: The few existing implementations of these protocols and their corresponding interfaces are not designed for people with non technical background and thus not suitable for use by most election authorities. In addition, it is difficult to explain the security model of the protocols, but legal provisions generally require transparency. We implemented a smartphone application for election authorities featuring distributed key generation and verifiable distributed decryption of votes. In addition, we prepared education material throughout based on formulated metaphors for election authorities in order to explain the security of the application. We evaluated the usability of the application and understanding of the underlying security model, concluding that the application is usable for non-experts in computer science. While the participants were able to carry out the tasks, it became clear, that they did not have a clear understanding of the underlying security model, despite having viewed our educational material. We suggest improvements to this material as future work

Cinderella: Turning Shabby X.509 Certificates into Elegant Anonymous Credentials with the Magic of Verifiable Computation

Abstract-Despite advances in security engineering, authentication in applications such as email and the Web still primarily relies on the X.509 public key infrastructure introduced in 1988. This PKI has many issues but is nearly impossible to replace. Leveraging recent progress in verifiable computation, we propose a novel use of existing X.509 certificates and infrastructure. Instead of receiving & validating chains of certificates, our applications receive & verify proofs of their knowledge, their validity, and their compliance with application policies. This yields smaller messages (by omitting certificates), stronger privacy (by hiding certificate contents), and stronger integrity (by embedding additional checks, e.g. for revocation). X.509 certificate validation is famously complex and errorprone, as it involves parsing ASN.1 data structures and interpreting them against diverse application policies. To manage this diversity, we propose a new format for writing application policies by composing X.509 templates, and we provide a template compiler that generates C code for validating certificates within a given policy. We then use the Geppetto cryptographic compiler to produce a zero-knowledge verifiable computation scheme for that policy. To optimize the resulting scheme, we develop new C libraries for RSA-PKCS#1 signatures and ASN.1 parsing, carefully tailored for cryptographic verifiability. We evaluate our approach by providing two real-world applications of verifiable computation: a drop-in replacement for certificates within TLS; and access control for the Helios voting protocol. For TLS, we support fine-grained validation policies, with revocation checking and selective disclosure of certificate contents, effectively turning X.509 certificates into anonymous credentials. For Helios, we obtain additional privacy and verifiability guarantees for voters equipped with X.509 certificates, such as those readily available from some national ID cards

Zero Knowledge Protocols and Applications

The historical goal of cryptography is to securely transmit or store a message in an insecure medium. In that era, before public key cryptography, we had two kinds of people: those who had the correct key, and those who did not. Nowadays however, we live in a complex world with equally complex goals and requirements: securely passing a note from Alice to Bob is not enough. We want Alice to use her smartphone to vote for Carol, without Bob the tallier, or anyone else learning her vote; we also want guarantees that Alice’s ballot contains a single, valid vote and we want guarantees that Bob will tally the ballots properly. This is in fact made possible because of zero knowledge protocols. This thesis presents research performed in the area of zero knowledge protocols across the following threads: we relax the assumptions necessary for the Damgard, Fazio and ˚ Nicolosi (DFN) transformation, a technique which enables one to collapse a number of three round protocols into a single message. This approach is motivated by showing how it could be used as part of a voting scheme. Then we move onto a protocol that lets us prove that a given computation (modeled as an arithmetic circuit) was performed correctly. It improves upon the state of the art in the area by significantly reducing the communication cost. A second strand of research concerns multi-user signatures, which enable a signer to sign with respect to a set of users. We give new definitions for important primitives in the area as well as efficient instantiations using zero knowledge protocols. Finally, we present two possible answers to the question posed by voting receipts. One is to maximise privacy by building a voting system that provides receipt-freeness automatically. The other is to use them to enable conventual and privacy preserving vote copying

Ballot secrecy: Security definition, sufficient conditions, and analysis of Helios

We propose a definition of ballot secrecy as an indistinguishability game in the computational model of cryptography. Our definition improves upon earlier definitions to ensure ballot secrecy is preserved in the presence of an adversary that controls ballot collection. We also propose a definition of ballot independence as an adaptation of an indistinguishability game for asymmetric encryption. We prove relations between our definitions. In particular, we prove ballot independence is sufficient for ballot secrecy in voting systems with zero-knowledge tallying proofs. Moreover, we prove that building systems from non-malleable asymmetric encryption schemes suffices for ballot secrecy, thereby eliminating the expense of ballot-secrecy proofs for a class of encryption-based voting systems. We demonstrate applicability of our results by analysing the Helios voting system and its mixnet variant. Our analysis reveals that Helios does not satisfy ballot secrecy in the presence of an adversary that controls ballot collection. The vulnerability cannot be detected by earlier definitions of ballot secrecy, because they do not consider such adversaries. We adopt non-malleable ballots as a fix and prove that the fixed system satisfies ballot secrecy

Remote electronic voting: studying and improving Helios

Dissertação de mestrado em Engenharia InformáticaA former North American President once said that the ballot is stronger than the bullet. In fact, the most civilized and organized way for a people express their opinion is by voting. However, there are people with bad intentions that affect voting and elections, being normal situations of coercion, collusion, fraud or forgery that disturb and cause alterations in the outcome of a vote. Thus, it becomes necessary to find ways to protect the voters, through vote secrecy and transparency, so that in end of a voting, democracy and justice prevail. Since the secret ballot papers until the electronic voting machines, passing through punched cards, technology in voting systems is evolving to ensure a greater security in elections, as well as greater efficiency, lower costs and other characteristics wanted in this type of systems. Nowadays, remote electronic voting is seen as the ultimate goal to achieve. The difficulty of developing such system is to ensure that it meets all the security requirements without infringing each other and without compromising the usability of the system itself. Thus, cryptography becomes an essential tool for obtaining security and integrity on electronic voting systems. This master thesis focuses on the world of electronic voting, in particular, the remote electronic voting. The objective is to find a system of this kind, with real world applications, to be studied and analyzed in a security point of view. Hence, we made a research on voting and, more deeply, a research on electronic voting schemes, in order to learn how to conceive it, which include the different stages that compose an election, types of voting and the entities involved, and what requirements to fulfill, both the security and functional. Because cryptography is used in most schemes, a detailed study was also performed on the primitives most common in protocols of electronic voting. However, there are not many schemes that pass from theory to practice. Fortunately, we found Helios, a well known scheme that implements various cryptographic techniques for everyone, under certain assumptions, be able to audit polls conducted with this system. A study was performed in order to explain how it was constructed and to identify its strengths and weaknesses. We also present some ongoing work by different people to improve Helios. Finally, we propose improvements on our own, to fight against coercion, to decrease the levels of assumptions and overcome corruption issues. Furthermore, we propose measures to protect the virtual voting booth and a mobile application to cast votes.Um antigo Presidente norte americano disse um dia que o voto é 'mais forte que a bala. De facto, a forma mais civilizada e organizada de um povo exprimir as suas opiniões é através de votações. Infelizmente, também este mundo é afectado por pessoas com más intenções, sendo normais as situações de coação, conluio, fraude ou falsificação que perturbam e causam alterações no resultado de urna votação. Assim, torna-se necessário arranjar formas de proteger os votantes, através de segredo de voto e transparência, de forma que, no final, a democracia e justiça de uma votação prevaleçam. Desde dos boletins de papel secreto até às máquinas de voto electrónico, passando pelas punched cards, a tecnologia em sistemas de votação vem evoluindo de modo a garantir uma maior segurança em eleições, assim como maior eficiência, menor custos e outras características que se querem neste tipo de sistemas. Nos dias de hoje, o voto electrónico remoto é visto como o grande objectivo a cumprir. A grande dificuldade de se desenvolver tal sistema é garantir que o sistema cumpra todos os requisitos de segurança sem que se violem entre si e sem que isso prejudique a usabilidade do sistema em si. Assim, a criptografia torna-se uma ferramenta essencial para se obter segurança e integridade em sistemas de voto electrónico. Esta tese de mestrado foca-se no mundo do voto electrónico, mais especificamente o voto electrónico remoto. O grande objectivo seria arranjar um sistema desse tipo, que tivesse aplicação real, para ser estudado e analisado do ponto de vista de segurança. Fez-se então uma pesquisa necessária sobre votações e, mais aprofundada, uma sobre esquemas de voto electrónico, de modo a aprender como se concebem, tanto as fases que a constituem como as entidades que normalmente fazem parte, e quais os requisitos a cumprir, tanto os funcionais como os de segurança. Como a criptografia entra em grande parte dos esquemas, também um estudo aprofundado foi realizado sobre as primitivas mais comuns em protocolos de voto electrónico. No entanto, não existem muitos esquemas que passem da teoria à prática. Felizmente, encontrou-se o Helios, um sistema que põe em prática diversas técnicas criptográficas para que qualquer pessoa, dentro de certas assumpções, possa auditar votações conduzidas por este sistema, ficando a privacidade nas mãos do Helios. Um estudo foi realizado de modo a explicar como foi construído e identificar os seus pontos fortes e fracos. Também são apresentados alguns trabalhos em curso sobre este sistema. Finalmente, propõem-se outros tipos de melhoramentos que visam: combater coação, diminuir o nível das assumpções e ultrapassar problemas de corrupção. Propõem-se ainda medidas para proteger a cabine virtual de votação e uma aplicação móvel

The DEMOS family of e-voting systems: End-to-end verifiable elections in the standard model

Η παρούσα διδακτορική διατριβή εισάγει τα συστήματα ηλεκτρονικής ψηφοφορίας DEMOS-A και DEMOS-2 τα οποία επιτυγχάνουν άμεση επαληθευσιμότητα (end-to-end verifiability) για πρώτη φορά. Προγενέστερα της διατριβής, όλα τα κορυφαία συστήματα ηλεκτρονικής ψηφοφορίας (π.χ. SureVote, JCJ, Pret a Voter, Helios, Scantegrity, etc.) προϋπέθεταν το αδιάβλητο των συσκευών ψηφοφορίας, το μοντέλο τυχαίου μαντείου, ή την ύπαρξη μια έμπιστης πηγής τυχαιότητας για την επίτευξη άμεσης επαληθευσιμότητας. Στον πυρήνα των DEMOS-A και DEMOS-2 , βρίσκεται ένας νέος μηχανισμός εξαγωγής τυχαιότητας απαιτούμενης για την επαλήθευση από την εντροπία που παράγουν οι ψηφοφόροι κατά τη συμμετοχή τους στην ψηφοφορία. Η εν λόγω εντροπία είναι εσωτερική ως προς το εκλογικό περιβάλλον, επομένως απαλείφεται η ανάγκη για εμπιστοσύνη σε μία εξωτερική πηγή τυχαιότητας. Η ανάλυση ασφάλειας διεξάγεται υπό ένα νέο κρυπτογραφικό πλαίσιο το οποίο συνιστά επιπρόσθετη συνεισφορά της διατριβής. Τα θεωρήματα άμεσης επαλήθευσιμότητας των DEMOS-A και DEMOS-2 μαρτυρούν μία στενή συσχέτιση του επιπέδου ασφάλειας με την συμπεριφορά του εκλογικού σωμάτος κατά την επαλήθευση. Βάσει αυτού του ευρήματος και της εργασίας του Ellison το 2007, η παρούσα διατριβή επεκτείνει το πλαίσιο μοντελοποιώντας τα συστήματα ηλεκτρονικής ψηφοφορίας ως ceremonies. Ως υπόδειγμα μελέτης ενός ceremony ηλεκτρονικής ψηφοφορίας, η παρούσα διατριβή μελετά την ασφάλεια του καθιερωμένου συστήματος ηλεκτρονικής ψηφοφορίας Helios.This PhD thesis introduces the DEMOS-A and DEMOS-2 e-voting systems that achieve end-to-end verifiability in the standard model for the first time. Prior to this thesis, all top-tier e-voting systems (e.g. SureVote, JCJ, Pret a Voter, Helios, Scantegrity, etc.) assumed honesty of the voting clients, the random oracle model, or the existence a randomness beacon to achieve end-to-end verifiability. In the core of DEMOS-A and DEMOS-2, is a novel mechanism that extracts the randomness required for verification from the entropy generated by the voters, when they engage in the voting phase. This entropy is internal with respect to the election environment, therefore the need for trusting an outer source of randomness is removed. The security analysis is performed under a novel cryptographic framework that constitutes an additional contribution of this thesis. The end-to-end verifiability theorems for DEMOS-A and DEMOS-2 reveal that the security level is in high correlation with the auditing behaviour of the electorate. Motivated by this finding, this thesis extends the framework by modelling e-voting systems as ceremonies, inspired by the work of Ellison in 2007. As a case study of an e-voting ceremony, this thesis investigates the security of the well-known Helios e-voting system