New approaches for electronic voting paradigms

La democràcia es el sistema de govern més utilitzat al món. No obstant, en un món cada vegada més globalitzat, la idea de mobilitzar la gent per votar en un col·legi electoral gestionat per persones resulta antiquada tot i ser la implementació més comú en l'actualitat. Millorar aquesta situació mitjançant l'ús de les tecnologies de la informació sembla una evolució òbvia i molt demanada però, malgrat l'existència d'algunes implementacions en entorns reals, encara no ha estat utilitzada excepte en comptades ocasions. Obrir la porta d'unes eleccions a les tecnologies de la informació implica l'obertura dels protocols de votació a un nou conjunt d'atacs contra aquests. Tenint en compte els requisits d'una elecció: privacitat del votant i integritat de l'elecció, les solucions actuals passen per implementar l'elecció seguint un dels tres paradigmes de vot segurs: barreja de vots, recompte homomòrfic o signatura cega. En aquesta tesi, es proposen nous protocols per als diferents paradigmes. La primera proposta consisteix en un sistema de vot que, basant-se en una informació redundant enviada pel votant, és capaç de realitzar una barreja de vots amb cost negligible incrementant lleugerament el cost del recompte. Per al paradigma de recompte homomòrfic, es proposa una prova de validesa del vot basada en les proves utilitzades per demostrar la correctesa en sistemes amb barreja de vots. Aquesta solució permet utilitzar les millores realitzades sobre el paradigma de barreja de vots per al seu ús en el paradigma de recompte homomòrfic. Finalment, es plantegen dues solucions per a eleccions del paradigma de signatura cega. La primera utilitza credencials generades amb signatura cega per permetre als votants vàlids enviar el seu vot sense que es conegui la seva identitat. La segona resol el problema del vot doble en aquest paradigma mitjan cant una construcció que utilitza un sistema de moneda electrònica off-line.La democracia es el sistema de gobierno más usado en el mundo. No obstante, en un mundo cada vez más globalizado, la idea de movilizar a la gente para votar en un colegio electoral gestionado por personas resulta anticuada a pesar de ser la implementación más común en la actualidad. Mejorar esta situación mediante el uso de las tecnologías de la información parece una evolución obvia y muy solicitada pero, a pesar de unas pocas adaptaciones, aún no ha sido usada salvo en escasas ocasiones. Abrir la puerta de unas elecciones a las tecnologías de la información lleva implícita la apertura de los protocolos de voto a un nuevo conjunto de ataques contra estos. Teniendo en cuenta los requisitos de una elección: privacidad del votante e integridad de la elección, las soluciones actuales pasan por implementar la elección siguiendo uno de los tres paradigmas de voto seguros: mezcla de votos, recuento homomórfico o firma ciega. En esta tesis, se proponen nuevos protocolos para los distintos paradigmas. La primera propuesta consiste en un sistema de voto bajo el paradigma de mezcla de votos que, basándose en una información redundante enviada por el votante, es capaz de realizar una mezcla de votos con un coste negligible incrementando ligeramente el coste del recuento. Para el paradigma de recuento homomórfico, se propone una prueba para verificar que el voto es válido basada en las pruebas de correctitud en sistemas con mezcla de votos. Esta solución permite usar las mejoras realizadas en el paradigma de mezcla de votos para su uso en el paradigma de recuento homomórfico. Finalmente, se proponen dos nuevos protocolos del paradigma de firma ciega. El primero utiliza credenciales generadas con firma ciega para permitir a votantes válidos enviar su voto sin que se conozca su identidad. El segundo resuelve el problema del voto doble en el paradigma de firma ciega mediante una construcción que utiliza un sistema de moneda electrónica off-line.Democracy is the most established government system in the world. However, in an increasingly globalized world, the idea of requiring people to move in order to cast their vote in the polling station seems outdated, even though it is, nowadays, the most common implementation. An obvious and widely demanded evolution is to improve the election framework by enabling the use of information technologies. Nevertheless, this solution has been implemented few times in real environment elections and the global success of these solutions have been called into question. The use of information technologies in voting protocols improves the quality of the election but, at the same time, it also opens up the voting protocols to new threats. Keeping this attacks in mind and given the election requirements: voter's privacy and election's integrity, the solutions proposed up to date are to implement one of the three secure voting paradigms: mixtype based, homomorphic tally, and blind signature. In this thesis, we present new protocols for the di erent paradigms. Our rst proposal, based on the mix-type paradigm, consists in a voting protocol which is able to perform the ballot mix with negligible cost but slightly increasing the tally cost. The proposed protocol makes use of a proper vote generation based on sending secret redundant information with the ballot when it is cast. For the homomorphic tally paradigm, we propose a zero knowledge proof of correctness of the ballot based on the proofs used to demonstrate the correctness of a shu e in the mix-type paradigm. This protocol makes possible to use the improvements on the shu e correctness proofs in the homomorphic tally paradigm. Finally, two di erent protocols are also proposed for the blind signature paradigm. The rst one uses credentials generated by means of a blind signature which allow eligible voters to cast their vote without leaking information about their identity. The second one is focused on solving the double voting problem in this paradigm. The protocol proposed uses o -line e-coin systems to provide anonymity disclosure in case of double voting

Breaking the t<n/3t< n/3 Consensus Bound: Asynchronous Dynamic Proactive Secret Sharing under Honest Majority

A proactive secret sharing scheme (PSS), expressed in the dynamic-membership setting, enables a committee of n holders of secret-shares, dubbed as players, to securely hand-over new shares of the same secret to a new committee. We dub such a sub-protocol as a Refresh. All existing PSS under an honest majority, require the use of a broadcast (BC) in each refresh. BC is costly to implement, and its security relies on timing assumptions on the network. So the privacy of the secret and/or its guaranteed delivery, either depend on network assumptions, or, on the reliability of a public ledger. By contrast, PSS over asynchronous channels do not have these constraints. However, all of them (but one, with exponential complexity) use asynchronous verifiable secret sharing (AVSS) and consensus (MVBA and/or ACS), which are impossible under asynchrony beyond t<n/3 corruptions, whatever the setup. We present a PSS, named asynchronous-proactive secret sharing (APSS), which is the first PSS under honest majority with guaranteed output delivery in a completely asynchronous network. More generally, APSS allows any flexible threshold $t<n$, such that privacy and correctness are guaranteed up to t corruptions, and liveness as soon as $t+1$ players behave honestly. Correctness can be lifted to any number of corruptions, provided a linearly homomorphic commitment scheme. Moreover, each refresh completes at the record speed of $2\delta$, where $\delta$ is the actual message delivery delay. APSS demonstrates that proactive refreshes are possible as long as players of the initial committee only, have a common view on a set of (publicly committed or encrypted) shares. Despite not providing consensus on a unique set of shares, APSS surprisingly enables the opening of any linear map over secrets { non-interactively, without consensus }. This, in turn, applies to threshold signing, decryption and randomness generation. APSS can also be directly integrated into the asynchronous Schnorr threshold signing scheme Roast [CCS\u2722]. Of independent interest, we: - provide the first UC formalization (and proof) of proactive AVSS, furthermore for arbitrary thresholds; - provide additional mechanisms enabling players of a committee to start a refresh then erase their old shares, synchronously up to $\delta$ from each other; - improve by 50x the verification speed of the NIZKs of encrypted re-sharing of [Cascudo et al, Asiacrypt\u2722], by using novel optimizations of batch Schnorr proofs of knowledge. We demonstrate efficiency of APSS with an implementation which uses this optimization as baseline

Cryptographic Protocols for Privacy Enhancing Technologies: From Privacy Preserving Human Attestation to Internet Voting

Desire of privacy is oftentimes associated with the intention to hide certain aspects of our thoughts or actions due to some illicit activity. This is a narrow understanding of privacy, and a marginal fragment of the motivations for undertaking an action with a desired level of privacy. The right for not being subject to arbitrary interference of our privacy is part of the universal declaration of human rights (Article 12) and, above that, a requisite for our freedom. Developing as a person freely, which results in the development of society, requires actions to be done without a watchful eye. While the awareness of privacy in the context of modern technologies is not widely spread, it is clearly understood, as can be seen in the context of elections, that in order to make a free choice one needs to maintain its privacy. So why demand privacy when electing our government, but not when selecting our daily interests, books we read, sites we browse, or persons we encounter? It is popular belief that the data that we expose of ourselves would not be exploited if one is a law-abiding citizen. No further from the truth, as this data is used daily for commercial purposes: users’ data has value. To make matters worse, data has also been used for political purposes without the user’s consent or knowledge. However, the benefits that data can bring to individuals seem endless and a solution of not using this data at all seems extremist. Legislative efforts have tried, in the past years, to provide mechanisms for users to decide what is done with their data and define a framework where companies can use user data, but always under the consent of the latter. However, these attempts take time to take track, and have unfortunately not been very successful since their introduction. In this thesis we explore the possibility of constructing cryptographic protocols to provide a technical, rather than legislative, solution to the privacy problem. In particular we focus on two aspects of society: browsing and internet voting. These two events shape our lives in one way or another, and require high levels of privacy to provide a safe environment for humans to act upon them freely. However, these two problems have opposite solutions. On the one hand, elections are a well established event in society that has been around for millennia, and privacy and accountability are well rooted requirements for such events. This might be the reason why its digitalisation is something which is falling behind with respect to other acts of our society (banking, shopping, reading, etc). On the other hand, browsing is a recently introduced action, but that has quickly taken track given the amount of possibilities that it opens with such ease. We now have access to whatever we can imagine (except for voting) at the distance of a click. However, the data that we generate while browsing is extremely sensitive, and most of it is disclosed to third parties under the claims of making the user experience better (targeted recommendations, ads or bot-detection). Chapter 1 motivates why resolving such a problem is necessary for the progress of digital society. It then introduces the problem that this thesis aims to resolve, together with the methodology. In Chapter 2 we introduce some technical concepts used throughout the thesis. Similarly, we expose the state-of-the-art and its limitations. In Chapter 3 we focus on a mechanism to provide private browsing. In particular, we focus on how we can provide a safer, and more private way, for human attestation. Determining whether a user is a human or a bot is important for the survival of an online world. However, the existing mechanisms are either invasive or pose a burden to the user. We present a solution that is based on a machine learning model to distinguish between humans and bots that uses natural events of normal browsing (such as touch the screen of a phone) to make its prediction. To ensure that no private data leaves the user’s device, we evaluate such a model in the device rather than sending the data over the wire. To provide insurance that the expected model has been evaluated, the user’s device generates a cryptographic proof. However this opens an important question. Can we achieve a high level of accuracy without resulting in a noneffective battery consumption? We provide a positive answer to this question in this work, and show that a privacy-preserving solution can be achieved while maintaining the accuracy high and the user’s performance overhead low. In Chapter 4 we focus on the problem of internet voting. Internet voting means voting remotely, and therefore in an uncontrolled environment. This means that anyone can be voting under the supervision of a coercer, which makes the main goal of the protocols presented to be that of coercionresistance. We need to build a protocol that allows a voter to escape the act of coercion. We present two proposals with the main goal of providing a usable, and scalable coercion resistant protocol. They both have different trade-offs. On the one hand we provide a coercion resistance mechanism that results in linear filtering, but that provides a slightly weaker notion of coercion-resistance. Secondly, we present a mechanism with a slightly higher complexity (poly-logarithmic) but that instead provides a stronger notion of coercion resistance. Both solutions are based on a same idea: allowing the voter to cast several votes (such that only the last one is counted) in a way that cannot be determined by a coercer. Finally, in Chapter 5, we conclude the thesis, and expose how our results push one step further the state-of-the-art. We concisely expose our contributions, and describe clearly what are the next steps to follow. The results presented in this work argue against the two main claims against privacy preserving solutions: either that privacy is not practical or that higher levels of privacy result in lower levels of security.Programa de Doctorado en Ciencia y Tecnología Informática por la Universidad Carlos III de MadridPresidente: Agustín Martín Muñoz.- Secretario: José María de Fuentes García-Romero de Tejada.- Vocal: Alberto Peinado Domíngue

Advances in cryptographic voting systems

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2006.Includes bibliographical references (p. 241-254).Democracy depends on the proper administration of popular elections. Voters should receive assurance that their intent was correctly captured and that all eligible votes were correctly tallied. The election system as a whole should ensure that voter coercion is unlikely, even when voters are willing to be influenced. These conflicting requirements present a significant challenge: how can voters receive enough assurance to trust the election result, but not so much that they can prove to a potential coercer how they voted? This dissertation explores cryptographic techniques for implementing verifiable, secret-ballot elections. We present the power of cryptographic voting, in particular its ability to successfully achieve both verifiability and ballot secrecy, a combination that cannot be achieved by other means. We review a large portion of the literature on cryptographic voting. We propose three novel technical ideas: 1. a simple and inexpensive paper-base cryptographic voting system with some interesting advantages over existing techniques, 2. a theoretical model of incoercibility for human voters with their inherent limited computational ability, and a new ballot casting system that fits the new definition, and 3. a new theoretical construct for shuffling encrypted votes in full view of public observers.by Ben Adida.Ph.D