Accuracy: The fundamental requirement for voting systems

There have been several attempts to develop a comprehensive account of the requirements for voting systems, particularly for public elections. Typically, these approaches identify a number of "high level" principals which are then refined either into more detailed statements or more formal constructs. Unfortunately, these approaches do not acknowledge the complexity and diversity of the contexts in which voting takes place. This paper takes a different approach by arguing that the only requirement for a voting system is that it is accurate. More detailed requirements can then be derived from this high level requirement for the particular context in which the system is implemented and deployed. A general, formal high level model for voting systems and their context is proposed. Several related definitions of accuracy for voting systems are then developed, illustrating how the term "accuracy" is in interpreted in different contexts. Finally, a context based requirement for voting system privacy is investigated as an example of deriving a subsidiary requirement from the high level requirement for accuracy

Fully Collision-Resistant Chameleon-Hashes from Simpler and Post-Quantum Assumptions

Chameleon-hashes are collision-resistant hash-functions parametrized by a public key. If the corresponding secret key is known, arbitrary collisions for the hash can be found. Recently, Derler et al. (PKC \u2720) introduced the notion of fully collision-resistant chameleon-hashes. Full collision-resistance requires the intractability of finding collisions, even with full-adaptive access to a collision-finding oracle. Their construction combines simulation-sound extractable (SSE) NIZKs with perfectly correct IND-CPA secure public-key encryption (PKE) schemes. We show that, instead of perfectly correct PKE, non-interactive commitment schemes are sufficient. For the first time, this gives rise to efficient instantiations from plausible post-quantum assumptions and thus candidates of chameleon-hashes with strong collision-resistance guarantees and long-term security guarantees. On the more theoretical side, our results relax the requirement to not being dependent on public-key encryption

Fully Invisible Protean Signatures Schemes

Protean Signatures (PS), recently introduced by Krenn et al. (CANS \u2718), allow a semi-trusted third party, named the sanitizer, to modify a signed message in a controlled way. The sanitizer can edit signer-chosen parts to arbitrary bitstrings, while the sanitizer can also redact admissible parts, which are also chosen by the signer. Thus, PSs generalize both redactable signature (RSS) and sanitizable signature (SSS) into a single notion. However, the current definition of invisibility does not prohibit that an outsider can decide which parts of a message are redactable - only which parts can be edited are hidden. This negatively impacts on the privacy guarantees provided by the state-of-the-art definition. We extend PSs to be fully invisible. This strengthened notion guarantees that an outsider can neither decide which parts of a message can be edited nor which parts can be redacted. To achieve our goal, we introduce the new notions of Invisible RSSs and Invisible Non-Accountable SSSs (SSS\u27), along with a consolidated framework for aggregate signatures. Using those building blocks, our resulting construction is significantly more efficient than the original scheme by Krenn et al., which we demonstrate in a prototypical implementation

Log Auditing for Trust Assessment in Peer-to-Peer Collaboration

International audienceIn order to overcome the disadvantages of a central authority, a tendency is to move towards a peer-to-peer collaboration where control over data is given to users who can decide with whom they want to share their private data. In this peer-to-peer collaboration it is very difficult to ensure that after data is shared with other peers, these peers will not misbehave and violate data privacy. In this paper, we propose a mechanism that addresses the issue of data privacy violation by auditing the collaboration logs. In our approach, trust values between users are adjusted according to their previous activities on the shared data. Users share their private data by specifying some obligations the receivers are expected to follow. We log modifications done by users as well as the obligations and use a log-auditing mechanism to detect users who misbehaved. We adjust their associated trust values by using any existing decentralized trust model

DAG-Based Attack and Defense Modeling: Don't Miss the Forest for the Attack Trees

This paper presents the current state of the art on attack and defense modeling approaches that are based on directed acyclic graphs (DAGs). DAGs allow for a hierarchical decomposition of complex scenarios into simple, easily understandable and quantifiable actions. Methods based on threat trees and Bayesian networks are two well-known approaches to security modeling. However there exist more than 30 DAG-based methodologies, each having different features and goals. The objective of this survey is to present a complete overview of graphical attack and defense modeling techniques based on DAGs. This consists of summarizing the existing methodologies, comparing their features and proposing a taxonomy of the described formalisms. This article also supports the selection of an adequate modeling technique depending on user requirements

E-democracy Implementation: The Imperative of Agenda Setting

Decline in the level of citizens’ participation due to disconnect between citizens and their representatives has been identified as one of the prominent challenges facing most democratic societies in the world today. E-democracy has been identified to have the potentials to reduce the contemporary estrangement between the democratic actors by creating new forms of engagement, deliberation, and collaboration in polity to make the democratic processes more inclusive and transparent. However, edemocracy initiatives in many countries have had mixed success as most e-democracy implementations have been unable to justify the essence of huge investments made into it. This research paper reviews existing edemocracy development processes and agenda of nations among the top twenty countries in e-participation implementation as rated in the UN Global E-Government Evaluation, 2010. The sample composed of secondary data sourced from information system centric academic journals, book chapters, conference proceedings, database of international development organisations (OECD, UN, EU) on e-democracy implementation reports and database of research institutions and centres that focus on e-government and e-democracy implementation. Findings revealed that most countries do not have well established framework and agenda setting for e-democracy implementation, but only based their e-democracy implementation on one of the objectives of their e-government implementation. As a result, policy content is largely missing in most edemocracy strategies at both conceptual and implementation stage. This paper therefore, presents a guideline for e-democracy agenda setting and discusses issues germane to establishing e-democracy agenda. It submits that for a successful e-democracy implementation, the agenda-setting phase should capture the legal and political processes of the country. In addition, e-democracy strategic vision, strategic aim and objectives, strategic policy, mode of implementation and overseeing body should be well articulated in the agenda setting phase of e-democracy implementation plan. The discussion will benefit both researchers, government and practitioners on successful e-democracy implementation as basis for societal development