344 research outputs found
Cryptographic Voting — A Gentle Introduction
These lecture notes survey some of the main ideas and tech-
niques used in cryptographic voting systems. The write-up is geared to-
wards readers with little knowledge of cryptography and it focuses on
the broad principles that guide the design and analysis of cryptographic
systems, especially the need for properly designed security models.
We use a system proposed by Fujioka, Okamoto and Ohta as starting
example to introduce some basic building blocks and desirable security
properties. We then slowly build towards a comprehensive description of
the Helios voting system, one of the few systems deployed in practice
and briefly discuss a few of its security properties
Limiting Risk by Turning Manifest Phantoms into Evil Zombies
Drawing a random sample of ballots to conduct a risk-limiting audit generally
requires knowing how the ballots cast in an election are organized into groups,
for instance, how many containers of ballots there are in all and how many
ballots are in each container. A list of the ballot group identifiers along
with number of ballots in each group is called a ballot manifest. What if the
ballot manifest is not accurate? Surprisingly, even if ballots are known to be
missing from the manifest, it is not necessary to make worst-case assumptions
about those ballots--for instance, to adjust the margin by the number of
missing ballots--to ensure that the audit remains conservative. Rather, it
suffices to make worst-case assumptions about the individual randomly selected
ballots that the audit cannot find. This observation provides a simple
modification to some risk-limiting audit procedures that makes them
automatically become more conservative if the ballot manifest has errors. The
modification--phantoms to evil zombies (~2EZ)--requires only an upper bound on
the total number of ballots cast. ~2EZ makes the audit P-value stochastically
larger than it would be had the manifest been accurate, automatically requiring
more than enough ballots to be audited to offset the manifest errors. This
ensures that the true risk limit remains smaller than the nominal risk limit.
On the other hand, if the manifest is in fact accurate and the upper bound on
the total number of ballots equals the total according to the manifest, ~2EZ
has no effect at all on the number of ballots audited nor on the true risk
limit
Foundations of Security Analysis and Design VII
none3sìopenA. Aldini; J. Lopez; F. Martinelli (Editors)Aldini, Alessandro; J., Lopez; F., Martinell
Electronic Voting over the Internet - A real-world solution
Multicert develops an Internet voting solution called Certvote for over a decade. The system has been included in the pilot experiment for electronic elections in Portugal, at the beginning of the millennium, and has been updated and developed until this date. The dissertation will have the student analyse this system and characterize it relative to the state of the art. Namely, following objectives are underway: 1) Investigation of the state of the art for electronic voting systems in the scientific literature; 2) Detailed characterization of Certvote with the aid of Multicert?s development team; 3) Comparison of Certvote and relevant alternative solutions both in terms of specific scenarios it should work under and of security requirements or trust models it offers; 4) Proposition of changes to improve Certvote according to the obtained results
- …