13 research outputs found
Election Security Is Harder Than You Think
Recent years have seen the rise of nation-state interference in elections
across the globe, making the ever-present need for more secure elections all
the more dire. While certain common-sense approaches have been a typical
response in the past, e.g. ``don't connect voting machines to the Internet''
and ``use a voting system with a paper trail'', known-good solutions to
improving election security have languished in relative obscurity for decades.
These techniques are only now finally being implemented at scale, and that
implementation has brought the intricacies of sophisticated approaches to
election security into full relief.
This dissertation argues that while approaches to improve election security
like paper ballots and post-election audits seem straightforward, in reality
there are significant practical barriers to sufficient implementation.
Overcoming these barriers is a necessary condition for an election to be
secure, and while doing so is possible, it requires significant refinement of
existing techniques. In order to better understand how election security
technology can be improved, I first develop what it means for an election to be
secure. I then delve into experimental results regarding voter-verified paper,
discussing the challenges presented by paper ballots as well as some strategies
to improve the security they can deliver. I examine the post-election audit
ecosystem and propose a manifest improvement to audit workload analysis
through parallelization. Finally, I show that even when all of these conditions
are met (as in a vote-by-mail scenario), there are still wrinkles that must be
addressed for an election to be truly secure.PHDComputer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/163272/1/matber_1.pd
Seventh International Joint Conference on Electronic Voting
This volume contains papers presented at E-Vote-ID 2022, the Seventh International JointConference on Electronic Voting, held during October 4–7, 2022. This was the first in-personconference following the COVID-19 pandemic, and, as such, it was a very special event forthe community since we returned to the traditional venue in Bregenz, Austria. The E-Vote-IDconference resulted from merging EVOTE and Vote-ID, and 18 years have now elapsed sincethe first EVOTE conference in Austria.Since that conference in 2004, over 1500 experts have attended the venue, including scholars,practitioners, authorities, electoral managers, vendors, and PhD students. E-Vote-ID collectsthe most relevant debates on the development of electronic voting, from aspects relating tosecurity and usability through to practical experiences and applications of voting systems, alsoincluding legal, social, or political aspects, amongst others, turning out to be an importantglobal referent on these issues
From Information Theory Puzzles in Deletion Channels to Deniability in Quantum Cryptography
Research questions, originally rooted in quantum key exchange (QKE), have branched off into independent lines of inquiry ranging from information theory to fundamental physics. In a similar vein, the first part of this thesis is dedicated to information theory problems in deletion channels that arose in the context of QKE. From the output produced by a memoryless deletion channel with a uniformly random input of known length n, one obtains a posterior distribution on the channel input. The difference between the Shannon entropy of this distribution and that of the uniform prior measures the amount of information about the channel input which is conveyed by the output of length m. We first conjecture on the basis of experimental data that the entropy of the posterior is minimized by the constant strings 000..., 111... and maximized by the alternating strings 0101..., 1010.... Among other things, we derive analytic expressions for minimal entropy and propose alternative approaches for tackling the entropy extremization problem. We address a series of closely related combinatorial problems involving binary (sub/super)-sequences and prove the original minimal entropy conjecture for the special cases of single and double deletions using clustering techniques and a run-length encoding of strings. The entropy analysis culminates in a fundamental characterization of the extremal entropic cases in terms of the distribution of embeddings. We confirm the minimization conjecture in the asymptotic limit using results from hidden word statistics by showing how the analytic-combinatorial methods of Flajolet, Szpankowski and Vallée, relying on generating functions, can be applied to resolve the case of fixed output length and n → ∞.
In the second part, we revisit the notion of deniability in QKE, a topic that remains largely unexplored. In a work by Donald Beaver it is argued that QKE protocols are not necessarily deniable due to an eavesdropping attack that limits key equivocation. We provide more insight into the nature of this attack and discuss how it extends to other prepare-and-measure QKE schemes such as QKE obtained from uncloneable encryption. We adopt the framework for quantum authenticated key exchange developed by Mosca et al. and extend it to introduce the notion of coercer-deniable QKE, formalized in terms of the indistinguishability of real and fake coercer views. We also elaborate on the differences between our model and the standard simulation-based definition of deniable key exchange in the classical setting. We establish a connection between the concept of covert communication and deniability by applying results from a work by Arrazola and Scarani on obtaining covert quantum communication and covert QKE to propose a simple construction for coercer-deniable QKE. We prove the deniability of this scheme via a reduction to the security of covert QKE. We relate deniability to fundamental concepts in quantum information theory and suggest a generic approach based on entanglement distillation for achieving information-theoretic deniability, followed by an analysis of other closely related results such as the relation between the impossibility of unconditionally secure quantum bit commitment and deniability. Finally, we present an efficient coercion-resistant and quantum-secure voting scheme, based on fully homomorphic encryption (FHE) and recent advances in various FHE primitives such as hashing, zero-knowledge proofs of correct decryption, verifiable shuffles and threshold FHE
The DEMOS family of e-voting systems: End-to-end verifiable elections in the standard model
Η παρούσα διδακτορική διατριβή εισάγει τα συστήματα ηλεκτρονικής ψηφοφορίας
DEMOS-A και DEMOS-2 τα οποία επιτυγχάνουν άμεση επαληθευσιμότητα (end-to-end
verifiability) για πρώτη φορά. Προγενέστερα της διατριβής, όλα τα κορυφαία
συστήματα ηλεκτρονικής ψηφοφορίας (π.χ. SureVote, JCJ, Pret a Voter, Helios,
Scantegrity, etc.) προϋπέθεταν το αδιάβλητο των συσκευών ψηφοφορίας, το μοντέλο
τυχαίου μαντείου, ή την ύπαρξη μια έμπιστης πηγής τυχαιότητας για την επίτευξη
άμεσης επαληθευσιμότητας.
Στον πυρήνα των DEMOS-A και DEMOS-2 , βρίσκεται ένας νέος μηχανισμός εξαγωγής
τυχαιότητας απαιτούμενης για την επαλήθευση από την εντροπία που παράγουν οι
ψηφοφόροι κατά τη συμμετοχή τους στην ψηφοφορία. Η εν λόγω εντροπία είναι
εσωτερική ως προς το εκλογικό περιβάλλον, επομένως απαλείφεται η ανάγκη για
εμπιστοσύνη σε μία εξωτερική πηγή τυχαιότητας.
Η ανάλυση ασφάλειας διεξάγεται υπό ένα νέο κρυπτογραφικό πλαίσιο το οποίο
συνιστά επιπρόσθετη συνεισφορά της διατριβής. Τα θεωρήματα άμεσης
επαλήθευσιμότητας των DEMOS-A και DEMOS-2 μαρτυρούν μία στενή συσχέτιση του
επιπέδου ασφάλειας με την συμπεριφορά του εκλογικού σωμάτος κατά την
επαλήθευση. Βάσει αυτού του ευρήματος και της εργασίας του Ellison το 2007, η
παρούσα διατριβή επεκτείνει το πλαίσιο μοντελοποιώντας τα συστήματα
ηλεκτρονικής ψηφοφορίας ως ceremonies. Ως υπόδειγμα μελέτης ενός ceremony
ηλεκτρονικής ψηφοφορίας, η παρούσα διατριβή μελετά την ασφάλεια του
καθιερωμένου συστήματος ηλεκτρονικής ψηφοφορίας Helios.This PhD thesis introduces the DEMOS-A and DEMOS-2 e-voting systems that
achieve end-to-end verifiability in the standard model for the first time.
Prior to this thesis, all top-tier e-voting systems (e.g. SureVote, JCJ, Pret a
Voter, Helios, Scantegrity, etc.) assumed honesty of the voting clients, the
random oracle model, or the existence a randomness beacon to achieve end-to-end
verifiability.
In the core of DEMOS-A and DEMOS-2, is a novel mechanism that extracts the
randomness required for verification from the entropy generated by the voters,
when they engage in the voting phase. This entropy is internal with respect to
the election environment, therefore the need for trusting an outer source of
randomness is removed.
The security analysis is performed under a novel cryptographic framework that
constitutes an additional contribution of this thesis. The end-to-end
verifiability theorems for DEMOS-A and DEMOS-2 reveal that the security level
is in high correlation with the auditing behaviour of the electorate. Motivated
by this finding, this thesis extends the framework by modelling e-voting
systems as ceremonies, inspired by the work of Ellison in 2007. As a case study
of an e-voting ceremony, this thesis investigates the security of the
well-known Helios e-voting system
Reclaiming scalability and privacy in the decentralized setting
The advent of blockchains has expanded the horizon of possibilities to novel decentralised applications and protocols that were not possible before. Designing and building such applications, be it for offering new ways for humans to interact or for circumventing the shortcomings of existing blockchains, requires analysing their security
with a rigorous and multi-faceted approach. Indeed, the attack surface of decentralised,
trustless applications is vastly more expansive than that of classical, server-client-based
ones. Desirable properties such as security, privacy and scalability are attainable via
established and widely applied approaches in the centralised case, where clients can
afford to trust third party servers. Is it possible though for clients to self organize and
attain these properties in use cases of interest without reliance on central authorities?
We examine this question in the setting of a variety of blockchain-based applications.
With an explicit aim of improving the state of the art and extending the limits of possible decentralised operations with precision and robustness, the present thesis explores,
builds, analyses, and improves upon payments, content curation and decision making