163 research outputs found
Non-malleable encryption with proofs of plaintext knowledge and applications to voting
Non-malleable asymmetric encryption schemes which prove plaintext knowledge are sufficient for secrecy in some domains. For example, ballot secrecy in voting. In these domains, some applications derive encryption schemes by coupling malleable ciphertexts with proofs of plaintext knowledge, without evidence that the sufficient condition (for secrecy) is satisfied nor an independent security proof (of secrecy). Consequently, it is unknown whether these applications satisfy desirable secrecy properties. In this article, we propose a generic construction for such a coupling and show that our construction produces non-malleable encryption schemes which prove plaintext knowledge. Furthermore, we show how our results can be used to prove ballot secrecy of voting systems. Accordingly, we facilitate the development of applications satisfying their security objectives
Ballot secrecy: Security definition, sufficient conditions, and analysis of Helios
We propose a definition of ballot secrecy as an indistinguishability game in the
computational model of cryptography. Our definition improves upon
earlier definitions to ensure
ballot secrecy is preserved in the presence
of an adversary that controls
ballot collection.
We also propose
a definition
of ballot independence as
an adaptation of an indistinguishability game
for asymmetric
encryption. We prove relations between our definitions. In particular, we prove
ballot independence is sufficient for ballot secrecy in voting systems with
zero-knowledge tallying proofs. Moreover, we prove that building
systems
from non-malleable asymmetric encryption schemes suffices for ballot secrecy,
thereby eliminating
the expense of ballot-secrecy proofs for a class
of encryption-based voting systems. We demonstrate applicability of
our results by analysing the Helios voting system and its mixnet variant.
Our analysis reveals that Helios does not satisfy ballot secrecy in the presence of
an adversary that controls
ballot collection. The
vulnerability cannot be detected by earlier definitions of ballot secrecy, because
they do not consider such adversaries. We adopt non-malleable ballots
as a fix and prove that the fixed system satisfies ballot secrecy
Coercion-resistant Proxy Voting
In general, most elections follow the principle of equality, or as it came to be known, the principle of “one man – one vote”. However, this principle might pose difficulties for voters, who are not well informed regarding the particular matter that is voted on. In order to address this issue, a new form of voting has been proposed, namely proxy voting. In proxy voting, each voter has the possibility to delegate her voting right to another voter, so called proxy, that she considers a trusted expert on the matter. In this paper we propose an end-to-end verifiable Internet voting scheme, which to the best of our knowledge is the first scheme to address voter coercion in the proxy voting setting
Authentication with Weaker Trust Assumptions for Voting Systems
Some voting systems are reliant on external authentication services.
Others use cryptography to implement their own. We combine
digital signatures and non-interactive proofs to derive a generic construction
for voting systems with their own authentication mechanisms, from systems
that rely on external authentication services. We prove that our
construction produces systems satisfying ballot secrecy and election
verifiability, assuming the underlying voting system does. Moreover,
we observe that works based on similar ideas provide neither ballot secrecy nor
election verifiability. Finally, we demonstrate applicability of
our results by applying our construction to the Helios voting system
Recommended from our members
Civitas: Toward a Secure Voting System
Civitas is the first electronic voting system that is coercion-resistant, universally and voter verifiable, and suitable for remote voting. This paper describes the design and implementation of Civitas. Assurance is established in the design through security proofs, and in the implementation through information-flow security analysis. Experimental results give a quantitative evaluation of the tradeoffs between time, cost, and security.Engineering and Applied Science
PPS: Privacy-preserving statistics using RFID tags
As RFID applications are entering our daily life, many new
security and privacy challenges arise. However, current research
in RFID security focuses mainly on simple authentication
and privacy-preserving identication. In this paper,
we discuss the possibility of widening the scope of RFID
security and privacy by introducing a new application scenario.
The suggested application consists of computing statistics
on private properties of individuals stored in RFID tags.
The main requirement is to compute global statistics while
preserving the privacy of individual readings. PPS assures
the privacy of properties stored in each tag through the combination
of homomorphic encryption and aggregation at the
readers. Re-encryption is used to prevent tracking of users.
The readers scan tags and forward the aggregate of their
encrypted readings to the back-end server. The back-end
server then decrypts the aggregates it receives and updates
the global statistics accordingly. PPS is provably privacypreserving.
Moreover, tags can be very simple since they are
not required to perform any kind of computation, but only
to store data
Efficient cryptosystem for universally verifiable mixnets
Projecte final de carrera realitzat en col.laboraciĂł amb Scytl Secure Electronic Votin
- …