18 research outputs found
A Protocol for Cast-as-Intended Verifiability with a Second Device
Numerous institutions, such as companies, universities, or non-governmental
organizations, employ Internet voting for remote elections. Since the main
purpose of an election is to determine the voters' will, it is fundamentally
important to ensure that the final election result correctly reflects the
voters' votes. To this end, modern secure Internet voting schemes aim for what
is called end-to-end verifiability. This fundamental security property ensures
that the correctness of the final result can be verified, even if some of the
computers or parties involved are malfunctioning or corrupted.
A standard component in this approach is so called cast-as-intended
verifiability which enables individual voters to verify that the ballots cast
on their behalf contain their intended choices. Numerous approaches for
cast-as-intended verifiability have been proposed in the literature, some of
which have also been employed in real-life Internet elections.
One of the well established approaches for cast-as-intended verifiability is
to employ a second device which can be used by voters to audit their submitted
ballots. This approach offers several advantages - including support for
flexible ballot/election types and intuitive user experience - and it has been
used in real-life elections, for instance in Estonia.
In this work, we improve the existing solutions for cast-as-intended
verifiability based on the use of a second device. We propose a solution which,
while preserving the advantageous practical properties sketched above, provides
tighter security guarantees. Our method does not increase the risk of
vote-selling when compared to the underlying voting protocol being augmented
and, to achieve this, it requires only comparatively weak trust assumptions. It
can be combined with various voting protocols, including commitment-based
systems offering everlasting privacy
Cryptographic Protocols for Privacy Enhancing Technologies: From Privacy Preserving Human Attestation to Internet Voting
Desire of privacy is oftentimes associated with the intention to hide certain
aspects of our thoughts or actions due to some illicit activity. This is a
narrow understanding of privacy, and a marginal fragment of the motivations
for undertaking an action with a desired level of privacy. The right for not
being subject to arbitrary interference of our privacy is part of the universal
declaration of human rights (Article 12) and, above that, a requisite for
our freedom. Developing as a person freely, which results in the development
of society, requires actions to be done without a watchful eye. While
the awareness of privacy in the context of modern technologies is not widely
spread, it is clearly understood, as can be seen in the context of elections,
that in order to make a free choice one needs to maintain its privacy. So
why demand privacy when electing our government, but not when selecting
our daily interests, books we read, sites we browse, or persons we encounter?
It is popular belief that the data that we expose of ourselves would not be
exploited if one is a law-abiding citizen. No further from the truth, as this
data is used daily for commercial purposes: users’ data has value. To make
matters worse, data has also been used for political purposes without the
user’s consent or knowledge. However, the benefits that data can bring to
individuals seem endless and a solution of not using this data at all seems
extremist. Legislative efforts have tried, in the past years, to provide mechanisms
for users to decide what is done with their data and define a framework
where companies can use user data, but always under the consent of the latter.
However, these attempts take time to take track, and have unfortunately
not been very successful since their introduction.
In this thesis we explore the possibility of constructing cryptographic protocols
to provide a technical, rather than legislative, solution to the privacy
problem. In particular we focus on two aspects of society: browsing and
internet voting. These two events shape our lives in one way or another, and
require high levels of privacy to provide a safe environment for humans to
act upon them freely. However, these two problems have opposite solutions.
On the one hand, elections are a well established event in society that has
been around for millennia, and privacy and accountability are well rooted
requirements for such events. This might be the reason why its digitalisation
is something which is falling behind with respect to other acts of our society
(banking, shopping, reading, etc). On the other hand, browsing is a recently
introduced action, but that has quickly taken track given the amount of possibilities
that it opens with such ease. We now have access to whatever we
can imagine (except for voting) at the distance of a click. However, the data
that we generate while browsing is extremely sensitive, and most of it is disclosed to third parties under the claims of making the user experience better
(targeted recommendations, ads or bot-detection).
Chapter 1 motivates why resolving such a problem is necessary for the
progress of digital society. It then introduces the problem that this thesis
aims to resolve, together with the methodology. In Chapter 2 we introduce
some technical concepts used throughout the thesis. Similarly, we expose the
state-of-the-art and its limitations.
In Chapter 3 we focus on a mechanism to provide private browsing. In
particular, we focus on how we can provide a safer, and more private way, for
human attestation. Determining whether a user is a human or a bot is important
for the survival of an online world. However, the existing mechanisms
are either invasive or pose a burden to the user. We present a solution that
is based on a machine learning model to distinguish between humans and
bots that uses natural events of normal browsing (such as touch the screen
of a phone) to make its prediction. To ensure that no private data leaves
the user’s device, we evaluate such a model in the device rather than sending
the data over the wire. To provide insurance that the expected model has
been evaluated, the user’s device generates a cryptographic proof. However
this opens an important question. Can we achieve a high level of accuracy
without resulting in a noneffective battery consumption? We provide a positive
answer to this question in this work, and show that a privacy-preserving
solution can be achieved while maintaining the accuracy high and the user’s
performance overhead low.
In Chapter 4 we focus on the problem of internet voting. Internet voting
means voting remotely, and therefore in an uncontrolled environment.
This means that anyone can be voting under the supervision of a coercer,
which makes the main goal of the protocols presented to be that of coercionresistance.
We need to build a protocol that allows a voter to escape the
act of coercion. We present two proposals with the main goal of providing
a usable, and scalable coercion resistant protocol. They both have different
trade-offs. On the one hand we provide a coercion resistance mechanism
that results in linear filtering, but that provides a slightly weaker notion of
coercion-resistance. Secondly, we present a mechanism with a slightly higher
complexity (poly-logarithmic) but that instead provides a stronger notion of
coercion resistance. Both solutions are based on a same idea: allowing the
voter to cast several votes (such that only the last one is counted) in a way
that cannot be determined by a coercer.
Finally, in Chapter 5, we conclude the thesis, and expose how our results
push one step further the state-of-the-art. We concisely expose our contributions,
and describe clearly what are the next steps to follow. The results
presented in this work argue against the two main claims against privacy preserving solutions: either that privacy is not practical or that higher levels
of privacy result in lower levels of security.Programa de Doctorado en Ciencia y Tecnología Informática por la Universidad Carlos III de MadridPresidente: Agustín Martín Muñoz.- Secretario: José María de Fuentes García-Romero de Tejada.- Vocal: Alberto Peinado Domíngue
Seventh International Joint Conference on Electronic Voting
This volume contains papers presented at E-Vote-ID 2022, the Seventh International JointConference on Electronic Voting, held during October 4–7, 2022. This was the first in-personconference following the COVID-19 pandemic, and, as such, it was a very special event forthe community since we returned to the traditional venue in Bregenz, Austria. The E-Vote-IDconference resulted from merging EVOTE and Vote-ID, and 18 years have now elapsed sincethe first EVOTE conference in Austria.Since that conference in 2004, over 1500 experts have attended the venue, including scholars,practitioners, authorities, electoral managers, vendors, and PhD students. E-Vote-ID collectsthe most relevant debates on the development of electronic voting, from aspects relating tosecurity and usability through to practical experiences and applications of voting systems, alsoincluding legal, social, or political aspects, amongst others, turning out to be an importantglobal referent on these issues
Electronic Voting
This open access book LNCS 13353 constitutes the proceedings of the 7th International Conference on Electronic Voting, E-Vote-ID 2022, held in Bregenz, Austria, in October 2022. The 10 full papers presented were carefully reviewed and selected from 39 submissions. The conference collected the most relevant debates on the development of Electronic Voting, from aspects relating to security and usability through to practical experiences and applications of voting systems, also including legal, social, or political aspects, amongst others
A toolbox for verifiable tally-hiding e-voting systems
Cryptology ePrint Archive: Report 2021/491https://eprint.iacr.org/2021/491International audienceIn most verifiable electronic voting schemes, one key step is the tally phase, where the election result is computed from the encrypted ballots. A generic technique consists in first applying (verifiable) mixnets to the ballots and then revealing all the votes in the clear. This however discloses much more information than the result of the election itself (that is, the winners) and may offer the possibility to coerce voters. In this paper, we present a collection of building blocks for designing tally-hiding schemes based on multi-party computations. As an application, we propose the first tally-hiding schemes with no leakage for four important counting functions: D'Hondt, Condorcet, STV, and Majority Judgment. We also unveil unknown flaws or leakage in several previously proposed tally-hiding schemes
Reclaiming scalability and privacy in the decentralized setting
The advent of blockchains has expanded the horizon of possibilities to novel decentralised applications and protocols that were not possible before. Designing and building such applications, be it for offering new ways for humans to interact or for circumventing the shortcomings of existing blockchains, requires analysing their security
with a rigorous and multi-faceted approach. Indeed, the attack surface of decentralised,
trustless applications is vastly more expansive than that of classical, server-client-based
ones. Desirable properties such as security, privacy and scalability are attainable via
established and widely applied approaches in the centralised case, where clients can
afford to trust third party servers. Is it possible though for clients to self organize and
attain these properties in use cases of interest without reliance on central authorities?
We examine this question in the setting of a variety of blockchain-based applications.
With an explicit aim of improving the state of the art and extending the limits of possible decentralised operations with precision and robustness, the present thesis explores,
builds, analyses, and improves upon payments, content curation and decision making
European E-Democracy in Practice
This open access book explores how digital tools and social media technologies can contribute to better participation and involvement of EU citizens in European politics. By analyzing selected representative e-participation projects at the local, national and European governmental levels, it identifies the preconditions, best practices and shortcomings of e-participation practices in connection with EU decision-making procedures and institutions. The book features case studies on parliamentary monitoring, e-voting practices, and e-publics, and offers recommendations for improving the integration of e-democracy in European politics and governance. Accordingly, it will appeal to scholars as well as practitioners interested in identifying suitable e-participation tools for European institutions and thus helps to reduce the EU’s current democratic deficit. This book is a continuation of the book “Electronic Democracy in Europe” published by Springer
Breaking the encryption scheme of the Moscow Internet voting system
This work is a merger of arXiv:1908.09170 and arXiv:1908.05127.International audienceIn September 2019, voters for the election at the Parliament of the city of Moscow were allowed to use an Internet voting system. The source code of it had been made available for public testing. In this paper we show two successful attacks on the encryption scheme implemented in the voting system. Both attacks were sent to the developers of the system, and both issues had been fixed after that.The encryption used in this system is a variant of ElGamal over finite fields. In the first attack we show that the used key sizes are too small. We explain how to retrieve the private keys from the public keys in a matter of minutes with easily available resources.When this issue had been fixed and the new system had become available for testing, we discovered that the new implementation was not semantically secure. We demonstrate how this newly found security vulnerability can be used for counting the number of votes cast for a candidate