A smart contract system for decentralized borda count voting

In this article, we propose the first self-tallying decentralized e-voting protocol for a ranked-choice voting system based on Borda count. Our protocol does not need any trusted setup or tallying authority to compute the tally. The voters interact through a publicly accessible bulletin board for executing the protocol in a way that is publicly verifiable. Our main protocol consists of two rounds. In the first round, the voters publish their public keys, and in the second round they publish their randomized ballots. All voters provide Non-interactive Zero-Knowledge (NIZK) proofs to show that they have been following the protocol specification honestly without revealing their secret votes. At the end of the election, anyone including a third-party observer will be able to compute the tally without needing any tallying authority. We provide security proofs to show that our protocol guarantees the maximum privacy for each voter. We have implemented our protocol using Ethereum's blockchain as a public bulletin board to record voting operations as publicly verifiable transactions. The experimental data obtained from our tests show the protocol's potential for the real-world deployment

Camel: E2E Verifiable Instant Runoff Voting without Tallying Authorities

Instant Runoff Voting (IRV) is one example of ranked-choice voting. It provides many known benefits when used in elections, such as minimising vote splitting, ensuring few votes are wasted, and providing resistance to strategic voting. However, the voting and tallying procedures for IRV are much more complicated than those of plurality and are both error-prone and tedious. Many automated systems have been proposed to simplify these procedures in IRV. Some of these also employ cryptographic techniques to protect the secrecy of ballots and enable verification of the tally. Nearly all of these cryptographic systems require a set of trustworthy tallying authorities (TAs) to perform the decryption of votes and/or running of mix servers, which adds significant complexity to the implementation and election management. We address this issue by proposing Camel: an E2E verifiable solution for IRV that requires no TAs. Camel employs a novel representation and a universally verifiable shifting procedure for ballots that facilitate the elimination of candidates as required in an IRV election. We combine these with a homomorphic encryption scheme and zero-knowledge proofs to protect the secrecy of the ballots and enable any party to verify the well-formedness of the ballots and the correctness of the tally in an IRV election. We examine the security of Camel and prove it maintains ballot secrecy by limiting the learned information (namely the tally) against a set of colluding voters

Authentic-caller : self-enforcing authentication in a next generation network

The Internet of Things (IoT) or the Cyber-Physical System (CPS) is the network of connected devices, things and people which collect and exchange information using the emerging telecommunication networks (4G, 5G IP-based LTE). These emerging telecommunication networks can also be used to transfer critical information between the source and destination, informing the control system about the outage in the electrical grid, or providing information about the emergency at the national express highway. This sensitive information requires authorization and authentication of source and destination involved in the communication. To protect the network from unauthorized access and to provide authentication, the telecommunication operators have to adopt the mechanism for seamless verification and authorization of parties involved in the communication. Currently, the next-generation telecommunication networks use a digest-based authentication mechanism, where the call-processing engine of the telecommunication operator initiates the challenge to the request-initiating client or caller, which is being solved by the client to prove his credentials. However, the digest-based authentication mechanisms are vulnerable to many forms of known attacks e.g., the Man-In-The-Middle (MITM) attack and the password guessing attack. Furthermore, the digest-based systems require extensive processing overheads. Several Public-Key Infrastructure (PKI) based and identity-based schemes have been proposed for the authentication and key agreements. However, these schemes generally require smart-card to hold long-term private keys and authentication credentials. In this paper, we propose a novel self-enforcing authentication protocol for the SIPbased next-generation network based on a low-entropy shared password without relying on any PKI or trusted third party system. The proposed system shows effective resistance against various attacks e.g., MITM, replay attack, password guessing attack, etc. We a..

PriVeto: a fully private two round veto protocol.

Veto is a prerogative to unilaterally overrule a decision. A private veto protocol consists of a number of participants who wish to decide whether or not to veto a particular motion without revealing the individual opinions. Essentially all participants jointly perform a multi-party computation (MPC) on a boolean-OR function where an input of "1" represents veto and "0" represents not veto. In 2006, Hao and Zieli´ nski presented a two round veto protocol named Anonymous Veto network (AV-net), which is exceptionally efficient in terms of the number of rounds, computation and bandwidth usage. However, AV-net has two generic issues: 1) a participant who has submitted a veto can find out whether she is the only one who vetoed; 2) the last participant who submits her input can pre-compute the boolean-OR result before submission, and may amend her input based on that knowledge. These two issues generally apply to any multi-round veto protocol where participants commit their input in the last round. In this paper, we propose a novel solution to address both issues within two rounds, which are the best possible round efficiency for a veto protocol. Our new private veto protocol, called PriVeto, has similar system complexities to AV-net, but it binds participants to their inputs in the very first round, eliminating the possibility of runtime changes to any of the inputs. At the end of the protocol, participants are strictly limited to learning nothing more than the output of the boolean-OR function and their own inputs.ERC 306994 H2020 European Research Council http://dx.doi.org/10.13039/10001066

VERICONDOR : End-to-end verifiable condorcet voting without tallying authorities

Condorcet voting, first proposed by Marquis de Condorcet in the 18th century, chooses a winner of an election as one that defeats every other candidate by a simple majority. According to Condorcet's criterion, a Condorcet winner is the socially optimal choice in a multi-candidate election. However, despite the crucial importance of this voting system in social-choice theory, it has not been widely used in practical applications. This is partly due to the complex tallying procedure, and also the fact that several candidates may form a tie. Existing systems that provide online Condorcet voting services in the real world try to speed up the tallying process by collecting and tallying Condorcet ballots in a digital form. However, they require voters to completely trust the server. In this paper, we propose VERICONDO, the first end-to-end verifiable Condorcet e-voting system without any tallying authorities. Our system allows a voter to fully verify the tallying integrity without involving any trustworthy tallying authorities and provides strong protection of the ballot secrecy. One main challenge in our work lies in proving the well-formedness of an encrypted ballot while being able to tally the ballots in a publicly verifiable yet privacy-preserving manner. We overcome this challenge by adopting a pairwise comparison matrix and applying a novel vector-sum technique to achieve exceptional efficiency. The overall computational cost per ballot is O (n2) where n is the number of candidates. This is probably the best that one may hope for given the use of a n x n matrix to record a Condorcet ballot. In case of a tie, we show how to apply known Condorcet methods to break the tie in a publicly verifiable manner. Finally, we present a prototype implementation and benchmark performance to show the feasibility of our system

Decentralized self-enforcing trust management system for social Internet of Things

The Internet of Things (IoT) is the network of connected computing devices that have the ability to transfer valued data between each other via the Internet without requiring human intervention. In such a connected environment, the social IoT (SIoT) has become an emerging trend where multiple IoT devices owned by users support communication within a social circle. Trust management in the SIoT network is imperative as trusting the information from compromised devices could lead to serious compromises within the network. It is important to have a mechanism where the devices and their users evaluate the trustworthiness of other devices and users before trusting the information sent by them. The privacy preservation, decentralization, and self-enforcing management without involving trusted third parties are the fundamental challenges in designing a trust management system for SIoT. To fulfill these challenges, this article presents a novel framework for computing and updating the trustworthiness of participants in the SIoT network in a self-enforcing manner without relying on any trusted third party. The privacy of the participants in the SIoT is protected by using homomorphic encryption in the decentralized setting. To achieve the properties of self-enforcement, the trust score of each device is automatically updated based on its previous trust score and the up-to-date tally of the votes by its peers in the network with zero-knowledge proofs (ZKPs) to enforce that every participant follows the protocol honestly. We evaluate the performance of the proposed scheme and present evaluation benchmarks by prototyping the main functionality of the system. The performance results show that the system has a linear increase in computation and communication overheads with more participants in the network. Furthermore, we prove the correctness, privacy, and security of the proposed system under a malicious adversarial model

Owl: An Augmented Password-Authenticated Key Exchange Scheme

We present Owl, an augmented password-authenticated key exchange (PAKE) protocol that is both efficient and supported by security proofs. Owl is motivated by recognized limitations in SRP-6a and OPAQUE. SRP-6a is the only augmented PAKE that has enjoyed wide use in practice to date, but it lacks the support of formal security proofs, and does not support elliptic curve settings. OPAQUE was proposed in 2018 as a provably secure and efficient alternative to SRP-6a, and was chosen by the IETF in 2020 for standardization, but open issues leave it unclear whether OPAQUE will replace SRP-6a in practice. Owl is obtained by efficiently adapting J-PAKE to an asymmetric setting, providing additional security against server compromise yet with lower computation than J-PAKE. Our scheme is provably secure, efficient and agile in supporting implementations in diverse multiplicative groups and elliptic curve settings. Owl is the first solution that provides systematic advantages over SRP-6a in terms of security, computation, message sizes, and agility. Owl’s agility across settings also contrasts ongoing issues related to how OPAQUE will instantiate a hash-to-curve operation in the elliptic curve setting (and what impact this will have on efficiency, security and forward compatibility with new elliptic curves in the future)

SEAL: Sealed-Bid Auction without Auctioneers

We propose the first auctioneer-free sealed-bid auction protocol with a linear computation and communication complexity O(c), c being the bit length of the bid price. Our protocol, called Self-Enforcing Auction Lot (SEAL), operates in a decentralized setting, where bidders jointly compute the maximum bid while preserving the privacy of losing bids. In our protocol, we do not require any secret channels between participants. All operations are publicly verifiable; everyone including third-party observers is able to verify the integrity of the auction outcome. Upon learning the highest bid, the winner comes forward with a proof to prove that she is the real winner. Based on the proof, everyone is able to check if there is only one winner or there is a tie. While our main protocol works with the first-price sealed-bid, it can be easily extended to support the second-price sealed-bid (also known as the Vickrey auction), revealing only the winner and the second highest bid, while keeping the highest bid and all other bids secret. To the best of our knowledge, this work establishes to date the best computation and communication complexity for sealed-bid auction schemes without involving any auctioneer

End-to-End Verifiable E-Voting Trial for Polling Station Voting

On 2 May 2019, during the UK local elections, an e-voting trial was conducted in Gateshead, using a touch-screen end-to-end verifiable e-voting system. This was the first trial of verifiable e-voting for polling station voting in the UK, and it presented a case study to envisage the future of e-voting