Universally composable privacy preserving finite automata execution with low online and offline complexity

In this paper, we propose efficient protocols to obliviously execute non-deterministic and deterministic finite automata (NFA and DFA) in the arithmetic black box (ABB) model. In contrast to previous approaches, our protocols do not use expensive public-key operations, relying instead only on computation with secret-shared values. Additionally, the complexity of our protocols is largely offline. In particular, if the DFA is available during the precomputation phase, then the online complexity of evaluating it on an input string requires a small constant number of operations per character. This makes our protocols highly suitable for certain outsourcing applications

Secure Floating-Point Arithmetic and Private Satellite Collision Analysis

In this paper we show that it is possible and, indeed, feasible to use secure multiparty computation for calculating the probability of a collision between two satellites. For this purpose, we first describe basic floating-point arithmetic operators (addition and multiplication) for multiparty computations. The operators are implemented on the SHAREMIND secure multiparty computation engine. We discuss the implementation details, provide methods for evaluating example elementary functions (inverse, square root, exponentiation of e, error function). Using these primitives, we implement a satellite conjunction analysis algorithm and give benchmark results for the primitives as well as the conjunction analysis itself

Internet voting in Estonia 2005–2019: Evidence from eleven elections

Internet voting is a highly contested topic in electoral studies. This article examines Internet voting in Estonia over 15 years and 11 nation-wide elections. It focuses on the following questions: How is Internet voting organized and used in Estonia? How have the Estonian Internet voting system and its usage evolved over time? What are the preconditions and consequences of large-scale deployment of Internet voting? The results suggest that the rapid uptake and burgeoning usage rates reflect the system's embeddedness in a highly developed digital state and society. Through continuous technological and legal innovation and development, Estonia has built an advanced Internet voting system that complies with normative standards for democratic elections and is widely trusted and used by the voters. Internet voting has not boosted turnout in a setting where voting was already easily accessible. Neither has it created digital divides: Internet voting in Estonia has diffused to the extent that socio-demographic characteristics no longer predict usage. This, combined with massive uptake, reduces incentives for political parties to politicize the novel voting mode

Relations between Privacy, Verifiability, Accountability and Coercion-Resistance in Voting Protocols

This paper studies quantitative relationships between privacy, verifiability, accountability, and coercion-resistance of voting protocols. We adapt existing definitions to make them better comparable with each other and determine which bounds a certain requirement on one property poses on some other property. It turns out that, in terms of proposed definitions, verifiability and accountability do not necessarily put constraints on privacy and coercion-resistance. However, the relations between these notions become more interesting in the context of particular attacks. Depending on the assumptions and the attacker\u27s goal, voter coercion may benefit from a too weak as well as too strong verifiability

Mobile Voting -- Still Too Risky?

This paper studies the challenges of creating a mobile device based voting client. We discuss the issues related to standalone and mobile browser based voting applications. In both cases we discuss the problems of vote privacy, integrity and voting channel availability. We conclude that neither of the options can currently achieve the level of security PC-based voting clients can provide, with the attack surface being larger in the case of mobile browser based voting application

Deploying secure multi-party computation for financial data analysis

In this paper we describe a secure system for jointly collecting and analyzing financial data for a consortium of ICT companies. To guarantee each participant\u27s privacy, we use secret sharing and secure multi-party computation (MPC) techniques. While MPC has been used to solve real-life problems beforehand, this is the first time where the actual MPC computation was done over the internet with computing nodes spread geographically apart. We describe the system architecture, security considerations and implementation details. We also present the user feedback analysis revealing that secure multi-party computation techniques give sufficient assurance for data donors to submit their sensitive information, and act as a critical enabling feature for privacy-preserving data mining

Estonian Voting Verification Mechanism Revisited Again

Recently, Mus, Kiraz, Cenk and Sertkaya proposed an improvement over the present Estonian Internet voting vote verification. This paper points to the weaknesses and questionable design choices of the new scheme. We show that the scheme does not fix the vote privacy issue it claims to. It also introduces a way for a malicious voting application to manipulate the vote without being detected by the verification mechanism, hence breaking the cast-as-intended property. As a solution, we propose modifying the protocol of Mus et al. slightly and argue for improvement of the security guarantees. However, there is inherent drop in usability in the protocol as proposed by Mus et al., and this issue will also remain in our improved protocol

Log Analysis of Estonian Internet Voting 2013--2015

In this report we describe our efforts in analysing log files produced by the Estonian i-voting system in the KOV2013, EP2014 and RK2015 elections in combination with other information available, so as to detect attacks against the i-voting system, detect system malfunctions and study voter behaviour

Round-efficient Oblivious Database Manipulation

Most of the multi-party computation frameworks can be viewed as oblivious databases where data is stored and processed in a secret-shared form. However, data manipulation in such databases can be slow and cumbersome without dedicated protocols for certain database operations. In this paper, we provide efficient protocols for oblivious selection, filtering and shuffle---essential tools in privacy-preserving data analysis. As the first contribution, we present a $1$-out-of-$n$ oblivious transfer protocol with $O(\log\log n)$ rounds, which achieves optimal communication and time complexity and works over any ring $Z_N$. Secondly, we show that the round complexity $\tau_{bd}$ of a bit decomposition protocol can be almost matched with oblivious transfer, and that there exists an oblivious transfer protocol with $O(\tau_{bd}\log^*n)$ rounds. Finally, we also show how to construct round-efficient shuffle protocols with optimal asymptotic computation complexity and provide several optimizations