Electronic voting in the classical and quantum settings: modelling, design and analysis

This thesis explores the cryptographic field of electronic voting both in the classical and quantum regime. In the classical setting, we look at the problem of self-tallying elections, while in the quantum setting we initiate the formal study of quantum voting according to the principles of modern cryptography. The concept of a self-tallying election (STE) scheme was first introduced by Kiayias and Yung [PKC 2002] and captures electronic voting schemes in which the tallying authorities are the voters of the election themselves. This type of electronic voting is particularly compatible with and suitable for (but not only) Blockchain governance, where governance is expected to be maintained in a fully distributed manner. In this thesis, we formalize the requirements for secure STE schemes in the Universal Composability (UC) framework. Our model captures the standard voting properties of eligibility, fairness, vote-privacy, and one voter-one vote. We present E-cclesia, a new family of STE schemes, and prove that it securely UC realizes the STE functionality. We propose E-cclesia 1.0 , the first concrete instantiation of E-cclesia using RSA accumulators in combination with a novel time-lock encryption scheme, name Astrolabous, that surpasses the limitations of previous ones. In addition, we provide a concrete security definition of TLE schemes and we formally abstract the concept of TLE into an ideal functionality following the real/ideal paradigm introduced by Canetti [IEEE FOCS 2001]. On top of that, we show that a protocol that uses a pair of TLE algorithms that satisfy these properties UC realises our ideal TLE functionality. Finally, we provide a novel TLE construction and we show that it satisfies our security definition making our whole argumentation of a fully-fledged E-cclesia protocol sound. All practical e-voting constructions rely on computational assumption to satisfy various properties such as privacy and verifiability. A milestone work published by Shor [IEEE SFCS 1994] indicates that well known mathematical problems can be solved efficiently if we have at our disposal a quantum computer. Recent advances indicate that quantum computers will soon be a reality. Motivated by this ever more realistic threat for existing classical cryptographic protocols, researchers have developed several schemes to resist quantum attacks. In particular, several e-voting schemes relying on the properties of quantum mechanics have been proposed for electronic voting. However, each of these proposals comes with a different and often not well-articulated corruption model, has different objectives, and is accompanied by security claims that are never formalized and justified only against specific attacks. To address this, we propose the first formal security definitions for quantum e-voting protocols. With these at hand, we systematize and evaluate the security of previously proposed quantum e-voting protocols; we examine the claims of these works concerning privacy, correctness and verifiability, and if they are correctly attributed to the proposed protocols. In all non-trivial cases, we identify specific quantum attacks that violate these properties. We argue that the cause of these failures lies in the absence of formal security models and references to the existing cryptographic literature

Astrolabous: A Universally Composable Time Lock Encryption Scheme

In this work, we study the Time-Lock Encryption (TLE) cryptographic primitive. The concept of TLE involves a party initiating the encryption of a message that one can only decrypt after a certain amount of time has elapsed. Following the Universal Composability (UC) paradigm introduced by Canetti [IEEE FOCS 2001], we formally abstract the concept of TLE into an ideal functionality. In addition, we provide a standalone definition for secure TLE schemes in a game-based style and we devise a hybrid protocol that relies on such a secure TLE scheme. We show that if the underlying TLE scheme satisfies the standalone game-based security definition, then our hybrid protocol UC realises the TLE functionality in the random oracle model. Finally, we present Astrolabous, a TLE construction that satisfies our security definition, leading to the first UC realization of the TLE functionality. Interestingly, it is hard to prove UC secure any of the TLE construction proposed in the literature. The reason behind this difficulty relates to the UC framework itself. Intuitively, to capture semantic security, no information should be leaked regarding the plaintext in the ideal world, thus the ciphertext should not contain any information relating to the message. On the other hand, all ciphertexts will eventually open, resulting in a trivial distinction of the real from the ideal world in the standard model. We overcome this limitation by extending any secure TLE construction adopting the techniques of Nielsen [CRYPTO 2002] in the random oracle model. Specifically, the description of the extended TLE algorithms includes calls to the random oracle, allowing our simulator to equivocate. This extension can be applied to any TLE algorithm that satisfies our standalone game-based security definition, and in particular to Astrolabous

Universally Composable Simultaneous Broadcast against a Dishonest Majority and Applications

Simultaneous broadcast (SBC) protocols, introduced in [Chor et al., FOCS 1985], constitute a special class of broadcast channels which, besides consistency, guarantee that all senders broadcast their messages independently of the messages broadcast by other parties. SBC has proved extremely useful in the design of various distributed computing constructions (e.g., multiparty computation, coin flipping, electronic voting, fair bidding). As with any communication channel, it is crucial that SBC security is composable, i.e., it is preserved under concurrent protocol executions. The work of [Hevia, SCN 2006] proposes a formal treatment of SBC in the state-of-the-art Universal Composability (UC) framework [Canetti, FOCS 2001] and a construction secure assuming an honest majority. In this work, we provide a comprehensive revision of SBC in the UC setting and improve the results of [Hevia, SCN 2006]. In particular, we present a new SBC functionality that captures both simultaneity and liveness by considering a broadcast period such that (i) within this period all messages are broadcast independently and (ii) after the period ends, the session is terminated without requiring full participation of all parties. Next, we employ time-lock encryption (TLE) over a standard broadcast channel to devise an SBC protocol that realizes our functionality against any adaptive adversary corrupting up to all-but-one parties. In our study, we capture synchronicity via a global clock [Katz et al., TCC 2013], thus lifting the restrictions of the original synchronous communication setting used in [Hevia, SCN 2006]. As a building block of independent interest, we prove the first TLE protocol that is adaptively secure in the UC setting, strengthening the main result of [Arapinis et al., ASIACRYPT 2021]. Finally, we formally exhibit the power of our SBC construction in the design of UC-secure applications by presenting two interesting use cases: (i) distributed generation of uniform random strings, and (ii) decentralized electronic voting systems, without the presence of a special trusted party

Inkjet printing of insulin microneedles for transdermal delivery

Inkjet printing technology was used to apply insulin polymeric layers on metal microneedles for transdermal delivery. A range of various polymers such as gelatin (GLN), polyvinyl caprolactame-polyvinyl acetate-polyethylene glycol (SOL), poly(2-ethyl-2-oxazoline) (POX) and trehalose (THL) were assessed for their capacity to form thin uniform and homogeneous layers that preserve insulin intact. Atomic force microscopy (AFM) showed homogeneous insulin–polymer layers without any phase separation while SOL demonstrated the best performance. Circular discroism (CD) analysis of rehydrated films showed that insulin’s alpha helices and β–sheet were well preserved for THL and SOL. In contrast, GLN and POX insulin layers revealed small band shifts indicating possible conformational changes. Insulin release in Franz diffusion cells from MNs inserted into porcine skin showed rapid release rates for POX and GLN within the first 20 min. Inkjet printing was proved an effective approach for transdermal delivery of insulin in solid state

E-cclesia: Universally Composable Self-Tallying Elections

The technological advancements of the digital era paved the way for the facilitation of electronic voting (e-voting) in the promise of efficiency and enhanced security. In standard e-voting designs, the tally process is assigned to a committee of designated entities called talliers. Naturally, the security analysis of any e-voting system with tallier designation hinges on the assumption that a subset of the talliers follows the execution guidelines and does not attempt to breach privacy. As an alternative approach, Kiayias and Yung [PKC ’02] pioneered the self-tallying elections (STE) paradigm, where the post-ballot-casting (tally) phase can be performed by any interested party, removing the need for tallier designation. In this work, we explore the prospect of decentralized e-voting where security is preserved under concurrent protocol executions. In particular, we provide the first comprehensive formalization of STE in the universal composability (UC) framework introduced by Canetti [FOCS ’01] via an ideal functionality that captures required security properties such as voter privacy, eligibility, fairness, one-voter one-vote, and verifiability. We provide a concrete instantiation, called E-cclesia , that UC realizes our functionality. The design of E-cclesia integrates several cryptographic primitives such as signatures of knowledge for anonymous eligibility check, dynamic accumulators for scalability, time-lock encryption for fairness and anonymous broadcast channels for voter privacy. For the latter primitive, we provide the first UC formalization along with a construction based on mix-nets that utilises layered encryption, threshold secret sharing and equivocation techniques. Finally, we discuss deployment and scalability considerations for E-cclesia . We present preliminary benchmarks of the key operations (in terms of computational cost) of the voting client and demonstrate the feasibility of our proposal with readily available cryptographic tools for mid-sized elections (∼100,000 voters)

A Comprehensive Analysis of Quantum E-voting Protocols

37 pages including Supplementary MaterialInternational audienceRecent advances at Google, IBM, as well as a number of research groups indicate that quantum computers will soon be reality. Motivated by the ever more realistic threat quantum computers pose to existing classical cryptographic protocols, researchers have developed several schemes to resist "quantum attacks". In particular, for electronic voting, several e-voting schemes relying on properties of quantum mechanics have been proposed. However, each of these proposals comes with a different and often not well-articulated corruption model, has different objectives, and is accompanied by security claims which are never formalized and are at best justified only against specific attacks. In this paper, we systematize and evaluate the security of suggested e-voting protocols based on quantum technology. We examine the claims of these works concerning privacy, correctness and verifiability, and if they are correctly attributed to the proposed protocols. In all non-trivial cases, we identified specific quantum attacks that violate these properties. We argue that the cause of these failures lies in the absence of formal security models and in a more general lack of reference to the existing cryptographic literature