29
Rui Joaquim, [email protected] Paulo Ferreira, [email protected] Carlos Ribeiro, [email protected] Verifiable Voting Schemes Workshop, form Theory to Practice, Luxembourg, 21-22/03/2013
Rui Joaquim, [email protected]
Paulo Ferreira, [email protected]
Carlos Ribeiro, [email protected]
Verifiable Voting Schemes Workshop, form Theory to Practice, Luxembourg, 21-22/03/2013
mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]
Motivation
Goals
Technical options
The voter’s perspective
EVIV protocol “details”
Conclusions and future work
2
“In theory, theory and practice are the same.
“In practice, they are not.”
― Albert Einstein
3
http://www.goodreads.com/author/show/9810.Albert_Einstein
trade offs
◦ usability vs privacy/coercion, verifiability, …
◦ assumptions vs real world
◦ adaptations to specific voting needs
4
End-to-end verifiability
“Weak” verifiability assumptions
◦ The election servers are not trusted
◦ The voter’s computer is not trusted
◦ Immunity to any system’s components collusion
◦ Voter has access to trustworthy information (Bulletin Board)
Protect the voter’s privacy from:
◦ The vote casting computer
◦ The election servers
Simple voter interaction
5
6
End-to-end verifiability
◦ MarkPledge voter verifiable encryption
◦ Verifiable homomorphic vote tally
◦ Trustworthy bulletin board
Code voting protocol
◦ Protects the voter’s privacy
◦ Adds some additional protection against a malicious vote client
7
Vote Encryption
Candidate Encrypted vote
Alice {NOvote}
Bob {NOvote}
Charles {NOvote}
Dharma {YESvote (PZ8R)}
Vote receipt verification
e
Select candidate (Dharma) a Voter
b
Ballot Creator
Bulletin Board
Vote Receipt
Candidate Verification code
Alice 46R9
Bob QE41
Charles KNSY
Dharma PZ8R
challenge
Create vote encryption
Pledge confirmation code (PZ8R) b
Random challenge c
d
Create vote receipt
Public verification
f
Verifiers
Trusted to preserve the voter’s privacy.
The order of steps (b) and (c) is essential to prevent vote manipulation.
The knowledge of the confirmation code reveals the voter’s vote.
10
11
Voter Enrollment Service
Voter’s credentials
Voter Security Token Candidate list
VST
12
Voter
Do you want to register to vote online on election “XPTO”?
Yes No
13
Voter
13
Do you want to register to vote online on election “XPTO”?
YES
You are registered.
Use the following code card to vote and verify your vote:
Code Card
Confirmation Code
PZ8R
Candidate Vote code
Alice KPLE
Bob 49UI
Charles ZXA8
Dharma RCP3
14
Voter
14
Election “XPTO”
Candidates: Alice Bob Charles Dharma
Select your candidate:
Code Card
Confirmation Code
PZ8R
Candidate Vote code
Alice KPLE
Bob 49UI
Charles ZXA8
Dharma RCP3
15
Voter
15
Election “XPTO”
Candidates: Alice Bob Charles Dharma
Select your candidate: RCP3
Vote receipt:
Submit vote :
Code Card
Confirmation Code
PZ8R
Candidate Vote code
Alice KPLE
Bob 49UI
Charles ZXA8
Dharma RCP3
Yes No
Vote Receipt 123
Candidate Verification code
Alice 46R9
Bob QE41
Charles KNSY
Dharma PZ8R
16
Voter
Election Bulletin Board
Code Card
Confirmation Code
PZ8R
Candidate Vote code
Alice KPLE
Bob 49UI
Charles ZXA8
Dharma RCP3
Vote Receipt 123
Candidate Verification code
Alice 46R9
Bob QE41
Charles KNSY
Dharma PZ8R
17
Voter Ballot Vote Receipt
~~~~
~~~~
Bulletin Board
1 – Voter enrollment phase 2 – Election registration phase
3 – Vote casting phase 4 – Public verification and vote counting phase
Voter Enrollment Service
Voter’s credentials
Voter’s VST
VST
Voter enrollment
list
EVIV
18
Voter Ballot Vote Receipt
~~~~
~~~~
Election key
Bulletin Board
1 – Voter enrollment phase 2 – Election registration phase
3 – Vote casting phase 4 – Public verification and vote counting phase
Voter Enrollment Service
Voter’s credentials
Voter’s VST
VST
Voter enrollment
list
Trustees
Election public key
Candidate list
1
EVIV
19
Voter
Voter Ballot Vote Receipt
~~~~ ~~~~
~~~~ ~~~~
Election key
Bulletin Board
1 – Voter enrollment phase 2 – Election registration phase
3 – Vote casting phase 4 – Public verification and vote counting phase
Voter Enrollment Service
Voter’s credentials
Voter’s VST
VST
Voter enrollment
list
Trustees
Election public key
Election Registrar
VST
Ballot
Ballots
Candidate list
PC
1 2
EVIV
20
2
Ballot
NOvote NOvote YESvote NOvote
Voter
Voter Ballot Vote Receipt
~~~~ ~~~~
~~~~ ~~~~
Election key
Bulletin Board
1 – Voter enrollment phase 2 – Election registration phase
3 – Vote casting phase 4 – Public verification and vote counting phase
Voter Enrollment Service
Voter’s credentials
Voter’s VST
VST
Voter enrollment
list
Trustees
Election public key
Election Registrar
VST
Ballot
Ballots
Candidate list
PC
1 2
Code Card
3
EVIV
21
Code Card
Confirmation Code
PZ8R
Candidate Vote code
Alice KPLE
Bob 49UI
Charles ZXA8
Dharma RCP3
Voter
Voter Ballot Vote Receipt
~~~~ ~~~~
~~~~ ~~~~
Election key
Election challenge
Bulletin Board
1 – Voter enrollment phase 2 – Election registration phase
3 – Vote casting phase 4 – Public verification and vote counting phase
Voter Enrollment Service
Voter’s credentials
Voter’s VST
VST
Voter enrollment
list
Trustees
Election public key
Election Registrar
VST
Code Card Ballot
Ballots
Trustees
Election challenge
Candidate list
PC
3
1 2
4
EVIV
22
Voter
Voter Ballot Vote Receipt
~~~~ ~~~~ ~~~ ~~~~
~~~~ ~~~~ ~~~ ~~~~
Election key
Election challenge
Bulletin Board
1 – Voter enrollment phase 2 – Election registration phase
3 – Vote casting phase 4 – Public verification and vote counting phase
Voter Enrollment Service
Voter’s credentials
Voter’s VST
VST
Voter enrollment
list
Trustees
Election public key
Election Registrar
VST
Code Card Ballot
Ballots
Trustees
Election challenge
Ballot Box
Voter
VST
Vote code
Vote and receipt
Receipt
Received votes and receipts
Candidate list
PC
PC
3
1 2
4 5
EVIV
23
Voter
Voter Ballot Vote Receipt
~~~~ ~~~~ ~~~ ~~~~
~~~~ ~~~~ ~~~ ~~~~
Election key
Election challenge
Tally: A – 234 votes B – 215 votes
Bulletin Board
Independent Organization Verification Service
Verification of the
published data
1 – Voter enrollment phase 2 – Election registration phase
3 – Vote casting phase 4 – Public verification and vote counting phase
Voter Enrollment Service
Voter’s credentials
Voter’s VST
VST
Voter enrollment
list
Trustees
Election public key
Election Registrar
VST
Code Card Ballot
Ballots
Trustees
Election challenge
Ballot Box
Voter
VST
Vote code
Vote and receipt
Receipt
Received votes and receipts
Trustees
Anonymous vote tally
computation
Voter
Cast-as-intended verification
Candidate list
PC
PC
3
1 2
4 5
Election integrity (verifiability) assumptions: - One honest trustee (challenge generation) - One honest verification organization
Privacy assumptions: - Honest threshold of trustees (key holders) - Honest VST -Code Card only known to the voter and her VST until the vote is cast (honest Code Card printing PC).
EVIV
24
25
EVIV
◦ Internet end-to-end voter verifiable system
◦ Simple voter verification (a simple match of short text strings)
◦ Resistance to system components collusion
◦ Protect the voter’s privacy from the vote casting PC
(by integrating MarkPledge with code voting)
Future work
◦ Coercion
◦ Complex ballots
◦ Usability
26
Rui Joaquim, Paulo Ferreira and Carlos Ribeiro
EVIV: An end-to-end verifiable Internet voting system Computers & Security, 2013, 32, pp. 170 - 191
27
Voter
Voter Ballot Vote Receipt
~~~~ ~~~~ ~~~ ~~~~
~~~~ ~~~~ ~~~ ~~~~
Election key
Election challenge
Tally: A – 234 votes B – 215 votes
Bulletin Board
Independent Organization Verification Service
Verification of the
published data
1 – Voter enrollment phase 2 – Election registration phase
3 – Vote casting phase 4 – Public verification and vote counting phase
Voter Enrollment Service
Voter’s credentials
Voter’s VST
VST
Voter enrollment
list
Trustees
Election public key
Election Registrar
VST
Code Card Ballot
Ballots
Trustees
Election challenge
Ballot Box
Voter
VST
Vote code
Vote and receipt
Receipt
Received votes and receipts
Trustees
Anonymous vote tally
computation
Voter
Cast-as-intended verification
Candidate list
PC
PC
3
1 2
4 5
EVIV
28
Question?
29
