1 / 18

VeryVote A Voter Verifiable Code Voting System

VeryVote A Voter Verifiable Code Voting System. Rui Joaquim rjoaquim@cc.isel.ipl.pt (INESC-ID ISEL) Carlos Ribeiro carlos.ribeiro@ist.utl.pt (INESC-ID IST) Paulo Ferreira paulo.ferreira@inesc-is.pt (INESC-ID IST). Introduction. VeryVote is an Internet voting system.

bina
Download Presentation

VeryVote A Voter Verifiable Code Voting System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. VeryVoteA Voter Verifiable Code Voting System Rui Joaquim rjoaquim@cc.isel.ipl.pt (INESC-ID \ ISEL) Carlos Ribeiro carlos.ribeiro@ist.utl.pt (INESC-ID \ IST) Paulo Ferreira paulo.ferreira@inesc-is.pt (INESC-ID \ IST)

  2. Introduction • VeryVote is an Internet voting system. • Internet voting: (+) brings more convenience to voters, allowing to vote from anywhere with an Internet connection. (–) suffers from the secure platform problem. • The client platform is not controlled nor trustworthy. • How to guarantee the election integrity in this setup? (–) vote buying and coercion issues inherent to remote voting.

  3. VeryVote Overview • VeryVote addresses the secure platform problem. • VeryVote uses a code voting approach. • Prevents the misbehavior of the not trusted client platform. • However, it “does not” provide mechanisms to verify if the vote is counted as intended by the voter. • VeryVote vote protocol is a fusion between a generic code voting protocol and the MarkPledge technique. • Cast-as-intended voter verification. • Universal count-as-cast verification. end-to-end verifiability.

  4. Election Server The Problem Voter Vote A Vote A Tally Thank you! Thank you! A B Vote B APP Voter’s PC

  5. Election Server Generic Code Voting Approach Voter Code Sheet Vote codes A – 3WQ B – M8W C – WAM … Confirmation code JRF 3WQ Tally A B JRF • How we can verify the tally? • Publishing the received vote codes and associated candidates. • Each voter can verify her vote. • Anyone can do the vote count. • But, the voter cannot correct her vote. The election tally is already published!!! • Is there a better way? • Yes, VeryVote. APP Voter’s PC

  6. MarkPledge Overview • MarkPledge is a cut-and-choose technique proposed to provide cast-as-intended verification to poll station voting, and works based on two functions: BitEnc(b) and OpenBitEnc(BitEnc(b), challenge). BitEnc(0) = BitEnc(1) = encrypted value

  7. MarkPledge Overview • MarkPledge is a cut-and-choose technique proposed to provide cast-as-intended verification to poll station voting, and works based on two functions: BitEnc(b) and OpenBitEnc(BitEnc(b), challenge). BitEnc(0) = BitEnc(1) = OpenBitEnc( BitEnc(0), c1 ) = SQ1 OpenBitEnc( BitEnc(1), c1 ) = JRF encrypted value c1 decrypted value

  8. MarkPledge Overview • MarkPledge is a cut-and-choose technique proposed to provide cast-as-intended verification to poll station voting, and works based on two functions: BitEnc(b) and OpenBitEnc(BitEnc(b), challenge). BitEnc(0) = BitEnc(1) = OpenBitEnc( BitEnc(0), c1 ) = SQ1 OpenBitEnc( BitEnc(0), c2 ) = IPS OpenBitEnc( BitEnc(1), c1 ) = JRF OpenBitEnc( BitEnc(1), c2 ) = JRF encrypted value c2 c1 decrypted value

  9. MarkPledge Overview • MarkPledge is a cut-and-choose technique proposed to provide cast-as-intended verification to poll station voting, and works based on two functions: BitEnc(b) and OpenBitEnc(BitEnc(b), challenge). BitEnc(0) = BitEnc(1) = OpenBitEnc( BitEnc(0), c2 ) = IPS OpenBitEnc( BitEnc(1), c2 ) = JRF encrypted value c2 decrypted value

  10. MarkPledge Vote/Receipt VerificationPoll station voting (inside the voting booth) Printer Voter Vote Machine JRF Random challenge (c) Commit to c Bob After the election end: • The Vote Machine publishes the MarkPledge vote/receipts. • External organizations verify the correctness of the published data. • The voter verify her receipt (and correct her vote if necessary). • The votes are tallied using a protocol with counted-as-cast verification. Challenge = c

  11. Building Blocks And VeryVote Protocol Overview

  12. Election Preparation • A set of trustees create a threshold shared election key pair. • The Election Server (ES) pre-computes and commits to the votes to be used in the election. • The BitEnc(b) constructions are built using the election public key. • The code sheets are created and associated to a pre-computed vote. • The confirmation code is the value encrypted in the elements of the BitEnc(1) construction. Pre-computed Vote BitEnc(0) BitEnc(0) BitEnc(1)JRF BitEnc(0) Code Sheet Vote codes Alice – 3WQ Bob – M8W Charles – WAM Dino – QGH Confirmation code JRF

  13. Election Preparation • The code sheets are distributed to the voters: • Anonymous distribution + ES does not know who the voters are (more privacy guarantees). – Allows the ES to add votes for the voters that did not vote. • Non anonymous distribution + Easier distribution process. + Prevents or makes detectable the addition of votes. – The ES knows who voted for who. • Just before the election, the trustees create and announce a Shared Random Election Value (SREV) • The SREV value is not known at the creation time of the pre-computed votes. • The SREV will be used as a random source in the challenge generation process.

  14. Election Server VeryVote Vote Protocol Voter Code Sheet Vote codes Alice – 3WQ Bob – M8W Charles – WAM Dino – QGH Confirmation code JRF Vote Receipt Alice – JRF Bob – I5W Charles – JCU Dino – KAI 3WQ Pre-computed Vote BitEnc(0) BitEnc(0) BitEnc(1)JRF BitEnc(0) After the election end: • The ES publishes all the pre-computed votes and corresponding Final Votes and receipts. • The trustees verify the correctness of the published data. • The voters confirm their receipts with the verified receipts. If any error is detected they make correct vote, because the election tally is not yet published. • After the claiming stage, the votes are anonymized by a mix net and decrypted by the trustees. Final Vote BitEnc(1)JRF BitEnc(0) BitEnc(0) BitEnc(0) APP Voter’s PC challenge = hash( , SREV)

  15. Election Server VeryVote Integrity Quick analysis Voter Code Sheet Vote codes Alice – 3WQ Bob – M8W Charles – WAM Dino – QGH Confirmation code JRF Vote Receipt Alice – JRF Bob – I5W Charles – JCU Dino – KAI Pre-computed Vote BitEnc(0) BitEnc(0) BitEnc(1)JRF BitEnc(0) 3WQ • The APP “cannot” modify the voter’s choice because it does not know the vote codes. • The ES “cannot” modify the voter’s choice because the process changes the vote receipt. Final Vote BitEnc(1)JRF BitEnc(0) BitEnc(0) BitEnc(0) APP Voter’s PC challenge = hash( , SREV)

  16. Election Server VeryVote Integrity Quick analysis Voter Code Sheet Vote codes Alice – 3WQ Bob – M8W Charles – WAM Dino – QGH Confirmation code KJE Vote Receipt Alice – KJE Bob – JRF Charles – JCU Dino – KAI Pre-computed Vote BitEnc(0) BitEnc(0) BitEnc(1)JRF BitEnc(0) 3WQ • The ES can create a fake receipt if it can find the right permutation of the BitEnc(b) values. • The probability of this happening is approximately P1 = n! / #CC • This probability can be made constant if we generate the challenge from the Pre-Computed Vote. P2 = (n – 1) / #CC Final Vote BitEnc(0) BitEnc(1)JRF BitEnc(0) BitEnc(0) APP Voter’s PC challenge = hash( , SREV)

  17. Conclusions • VeryVote provides end-to-end verifiability in the Internet voting scenario. • The voter can privately verify and correct her vote before the tally publication. • The tally process is verifiable. • VeryVote successfully addresses one of the most important problems of remote electronic voting. • The secure platform problem. • VeryVote has a simple voter interaction, and therefore is very appealing for real use. • To the eyes of the voter, the VeryVote protocol is very similar to a generic code voting protocol. • VeryVote do not offer any special protection against vote buying and coercion. • It suffer from the problems of traditional remote voting systems, e.g. postal voting. • The verification mechanisms of VeryVote do not break the voter’s privacy per se. Although, the voter can collaborate with the attacker to produce a convincing vote receipt. Questions?

  18. MarkPledge Vote/Receipt Privacy Safeguard

More Related