1 / 44

A Brief Intro to Aperio and Eperio

A Brief Intro to Aperio and Eperio. Aleksander Essex University of Waterloo, *University of Ottawa SecVote 2010 Sept. 3, Bertinoro Italy. Aperio and Eperio. Aperio (Essex, Clark and Adams, WOTE08) Paper-based voting Verifiable w/o crypto

felicia-beach
Download Presentation

A Brief Intro to Aperio and Eperio

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Brief Intro to Aperio and Eperio Aleksander Essex University of Waterloo, *University of Ottawa SecVote 2010 Sept. 3, Bertinoro Italy

  2. Aperio and Eperio • Aperio (Essex, Clark and Adams, WOTE08) • Paper-based voting • Verifiable w/o crypto • Eperio (Essex, Clark, Hengartner and Adams, EVT10) • Electronic Aperio • Optical scan ballots • Verifiable with some crypto

  3. Cryptoless E2E-style voting • 3-Ballot • Hard to mark but easy to check • Numerous Attacks • long ballots • short ballots (CEA07) • Etc • Farnel/Twin • Easy to mark, easy to check but, • Need chain-of-custody to be secure • If you had it, do you need ?

  4. Aperio • Easy to mark • Easy to tally • Some repetitive paperwork to verify • No CoC assumption

  5. Aperio Ballot Assembly WU, Carol JONES, Alex SMITH, Bob # 002 R#: 923 R#: 617

  6. Aperio Ballot Assembly X X WU, Carol JONES, Alex SMITH, Bob # 002 X X Sheets fused together (voter can’t see bottom sheets) R#: 923 R#: 617

  7. Reference Lists 450 251 556 051 … Wu, Jones, Smith Jones, Wu, Smith Smith, Wu, Jones Wu, Jones, Smith …

  8. WU, Carol JONES, Alex SMITH, Bob #923 # 002 Wu, Jones, Smith 002

  9. WU, Carol JONES, Alex SMITH, Bob #923 # 002 #617 002 Wu, Jones, Smith

  10. Commitments (tamper-evident envelopes) Alice Alice

  11. Voting WU, Carol JONES, Alex SMITH, Bob X

  12. Casting X X WU, Carol JONES, Alex SMITH, Bob # 002 X X R#: 923 R#: 617

  13. Counting X X WU, Carol JONES, Alex SMITH, Bob WU, Carol JONES, Alex SMITH, Bob WU, Carol JONES, Alex SMITH, Bob WU, Carol JONES, Alex SMITH, Bob WU, Carol JONES, Alex SMITH, Bob Σ

  14. Decommitting Protocol • Coin toss reveals either • Pink Ballot, Goldenrod Receipt, or, • Pink Receipt, Goldenrod Ballot Alice Alice Alice Alice

  15. Checking Receipts X X # 002 002 R#: 923

  16. Checking Tally WU, Carol WU, Carol WU, Carol WU, Carol WU, Carol SMITH, Bob SMITH, Bob SMITH, Bob JONES, Alex JONES, Alex SMITH, Bob SMITH, Bob JONES, Alex JONES, Alex JONES, Alex X WU, Carol JONES, Alex SMITH, Bob   X X B: 617 R: 922 B: 617 R: 922 B: 617 R: 922 B: 617 R: 922 R#: 617

  17. Cryptography in Elections • Conflicting views: • Max-crypto • Security at expense of simplicity • No-crypto • Simplicity at expense of security • Our goal: • Min-crypto • Balance security and simplicity

  18. Eperio • What it is • E2E election verification protocol • What it means for verification • Fewer cryptographic primitives • Smaller datasets • Faster execution • Fewer lines of code

  19. Pret-a-Voter style Ballots #000 #001 Bob Alice Alice Bob x x

  20. Before the election…. Trustees* copy ballots into a table #000 Bob Alice *Done obliviously

  21. Before the election…. Trustees* copy ballots into a table #000 Bob Alice *Done obliviously

  22. Before the election…. Trustees* copy ballots into a table #001 Alice Bob *Done obliviously

  23. Before the election…. And so on…

  24. The Eperio Table: Remember: it’s just the ballots in table-form.

  25. Trustees shuffle rows

  26. Trustees mask columns Cryptographically committed and published

  27. Many independent shuffled copies created More instances scales security assurance

  28. During the election… #000 x #001 x Ballots recorded by scanner

  29. After the election: Trustees fill in middle columns

  30. After the election: Trustees fill in middle columns

  31. The Audit Challenge • Challenge • Public coin toss • One column from each instance challenged • Response • Trustees post decommitments

  32. Checking receipts

  33. Checking receipts Bubble ID column decommitted

  34. Checking receipts #007 x Voter looks up receipt. Checks for match.

  35. Tally audit

  36. Tally audit Candidate column decommitted

  37. Tally audit + Tally like any election

  38. Repeat as necessary…

  39. Review • Eperio table instance • Just a copy of ballots • Independently shuffled • Committed • Published • Columns • Right + middle = tally • Left + middle = receipt info

  40. How is Eperio different? • Table structure • Commitment scheme • Implementation options • What does this mean? • Speed (10-100x faster) • Data download (10-100x smaller) • Small code size (50 lines of Python)

  41. Table structure: a comparison Eperio

  42. Verification in a spreadsheet!

  43. Implementation options (for audits) OpenSSL OpenSSL

  44. Eperio Find out more at eperio.org

More Related