440 likes | 543 Views
A Brief Intro to Aperio and Eperio. Aleksander Essex University of Waterloo, *University of Ottawa SecVote 2010 Sept. 3, Bertinoro Italy. Aperio and Eperio. Aperio (Essex, Clark and Adams, WOTE08) Paper-based voting Verifiable w/o crypto
E N D
A Brief Intro to Aperio and Eperio Aleksander Essex University of Waterloo, *University of Ottawa SecVote 2010 Sept. 3, Bertinoro Italy
Aperio and Eperio • Aperio (Essex, Clark and Adams, WOTE08) • Paper-based voting • Verifiable w/o crypto • Eperio (Essex, Clark, Hengartner and Adams, EVT10) • Electronic Aperio • Optical scan ballots • Verifiable with some crypto
Cryptoless E2E-style voting • 3-Ballot • Hard to mark but easy to check • Numerous Attacks • long ballots • short ballots (CEA07) • Etc • Farnel/Twin • Easy to mark, easy to check but, • Need chain-of-custody to be secure • If you had it, do you need ?
Aperio • Easy to mark • Easy to tally • Some repetitive paperwork to verify • No CoC assumption
Aperio Ballot Assembly WU, Carol JONES, Alex SMITH, Bob # 002 R#: 923 R#: 617
Aperio Ballot Assembly X X WU, Carol JONES, Alex SMITH, Bob # 002 X X Sheets fused together (voter can’t see bottom sheets) R#: 923 R#: 617
Reference Lists 450 251 556 051 … Wu, Jones, Smith Jones, Wu, Smith Smith, Wu, Jones Wu, Jones, Smith …
WU, Carol JONES, Alex SMITH, Bob #923 # 002 Wu, Jones, Smith 002
WU, Carol JONES, Alex SMITH, Bob #923 # 002 #617 002 Wu, Jones, Smith
Commitments (tamper-evident envelopes) Alice Alice
Voting WU, Carol JONES, Alex SMITH, Bob X
Casting X X WU, Carol JONES, Alex SMITH, Bob # 002 X X R#: 923 R#: 617
Counting X X WU, Carol JONES, Alex SMITH, Bob WU, Carol JONES, Alex SMITH, Bob WU, Carol JONES, Alex SMITH, Bob WU, Carol JONES, Alex SMITH, Bob WU, Carol JONES, Alex SMITH, Bob Σ
Decommitting Protocol • Coin toss reveals either • Pink Ballot, Goldenrod Receipt, or, • Pink Receipt, Goldenrod Ballot Alice Alice Alice Alice
Checking Receipts X X # 002 002 R#: 923
Checking Tally WU, Carol WU, Carol WU, Carol WU, Carol WU, Carol SMITH, Bob SMITH, Bob SMITH, Bob JONES, Alex JONES, Alex SMITH, Bob SMITH, Bob JONES, Alex JONES, Alex JONES, Alex X WU, Carol JONES, Alex SMITH, Bob X X B: 617 R: 922 B: 617 R: 922 B: 617 R: 922 B: 617 R: 922 R#: 617
Cryptography in Elections • Conflicting views: • Max-crypto • Security at expense of simplicity • No-crypto • Simplicity at expense of security • Our goal: • Min-crypto • Balance security and simplicity
Eperio • What it is • E2E election verification protocol • What it means for verification • Fewer cryptographic primitives • Smaller datasets • Faster execution • Fewer lines of code
Pret-a-Voter style Ballots #000 #001 Bob Alice Alice Bob x x
Before the election…. Trustees* copy ballots into a table #000 Bob Alice *Done obliviously
Before the election…. Trustees* copy ballots into a table #000 Bob Alice *Done obliviously
Before the election…. Trustees* copy ballots into a table #001 Alice Bob *Done obliviously
Before the election…. And so on…
The Eperio Table: Remember: it’s just the ballots in table-form.
Trustees mask columns Cryptographically committed and published
Many independent shuffled copies created More instances scales security assurance
During the election… #000 x #001 x Ballots recorded by scanner
After the election: Trustees fill in middle columns
After the election: Trustees fill in middle columns
The Audit Challenge • Challenge • Public coin toss • One column from each instance challenged • Response • Trustees post decommitments
Checking receipts Bubble ID column decommitted
Checking receipts #007 x Voter looks up receipt. Checks for match.
Tally audit Candidate column decommitted
Tally audit + Tally like any election
Review • Eperio table instance • Just a copy of ballots • Independently shuffled • Committed • Published • Columns • Right + middle = tally • Left + middle = receipt info
How is Eperio different? • Table structure • Commitment scheme • Implementation options • What does this mean? • Speed (10-100x faster) • Data download (10-100x smaller) • Small code size (50 lines of Python)
Implementation options (for audits) OpenSSL OpenSSL
Eperio Find out more at eperio.org