160 likes | 321 Views
Evaluating Security of Voting Schemes in the Universal Composability Framework. Jens Groth BRICS, University of Aarhus Cryptomathic. Ideal Voting Functionality. vote. vote. V 1. …. V m. F voting. S. A 1. …. A n. result. result. Real Life. vote. vote. V 1. …. V m. voting. A.
E N D
Evaluating Security of Voting Schemes in the Universal Composability Framework Jens Groth BRICS, University of AarhusCryptomathic
Ideal Voting Functionality vote vote V1 … Vm Fvoting S A1 … An result result
Real Life vote vote V1 … Vm voting A A1 … An result result
Universal Composability Real Ideal Z Z vote vote vote vote V1 … Vm V1 … Vm A S Fvoting A1 … An A1 … An result result result result
Security Requirements • Privacy • Authentication • Accuracy • Robustness • Fairness • Availability • Verifiability • Incoercibility • Hacker protection
Homomorphic Threshold Encryption Each voter: Epk(vote) + ZK proof + signature Homomorphic property: Epk(result)= Epk(vote1) *…* Epk(voten) Threshold decryption: Authority 1 .. Epk(result) result Authority n
Example ElGamal-encryption:pk = (q,p,g,h), q|p-1, g,h order q in Zp*sk = x, h=gx mod p yes-vote = 1, no-vote = 0 Each voter: (gr mod p, hrgv mod p) + ZK proof Homomorphic property: (gr1+…+rm mod p, hr1+…+rmgv1+…+vm mod p) = (gri mod p, hrigvi mod p) Threshold decryption: Lagrange interpolation gv1+…+vm mod p, discrete log v1+…+vm
Key Generation Functionality public key public key V1 … Vm Fkey generation A A1 … An public keysecret share public keysecret share
Message Board Functionality message message V1 … Vm Fmessage board A A1 … An Voters’ messagesAuthority’s message Voters’ messagesAuthority’s message
Universal Composability Hybrid Ideal Z Z vote vote vote vote V1 … Vm V1 … Vm A S Fvoting FKM A1 … An A1 … An result result result result
result The Simulator S simulates A,V1,…,Vm,A1,…,An,FKM and random oracle Z vote vote vote V1 … Vm V1 … Vm S Fvoting A FKM A1 … An A1 … An result result
Results Homomorphic threshold encryption voting securely realizes Fvoting in the FKM-hybrid model against non-adaptive adversaries Homomorphic threshold encryption voting does NOT securely realize Fvoting in the FKM-hybrid model against adaptive adversaries Modified homomorphic threshold encryption voting securely realizes Fvoting in the FKM-hybrid model against adaptive adversaries
Modified Voting Scheme Each voter: Epk(vote) + ZK proof + signatureDelete vote and coins Threshold decryption: Epk(result) -> Epk(result)’ -> resultDelete coins
Thanks Questions?