Upload
brent-caldwell
View
216
Download
1
Embed Size (px)
Citation preview
Remote Prêt à Voter 1.0 (FPTP):
a voter-verifiable and receipt-free remote voting
Zhe Xia (Joson)
July 19, 2012
Objectives
• As secure as the supervised verifiable voting schemes
• As practical as well
• And remote voting
Properties
Voter verifiabilityUniversal verifiability
Easy to understand
Simple to use
Remote
No scheme can do this at the moment
Receipt-freeness and vote-buying
• Receipt-freeness prevents coercion and vote-buying
• False sense of security on this
• Without the receipt-freeness protection, vote-buying is financially
feasible in many cases
• The recent Greek election actually decided whether to repay the country’s €360bn debt.• It has around 7 million voters.• If some party (e.g. HSBC) pays each voter €10,000 to buy her vote, this party only pays €35bn to buy half of the votes.
• US has around 200 million voters.• If some party (e.g. Chinese government) pays each voter $10,000 to buy her vote, this party only pays $1tn to buy half of the votes.• China has a currency reserve of $3.2tn.
Receipt-freeness is not free
{vote}pk
Code voting style schemes suffers this as well …
Receipt-freeness needs untappable channel
Authentication channel
b
Untappable channel
{a}pk
{vote}pk = {a + b}pk
Voting Ceremony
Registration Phase
3 2 {3}pk {2}pk
Voting Phase
32
• Alice 1• Bob 3• Charlie 0• David 2• Echo 4
3
Bare hand, most vulnerabilities at the voting client no longer exist !
Tallying Phase
{3}pk {2}pk 3 {3}pk3 * {2}pk = {3*3 + 2}pk
Bob
Prêt à Voter Remote Prêt à Voter
Charlie
Alice
David
Bob XEcho
{3}pk {2}pk
Index = 3
[Ryan & Teague 2009] Permutations in Prêt à Voter
Florentine Square
k/i 0 1 2 3 4
1 0 1 2 3 4
2 0 2 4 1 3
3 0 3 1 4 2
4 0 4 3 2 1
• Suppose k is the row index and i is the column index, v = k * i (mod 5)
• We can also permute any row by s, so that v = k * i + s (mod 5)
k/i 0 1 2 3 4
1 2 3 4 0 1
2 2 4 1 3 0
3 2 0 3 1 4
4 2 1 0 4 3
i.e. s = 2
Property: the distance of any two values are uniformly distributed in different rows.
Election Book Generation
Candidate Code
Alice 0
Bob 1
Charlie 2
David 3
Echo 4
k/i 0 1 2 3 4
1 2 3 4 0 1
2 2 4 1 3 0
3 2 0 3 1 4
4 2 1 0 4 3
k = 3, s = 2v = k * i + s (mod 5)
{ Charlie : , Alice : , David : , Bob : , Echo : }
{ Alice : 1, Bob : 3, Charlie : 0, David : 2, Echo : 4 }32
• Alice 1• Bob 3• Charlie 0• David 2• Echo 4
0 1 2 3 4
Discussions
• Our aim is to provide a voter-verifiable and receipt-free remote voting
• Bare hand voting, the information sent remotely tells nothing
• Remote and supervised Prêt à Voter can be tallied together
• All building blocks are well analysed, e.g. Prêt à Voter, Florentine Square
• The voter may be forced to change her choice index, but this is similar as the
randomisation attack
• Restrictions: cannot handle 10+ candidates, nor STV, dummy candidates
may need to be added to the candidate list
• Note: the slides only demonstrate the basic ideas, please do not use them for
security analysis
Thank you