6. esoteric protocols secure elections and multi-party computation

6. Esoteric Protocols

secure elections and multi-party computation

Kim Hyoung-Shick

Contents

1. Secure elections• Introduction

• Protocols

2. Secure multiparty computation• Introduction

• Examples

3. Conclusion

Contents

• Protocols

• Examples

Voting

What is the requirements ?

Voting

Secure Booth ?

Voting

Fair judge ?

Voting

We need two major requirements.

Privacy ! Fairness !

Traditional Voting Vs Electronic Voting

• Privacy

• Fairness

• Efficiency

Problems with Electronic Voting

• No physical audit trail

• Who provides the system?

• How are they audited?

• High Tech: More dependencies

• More ways to subvert the system

• etc.

Requirements for Electronic Voting

1. Only authorized voters can vote.

2. No one can vote more than once.

3. No one can duplicate anyone else’s vote.

4. No one can change anyone else’s vote without being discovered.

5. Every voter can make sure that his vote has been taken into account in the final tabulation.

6. No one can determine for whom anyone else voted.

7. Everyone knows who voted and who didn’t.

Contents

• Protocols

• Examples

Protocols

1. Simplistic voting protocols #1

3. Voting with blind signatures

4. Voting with two central facilities

5. Voting with ANDOS

6. Improved voting with ANDOS

7. Voting without a central facility

Idea of Simplistic Voting Protocol #1

secure booth

= encryption

Simplistic Voting Protocol #1

Voter ViCentral Tabulating Facility

3. ECTF(V)

1. Choose V

4. Tabulate V’s

5. Publish the result2. Encrypt V into ECTF(V).

Unsatisfied Requirements

4. No one can change anyone else’s vote without being discovered. (By intercept attack)

Protocols

Idea of Simplistic Voting Protocol #2

secure booth

= encryptionidentification card

= sign

Simplistic Voting Protocol #2

4. ECTF(Si(V))

1. Choose V

PCTF Pi

5. Decrypt, verify, tabulate V’s

2. Sign V into Si(V)

3. Encrypt Si(V) into ECTF(Si(V))

6. Publish the result

6. No one can determine for whom anyone else voted. (CTF knows it.)

Protocols

Problem with Signature

Idea of Voting with Blind Signature

accept

Idea of Voting with Blind Signature

Be covered !

Voting with Blind Signature

3. B(M)

1. Generate M = (O1, … , On, IDr , i)

PCTF Pi

4. Check if B(M) is valid

2. Blind M into B(M)

6. Choose SCTF(Oi)

5. SCTF(B(M))

7. Generate M’ = (SCTF(Oi), SCTF(IDr), SCTF(i))

8. M’

PCTF Pi

9. Verify, check ID duplication

6. No one can determine for whom anyone else voted. (CTF knows it.) – it need to provide anonymous channel.

Additional Some Problems

1. CTF can generate a large number of signed, valid votes and cheat by submitting those itself.

2. If voter discovers that the CTF changed his or her vote, he or she has no way to prove it.

Protocols

Review of Traditional Voting

1. Check voter’s identification by checker.

checker voter

2. Count votes in the ballot boxes by counter.

counter

There are two positions in the voting.

counterchecker

Idea of Voting with Two Central Facilities

Central Tabulating FacilityCentral Legitimization Agency

Voting with Two Central Facilities

Voter ViCentral Legitimization Agency

1. Ask for VN

PCLA Pi

2. Maintain VN list for voters

3. VNr

VN list

Central Legitimization Agency

4. VN list

PCLA PCTF

Central Tabulating Facility

VN list

PCTF Pi

9. Check if M is valid and maintain VN list

5. Choose IDr

6. Generate M = (V, IDr, VNr)

6. Choose SCTF(Oi)

7. Generate M’ = (SCTF(Oi), SCTF(IDr), SCTF(i))

VNr VN list

6. No one can determine for whom anyone else voted. (But, the collusion is possible.)

1. CLA can generate a large number of signed, valid votes and cheat by submitting those itself. – It solve that CLA publish a list of certified voters.

2. As stated above, the collusion is possible.

Protocols

What is ANDOS (All-Or-Nothing Disclosure of Secrets)

Sender Receiver

- Sender doesn’t know that receiver has gained the one.

- As soon as receiver has gained anyone, he can’t receive other messages.

Voting with ANDOS

1. Ask for VN

PCLA Pi

2. Maintain VN list for voters

3. VNr by ANDOS

VN list

1. Only authorized voters can vote. – we solve it by blinded signagture

Protocols

Idea of Improved Voting with ANDOS

Voter is also checker for CTF

1. Join within T

PCTF Pi

2. Publish a list of participants

3. IDr by using ANDOS

5. IDr, Ei(IDr, V)

PCTF Pi

6. Publish Ei(IDr, V)

7. IDr Si

8. Decrypt, publish the result.(For each candidate, the list of all Ei(IDr, V) that voted for a

candidate)

9. IDr, Ei(IDr, V), Si

PCTF Pi

SCTFSi

IDr or

9. IDr, Ei(IDr, V’), Si

Within time T, voter can change the vote.

The Reason of the possibility for protest

6. Publish Ei(IDr, V)

CTF should be examined for performing his duty by voter Vi

1. Only authorized voters can vote. – we solve it by blinded signagture

Additional Satisfied Requirements

8. A voter can change his mind within a given period of time.

9. If a voter find out that his vote is miscounted, he can identify and correct the problem without jeopardzing the secrecy of his ballot.

Protocols

Idea of Voting without a Central Facility

The problem of source is CTF.

Idea of Voting without a Central Facility

Everyone is checker.

Voting without a Central Facility

Voter V1 Voter V2 Voter V3 Voter Vn

1. Generate each public/private key pair.

2. Publish order of voters and each public key.

Voter Vi

1. Generate IDr

2. Generate E1(…En(V, IDr)…)

3. Generate En(E1(…En(V, IDr)…), Rn)

4. Generate M = E1(…En(E1(…En(V, IDr)…)…), R1)

and record Rn … R1 and the intermediate results.

Voter Vi

6. Decrypt, removes all of the random strings at that level.

Voter V1

8. Decrypt, check to see that his vote is among the set of votes, removes all of the random strings at that level.

Voter V2

(M2 is the decrypted

message)

Voter Vn

9. M’

10. Decrypt, check to see that his vote is among the set of votes, removes all of the random strings at that level.

Voter V1

( M’ = E1(…En(V, IDr)…) )

11. Sign all the votes.

12. Broadcast all signed votes to everyone.

Voter V1

Voter Vn

13. Publish the result.

1. An enormous amount of computation

2. Vn learns the results of the election before anyone else d

3. Message duplication. (Ex: There are three people.)

Contents

• Protocols

• Examples

Introduction

A protocol in which a group can compute any function securely.

f(x1, x2, …, Xm)

Xj ,…, Xk

Introduction

f(x1, x2, …, Xm) is public !

But, no one learns anything about the

inputs of any other members other tha

n what is obvious from the output of th

e function.

Contents

• Protocols

• Examples

Compute Average Value

s)s , ,,(

1. Generate M = S1 + r

2. E2(M)

3. Decrypt, M’ = S2 + M

Compute Average Value

4. Generate M* = Sn + M’’

5. E1(M*)

6. Decrypt.

rM * 7. Compute

8. Publish it

Problems

1. Participants can lie Si

2. V1 can misrepresent the result to everyone. – It is solved

by bit commit for r, but V2 knows S1.

Check the equality

),( baf

1. Compute h(a)

2. h(a)

3. Compute h(b)4. Check if h(a) = h(b)

0, if a = b

1, otherwise

Problems

1. B has a chosen plaintext attack if size of domain is small.

Additional Examples

• Electronic elections

• Bidding protocols

• Lotteries

• Distributed games over the

internet

6. esoteric protocols secure elections and multi-party computation

elses vote

improved voting

simplistic voting protocols

signsimplistic voting

voter vi1

final tabulation

major requirements

central facilities5

Documents

esoteric tv brazil

esoteric quest brochure

esoteric alphabet

esoteric development

modern esoteric

alice bailey’s presentation of general esoteric...

esoteric a

esoteric osteopathy

esoteric - issue 4

esoteric buddhism - theosophical society in...

esoteric ramayan

esoteric mind catalogue

esoteric remedies: journal

esoteric astrology - the school of esoteric … · esoteric...

esoteric nazism

the esoteric within the exoteric esoteric schools within

chapter 6:esoteric protocols dulal c kar. secure elections...

esoteric stars, mandals

crestinismul esoteric

gnostic esoteric ritual