![Page 1: A. Steffen, 27.02.2012, Kickoff.pptx 1 Kickoff Meeting „E-Voting Seminar“ An Introduction to Cryptographic Voting Systems Andreas Steffen Hochschule für](https://reader034.vdocuments.site/reader034/viewer/2022051114/56649ed95503460f94be7dff/html5/thumbnails/1.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 1
Kickoff Meeting „E-Voting Seminar“
An Introduction toCryptographic Voting
Systems
Andreas Steffen
Hochschule für Technik Rapperswil
![Page 2: A. Steffen, 27.02.2012, Kickoff.pptx 1 Kickoff Meeting „E-Voting Seminar“ An Introduction to Cryptographic Voting Systems Andreas Steffen Hochschule für](https://reader034.vdocuments.site/reader034/viewer/2022051114/56649ed95503460f94be7dff/html5/thumbnails/2.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 2
Cryptographic Voting Systems
• Due to repeated failures and detected vulnerabilities in both electro-mechanical and electronic voting machines, voters have somehow lost faith that the outcome of a poll always represents the true will of the electorate.
• Even more uncertain is electronic voting over the Internet which is potentially prone to coercion and vote-selling (this doesn‘t seem to be an issue in Switzerland).
• Manual counting of paper ballots is not really an option in the21st century and is not free from tampering either.
• Modern cryptographic voting systems allow true end-to-end verification of the complete voting process by any individual voter, without sacrificing secrecy and privacy.
Summary:
![Page 3: A. Steffen, 27.02.2012, Kickoff.pptx 1 Kickoff Meeting „E-Voting Seminar“ An Introduction to Cryptographic Voting Systems Andreas Steffen Hochschule für](https://reader034.vdocuments.site/reader034/viewer/2022051114/56649ed95503460f94be7dff/html5/thumbnails/3.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 3
E-Voting in my home town Schlieren
Hidden PIN
„Internet-based voting does not have tobe more secure as voting per snail mail“
Justice Department of the Canton of Zurich
![Page 4: A. Steffen, 27.02.2012, Kickoff.pptx 1 Kickoff Meeting „E-Voting Seminar“ An Introduction to Cryptographic Voting Systems Andreas Steffen Hochschule für](https://reader034.vdocuments.site/reader034/viewer/2022051114/56649ed95503460f94be7dff/html5/thumbnails/4.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 4
[In]Security Features
???
Protection fromMan-in-the-Middle
attacks
![Page 5: A. Steffen, 27.02.2012, Kickoff.pptx 1 Kickoff Meeting „E-Voting Seminar“ An Introduction to Cryptographic Voting Systems Andreas Steffen Hochschule für](https://reader034.vdocuments.site/reader034/viewer/2022051114/56649ed95503460f94be7dff/html5/thumbnails/5.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 5
E-Voting Website
![Page 6: A. Steffen, 27.02.2012, Kickoff.pptx 1 Kickoff Meeting „E-Voting Seminar“ An Introduction to Cryptographic Voting Systems Andreas Steffen Hochschule für](https://reader034.vdocuments.site/reader034/viewer/2022051114/56649ed95503460f94be7dff/html5/thumbnails/6.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 6
Voter Login
![Page 7: A. Steffen, 27.02.2012, Kickoff.pptx 1 Kickoff Meeting „E-Voting Seminar“ An Introduction to Cryptographic Voting Systems Andreas Steffen Hochschule für](https://reader034.vdocuments.site/reader034/viewer/2022051114/56649ed95503460f94be7dff/html5/thumbnails/7.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 7
Ballot (PHP Form)
![Page 8: A. Steffen, 27.02.2012, Kickoff.pptx 1 Kickoff Meeting „E-Voting Seminar“ An Introduction to Cryptographic Voting Systems Andreas Steffen Hochschule für](https://reader034.vdocuments.site/reader034/viewer/2022051114/56649ed95503460f94be7dff/html5/thumbnails/8.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 8
E-Voting in my home town Schlieren
PIN
![Page 9: A. Steffen, 27.02.2012, Kickoff.pptx 1 Kickoff Meeting „E-Voting Seminar“ An Introduction to Cryptographic Voting Systems Andreas Steffen Hochschule für](https://reader034.vdocuments.site/reader034/viewer/2022051114/56649ed95503460f94be7dff/html5/thumbnails/9.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 9
Voter Authentication
![Page 10: A. Steffen, 27.02.2012, Kickoff.pptx 1 Kickoff Meeting „E-Voting Seminar“ An Introduction to Cryptographic Voting Systems Andreas Steffen Hochschule für](https://reader034.vdocuments.site/reader034/viewer/2022051114/56649ed95503460f94be7dff/html5/thumbnails/10.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 10
Transmission Receipt
![Page 11: A. Steffen, 27.02.2012, Kickoff.pptx 1 Kickoff Meeting „E-Voting Seminar“ An Introduction to Cryptographic Voting Systems Andreas Steffen Hochschule für](https://reader034.vdocuments.site/reader034/viewer/2022051114/56649ed95503460f94be7dff/html5/thumbnails/11.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 11
Conclusion
So what?„You are not allowed to know. The exact transactionprocessing is kept secret due to security reasons“
Justice Department of the Canton of Zurich
![Page 12: A. Steffen, 27.02.2012, Kickoff.pptx 1 Kickoff Meeting „E-Voting Seminar“ An Introduction to Cryptographic Voting Systems Andreas Steffen Hochschule für](https://reader034.vdocuments.site/reader034/viewer/2022051114/56649ed95503460f94be7dff/html5/thumbnails/12.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 12
Traditional Chain-of-Custody Security
Tallying
Source: Ben Adida, Ph.D. Thesis 2006
Software VerificationSealing
Verification by proxy only
![Page 13: A. Steffen, 27.02.2012, Kickoff.pptx 1 Kickoff Meeting „E-Voting Seminar“ An Introduction to Cryptographic Voting Systems Andreas Steffen Hochschule für](https://reader034.vdocuments.site/reader034/viewer/2022051114/56649ed95503460f94be7dff/html5/thumbnails/13.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 13
Desirable: End-to-End Verification by Voter
Source: Ben Adida, Ph.D. Thesis 2006
Secrecy?Privacy?
![Page 14: A. Steffen, 27.02.2012, Kickoff.pptx 1 Kickoff Meeting „E-Voting Seminar“ An Introduction to Cryptographic Voting Systems Andreas Steffen Hochschule für](https://reader034.vdocuments.site/reader034/viewer/2022051114/56649ed95503460f94be7dff/html5/thumbnails/14.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 14
End-to-End Auditable Voting System (E2E)
• Any voter can verify that his or her ballot is included unmodified in a collection of ballots.
• Any voter (and typically any independent party additionally) can verify [with high probability] that the collection of ballots produces the correct final tally.
• No voter can demonstrate how he or she voted to any third party (thus preventing vote-selling and coercion).
Source: Wikipedia
![Page 15: A. Steffen, 27.02.2012, Kickoff.pptx 1 Kickoff Meeting „E-Voting Seminar“ An Introduction to Cryptographic Voting Systems Andreas Steffen Hochschule für](https://reader034.vdocuments.site/reader034/viewer/2022051114/56649ed95503460f94be7dff/html5/thumbnails/15.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 15
Solution: Cryptographic Voting Systems
Source: Ben Adida, Ph.D. Thesis 2006
A B C
A
B
C
Threshold Decryption
ElGamal / Paillier
HomomorphicTallying
Mixnet
Tamper-ProofBulletin Board
![Page 16: A. Steffen, 27.02.2012, Kickoff.pptx 1 Kickoff Meeting „E-Voting Seminar“ An Introduction to Cryptographic Voting Systems Andreas Steffen Hochschule für](https://reader034.vdocuments.site/reader034/viewer/2022051114/56649ed95503460f94be7dff/html5/thumbnails/16.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 16
Proposed E2E Systems
• Punchscan by David Chaum.
• Prêt à Voter by Peter Ryan.
• Scratch & Vote by Ben Adida and Ron Rivest.
• ThreeBallot by Ron Rivest (paper-based without cryptography)
• Scantegrity II by David Chaum, Ron Rivest, Peter Ryan et al.(add-on to optical scan voting systems using Invisible Ink)
• Helios by Ben Adida (www.heliosvoting.org/)
• Selectio Helvetica by BFH (www.baloti.ch)
• Primevote by MSE graduates Christoph Galliker and Halm Reusser(www.smartprimes.ch)
![Page 17: A. Steffen, 27.02.2012, Kickoff.pptx 1 Kickoff Meeting „E-Voting Seminar“ An Introduction to Cryptographic Voting Systems Andreas Steffen Hochschule für](https://reader034.vdocuments.site/reader034/viewer/2022051114/56649ed95503460f94be7dff/html5/thumbnails/17.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 17
Conclusion
• Modern Cryptographic Voting Systems allow true end-to-end verification of the whole voting process by anyone while maintaining a very high level of secrecy.
• Due to the advanced mathematical principles they are based on, Cryptographic Voting Systems are not easy to understand and are therefore not readily accepted by authorities and the electorate.
• But let‘s give Cryptographic Voting Systems a chance!They can give democracy a new meaning in the 21st century!
![Page 18: A. Steffen, 27.02.2012, Kickoff.pptx 1 Kickoff Meeting „E-Voting Seminar“ An Introduction to Cryptographic Voting Systems Andreas Steffen Hochschule für](https://reader034.vdocuments.site/reader034/viewer/2022051114/56649ed95503460f94be7dff/html5/thumbnails/18.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 18
E-Voting Literature and Simulators
• http://security.hsr.ch/msevote/
• Collection of MSE E-Voting seminar papers
• E-Voting Simulator based on the Paillier Cryptosystem
• E-Voting Simulator on the Damgard-Jurik Cryptosystem• Generalized Paillier, reduces to Paillier Cryptosystem with s =
1
• Threshold Decryption with Distributed Keys issued by Trusted Dealer
• Assume generator g = n+1 ( = 1, = 1)
• The Paillier Cryptosystem, presented at the BFH E-Voting seminar
![Page 19: A. Steffen, 27.02.2012, Kickoff.pptx 1 Kickoff Meeting „E-Voting Seminar“ An Introduction to Cryptographic Voting Systems Andreas Steffen Hochschule für](https://reader034.vdocuments.site/reader034/viewer/2022051114/56649ed95503460f94be7dff/html5/thumbnails/19.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 19
E-Voting Seminar Project
• Verifiable E-Voting System for Shareholder Meetings.
• Example: Novartis AG with 2‘745‘623‘000 shares
• Item 1: Approval of the Annual Report and Financial Statements yes / no / abstention (32 bit field per option)
• Voter 1550‘000‘010 sharesVoter 2500‘000‘010 sharesVoter 3400‘000‘010 sharesVoter 4350‘000‘010 sharesVoter 5300‘000‘010 sharesVoter 6150‘000‘010 sharesVoter 7100‘000‘010 sharesVoter 8 50‘000‘010 sharesVoter 9 50‘000‘010 sharesVoter 10 50‘000‘010 shares
Total 2‘500‘000‘100 shares
![Page 20: A. Steffen, 27.02.2012, Kickoff.pptx 1 Kickoff Meeting „E-Voting Seminar“ An Introduction to Cryptographic Voting Systems Andreas Steffen Hochschule für](https://reader034.vdocuments.site/reader034/viewer/2022051114/56649ed95503460f94be7dff/html5/thumbnails/20.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 20
Partial Private Keyi=N, N, T, d, n
Encrypted Ballot
v=V, c, a[], e[], z[]
E-Voting Seminar Project Tasks
Threshold KeyGeneration byTrusted Dealer
1
Public Key
n, g=n+1
Ballot Encrypt.and ZKP by Voter
v
2
Encrypted Ballot
v=1, c, a[], e[], z[]
keysize, N, T
Partial Private Keyi=1, N, T, d, n
ZKP CheckWeighted
Tallying
3
Shareholder Registryv[], w[]
Partial Decrypt.by Trustee i
4
Encrypted Tally
ct
Partial Private Keyi=N, N, T, pt, n
Partiallly Decr. Tallyi=1, N, T, pt, n
ThresholdDecryption
5
Decrypted Tally
yes, no, abstention
Paillier Cryptosystemkeysize = 1536 bitsV=10, N=5, T=3
protected channel
![Page 21: A. Steffen, 27.02.2012, Kickoff.pptx 1 Kickoff Meeting „E-Voting Seminar“ An Introduction to Cryptographic Voting Systems Andreas Steffen Hochschule für](https://reader034.vdocuments.site/reader034/viewer/2022051114/56649ed95503460f94be7dff/html5/thumbnails/21.jpg)
A. Steffen, 27.02.2012, Kickoff.pptx 21
Conditions
• Goal: Restrict effort spent on project to 90 working hours (3 ECTS)
• Programming or scripting language: Arbitrary
• Program code without whistles and bells!• No GUI required, may be a command line program.
• I/O Format: JSON• Big numbers encoded as hexadecimal strings{"v":1,"c":"2fe698..daf57e"}
• Details of interface specification to be settled among tasks
• Deliverables: Commented program code and final test run data
• Slides of final presentation