Cryptography and Voting

Cryptographyand Voting

Ben AdidaHarvard University

EVT & WOTEAugust 11th, 2009Montreal, Canada

“If you think cryptographyis the solution

to your problem....

... then youdon’t understandcryptography...

... and you don’t understand your

problem.”-Peter, Butler, Bruce

Yet, cryptography solves problems that initially

appear to be impossible.

There is apotential paradigm shift.

A means ofelection verificationfar more powerful

than other methods.5

Three Points

1. Voting is a unique trust problem.

2. Cryptography is not just about secrets,it creates trust between competitors,it democratizes the auditing process.

3. Open-Audit Voting is closing in on practicality.

1.Voting is a unique

trust problem.

“Swing Vote”

terrible movie.hilarious ending.

Wooten got the news from his wife, Roxanne, who went to City Hall on Wednesday

to see the election results.

"She saw my name with zero votes by it.She came home and asked me ifI had voted for myself or not."

Bad Analogies

Dan Wallach’s great rump session talk.

More than thatATMs and planes are vulnerable(they are, but that’s not the point)

It’s that voting is much harder.

Bad AnalogiesAdversaries➡ pilots vs. passengers (airline is on your side, I think.)➡ banking privacy is only voluntary:

you are not the enemy.

Failure Detection & Recover➡ plane crashes & statements vs. 2% election fraud➡ Full banking receipts vs. destroying election evidence

Imagine➡ a bank where you never get a receipt.➡ an airline where the pilot is working against you.

Ballot secrecyconflicts with auditing,

cryptographycan reconcile them.

http://www.cs.uiowa.edu/~jones/voting/pictures/ 15

Vendor

* source

* code

if (...

VotingMachine

Vendor

* source

* code

if (...

VotingMachine

Vendor

* source

* code

if (...

Polling Location

VotingMachine

Vendor

* source

* code

if (...

Polling Location

VotingMachine

Vendor

* source

* code

if (...

Polling Location

VotingMachine

Vendor

* source

* code

if (...

Polling Location

Ballot Box Collection

VotingMachine

Vendor

* source

* code

if (...

Polling Location

Results

.....6

VotingMachine

Vendor

* source

* code

if (...

Polling Location

Results

.....6

Black Box

Chain of Custody

Initially,cryptographers

re-createdphysical processesin the digital arena.

Then, a realization: cryptography enables a new voting paradigm

Secrecy + Auditability.

Bulletin Board

Public Ballots

Bob:McCain

Carol:Obama

Bulletin Board

Public Ballots

Bob:McCain

Carol:Obama

Bulletin Board

Public Ballots

Alice:Obama

Bob:McCain

Carol:Obama

Bulletin Board

Public Ballots

Alice:Obama

Bob:McCain

Carol:Obama

Obama....2McCain....

1Alice

Encrypted Public BallotsBulletin Board

Alice:Rice

Bob:Clinton

Carol:Rice

1Alice

Alice:Rice

Bob:Clinton

Carol:Rice

1Alice

Alice verifies her vote

Alice:Rice

Bob:Clinton

Carol:Rice

1Alice

Alice verifies her vote Everyone verifies the tally

End-to-End Verification

Polling Location

VotingMachine

Vendor

* source

* code

if (...

Polling Location

VotingMachine

Vendor

* source

* code

if (...

Ballot Box /

Bulletin Board

Polling Location

VotingMachine

Vendor

* source

* code

if (...

Ballot Box /

Bulletin Board

Results

Polling Location

VotingMachine

Vendor

* source

* code

if (...

Receipt

Ballot Box /

Bulletin Board

Results

Polling Location

VotingMachine

Vendor

* source

* code

if (...

Receipt

Ballot Box /

Bulletin Board

Results

Democratizing Audits

Each voter is responsible for checkingtheir receipt (no one else can.)

Anyone, a voter or a public org,can audit the tally andverify the list of cast ballots.

Thus, OPEN-AUDIT Voting.

2.Cryptography is

not just about secrets,creates trust between

competitors.

Increased transparencywhen some data

must remain secret.26

So, yes, we encrypt,and then we operate on the encrypted data in public, so

everyone can see.

In particular, because the vote is encrypted, it can remain labeled with voter’s name.

“Randomized” Encryption

“Randomized” EncryptionKeypair consists of a public key and a secret key .skpk

"Obama" 8b5637Encpk

c5de34Encpk"McCain"

"Obama" 8b5637Encpk

c5de34Encpk"McCain"

a4b395Encpk"Obama"

Threshold Decryption

8b5637

Secret key is shared amongst multiple parties:all (or at least a quorum) need to cooperate to decrypt.

8b5637

b739cbDecsk1

8b5637

b739cbDecsk1

261ad7Decsk2

8b5637

b739cbDecsk1

261ad7Decsk2

7231bcDecsk3

8b5637

b739cbDecsk1

261ad7Decsk2

7231bcDecsk3

8239baDecsk4

8b5637

b739cbDecsk1

261ad7Decsk2

7231bcDecsk3

8239baDecsk4

"Obama"

Homomorphic Encryption

Enc(m1)! Enc(m2) = Enc(m1 + m2)

gm1 ! gm2 = gm1 +m2

then we can simplyadd “under cover” of encryption!

gm1 ! gm2 = gm1 +m2

Mixnets

Each mix server “unwraps”a layer of this encryption onion.

c = Encpk1 (Encpk2 (Encpk3 (m)))

Proving certain details while keeping others secret.

Proving a ciphertext encodes a given message

without revealingits random factor.

Zero-Knowledge Proof

Vote For:

President:

Mickey MousePresident:

Mickey MouseVote For: Obama

This last envelope likely contains “Obama”

Vote For:

President:

Open envelopes don’t proveanything after the fact.

President:

Mickey MouseVote For:

McCain

Electronic Experience

Voter interacts with a voting machine

Obtains a freshly printed receiptthat displays the encrypted ballot

Takes the receipt home and uses itas a tracking number.

Receipts posted for public tally.

Voting Machine

Encrypted Vote

Paper Experience

Pre-print paper ballots with some indirection betw candidate and choice

Break the indirection (tear, detach)for effective encryption

Take receipt home and use itas tracking number.

Receipts posted for public tally.q r m x

Adam - x

Bob - q

Charlie - r

David - m

q r m x

Adam - x

Bob - q

Charlie - r

David - m

q r m x

Charlie

_______

Charlie

_______

3.Cryptography-based Voting

(Open-Audit Voting) is closing in on practicality.

Benaloh Casting

"Obama"

Benaloh Casting

EncryptedBallot

"Obama"

Benaloh Casting

EncryptedBallot

"Obama"

Benaloh Casting

"AUDIT"

EncryptedBallot

"Obama"

Benaloh Casting

"AUDIT"

EncryptedBallot

DecryptedBallot

"Obama"

Benaloh Casting

"AUDIT"

EncryptedBallot

DecryptedBallot

EncryptedBallot

VERIFICATION

"Obama"

Benaloh Casting

"AUDIT"

EncryptedBallot

DecryptedBallot

EncryptedBallot

VERIFICATION

"Obama"

Benaloh Casting

"AUDIT"

EncryptedBallot

DecryptedBallot

EncryptedBallot

VERIFICATION

"Obama"

Benaloh Casting

"AUDIT"

EncryptedBallot

DecryptedBallot

EncryptedBallot

VERIFICATION

"Obama"

Benaloh Casting

"AUDIT"

EncryptedBallot

DecryptedBallot

"CAST"

DecryptedBallot

EncryptedBallot

VERIFICATION

"Obama"

Benaloh Casting

"AUDIT"

EncryptedBallot

DecryptedBallot

"CAST"

SignedEncryptedBallot

DecryptedBallot

EncryptedBallot

VERIFICATION

"Obama"

Benaloh Casting

"AUDIT"

EncryptedBallot

DecryptedBallot

"CAST"

DecryptedBallot

EncryptedBallot

VERIFICATION

"Obama"

Benaloh Casting

"AUDIT"

EncryptedBallot

DecryptedBallot

"CAST"

DecryptedBallot

EncryptedBallot

VERIFICATION

"Obama"

Many more great ideasNeff ’s MarkPledge➡ high-assurance, human-verifiable, proofs of correct encryption

Scantegrity➡ closely mirrors opscan voting

ThreeBallot by Rivest➡ teaching the concept of open-audit without deep crypto

STV: Ramchen, Teague, Benaloh & Moran.➡ handling complex election styles

Prêt-à-Voter by Ryan et al.➡ elegant, simple, paper-based

Deployments!

UCL (25,000 voters)

Scantegrity @ Takoma Park

Three Points

1. Voting is a unique trust problem.

2. Cryptography is not just about secrets,it creates trust between competitors,it democratizes the auditing process.

3. Open-Audit Voting is closing in on practicality.

My Fear :

computerization of voting is inevitable.without open-audit,the situation is grim.

My Hope:proofs for auditing

partially-secret processes will soon be as common as public-

key crypto is now.

Challenge:

Ed Felten: “you have no voter privacy, deal with it.”

Challenge:

Ed Felten: “you have no voter privacy, deal with it.”

Questions?45

Cryptography and Voting

Technology

Attack-tree based risk analysis of Estonian i-voting · Attack-tree based risk analysis of Estonian i-voting Summary for Research Seminar in Cryptography Riivo Talviste December 15,

JavaCryptography - Cogent Logic · JavaCryptography SymmetricKeyCryptography • Cryptography. Cryptography

Post-Quantum Cryptography: Lattice-Based Cryptography and

Integrity of Electronic Voting Systems: Fallacious …sad06005/pubs/Conference/sac12.pdfIntegrity of Electronic Voting Systems: Fallacious Use of Cryptography Seda Davtyan Aggelos

Cryptography - Coding and Cryptography

Cryptography and Security

Quantum cryptography CS4600/5600 Biometrics and Cryptography UTC/CSE

Voting and Elections - Rose-Hulman Institute of …casey1/Voting-Elections.pdfVotingng and n and Elections I. Voting ... YES: Legitimacy of System ... Microsoft PowerPoint - Voting

Applied Cryptography Week 8 Slide 1 Applied Cryptography Week 8 Web Services, Secure Voting and XML Signature Mike McCarthy

Applied Cryptography Spring 2015 GSM and cryptography

Complexity and Cryptography

Voting Advice Applications and Electronic Voting

Cryptography and encryption

CS 4770: Cryptography CS 6750: Cryptography and

UCSB Computer Science...Security and Cryptography Network and system security, web security, security of social networks, malware analysis, voting system security, vulnerability analysis,

Cryptography and Voting - USENIXCryptography and Voting Ben Adida Harvard University EVT & WOTE August 11th, 2009 Montreal, Canada ... Cryptography is not just about secrets, it creates

Cryptography and Network Security, part I: Basic cryptography

A Secure Electronic Voting Software Application based on ... · A Secure Electronic Voting . Software Application based on . Image Steganography and Cryptography . Lauretha Rura

Public Key Cryptography and the RSA Algorithm Cryptography and Network Security

Online Voting System Based on Image … file48 L. Rura et al. Online Voting System based on Image Steganography and Visual Cryptography 49 plementation of two distinct schemes. They