Scribd Logo
Upload

Welcome to Scribd!

  • Evaluating Security of Voting Schemes in The Universal Composability Framework

    Uploaded by

    ponmudi vn
    16 views14 pages

    Original Title

    ACNSVotingSecurity

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    16 views14 pages

    Evaluating Security of Voting Schemes in The Universal Composability Framework

    Uploaded by

    ponmudi vn

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 14

    Evaluating Security of

    Voting Schemes in the


    Universal Composability
    Framework
    Jens Groth
    BRICS, University of Aarhus
    Cryptomathic
    Ideal Voting Functionality
    vote vote

    V1 … Vm

    Fvoting S
    A1 … An

    result result
    Real Life
    vote vote

    V1 … Vm

    voting A
    A1 … An

    result result
    Universal Composability
    Real Ideal

    vote vote
    Z vote vote
    Z
    V1 … Vm V1 … Vm

    A Fvoting S
    A1 … An A1 … An

    result result result result


    Security Requirements
     Privacy  Availability

     Authentication  Verifiability

     Accuracy  Incoercibility
     Hacker
     Robustness
    protection
     Fairness 
     
     
    Homomorphic Threshold Encryption

    Each voter: Epk(vote) + ZK proof + signature

    Homomorphic property:
    Epk(result)= Epk(vote1) *…* Epk(voten)

    Threshold decryption:

    Authority 1
    Epk(result) . result
    .
    Authority n
    Example
    ElGamal-encryption:
    pk = (q,p,g,h), q|p-1, g,h order q in Zp*
    sk = x, h=gx mod p
    yes-vote = 1, no-vote = 0

    Each voter: (gr mod p, hrgv mod p) + ZK proof


    Homomorphic property:
    (gr1+…+rm mod p, hr1+…+rmgv1+…+vm mod p)
    = (gri mod p, hrigvi mod p)
    Threshold decryption: Lagrange interpolation
     gv1+…+vm mod p, discrete log  v1+…+vm
    Key Generation Functionality
    public key public key

    V1 … Vm

    Fkey generation A
    A1 … An

    public key public key


    secret share secret share
    Message Board Functionality
    message message

    V1 … Vm

    Fmessage board A
    A1 … An

    Voters’ messages Voters’ messages


    Authority’s message Authority’s message
    Universal Composability
    Hybrid Ideal

    vote vote
    Z vote vote
    Z
    V1 … Vm V1 … Vm

    FKM A Fvoting S
    A1 … An A1 … An

    result result result result


    The Simulator
    S simulates A,V1,…,Vm,A1,…,An,
    FKM and random oracle vote vote
    Z
    vote
    V1 … Vm
    V1 … Vm
    Fvoting S
    FKM A A1 … An
    A1 … An
    result result
    result
    Results
    Homomorphic threshold encryption voting
    securely realizes Fvoting in the FKM-hybrid
    model against non-adaptive adversaries

    Homomorphic threshold encryption voting


    does NOT securely realize Fvoting in the FKM-
    hybrid model against adaptive adversaries

    Modified homomorphic threshold encryption


    voting securely realizes Fvoting in the FKM-
    hybrid model against adaptive adversaries
    Modified Voting Scheme
    Each voter: Epk(vote) + ZK proof + signature
    Delete vote and coins

    Threshold decryption:
    Epk(result) -> Epk(result)’ -> result
    Delete coins
    Thanks

    Questions?

    You might also like