Computationally efficient mix-nets
نویسنده
چکیده
The current online voting system used in Estonia has not employed mathematically secure verifiable proofs of correctness for ensuring the honesty of the tabulation server [Com13a]. The auditing is based on observation of the procedures and if the procedures are done according to the protocol. Even though the protocol was not followed, as the cast votes were transferred from ballot storing server to tabulation server on a USB memory card [Com13b], while they were supposed to be transmitted on a DVD, the audit claimed that this incident did not have any evident and permanent consequences to the procedure. On the other hand, there are many examples which suggest that USB memory sticks should not be considered secure [Hua13]. As the voting process is a required part (but not sufficient, as we have seen lately) of a democratic society, then this should not be based on ad-hoc methods and unverified hardware. As hardware verification is nearly infeasible considering the costs and skills required, then the trust model could be based on mathematically verifiable proofs of correctness. Secrecy of a ballot is one of the most fundamental requirements of the elections. For example, using unverified hardware the tallying server may leak some information about the content of a specific ballot. The leak could occur through side-channel attacks [Meh14] [GST13] or by assistance of a malicious adversary. If the attacker has also access to signed ballots, then the voter’s choice could be revealed. If the connection between the tallied vote and signed vote could be obfuscated then the success of this specific attack would be negligible. But this obfuscation raises other problems. For example, how to ensure that the votes are not modified in favour of some third party? One solution is to use mix-nets which permutes and re-encrypts the ballots, while giving a proof that the actions are performed correctly. The mix-net may be a larger system which can also perform threshold decryption, key distribution etc. The basis of the mix-net is the shuffle, which is used for permuting and re-encryption. In the case of elections, the number of votes is usually large and this has lead to optimizing the computation to construct the proofs and perform the mixing. If the mix-net is combined with tabulation on ciphertexts and a proof of ballot inclusion, then the voter can be highly confident that his vote is correctly counted towards the result and that his vote is anonymous. Furthermore, the mixing could be performed by independent parties (for example, by political parties). In this survey, we will observe some mix-net constructions and give a hint on the optimization techniques. We will not inspect the full details as the optimization methods
منابع مشابه
Randomized Partial Checking Revisited
We study mix-nets with randomized partial checking (RPC) as proposed by Jakobsson, Juels, and Rivest (2002). RPC is a technique to verify the correctness of an execution both for Chaumian and homomorphic mix-nets. The idea is to relax the correctness and privacy requirements to achieve a more efficient mix-net. We identify serious issues in the original description of mix-nets with RPC and show...
متن کاملMaking Mix Nets Robust for Electronic Voting by Randomized Partial Checking
We propose a new technique for making mix nets robust, called randomized partial checking (RPC). The basic idea is that rather than providing a proof of completely correct operation, each server provides strong evidence of its correct operation by revealing a pseudo-randomly selected subset of its input/output relations. Randomized partial checking is exceptionally efficient compared to previou...
متن کاملTowards a Publicly-Verifiable Mix-Net Providing Everlasting Privacy
All implementations of verifiable mix-nets provide computational privacy only, because the audit information published is encrypted using some public key algorithm. Consequently, at some time in the future, when the underlying cryptographic assumption is broken, privacy is violated, and each output message can be traced back to its input. We address this problem by presenting a mix-net that use...
متن کاملOn the security of mix-nets and hierarchical group signatures
In this thesis we investigate two separate cryptographic notions: mix-nets and hierarchical group signatures. The former notion was introduced by Chaum (1981). The latter notion is introduced in this thesis, but it generalizes the notion of group signatures which was introduced by Chaum and Heyst (1991). Numerous proposals for mix-nets are given in the literature, but these are presented with i...
متن کاملA Parameterized Complexity Analysis of Generalized CP-Nets
Generalized CP-nets (GCP-nets) allow a succinct representation of preferences over multi-attribute domains. As a consequence of their succinct representation, many GCP-net related tasks are computationally hard. Even finding the more preferable of two outcomes is PSPACE-complete. In this work, we employ the framework of parameterized complexity to achieve two goals: First, we want to gain a dee...
متن کاملEfficient penalty scoring functions for group decision-making with TCP-nets
This paper studies the problem of collective decision-making in combinatorial domain where the agents’ preferences are represented by qualitative models with TCP-nets (Tradeoffs-enhanced Conditional Preference Network). The features of TCP-nets enable us to easily encode human preferences and the relative importance between the decision variables; however, many group decisionmaking methods requ...
متن کامل