SlideShare ist ein Scribd-Unternehmen logo

Cryptography and Voting

B
Ben Adida

EVT/WOTE 2009 Invited Talk on Cryptography and Voting for non-cryptographers.

TechnologieNews & Politik
1 von 98
Downloaden Sie, um offline zu lesen
Cryptography and Voting Ben Adida Harvard University EVT & WOTE August 11th, 2009 Montreal, Canada
“If you think cryptography is the solution to your problem.... 2
... then you don’t understand cryptography... 3
... then you don’t understand cryptography... ... and you don’t understand your problem.” -Peter, Butler, Bruce 3
Yet, cryptography solves problems that initially appear to be impossible. 4
There is a potential paradigm shift. A means of election verification far more powerful than other methods. 5
Three Points 1. Voting is a unique trust problem. 2. Cryptography is not just about secrets, it creates trust between competitors, it democratizes the auditing process. 3. Open-Audit Voting is closing in on practicality. 6
1. Voting is a unique trust problem. 7
“Swing Vote” terrible movie. hilarious ending. 8
Wooten got the news from his wife, Roxanne, who went to City Hall on Wednesday to see the election results. "She saw my name with zero votes by it. She came home and asked me if I had voted for myself or not." 9
10
11
Bad Analogies Dan Wallach’s great rump session talk. More than that ATMs and planes are vulnerable (they are, but that’s not the point) It’s that voting is much harder. 12
Bad Analogies Adversaries ➡ pilots vs. passengers (airline is on your side, I think.) ➡ banking privacy is only voluntary: you are not the enemy. Failure Detection & Recover ➡ plane crashes & statements vs. 2% election fraud ➡ Full banking receipts vs. destroying election evidence Imagine ➡ a bank where you never get a receipt. ➡ an airline where the pilot is working against you. 13
Ballot secrecy conflicts with auditing, cryptography can reconcile them. 14
http://www.cs.uiowa.edu/~jones/voting/pictures/ 15
16
/* 1 * source * code */ if (... Vendor 16
/* 1 * source * code Voting 2 */ Machine if (... Vendor 16
/* 1 * source * code Polling Voting */ 3 2 Location Machine if (... Vendor 16
/* 1 * source * code Polling Voting */ 3 2 Location Machine if (... Vendor 4 Alice 16
/* 1 * source * code Polling Voting */ 3 2 Location Machine if (... Vendor 4 Alice 16
/* 1 * source * code Polling Voting */ 3 2 Location Machine if (... Vendor 4 Alice 5 Ballot Box Collection 16
/* 1 * source * code Polling Voting */ 3 2 Location Machine if (... Vendor 4 Alice Results 5 6 ..... Ballot Box Collection 16
/* 1 * source * code Polling Voting */ 3 2 Location Machine if (... Vendor 4 Alice Results 5 6 ..... Ballot Box Collection Black Box 16
Chain of Custody
Chain of Custody
Chain of Custody
Chain of Custody
Chain of Custody
Initially, cryptographers re-created physical processes in the digital arena. 18
Then, a realization: cryptography enables a new voting paradigm Secrecy + Auditability. 19
20
Public Ballots Bulletin Board Bob: McCain Carol: Obama 21
Public Ballots Bulletin Board Bob: McCain Carol: Obama Alice 21
Public Ballots Bulletin Board Alice: Bob: Obama McCain Carol: Obama Alice 21
Public Ballots Bulletin Board Alice: Bob: Obama McCain Carol: Obama Tally Obama....2 McCain.... Alice 1 21
Encrypted Public Ballots Bulletin Board Alice: Bob: Rice Clinton Carol: Rice Tally Obama....2 McCain.... Alice 1 22
Encrypted Public Ballots Bulletin Board Alice: Bob: Rice Clinton Carol: Ali Rice ce ver Tally ifies he rv Obama....2 ote McCain.... Alice 1 22
Encrypted Public Ballots Bulletin Board Alice: Bob: Rice Clinton Carol: Ali ce Rice ta lly e hTally ver ifi ifie st es he ne ver rv ve ryo Obama....2 ote E McCain.... Alice 1 22
End-to-End Verification
End-to-End Verification /* * source * code Voting */ Machine if (... Vendor Polling Location
End-to-End Verification /* * source * code Voting */ Machine if (... Vendor Ballot Box / Polling Bulletin Board Location Alice
End-to-End Verification /* * source * code Voting */ Machine if (... Vendor Ballot Box / Results Polling Bulletin Board Location ..... Alice
End-to-End Verification /* * source * code Voting */ Machine if (... Vendor Ballot Box / Results Polling Bulletin Board Location ..... 1 Alice Receipt
End-to-End Verification /* * source * code Voting */ Machine if (... Vendor Ballot Box / Results Polling Bulletin Board Location ..... 1 2 Alice Receipt
Democratizing Audits Each voter is responsible for checking their receipt (no one else can.) Anyone, a voter or a public org, can audit the tally and verify the list of cast ballots. Thus, OPEN-AUDIT Voting. 24
2. Cryptography is not just about secrets, creates trust between competitors. 25
NO! Increased transparency when some data must remain secret. 26
So, yes, we encrypt, and then we operate on the encrypted data in public, so everyone can see. In particular, because the vote is encrypted, it can remain labeled with voter’s name. 27
“Randomized” Encryption 28
“Randomized” Encryption Keypair consists of a public key pk and a secret key sk . 28
“Randomized” Encryption Keypair consists of a public key pk and a secret key sk . "Obama" Enc pk 8b5637 28
“Randomized” Encryption Keypair consists of a public key pk and a secret key sk . "Obama" Enc pk 8b5637 "McCain" Enc pk c5de34 28
“Randomized” Encryption Keypair consists of a public key pk and a secret key sk . "Obama" Enc pk 8b5637 "McCain" Enc pk c5de34 "Obama" Enc pk a4b395 28
Threshold Decryption Secret key is shared amongst multiple parties: all (or at least a quorum) need to cooperate to decrypt. 8b5637 29
Threshold Decryption Secret key is shared amongst multiple parties: all (or at least a quorum) need to cooperate to decrypt. Dec sk1 b739cb 8b5637 29
Threshold Decryption Secret key is shared amongst multiple parties: all (or at least a quorum) need to cooperate to decrypt. Dec sk1 b739cb Dec sk2 261ad7 8b5637 29
Threshold Decryption Secret key is shared amongst multiple parties: all (or at least a quorum) need to cooperate to decrypt. Dec sk1 b739cb Dec sk2 261ad7 8b5637 Dec sk3 7231bc 29
Threshold Decryption Secret key is shared amongst multiple parties: all (or at least a quorum) need to cooperate to decrypt. Dec sk1 b739cb Dec sk2 261ad7 8b5637 Dec sk3 7231bc Dec sk4 8239ba 29
Threshold Decryption Secret key is shared amongst multiple parties: all (or at least a quorum) need to cooperate to decrypt. Dec sk1 b739cb Dec sk2 261ad7 8b5637 "Obama" Dec sk3 7231bc Dec sk4 8239ba 29
Homomorphic Encryption 30
Homomorphic Encryption Enc(m1 ) × Enc(m2 ) = Enc(m1 + m2 ) 30
Homomorphic Encryption Enc(m1 ) × Enc(m2 ) = Enc(m1 + m2 ) 30
Homomorphic Encryption Enc(m1 ) × Enc(m2 ) = Enc(m1 + m2 ) g m1 ×g m2 = g m 1 +m 2 30
Homomorphic Encryption Enc(m1 ) × Enc(m2 ) = Enc(m1 + m2 ) g m1 ×g m2 = g m 1 +m 2 then we can simply add “under cover” of encryption! 30
Mixnets c = Encpk1 (Encpk2 (Encpk3 (m))) Each mix server “unwraps” a layer of this encryption onion. 31
Proving certain details while keeping others secret. Proving a ciphertext encodes a given message without revealing its random factor. 32
Zero-Knowledge Proof 33
Zero-Knowledge Proof President: President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse Vote For: Mickey Mouse Obama Vote For: Obama 33
Zero-Knowledge Proof President: President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse Vote For: Mickey Mouse Obama Vote For: Obama This last envelope likely contains “Obama” 33
Zero-Knowledge Proof President: President: President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse Vote For: Mickey Mouse Vote For: Mickey Mouse Obama McCain Paul Open envelopes don’t prove anything after the fact. 34
Electronic Experience Voter interacts with a voting machine Voting Machine Alice Obtains a freshly printed receipt that displays the encrypted ballot Encrypted Vote Takes the receipt home and uses it as a tracking number. Receipts posted for public tally. 35
Paper Experience David Adam Bob Charlie David _______ Adam _______ Bob _______ Pre-print paper ballots with some indirection betw candidate and choice Charlie _______ _______ 8c3sw _______ _______ _______ 8c3sw Break the indirection (tear, detach) Adam - x 8c3sw for effective encryption Bob - q Charlie - r David - m Take receipt home and use it Adam - x Bob - q 8c3sw as tracking number. Charlie - r q q David - m r r m m x x 8c3sw Receipts posted for public tally. q r m x 36
3. Cryptography-based Voting (Open-Audit Voting) is closing in on practicality. 37
Benaloh Casting 38
Benaloh Casting Alice 38
Benaloh Casting "Obama" Alice 38
Benaloh Casting "Obama" Encrypted Ballot Alice 38
Benaloh Casting "Obama" Encrypted Ballot Alice Alice 38
Benaloh Casting "Obama" Encrypted Ballot Alice "AUDIT" Alice 38
Benaloh Casting "Obama" Encrypted Ballot Alice "AUDIT" Decrypted Ballot Alice 38
Benaloh Casting "Obama" Encrypted Ballot Alice "AUDIT" Decrypted Ballot Alice Encrypted Decrypted Ballot Ballot VERIFICATION 38
Benaloh Casting "Obama" Encrypted Ballot Alice "AUDIT" Decrypted Ballot Alice Encrypted Decrypted Ballot Ballot VERIFICATION 38
Benaloh Casting "Obama" Encrypted Ballot Alice "AUDIT" Decrypted Ballot Alice Encrypted Decrypted Ballot Ballot VERIFICATION 38
Benaloh Casting "Obama" Encrypted Ballot Alice "AUDIT" Decrypted Ballot Alice Alice Encrypted Decrypted Ballot Ballot VERIFICATION 38
Benaloh Casting "Obama" Encrypted Ballot Alice "AUDIT" "CAST" Decrypted Ballot Alice Alice Encrypted Decrypted Ballot Ballot VERIFICATION 38
Benaloh Casting "Obama" Encrypted Ballot Alice "AUDIT" "CAST" Decrypted Signed Ballot Encrypted Ballot Alice Alice Encrypted Decrypted Ballot Ballot VERIFICATION 38
Benaloh Casting "Obama" Encrypted Ballot Alice "AUDIT" "CAST" Decrypted Signed Ballot Encrypted Ballot Alice Alice Encrypted Decrypted Ballot Ballot VERIFICATION Alice 38
Benaloh Casting "Obama" Encrypted Ballot Alice "AUDIT" "CAST" Decrypted Signed Ballot Encrypted Ballot Alice Alice Encrypted Decrypted Ballot Ballot Signed Encrypted Ballot VERIFICATION Alice 38
Many more great ideas Neff ’s MarkPledge ➡ high-assurance, human-verifiable, proofs of correct encryption Scantegrity ➡ closely mirrors opscan voting ThreeBallot by Rivest ➡ teaching the concept of open-audit without deep crypto STV: Ramchen, Teague, Benaloh & Moran. ➡ handling complex election styles Prêt-à-Voter by Ryan et al. ➡ elegant, simple, paper-based 39
Deployments! UCL (25,000 voters) Scantegrity @ Takoma Park SCV 40
Three Points 1. Voting is a unique trust problem. 2. Cryptography is not just about secrets, it creates trust between competitors, it democratizes the auditing process. 3. Open-Audit Voting is closing in on practicality. 41
My Fear: computerization of voting is inevitable. without open-audit, the situation is grim. 42
My Hope: proofs for auditing partially-secret processes will soon be as common as public- key crypto is now. 43
Challenge: Ed Felten: “you have no voter privacy, deal with it.” 44
Challenge: Ed Felten: “you have no voter privacy, deal with it.” 44
Questions? 45

Empfohlen

Voting Security Overview
Voting Security OverviewVoting Security Overview
Voting Security OverviewBen Adida
 
Truly Verifiable Elections
Truly Verifiable ElectionsTruly Verifiable Elections
Truly Verifiable ElectionsBen Adida
 
Secure Voting
Secure VotingSecure Voting
Secure VotingBen Adida
 
Helios - Real-World Open-Audit Voting
Helios - Real-World Open-Audit VotingHelios - Real-World Open-Audit Voting
Helios - Real-World Open-Audit VotingBen Adida
 
ASFWS 2011: Harmonizing Identity and Privacy in Digital Identity and Authenti...
ASFWS 2011: Harmonizing Identity and Privacy in Digital Identity and Authenti...ASFWS 2011: Harmonizing Identity and Privacy in Digital Identity and Authenti...
ASFWS 2011: Harmonizing Identity and Privacy in Digital Identity and Authenti...Cyber Security Alliance
 
Open-Audit Voting
Open-Audit VotingOpen-Audit Voting
Open-Audit VotingBen Adida
 
Indivo X Hospital Connectivity
Indivo X Hospital ConnectivityIndivo X Hospital Connectivity
Indivo X Hospital ConnectivityBen Adida
 
Indivo X Overview
Indivo X OverviewIndivo X Overview
Indivo X OverviewBen Adida
 

Empfohlen

Voting Security Overview
Voting Security OverviewVoting Security Overview
Voting Security OverviewBen Adida
 
Truly Verifiable Elections
Truly Verifiable ElectionsTruly Verifiable Elections
Truly Verifiable ElectionsBen Adida
 
Secure Voting
Secure VotingSecure Voting
Secure VotingBen Adida
 
Helios - Real-World Open-Audit Voting
Helios - Real-World Open-Audit VotingHelios - Real-World Open-Audit Voting
Helios - Real-World Open-Audit VotingBen Adida
 
ASFWS 2011: Harmonizing Identity and Privacy in Digital Identity and Authenti...
ASFWS 2011: Harmonizing Identity and Privacy in Digital Identity and Authenti...ASFWS 2011: Harmonizing Identity and Privacy in Digital Identity and Authenti...
ASFWS 2011: Harmonizing Identity and Privacy in Digital Identity and Authenti...Cyber Security Alliance
 
Open-Audit Voting
Open-Audit VotingOpen-Audit Voting
Open-Audit VotingBen Adida
 
Indivo X Hospital Connectivity
Indivo X Hospital ConnectivityIndivo X Hospital Connectivity
Indivo X Hospital ConnectivityBen Adida
 
Indivo X Overview
Indivo X OverviewIndivo X Overview
Indivo X OverviewBen Adida
 
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert ChannelsEfficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert ChannelsBen Adida
 
How to Build an Indivo X Personal Health App
How to Build an Indivo X Personal Health AppHow to Build an Indivo X Personal Health App
How to Build an Indivo X Personal Health AppBen Adida
 
Helios: web-based truly verifiable voting
Helios: web-based truly verifiable votingHelios: web-based truly verifiable voting
Helios: web-based truly verifiable votingBen Adida
 
Bitcoin
BitcoinBitcoin
Bitcoinmahdi ataeyan
 
Biometrics Iris Scanning: A Literature Review
Biometrics Iris Scanning: A Literature ReviewBiometrics Iris Scanning: A Literature Review
Biometrics Iris Scanning: A Literature ReviewOlivia Moran
 
Sigma Protocols and Zero Knowledge
Sigma Protocols and Zero KnowledgeSigma Protocols and Zero Knowledge
Sigma Protocols and Zero KnowledgeAlex Chepurnoy
 
Iris by @run@$uj! final
Iris by @run@$uj! finalIris by @run@$uj! final
Iris by @run@$uj! finalARUNASUJITHA
 
Secure e voting system
Secure e voting systemSecure e voting system
Secure e voting systemMonira Monir
 
Public Key Algorithms
Public Key AlgorithmsPublic Key Algorithms
Public Key AlgorithmsBit Hacker
 
Elliptic Curve Cryptography and Zero Knowledge Proof
Elliptic Curve Cryptography and Zero Knowledge ProofElliptic Curve Cryptography and Zero Knowledge Proof
Elliptic Curve Cryptography and Zero Knowledge ProofArunanand Ta
 
Cryptography
CryptographyCryptography
CryptographyDarshini Parikh
 
Zero knowledge proofsii
Zero knowledge proofsiiZero knowledge proofsii
Zero knowledge proofsiisreesaiprakash
 
Cryptography
CryptographyCryptography
CryptographySidharth Mohapatra
 
Online voting job presentation
Online voting job presentationOnline voting job presentation
Online voting job presentationbondito
 
Visual Design with Data
Visual Design with DataVisual Design with Data
Visual Design with DataSeth Familian
 
TEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of WorkTEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of WorkVolker Hirsch
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 

Weitere ähnliche Inhalte

Andere mochten auch

Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert ChannelsEfficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert ChannelsBen Adida
 
How to Build an Indivo X Personal Health App
How to Build an Indivo X Personal Health AppHow to Build an Indivo X Personal Health App
How to Build an Indivo X Personal Health AppBen Adida
 
Helios: web-based truly verifiable voting
Helios: web-based truly verifiable votingHelios: web-based truly verifiable voting
Helios: web-based truly verifiable votingBen Adida
 
Biometrics Iris Scanning: A Literature Review
Biometrics Iris Scanning: A Literature ReviewBiometrics Iris Scanning: A Literature Review
Biometrics Iris Scanning: A Literature ReviewOlivia Moran
 
Sigma Protocols and Zero Knowledge
Sigma Protocols and Zero KnowledgeSigma Protocols and Zero Knowledge
Sigma Protocols and Zero KnowledgeAlex Chepurnoy
 
Iris by @run@$uj! final
Iris by @run@$uj! finalIris by @run@$uj! final
Iris by @run@$uj! finalARUNASUJITHA
 
Secure e voting system
Secure e voting systemSecure e voting system
Secure e voting systemMonira Monir
 
Public Key Algorithms
Public Key AlgorithmsPublic Key Algorithms
Public Key AlgorithmsBit Hacker
 
Elliptic Curve Cryptography and Zero Knowledge Proof
Elliptic Curve Cryptography and Zero Knowledge ProofElliptic Curve Cryptography and Zero Knowledge Proof
Elliptic Curve Cryptography and Zero Knowledge ProofArunanand Ta
 
Zero knowledge proofsii
Zero knowledge proofsiiZero knowledge proofsii
Zero knowledge proofsiisreesaiprakash
 
Online voting job presentation
Online voting job presentationOnline voting job presentation
Online voting job presentationbondito
 
Visual Design with Data
Visual Design with DataVisual Design with Data
Visual Design with DataSeth Familian
 
TEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of WorkTEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of WorkVolker Hirsch
 

Andere mochten auch (16)

Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert ChannelsEfficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
 
How to Build an Indivo X Personal Health App
How to Build an Indivo X Personal Health AppHow to Build an Indivo X Personal Health App
How to Build an Indivo X Personal Health App
 
Helios: web-based truly verifiable voting
Helios: web-based truly verifiable votingHelios: web-based truly verifiable voting
Helios: web-based truly verifiable voting
 
Bitcoin
BitcoinBitcoin
Bitcoin
 
Biometrics Iris Scanning: A Literature Review
Biometrics Iris Scanning: A Literature ReviewBiometrics Iris Scanning: A Literature Review
Biometrics Iris Scanning: A Literature Review
 
Sigma Protocols and Zero Knowledge
Sigma Protocols and Zero KnowledgeSigma Protocols and Zero Knowledge
Sigma Protocols and Zero Knowledge
 
Iris by @run@$uj! final
Iris by @run@$uj! finalIris by @run@$uj! final
Iris by @run@$uj! final
 
Secure e voting system
Secure e voting systemSecure e voting system
Secure e voting system
 
Public Key Algorithms
Public Key AlgorithmsPublic Key Algorithms
Public Key Algorithms
 
Elliptic Curve Cryptography and Zero Knowledge Proof
Elliptic Curve Cryptography and Zero Knowledge ProofElliptic Curve Cryptography and Zero Knowledge Proof
Elliptic Curve Cryptography and Zero Knowledge Proof
 
Cryptography
CryptographyCryptography
Cryptography
 
Zero knowledge proofsii
Zero knowledge proofsiiZero knowledge proofsii
Zero knowledge proofsii
 
Cryptography
CryptographyCryptography
Cryptography
 
Online voting job presentation
Online voting job presentationOnline voting job presentation
Online voting job presentation
 
Visual Design with Data
Visual Design with DataVisual Design with Data
Visual Design with Data
 
TEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of WorkTEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of Work
 

Kürzlich hochgeladen

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 

Kürzlich hochgeladen (20)

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 

Cryptography and Voting

  • 1. Cryptography and Voting Ben Adida Harvard University EVT & WOTE August 11th, 2009 Montreal, Canada
  • 2. “If you think cryptography is the solution to your problem.... 2
  • 3. ... then you don’t understand cryptography... 3
  • 4. ... then you don’t understand cryptography... ... and you don’t understand your problem.” -Peter, Butler, Bruce 3
  • 5. Yet, cryptography solves problems that initially appear to be impossible. 4
  • 6. There is a potential paradigm shift. A means of election verification far more powerful than other methods. 5
  • 7. Three Points 1. Voting is a unique trust problem. 2. Cryptography is not just about secrets, it creates trust between competitors, it democratizes the auditing process. 3. Open-Audit Voting is closing in on practicality. 6
  • 8. 1. Voting is a unique trust problem. 7
  • 10. Wooten got the news from his wife, Roxanne, who went to City Hall on Wednesday to see the election results. "She saw my name with zero votes by it. She came home and asked me if I had voted for myself or not." 9
  • 11. 10
  • 12. 11
  • 13. Bad Analogies Dan Wallach’s great rump session talk. More than that ATMs and planes are vulnerable (they are, but that’s not the point) It’s that voting is much harder. 12
  • 14. Bad Analogies Adversaries ➡ pilots vs. passengers (airline is on your side, I think.) ➡ banking privacy is only voluntary: you are not the enemy. Failure Detection & Recover ➡ plane crashes & statements vs. 2% election fraud ➡ Full banking receipts vs. destroying election evidence Imagine ➡ a bank where you never get a receipt. ➡ an airline where the pilot is working against you. 13
  • 15. Ballot secrecy conflicts with auditing, cryptography can reconcile them. 14
  • 17. 16
  • 18. /* 1 * source * code */ if (... Vendor 16
  • 19. /* 1 * source * code Voting 2 */ Machine if (... Vendor 16
  • 20. /* 1 * source * code Polling Voting */ 3 2 Location Machine if (... Vendor 16
  • 21. /* 1 * source * code Polling Voting */ 3 2 Location Machine if (... Vendor 4 Alice 16
  • 22. /* 1 * source * code Polling Voting */ 3 2 Location Machine if (... Vendor 4 Alice 16
  • 23. /* 1 * source * code Polling Voting */ 3 2 Location Machine if (... Vendor 4 Alice 5 Ballot Box Collection 16
  • 24. /* 1 * source * code Polling Voting */ 3 2 Location Machine if (... Vendor 4 Alice Results 5 6 ..... Ballot Box Collection 16
  • 25. /* 1 * source * code Polling Voting */ 3 2 Location Machine if (... Vendor 4 Alice Results 5 6 ..... Ballot Box Collection Black Box 16
  • 31. Initially, cryptographers re-created physical processes in the digital arena. 18
  • 32. Then, a realization: cryptography enables a new voting paradigm Secrecy + Auditability. 19
  • 33. 20
  • 34. Public Ballots Bulletin Board Bob: McCain Carol: Obama 21
  • 35. Public Ballots Bulletin Board Bob: McCain Carol: Obama Alice 21
  • 36. Public Ballots Bulletin Board Alice: Bob: Obama McCain Carol: Obama Alice 21
  • 37. Public Ballots Bulletin Board Alice: Bob: Obama McCain Carol: Obama Tally Obama....2 McCain.... Alice 1 21
  • 38. Encrypted Public Ballots Bulletin Board Alice: Bob: Rice Clinton Carol: Rice Tally Obama....2 McCain.... Alice 1 22
  • 39. Encrypted Public Ballots Bulletin Board Alice: Bob: Rice Clinton Carol: Ali Rice ce ver Tally ifies he rv Obama....2 ote McCain.... Alice 1 22
  • 40. Encrypted Public Ballots Bulletin Board Alice: Bob: Rice Clinton Carol: Ali ce Rice ta lly e hTally ver ifi ifie st es he ne ver rv ve ryo Obama....2 ote E McCain.... Alice 1 22
  • 42. End-to-End Verification /* * source * code Voting */ Machine if (... Vendor Polling Location
  • 43. End-to-End Verification /* * source * code Voting */ Machine if (... Vendor Ballot Box / Polling Bulletin Board Location Alice
  • 44. End-to-End Verification /* * source * code Voting */ Machine if (... Vendor Ballot Box / Results Polling Bulletin Board Location ..... Alice
  • 45. End-to-End Verification /* * source * code Voting */ Machine if (... Vendor Ballot Box / Results Polling Bulletin Board Location ..... 1 Alice Receipt
  • 46. End-to-End Verification /* * source * code Voting */ Machine if (... Vendor Ballot Box / Results Polling Bulletin Board Location ..... 1 2 Alice Receipt
  • 47. Democratizing Audits Each voter is responsible for checking their receipt (no one else can.) Anyone, a voter or a public org, can audit the tally and verify the list of cast ballots. Thus, OPEN-AUDIT Voting. 24
  • 48. 2. Cryptography is not just about secrets, creates trust between competitors. 25
  • 49. NO! Increased transparency when some data must remain secret. 26
  • 50. So, yes, we encrypt, and then we operate on the encrypted data in public, so everyone can see. In particular, because the vote is encrypted, it can remain labeled with voter’s name. 27
  • 52. “Randomized” Encryption Keypair consists of a public key pk and a secret key sk . 28
  • 53. “Randomized” Encryption Keypair consists of a public key pk and a secret key sk . "Obama" Enc pk 8b5637 28
  • 54. “Randomized” Encryption Keypair consists of a public key pk and a secret key sk . "Obama" Enc pk 8b5637 "McCain" Enc pk c5de34 28
  • 55. “Randomized” Encryption Keypair consists of a public key pk and a secret key sk . "Obama" Enc pk 8b5637 "McCain" Enc pk c5de34 "Obama" Enc pk a4b395 28
  • 56. Threshold Decryption Secret key is shared amongst multiple parties: all (or at least a quorum) need to cooperate to decrypt. 8b5637 29
  • 57. Threshold Decryption Secret key is shared amongst multiple parties: all (or at least a quorum) need to cooperate to decrypt. Dec sk1 b739cb 8b5637 29
  • 58. Threshold Decryption Secret key is shared amongst multiple parties: all (or at least a quorum) need to cooperate to decrypt. Dec sk1 b739cb Dec sk2 261ad7 8b5637 29
  • 59. Threshold Decryption Secret key is shared amongst multiple parties: all (or at least a quorum) need to cooperate to decrypt. Dec sk1 b739cb Dec sk2 261ad7 8b5637 Dec sk3 7231bc 29
  • 60. Threshold Decryption Secret key is shared amongst multiple parties: all (or at least a quorum) need to cooperate to decrypt. Dec sk1 b739cb Dec sk2 261ad7 8b5637 Dec sk3 7231bc Dec sk4 8239ba 29
  • 61. Threshold Decryption Secret key is shared amongst multiple parties: all (or at least a quorum) need to cooperate to decrypt. Dec sk1 b739cb Dec sk2 261ad7 8b5637 "Obama" Dec sk3 7231bc Dec sk4 8239ba 29
  • 63. Homomorphic Encryption Enc(m1 ) × Enc(m2 ) = Enc(m1 + m2 ) 30
  • 64. Homomorphic Encryption Enc(m1 ) × Enc(m2 ) = Enc(m1 + m2 ) 30
  • 65. Homomorphic Encryption Enc(m1 ) × Enc(m2 ) = Enc(m1 + m2 ) g m1 ×g m2 = g m 1 +m 2 30
  • 66. Homomorphic Encryption Enc(m1 ) × Enc(m2 ) = Enc(m1 + m2 ) g m1 ×g m2 = g m 1 +m 2 then we can simply add “under cover” of encryption! 30
  • 67. Mixnets c = Encpk1 (Encpk2 (Encpk3 (m))) Each mix server “unwraps” a layer of this encryption onion. 31
  • 68. Proving certain details while keeping others secret. Proving a ciphertext encodes a given message without revealing its random factor. 32
  • 70. Zero-Knowledge Proof President: President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse Vote For: Mickey Mouse Obama Vote For: Obama 33
  • 71. Zero-Knowledge Proof President: President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse Vote For: Mickey Mouse Obama Vote For: Obama This last envelope likely contains “Obama” 33
  • 72. Zero-Knowledge Proof President: President: President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse President: Mickey Mouse Vote For: Mickey Mouse Vote For: Mickey Mouse Obama McCain Paul Open envelopes don’t prove anything after the fact. 34
  • 73. Electronic Experience Voter interacts with a voting machine Voting Machine Alice Obtains a freshly printed receipt that displays the encrypted ballot Encrypted Vote Takes the receipt home and uses it as a tracking number. Receipts posted for public tally. 35
  • 74. Paper Experience David Adam Bob Charlie David _______ Adam _______ Bob _______ Pre-print paper ballots with some indirection betw candidate and choice Charlie _______ _______ 8c3sw _______ _______ _______ 8c3sw Break the indirection (tear, detach) Adam - x 8c3sw for effective encryption Bob - q Charlie - r David - m Take receipt home and use it Adam - x Bob - q 8c3sw as tracking number. Charlie - r q q David - m r r m m x x 8c3sw Receipts posted for public tally. q r m x 36
  • 75. 3. Cryptography-based Voting (Open-Audit Voting) is closing in on practicality. 37
  • 78. Benaloh Casting "Obama" Alice 38
  • 79. Benaloh Casting "Obama" Encrypted Ballot Alice 38
  • 80. Benaloh Casting "Obama" Encrypted Ballot Alice Alice 38
  • 81. Benaloh Casting "Obama" Encrypted Ballot Alice "AUDIT" Alice 38
  • 82. Benaloh Casting "Obama" Encrypted Ballot Alice "AUDIT" Decrypted Ballot Alice 38
  • 83. Benaloh Casting "Obama" Encrypted Ballot Alice "AUDIT" Decrypted Ballot Alice Encrypted Decrypted Ballot Ballot VERIFICATION 38
  • 84. Benaloh Casting "Obama" Encrypted Ballot Alice "AUDIT" Decrypted Ballot Alice Encrypted Decrypted Ballot Ballot VERIFICATION 38
  • 85. Benaloh Casting "Obama" Encrypted Ballot Alice "AUDIT" Decrypted Ballot Alice Encrypted Decrypted Ballot Ballot VERIFICATION 38
  • 86. Benaloh Casting "Obama" Encrypted Ballot Alice "AUDIT" Decrypted Ballot Alice Alice Encrypted Decrypted Ballot Ballot VERIFICATION 38
  • 87. Benaloh Casting "Obama" Encrypted Ballot Alice "AUDIT" "CAST" Decrypted Ballot Alice Alice Encrypted Decrypted Ballot Ballot VERIFICATION 38
  • 88. Benaloh Casting "Obama" Encrypted Ballot Alice "AUDIT" "CAST" Decrypted Signed Ballot Encrypted Ballot Alice Alice Encrypted Decrypted Ballot Ballot VERIFICATION 38
  • 89. Benaloh Casting "Obama" Encrypted Ballot Alice "AUDIT" "CAST" Decrypted Signed Ballot Encrypted Ballot Alice Alice Encrypted Decrypted Ballot Ballot VERIFICATION Alice 38
  • 90. Benaloh Casting "Obama" Encrypted Ballot Alice "AUDIT" "CAST" Decrypted Signed Ballot Encrypted Ballot Alice Alice Encrypted Decrypted Ballot Ballot Signed Encrypted Ballot VERIFICATION Alice 38
  • 91. Many more great ideas Neff ’s MarkPledge ➡ high-assurance, human-verifiable, proofs of correct encryption Scantegrity ➡ closely mirrors opscan voting ThreeBallot by Rivest ➡ teaching the concept of open-audit without deep crypto STV: Ramchen, Teague, Benaloh & Moran. ➡ handling complex election styles Prêt-à-Voter by Ryan et al. ➡ elegant, simple, paper-based 39
  • 93. Three Points 1. Voting is a unique trust problem. 2. Cryptography is not just about secrets, it creates trust between competitors, it democratizes the auditing process. 3. Open-Audit Voting is closing in on practicality. 41
  • 94. My Fear: computerization of voting is inevitable. without open-audit, the situation is grim. 42
  • 95. My Hope: proofs for auditing partially-secret processes will soon be as common as public- key crypto is now. 43
  • 96. Challenge: Ed Felten: “you have no voter privacy, deal with it.” 44
  • 97. Challenge: Ed Felten: “you have no voter privacy, deal with it.” 44