Understanding Verifiable Mixnets in Electronic Voting Systems

Slide Note
Embed
Share

Explore the concept of verifiable mixnets in electronic voting systems through topics like counting methods, preserving vote secrecy, and verifiability of the counting process. Learn about Verificatum, commitment schemes, and proof techniques for ensuring mixing correctness in voting processes.

khadijahs
khadijahs Follow

Uploaded on Dec 08, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Verifiable Mixnets SANDRA GUASCH CASTELL PHD EVOTING WORKSHOP LUXEMBOURG, 15-16/10/2012 SUPERVISOR: PAZ MORILLO BOSCH

  2. INDEX 2 Introduction Counting methods for electronic voting. Verifiability of the counting process. Verifiable Mixnets Verificatum: Properties of a permutation matrix. Commitment to a permutation matrix. Other approaches: Vector Commitments. Cryptographic Accumulators.

  3. INTRODUCTION 3 Counting methods for electronic voting: In case encrypted votes are linked to voter identities (digitally signed), the counting phase has to implement procedures for preserving vote secrecy.

  4. INTRODUCTION 4 Counting methods for providing vote secrecy: Homomorphic tally: Poor scalability and flexibility.

  5. INTRODUCTION 5 Verifiability of the counting process: Homomorphic tally:

  6. Verifiable Mixnets 6 VERIFICATUM

  7. Verificatum: a verifiable mixnet 7 Based in two papers: D. Wikstr m. A Commitment-Consistent Proof of a Shuffle. 2011. Generic design of a mixnet verification process divided in two phases. The heavier computations are moved to a pre-computation phase. B. Terelius, D. Wikstr m. Proofs of Restricted Shuffles. AfricaCrypt 2010. Use a matrix commitment to prove the properties of this matrix. Define the properties of a permutation matrix.

  8. 8 How to proof that the mixing has been performed correctly? Operations: Shuffle or permutation. Re-encryption. D. Wikstr m. A Commitment- Consistent Proof of a Shuffle. 2011.

  9. 9 Division in two processes: Offline or computed before mixing. Online or computed during mixing. D. Wikstr m. A Commitment- Consistent Proof of a Shuffle. 2011.

  10. B. Terelius, D. Wikstrm. Proofs of restricted shuffles. 2010 10 Product of a matrix and a vector: Permutation matrix: Characteristics: The product of the output elements is equal to the product of the input elements: No linear combinations are done: That means: the output contains the same elements than the input.

  11. Commitment to a permutation matrix 11 Pedersen commitment: Commitment to a value m: Commit to a vector : Commit to a matrix: Commit to each column j: Commit all the columns ajtogether:

  12. Commitment to a permutation matrix 12 Note that: Vector e permuted as defined by matrix M. The result of multiplying vector e by matrix M. Remember:

  13. Commitment to a permutation matrix 13 Remember characteristics of M: The output contains the same elements than the input vector: We will use: No linear combinations are done: We will use:

  14. Commitment to a permutation matrix 14 Proofs over the commitment of M: From the commitment of : The prover has to do step-by-step the product of the values e i . Where is the permutation of Prove that The verifier checks that has an exponential form. This is the heaviest part of the computation, but it s done in the offline phase.

  15. Verificatum times 15 Java implementation. Commitment to an initial matrix of 18.284 votes, mixing of 9.142 votes. minutes 87,09 23,17 59,17 Offline: Commitment to a matrix Check matrix commitment: Pre-generate re-encryption exponents: Online: 4,76 18,04 Perform mixing: 0,02 Prove mixing: Validate mixing: 3,97 14,05 I5-2400 8GB RAM 3VMs (1 core, 2GB RAM) VirtualBox 4.1.18 Verificatum 1.0.7.

  16. Verifiable Mixnets 16 OTHER APPROACHES

  17. 17 * Commitment to a vector of q messages. D. Catalano and D. Fiore. Vector Commitments and their Applications. 2011. * The commitment can be opened to a specific position. * Position binding: the commitment cannot be opened to two different values for the same position. * Size of commitment and openings is independent of q. * Commitment and openings are updatable.

  18. Proving mixing with Vector Commitments 18 Idea: we want to prove that we have commited to a permutation matrix (like Wikstr m). Only one 1 per column and row. Commit to each row of M with a Vector Commitment. Make an opening to value 0 that can be used for all positions but one. Make an opening to value 1 for one position. Without revealing that position. Vector Commitments shall allow relating the commited matrix to the operations of the Mixnet.

  19. Proving mixing with Vector Commitments 19 Idea: what does it mean to make a shuffle? Messages before and after are the same, but in different order. Vector Commitments are position binding: prove both vectors have the same elements in different positions. Pass a test vector through the permutation matrix (hidden) and give the Vector Commitment of the output. Prove properties of the commited output. Prove them in zero knowledge.

  20. 20 J. Camenish and A. Lysyanskaya. Dynamic Accumulators and Application to Efficient Revocation of Anonymous credentials. 2002. * Compress a list of q elements into a single accumulator value. * For each element, a witness w attests that it is in the accumulator. * Camenish and Lysyanskaya: prove in zero knowledge that an element is in the accumulator. * Can be used to prove in zero knowledge that an element belongs to a set. * The accumulator can be updated to allocate new values. * Universal accumulators (J. Li, N. Li, R. Xue. Universal Accumulators with Efficient Non-membership Proofs. 2007.) allow also to issue proofs of non-membership.

  21. Proving mixing with Vector Commitments and Accumulators 21 Idea: we want to prove that two vectors contain the same values but in different order (without learning that order). Compare the vector commitment of the output does not open to the same values than in the input for all the positions in zero knowledge! Use a cryptographic accumulator to represent the set of input values, and demostrate that all the output values in the vector commitment are contained in the accumulator.

  22. 22 Make Vector Commitments homomorphic in some way: Vector Commitments shall allow relating the committed values to the operations of the mixnet. We want to be able to relate a committed vector to values in an accumulator. Achieve Zero-Knowledge properties: We want to prove a position can be opened to a value without revealing that position. Challenges

Related


Promising Practices for Faculty Evaluations in DEIA - ASCCC Spring 2023 Plenary

Promising Practices for Faculty Evaluations in DEIA - ASCCC Spring 2023 Plenary

dudley
Exploring FAEST: Post-Quantum Signatures and Zero-Knowledge Proofs

Exploring FAEST: Post-Quantum Signatures and Zero-Knowledge Proofs

borys
Public Interest Disclosure & Protection of Informers Resolution - Guidelines for PIDPI Complaints

Public Interest Disclosure & Protection of Informers Resolution - Guidelines for PIDPI Complaints

neva
Understanding Post-Election Risk-Limiting Audits in Indiana

Understanding Post-Election Risk-Limiting Audits in Indiana

neriah
OpenID Connect Working Group Update & Progress Report

OpenID Connect Working Group Update & Progress Report

madiha
ERCOT Updates and Revision Requests Overview

ERCOT Updates and Revision Requests Overview

islagrace
Understanding

Understanding "The House on Mango Street" by Sandra Cisneros

ayyub
Guide to EVM and VVPAT Components, Connections, and Preparation for Poll

Guide to EVM and VVPAT Components, Connections, and Preparation for Poll

paige
EVM-VVPAT Administrative Procedures for Election Management

EVM-VVPAT Administrative Procedures for Election Management

odhran
CNF-FSS and Its Applications: PKC 2022 March 08

CNF-FSS and Its Applications: PKC 2022 March 08

zaynah
Understanding Continuing Professional Development (CPD) for Professional Growth

Understanding Continuing Professional Development (CPD) for Professional Growth

zack
Practical Statistically-Sound Proofs of Exponentiation in Any Group

Practical Statistically-Sound Proofs of Exponentiation in Any Group

edupu
Living Situation of Sandra Cisneros in 11th Grade

Living Situation of Sandra Cisneros in 11th Grade

tal_rze
Exploring House on Mango Street by Sandra Cisneros

Exploring House on Mango Street by Sandra Cisneros

reyannaca
The Logical Structure of Classical and Quantum Mechanics

The Logical Structure of Classical and Quantum Mechanics

sky_ott
Joining a Law Journal at Sandra Day O'Connor College of Law

Joining a Law Journal at Sandra Day O'Connor College of Law

laon243
Fides: A System for Verifiable Computation Using Smart Contracts

Fides: A System for Verifiable Computation Using Smart Contracts

isen_17
The Inspiring Journey of Sandra Cisneros: A Mexican-American Author

The Inspiring Journey of Sandra Cisneros: A Mexican-American Author

gore_tan
Understanding Graduation Requirements and Academic Opportunities at Sandra Day O'Connor High School

Understanding Graduation Requirements and Academic Opportunities at Sandra Day O'Connor High School

antavi
SEAL Project: Enhancing Identity Management and KYC Solutions

SEAL Project: Enhancing Identity Management and KYC Solutions

jade936
Blackbox Verifiable Computation Scheme Overview

Blackbox Verifiable Computation Scheme Overview

graylynsa
Hispanic Immigration Timeline & Sandra Cisneros Influence

Hispanic Immigration Timeline & Sandra Cisneros Influence

gilfillan_j

More Related Content