A Brief Intro to Aperio and Eperio
description
Transcript of A Brief Intro to Aperio and Eperio
![Page 1: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/1.jpg)
A Brief Intro to
Aperio and Eperio
Aleksander Essex
University of Waterloo, *University of Ottawa
SecVote 2010Sept. 3, Bertinoro Italy
![Page 2: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/2.jpg)
Aperio and Eperio
• Aperio (Essex, Clark and Adams, WOTE08)
–Paper-based voting–Verifiable w/o crypto
• Eperio (Essex, Clark, Hengartner and Adams, EVT10)
–Electronic Aperio–Optical scan ballots–Verifiable with some crypto
![Page 3: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/3.jpg)
Cryptoless E2E-style voting
• 3-Ballot – Hard to mark but easy to check– Numerous Attacks
• long ballots • short ballots (CEA07)• Etc
• Farnel/Twin– Easy to mark, easy to check but,– Need chain-of-custody to be secure
• If you had it, do you need ?
![Page 4: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/4.jpg)
Aperio
• Easy to mark• Easy to tally• Some repetitive paperwork to verify• No CoC assumption
![Page 5: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/5.jpg)
Aperio Ballot AssemblyWU, Carol
JONES, Alex
SMITH, Bob
![Page 6: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/6.jpg)
Aperio Ballot Assembly
Sheets fused together (voter can’t see bottom sheets)
![Page 7: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/7.jpg)
Reference Lists
450251556051…
Wu, Jones, SmithJones, Wu, SmithSmith, Wu, JonesWu, Jones, Smith…
![Page 8: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/8.jpg)
WU, Carol
JONES, Alex
SMITH, Bob
Wu, Jones, Smith002
#923
![Page 9: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/9.jpg)
WU, Carol
JONES, Alex
SMITH, Bob
#923
Wu, Jones, Smith002
#617
![Page 10: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/10.jpg)
Commitments (tamper-evident envelopes)
AliceAlice AliceAlice
![Page 11: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/11.jpg)
Voting
![Page 12: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/12.jpg)
Casting
![Page 13: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/13.jpg)
Counting
Σ
![Page 14: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/14.jpg)
• Coin toss reveals either– Pink Ballot, Goldenrod Receipt, or,– Pink Receipt, Goldenrod Ballot
Decommitting Protocol
Alice
Alice
Alice
Alice
Alice
Alice
Alice
Alice
![Page 15: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/15.jpg)
Checking Receipts
X X
002
![Page 16: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/16.jpg)
WU, Carol
JONES, Alex
SMITH, Bob
WU, Carol
JONES, Alex
SMITH, Bob
WU, Carol
JONES, Alex
SMITH, Bob
WU, Carol
JONES, Alex
SMITH, Bob
XWU, Carol
JONES, Alex
SMITH, Bob
XWU, Carol
JONES, Alex
SMITH, Bob
X
Checking Tally
![Page 17: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/17.jpg)
Cryptography in Elections
• Conflicting views:– Max-crypto
• Security at expense of simplicity
– No-crypto• Simplicity at expense of security
• Our goal:– Min-crypto
• Balance security and simplicity
![Page 18: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/18.jpg)
Eperio• What it is
– E2E election verification protocol
• What it means for verification– Fewer cryptographic primitives– Smaller datasets– Faster execution– Fewer lines of code
![Page 19: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/19.jpg)
BobAlice
AliceBob
#000 #001
x x
Pret-a-Voter style Ballots
![Page 20: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/20.jpg)
Bubble ID Marked? Candidate
BobAlice
#000
Trustees* copy ballots into a table
Before the election….
*Done obliviously
![Page 21: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/21.jpg)
Bubble ID Marked? Candidate
#000-1st Bob
#000-2nd AliceBobAlice
#000
Before the election….
Trustees* copy ballots into a table
*Done obliviously
![Page 22: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/22.jpg)
Bubble ID Marked? Candidate
#000-1st Bob
#000-2nd Alice
#001-1st Alice
#001-2nd Bob
AliceBob
#001
Before the election….
Trustees* copy ballots into a table
*Done obliviously
![Page 23: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/23.jpg)
Bubble ID Marked? Candidate
#000-1st Bob
#000-2nd Alice
#001-1st Alice
#001-2nd Bob
… … …
… … …And so on…
Before the election….
![Page 24: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/24.jpg)
Bubble ID Marked? Candidate
#000-1st Bob
#000-2nd Alice
#001-1st Alice
#001-2nd Bob
… …
The Eperio Table:
Remember: it’s just the ballots in table-form.
![Page 25: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/25.jpg)
Trustees shuffle rowsBubble ID Marked? Candidate
#001-2nd Bob
#003-2nd Bob
#007-1st Bob
#029-2nd Alice
#001-1st Bob
… …
![Page 26: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/26.jpg)
Trustees mask columns
Bubble ID Marked? Candidate
#001-2nd Bob
#003-2nd Bob
#007-1st Bob
#029-2nd Alice
#001-1st Bob
… …
Cryptographically committed and published
![Page 27: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/27.jpg)
Bubble ID Marked? Candidate
#001-2nd Bob
#003-2nd Bob
#007-1st Bob
#029-2nd Alice
#001-1st Bob
… …
Bubble ID Marked? Candidate
#001-2nd Bob
#003-2nd Bob
#007-1st Bob
#029-2nd Alice
#001-1st Bob
… …
Bubble ID Marked? Candidate
#001-2nd Bob
#003-2nd Bob
#007-1st Bob
#029-2nd Alice
#001-1st Bob
… …
Bubble ID Marked? Candidate
#001-2nd Bob
#003-2nd Bob
#007-1st Bob
#029-2nd Alice
#001-1st Bob
… …
Many independent shuffled copies
created
More instances scales security assurance
![Page 28: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/28.jpg)
Bubble ID Marked? Candidate
#000-1st Yes Bob
#000-2nd No Alice
#001-1st Yes Alice
#001-2nd No Bob
… … …
#000
#001
x
x
Ballots recorded by scanner
During the election…
![Page 29: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/29.jpg)
Bubble ID Marked? Candidate
#001-2nd No Bob
#003-2nd Yes Bob
#007-1st Yes Bob
#029-2nd No Alice
#001-1st Yes Alice
… … …
After the election: Bubble ID Marked? Candidate
#000-1st Yes Bob
#000-2nd No Alice
#001-1st Yes Alice
#001-2nd No Bob
… … …
Trustees fill in middle columns
![Page 30: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/30.jpg)
Bubble ID Marked? Candidate
#001-2nd Yes Bob
#031-2nd Yes Bob
#001-1st Yes Alice
#029-2nd No Alice
#021-1st Yes Bob
… … …
After the election:Bubble ID Marked? Candidate
#000-1st Yes Bob
#000-2nd No Alice
#001-1st Yes Alice
#001-2nd No Bob
… … …
Trustees fill in middle columns
![Page 31: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/31.jpg)
The Audit ChallengeBubble ID Marked? Candidate
#001-2nd No Bob
#003-2nd Yes Bob
#007-1st Yes Bob
#029-2nd No Alice
#001-1st Yes Bob
… … …
Bubble ID Marked? Candidate
#001-2nd Yes Bob
#003-2nd Yes Bob
#007-1st Yes Bob
#029-2nd No Alice
#001-1st Yes Bob
… … …
Bubble ID Marked? Candidate
#001-2nd No Bob
#003-2nd Yes Bob
#007-1st Yes Bob
#029-2nd No Alice
#001-1st Yes Bob
… … …
Bubble ID Marked? Candidate
#001-2nd No Bob
#003-2nd No Bob
#007-1st Yes Bob
#029-2nd Yes Alice
#001-1st No Bob
… … …
• Challenge• Public coin toss• One column from each instance challenged
• Response• Trustees post decommitments
![Page 32: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/32.jpg)
Checking receipts
Bubble ID Marked? Candidate
#001-2nd Yes Bob
#003-2nd Yes Bob
#007-1st Yes Bob
#029-2nd No Alice
#001-1st Yes Bob
… … …
![Page 33: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/33.jpg)
Checking receipts
Bubble ID Marked? Candidate
#007-1st Yes Bob
#006-2nd Yes Bob
#042-1st Yes Bob
#029-2nd No Alice
#007-2nd No Bob
… … …
Bubble ID column decommitted
![Page 34: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/34.jpg)
Checking receipts
Bubble ID Marked? Candidate
#007-1st Yes Bob
#006-2nd Yes Bob
#042-1st Yes Bob
#029-2nd No Alice
#007-2nd No Bob
… … …
Voter looks up receipt. Checks for match.
#007
x
![Page 35: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/35.jpg)
Bubble ID Marked? Candidate
#001-2nd No Bob
#003-2nd Yes Bob
#007-1st Yes Bob
#029-2nd No Alice
#001-1st Yes Bob
… … …
Tally audit
![Page 36: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/36.jpg)
Bubble ID Marked? Candidate
#001-2nd No Bob
#003-2nd Yes Alice
#007-1st Yes Alice
#029-2nd No Bob
#001-1st Yes Bob
… … …
Candidate column decommitted
Tally audit
![Page 37: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/37.jpg)
Bubble ID Marked? Candidate
#001-2nd No Bob
#003-2nd Yes Alice
#007-1st Yes Alice
#029-2nd No Bob
#001-1st Yes Bob
… … …
Tally like any election
Tally audit
+
![Page 38: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/38.jpg)
Bubble ID Marked? Candidate
#001-2nd No Bob
#003-2nd Yes Alice
#007-1st Yes Alice
#029-2nd No Bob
#001-1st Yes Bob
… … …
Bubble ID Marked? Candidate
#001-2nd No Bob
#003-2nd Yes Bob
#007-1st Yes Bob
#029-2nd No Alice
#001-1st Yes Bob
… … …
Repeat as necessary…
Bubble ID Marked? Candidate
#007-1st Yes Bob
#006-2nd Yes Bob
#042-1st Yes Bob
#029-2nd No Alice
#007-2nd No Bob
… … …
Bubble ID Marked? Candidate
#001-2nd No Alice
#003-2nd Yes Bob
#007-1st Yes Bob
#029-2nd Yes Alice
#001-1st No Bob
… … …
![Page 39: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/39.jpg)
Review
Bubble ID Marked? Candidate
#001-2nd No Bob
#003-2nd Yes Bob
#007-1st Yes Bob
#029-2nd No Alice
#001-1st Yes Bob
… … …
•Eperio table instance •Just a copy of ballots•Independently shuffled•Committed•Published
•Columns•Right + middle = tally•Left + middle = receipt info
![Page 40: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/40.jpg)
How is Eperio different?
• Table structure• Commitment scheme• Implementation options
What does this mean?
• Speed (10-100x faster)• Data download (10-100x smaller)• Small code size (50 lines of Python)
![Page 41: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/41.jpg)
Bubble ID Marked? Candidate
004 B X Bob
008 B X Alice
007 A X Alice
002 A Bob
004 A Alice
008 A Bob
002 B X Alice
007 B Bob
Table structure: a comparison
Eperio
![Page 42: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/42.jpg)
Verification in a spreadsheet!Bubble ID Marked? Candidate
004 B X Bob
008 B X Alice
007 A X Alice
002 A Bob
004 A Alice
008 A Bob
002 B X Alice
007 B Bob
Bubble ID Marked? Candidate
004 B X Bob
008 B X Alice
007 A X Alice
002 A Bob
004 A Alice
008 A Bob
002 B X Alice
007 B Bob
![Page 43: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/43.jpg)
OpenSSL OpenSSL
Implementation options (for audits)
Custom code Small script + Encryption utility
Spreadsheet + Encryption utility
Spreadsheet all-in-one?
Eperio
![Page 44: A Brief Intro to Aperio and Eperio](https://reader036.fdocuments.us/reader036/viewer/2022062304/56813d04550346895da6a940/html5/thumbnails/44.jpg)
Eperio
eperio.orgFind out more at