Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems...
Transcript of Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems...
![Page 1: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/1.jpg)
Automatic Verification of Remote Electronic
Voting Protocols
The 21st IEEE Computer Security Foundations Symposium, Pittsburgh, June 2008
Michael Backes, Cătălin Hrițcu, Matteo MaffeiSaarland University, Saarbrücken, Germany
![Page 2: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/2.jpg)
0%
2%
4%
6%
8%
10%
12%
14%
16%
18%
20%
1957 ... 1990 1994 1998 2002 2005
18.7%18.0%
16.0%
13.4%
9.4%
4.9%
Did you know that ...• ... in Germany, in the latest parliamentary elections 18.7% of the votes were cast by post?
![Page 3: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/3.jpg)
0%
2%
4%
6%
8%
10%
12%
14%
16%
18%
20%
1957 ... 1990 1994 1998 2002 2005
18.7%18.0%
16.0%
13.4%
9.4%
4.9%
Did you know that ...• ... in Germany, in the latest parliamentary elections 18.7% of the votes were cast by post?
• this is a form of remote voting
![Page 4: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/4.jpg)
![Page 5: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/5.jpg)
Remote voting (by post)
• More convenient than supervised voting
• This should increase voter participation
![Page 6: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/6.jpg)
Remote voting (by post)
• More convenient than supervised voting
• This should increase voter participation
• Voting by post raises many security concerns
‣ An autograph signature does not authenticate the voter
‣ An envelope does not guarantee secrecy or integrity
‣ The post is not always a secure channel
‣ Extremely easy to sell your vote
‣ You can coerce voters to vote as you like
![Page 7: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/7.jpg)
Remote voting (by post)
• More convenient than supervised voting
• This should increase voter participation
• Voting by post raises many security concerns
‣ An autograph signature does not authenticate the voter
‣ An envelope does not guarantee secrecy or integrity
‣ The post is not always a secure channel
‣ Extremely easy to sell your vote
‣ You can coerce voters to vote as you like
• Still, this has been used in Germany for 50+ years
![Page 8: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/8.jpg)
Remote electronic voting
• Seems even cheaper and even more convenient
• Promises better security (than voting by post at least)
• the security properties can be cryptographically enforced
• Different security risks
• Easier to launch large-scale attacks and erase evidence
• Clients are the weakest link: e.g. remotely exploitable software flaws, viruses, Internet worms, trojans, lack of physical security, social engineering attacks, etc.
• Network also vulnerable: e.g. voter demographic-based DDOS, cache poisoning DNS attacks, etc.
!"#$%&!'()*!$+!&,*!-'&$%(.%!/0!1.#)2!
!
!3.14!'()*!$+!&,*!-'&$%(.%!/0!1.#)2!
!
5,*!+#$%&!'()*!$+!&,*!1.#)!1$%&.(%'!&,*!1.#)!,$6)*#7'!'(8%.&9#*!.%)!:,$&$;!.%)!.6'$!&,*!
+$66$<(%8!).&.=!
!" %.>*!$+!1.#)!,$6)*#!
!" :*#'$%.6!1$)*!?%.&($%.6!/0!1$)*@!$+!1.#)!,$6)*#!
!" 1.#)!,$6)*#!A(#&,!&(>*!
!" 1.#)!,$6)*#!'*B!
!" 1.#)!,$6)*#!1(&(C*%',(:!
!" 1.#)!%9>A*#!
!" 1.#)!D.6()(&E!*%)!
!
5,*!A.14!'()*!1$%&.(%'!&,*!+$66$<(%8!).&.=!
!" 1.#)!,$6)*#!A(#&,!:6.1*!
!" 1.#)!(''9(%8!).&*!
!" #*'()*%1*!:*#>(&!)*&.(6'!.%)!$&,*#!(%+$#>.&($%!?(+!.::6(1.A6*@!
!" 1.#)!.%)!,$6)*#!).&.!(%!>.1,(%*F#*.).A6*!?/GHI@!+$#>.&!
!"#$%&'()$*+,%,*'(*$,&+*
-.1,!/0!1.#)!1$%&.(%'!D.#($9'!:(*1*'!$+!).&.2!H66!&,*!.A$D*!).&.!*B1*:&!:,$&$!.%)!
,.%)<#(&&*%!'(8%.&9#*!.#*!.6'$!:#*'*%&!$%!&,*!1.#)!(%!*6*1&#$%(1!+$#>;!(%!.!':*1(.6!
:9A6(16E!#*.).A6*!).&.!+(6*2!/%!.))(&($%;!&,*!1.#)!1$%&.(%'!&<$!1*#&(+(1.&*'!.%)!&,*(#!
.''$1(.&*)!:#(D.&*!4*E'!:#$&*1&*)!<(&,!J/K!1$)*'2!5,*!1*#&(+(1.&*'!1$%&.(%!$%6E!&,*!
,$6)*#7'!%.>*!.%)!:*#'$%.6!1$)*!?%.&($%.6!/0!1$)*@2!/%!.))(&($%;!&,*!.9&,*%&(1.&($%!
5,*!-'&$%(.%!/0!G.#)!.%)!0(8(&.6!L(8%.&9#*!G$%1*:&!
M9%*!N;!OPPQ!R
![Page 9: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/9.jpg)
Remote electronic voting
• Seems even cheaper and even more convenient
• Promises better security (than voting by post at least)
• the security properties can be cryptographically enforced
• Different security risks
• Easier to launch large-scale attacks and erase evidence
• Clients are the weakest link: e.g. remotely exploitable software flaws, viruses, Internet worms, trojans, lack of physical security, social engineering attacks, etc.
• Network also vulnerable: e.g. voter demographic-based DDOS, cache poisoning DNS attacks, etc.
![Page 10: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/10.jpg)
desired properties
eligibilitynon-reusabilityinalterability
fairness
completeness correctness
vote-privacyno forced-abstention attacks
receipt-freeness
coercion-resistance
universal verifiabilityindividual verifiability
robustnessfault tolerance
availabilityscalability
accuracy democracy
![Page 11: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/11.jpg)
desired properties
eligibilitynon-reusabilityinalterability
fairness
completeness correctness
vote-privacyno forced-abstention attacks
receipt-freeness
coercion-resistance
universal verifiabilityindividual verifiability
robustnessfault tolerance
availability
• Careful formalization and automatic verification of these properties important before widespread adoption
scalability
accuracy democracy
![Page 12: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/12.jpg)
eligibilitynon-reusabilityinalterability
vote-privacyno forced-abstention attacks
receipt-freeness
coercion-resistance
• Careful formalization and automatic verification of these properties important before widespread adoption
![Page 13: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/13.jpg)
eligibilitynon-reusabilityinalterability
vote-privacyno forced-abstention attacks
receipt-freeness
coercion-resistance
• Careful formalization and automatic verification of these properties important before widespread adoption
soundness
![Page 14: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/14.jpg)
eligibilitynon-reusabilityinalterability
vote-privacyno forced-abstention attacks
receipt-freeness
coercion-resistance
• Careful formalization and automatic verification of these properties important before widespread adoption
soundness
privacy
![Page 15: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/15.jpg)
What we did
• General technique for
• modeling remote electronic voting protocols(in the applied pi-calculus)
• and automatically verifying their security
• New formal definitions of
• soundness - trace property
• coercion-resistance - observational equivalence
• both definitions amenable to automation (e.g. ProVerif)
• Proved that our coercion-resistance implies vote-privacy, immunity to forced-abstention attacks & receipt-freeness
• Automatically verified the security of the JCJ protocol
![Page 16: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/16.jpg)
Tallier
Hi, I’m Alice
Soundness (eligibility, non-reusability, inalterability)
![Page 17: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/17.jpg)
Tallier
Hi, I’m Aliceeligible(Alice)
Soundness (eligibility, non-reusability, inalterability)
![Page 18: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/18.jpg)
Tallier
Hi, I’m Aliceeligible(Alice)
Soundness (eligibility, non-reusability, inalterability)
![Page 19: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/19.jpg)
Tallier
Hi, I’m Aliceeligible(Alice)
vote(Alice, pink)
pinkblue
Soundness (eligibility, non-reusability, inalterability)
![Page 20: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/20.jpg)
Tallier
Hi, I’m Aliceeligible(Alice)
vote(Alice, pink)
pinkblue
Soundness (eligibility, non-reusability, inalterability)
![Page 21: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/21.jpg)
Tallier
Hi, I’m Aliceeligible(Alice)
vote(Alice, pink)
pinkblue
Soundness (eligibility, non-reusability, inalterability)
![Page 22: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/22.jpg)
Tallier
Hi, I’m Aliceeligible(Alice)
vote(Alice, pink)pinkblue
Soundness (eligibility, non-reusability, inalterability)
![Page 23: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/23.jpg)
Tallier
Hi, I’m Aliceeligible(Alice)
vote(Alice, pink)pinkblue
Soundness (eligibility, non-reusability, inalterability)
![Page 24: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/24.jpg)
Tallier
Hi, I’m Aliceeligible(Alice)
vote(Alice, pink)pinkblue
tally(pink)
Soundness (eligibility, non-reusability, inalterability)
![Page 25: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/25.jpg)
Tallier
Hi, I’m Alice
pinkblue
tally(pink)Trace: t1 eligible(Alice) t2 vote(Alice, pink) t3 tally(pink)
Soundness (eligibility, non-reusability, inalterability)
![Page 26: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/26.jpg)
Tallier
Hi, I’m Alice
pinkblue
tally(pink)!!!
Trace: t1 eligible(Alice) t2 vote(Alice, pink) t3 tally(pink)
Soundness (eligibility, non-reusability, inalterability)
![Page 27: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/27.jpg)
Tallier
Hi, I’m Alice
pinkblue
tally(pink)!!!
Trace: t1 eligible(Alice) t2 vote(Alice, pink) t3 tally(pink)
and the trace t1 t2 t3 is also sound (injective matching)
Soundness (eligibility, non-reusability, inalterability)
![Page 28: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/28.jpg)
Vote-privacy
Voters
AliceBobCharlie
![Page 29: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/29.jpg)
Vote-privacy
Voters
AliceBobCharlie
Results
pink party |blue party ||
![Page 30: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/30.jpg)
Vote-privacy
“Detailed” results
Alice ............ pink partyBob .............. blue partyCharlie ........ blue party
Voters
AliceBobCharlie
Results
pink party |blue party ||
![Page 31: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/31.jpg)
Vote-privacy
“Detailed” results
Alice ............ pink partyBob .............. blue partyCharlie ........ blue party
Voters
AliceBobCharlie
Results
pink party |blue party ||
![Page 32: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/32.jpg)
]
Definition of vote-privacy
S[ pinkblue
]S[ pinkblue
[Delaune, Kremer & Ryan; CSF ’06]
![Page 33: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/33.jpg)
indistinguishable from
]
Definition of vote-privacy
S[ pinkblue
]S[ pinkblue
[
[
]
]
∀[Delaune, Kremer & Ryan; CSF ’06]
![Page 34: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/34.jpg)
]
Definition of vote-privacy
S[~~
pinkblue
]S[ pinkblue
[Delaune, Kremer & Ryan; CSF ’06]
![Page 35: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/35.jpg)
]
Definition of vote-privacy
S[~~
pinkblue
]S[ pinkblue
pink party |||blue party ||||
pink party ||||blue party |||
[Delaune, Kremer & Ryan; CSF ’06]
![Page 36: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/36.jpg)
]
Definition of vote-privacy
S[ |~~
pinkblue
]S[ |pinkblue
pinkblue
pinkblue
[Delaune, Kremer & Ryan; CSF ’06]
![Page 37: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/37.jpg)
]
Immunity to forced-abstention
S[~~
S[ pinkblue
pinkblue|
| ]
![Page 38: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/38.jpg)
S[
S[
]
Receipt-freeness
~~pinkblue
pinkblue
pinkblue|
| ]pinkblue
blue
blue
• Cryptographic setting [Benaloh & Tuinstra; STOC ’94]
![Page 39: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/39.jpg)
S[
S[
]
Receipt-freeness
~~pinkblue
pinkblue
pinkblue|
| ]pinkblue
blue
blue
• We adapted definition by [Delaune, Kremer & Ryan; CSF ’06] to remote voting
• Cryptographic setting [Benaloh & Tuinstra; STOC ’94]
![Page 40: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/40.jpg)
S[
Coercion-resistance
S[~~|
|pinkblue
pinkblue
pinkblue ]
]
• Cryptographic setting [Juels, Catalano & Jakobsson; WPES 2005]
receipt-freeness (up to abstraction) ⇒
![Page 41: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/41.jpg)
S[
Coercion-resistance
S[~~|
|
|
|
pinkblue
pinkblue
pinkblue
pinkblue
pinkblue
]
]
• Cryptographic setting [Juels, Catalano & Jakobsson; WPES 2005]
receipt-freeness (up to abstraction) ⇒
![Page 42: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/42.jpg)
S[
Coercion-resistance
S[~~|
|
|
|
pinkblue
pinkblue
pinkblue
pinkblue
pinkblue
]
]
• Cryptographic setting [Juels, Catalano & Jakobsson; WPES 2005]
receipt-freeness (up to abstraction) ⇒• Proved: coercion-resistance ⇒ no forced-abstention ⇒ vote-privacy
![Page 43: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/43.jpg)
Definitions of coercion-resistanceJCJ-WPES’05 DKR-CSF’06 DKR-TR’08 current
setting
automation
vote-privacy
no simulation attacks
no forced- abstention
no randomization attacks (?)
receipt-freeness
remote voting supervised voting
supervised voting remote voting
no (crypto) no (adaptive simulation) no (∀C. P≈Q) yes (≈)
yes yes yes yes
yes n/a n/a yes
yes no no yes
yes no no no
yes yes yes yes (up to abstraction)
![Page 44: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/44.jpg)
Analysis of JCJ
• first coercion-resistant protocol for remote voting[Juels, Catalano & Jakobsson; WPES ’05]
• forms the basis of many recent protocols(e.g. Civitas [Clarkson, Chong & Myers; S&P ’08])
• Analysis performed with ProVerif
• automatic protocol analyzer using Horn-clause resolution
• we use our symbolic abstraction of zero-knowledge[Backes, Maffei & Unruh; S&P ’08]
• analyzing observational equivalence required (re)writing the specification in the shape of a biprocess
• verification of JCJ succeeds, which yields security guarantees for unbounded number of voters, sessions, etc.
![Page 45: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/45.jpg)
Future work
• Curently: analyzing a model of Civitas
![Page 46: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/46.jpg)
Future work
• Curently: analyzing a model of Civitas
• Curently: defining and analyzing other properties
• Individual verifiability (trace property)
• Immunity to randomization attacks (privacy property)
![Page 47: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/47.jpg)
Future work
• Curently: analyzing a model of Civitas
• Curently: defining and analyzing other properties
• Individual verifiability (trace property)
• Immunity to randomization attacks (privacy property)
• Different techniques for trace properties
• type systems - e.g. our type system for ZK [WITS ’08]
![Page 48: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/48.jpg)
Future work
• Curently: analyzing a model of Civitas
• Curently: defining and analyzing other properties
• Individual verifiability (trace property)
• Immunity to randomization attacks (privacy property)
• Different techniques for trace properties
• type systems - e.g. our type system for ZK [WITS ’08]
• Different techniques for observational equivalence
• for instance using symbolic bisimulation [DKR, SecCo ’07]
![Page 49: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/49.jpg)
Future work
• Curently: analyzing a model of Civitas
• Curently: defining and analyzing other properties
• Individual verifiability (trace property)
• Immunity to randomization attacks (privacy property)
• Different techniques for trace properties
• type systems - e.g. our type system for ZK [WITS ’08]
• Different techniques for observational equivalence
• for instance using symbolic bisimulation [DKR, SecCo ’07]
• More accurate protocol models
• The ultimate goal is to analyze implementations
![Page 50: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/50.jpg)
Backup slides
![Page 51: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/51.jpg)
Hi, I’m Alice
Simplified JCJ protocol
![Page 52: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/52.jpg)
Hi, I’m Alice
cred {cred, r1}pk(kT )
Simplified JCJ protocol
(private channel)
![Page 53: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/53.jpg)
Hi, I’m Alice
cred {cred, r1}pk(kT )
Simplified JCJ protocol
{cred, r2}pk(kT ), {pink}pk(kT ),ZK
(private channel)
![Page 54: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/54.jpg)
Hi, I’m Alice
cred {cred, r1}pk(kT )
Simplified JCJ protocol
{cred, r2}pk(kT ), {pink}pk(kT ),ZK
(private channel)
![Page 55: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/55.jpg)
Hi, I’m Alice
cred {cred, r1}pk(kT )
Simplified JCJ protocol
{cred, r2}pk(kT ), {pink}pk(kT ),ZK
(private channel)
![Page 56: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/56.jpg)
Hi, I’m Alice
cred {cred, r1}pk(kT )
Tallier
Simplified JCJ protocol
{cred, r2}pk(kT ), {pink}pk(kT ),ZK
(private channel)
![Page 57: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/57.jpg)
Hi, I’m Alice
cred {cred, r1}pk(kT )
pink
Tallier
Simplified JCJ protocol
{cred, r2}pk(kT ), {pink}pk(kT ),ZK
(private channel)
![Page 58: Automatic Verification of Remote Electronic Voting Protocols · Remote electronic voting • Seems even cheaper and even more convenient • Promises better security (than voting](https://reader034.fdocuments.us/reader034/viewer/2022050119/5f4faac6f5f0f738b7283842/html5/thumbnails/58.jpg)
~~|
|
|
|
pinkblue
pinkblue
pinkblue
pinkblue
pinkblue
1 2 3
1 2 3pinkblue
pinkblue
pinkblue
pinkblue
BobAliceBruce
Alice Bob Bruce| |
||