Non-interactive shuffle arguments
Date
2020-07-09
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Demokraatliku riigi toimimiseks on turvaline hääletussüsteem esmatähtis. E-hääletus on korraldajale odavam ning valijale mugavam. Samas kaasnevad sellega ka paljud uued turvariskid ja tehnilised väljakutsed.
Üks nendest väljakutsetest on häälte segamine, et kaotada seos hääletaja ja tema hääle vahel. Paberhääletuse puhul raputab valimistöötaja hääletuskasti. E-hääletuse puhul kasutakse tihti mix-neti hajussüsteemi, mis laseb igal serveril krüptogrammid ümber järjestada ja hägustada. Kui vähemalt üks serveritest ei ole ründaja poolt kompromiteeritud, siis on arvutuslikult raske seostada krüptogrammi ja tema omanikku. Seda juhul, kui iga server lisaks ka tõestab, et ta segas hääled korrektselt. Tõestus peaks olema raskesti võltsitav ja ei tohiks avalikustada rohkem informatsiooni kui see, et segamine toimus korrektselt. Vastavate omadustega tõestusi nimetatakse segamise nullteadmustõestusteks ja selles töös uurime, kuidas neid konstrueerida.
Antud töö peamine panus on kiire segamise nullteadmustõestus. Kasutades tagasihoidliku riistvara kulub nt 100 000 krüptogrammi segamiseks, tõestamiseks ja verifitseerimiseks vaid alla 3 minuti. Varasemad sarnase kiirusega tõestused on (ebakorrektselt) käsitlenud räsifunktsiooni kui juhuslikku funktsioon. Antud tõestus ei vaja seda eeldust, kuid see-eest kasutab tõestuses avalikku võtit, mille peab arvutama usaldatud osapool. Usalduse vähendamiseks pakume välja ühisarvutuse protokolli, mis hajutab võtme arvutuse mitme osapoole vahel. Lõpetuseks pakume välja versiooni esialgsest nullteadmustõestusest, mis ühildub ühisarvutuse protokolliga ja sisaldab ka muid täiendusi. Antud tõestus on implementeeritud e-hääletussüsteemis Zeus, mida kasutatakse laialdaselt Kreekas.
A secure voting system is essential for any democratic government. Online voting has the potential to offer enhanced convenience and lower administrative costs, but this comes with increased security risks and many technical challenges. One such challenge is ballot shuffling that should remove the link between a voter and her vote. Paper-based voting systems achieve this by having someone shake the ballot box. Online voting systems often use a distributed system called a mix-network that lets each server shuffle (permute and rerandomize) the ciphertexts. Assuming that at least one server is not corrupted by an adversary, it will be computationally difficult to trace the initial ciphertexts to the final output of the mix-network. It is paramount that each server also proves that it shuffled correctly to avoid ciphertexts being substituted. Proof should be difficult to forge but at the same time should not reveal how the shuffling was done. Such a proof is called a zero-knowledge shuffle argument. The main contribution of this thesis is an efficient zero-knowledge shuffle argu- ment. On modest hardware, it takes, for example, less than 3 minutes to shuffle, prove, and verify 100,000 ciphertexts. Compared to other efficient shuffle arguments, we avoid (incorrectly) treating hash functions as a random function, but instead, require that a public key of the argument is generated honestly. We propose a secure computation protocol for key generation to distribute trust among multiple parties. Finally, we propose a modification of our initial shuffle argument that is compatible with the secure computation protocol (among other improvements). Since the publication, this argument has been adopted by the Greek e-voting platform Zeus that is widely used for organizational elections.
A secure voting system is essential for any democratic government. Online voting has the potential to offer enhanced convenience and lower administrative costs, but this comes with increased security risks and many technical challenges. One such challenge is ballot shuffling that should remove the link between a voter and her vote. Paper-based voting systems achieve this by having someone shake the ballot box. Online voting systems often use a distributed system called a mix-network that lets each server shuffle (permute and rerandomize) the ciphertexts. Assuming that at least one server is not corrupted by an adversary, it will be computationally difficult to trace the initial ciphertexts to the final output of the mix-network. It is paramount that each server also proves that it shuffled correctly to avoid ciphertexts being substituted. Proof should be difficult to forge but at the same time should not reveal how the shuffling was done. Such a proof is called a zero-knowledge shuffle argument. The main contribution of this thesis is an efficient zero-knowledge shuffle argu- ment. On modest hardware, it takes, for example, less than 3 minutes to shuffle, prove, and verify 100,000 ciphertexts. Compared to other efficient shuffle arguments, we avoid (incorrectly) treating hash functions as a random function, but instead, require that a public key of the argument is generated honestly. We propose a secure computation protocol for key generation to distribute trust among multiple parties. Finally, we propose a modification of our initial shuffle argument that is compatible with the secure computation protocol (among other improvements). Since the publication, this argument has been adopted by the Greek e-voting platform Zeus that is widely used for organizational elections.
Description
Väitekirja elektrooniline versioon ei sisalda publikatsioone
Keywords
cryptography, e-voting