PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot...
Transcript of PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot...
![Page 1: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/1.jpg)
PrivApolloSecret Ballot E2E-V Internet Voting
Hua Wu, Poorvi Vora, Filip Zagorski
Voting’19
![Page 2: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/2.jpg)
Agenda
1 Intro
2 Related workBenaloh’s SVEHeliosApollo
3 PrivApolloVoter experienceEncoding
![Page 3: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/3.jpg)
End-to-end verifiability
• How can one ensure integrity of traditional elections?
• Observe
• How can one ensure integrity of electronic elections?
• Verify
• What shall we verify? Source code? Servers, clients?
• R. L. Rivest, J. Wack, Software Independence: A votingsystem is software-independent if an undetected change orerror in its software cannot cause an undetectable change orerror in an election outcome.
• S. Popoveniuc, J. Kelsey, A. Regenscheid, P. Vora.Performance Requirements for End-to-End VerifiableElections. EVT/WOTE 2010.
• R. Kusters, T. Truderung, A. Vogt, Accountability:definition and relationship to verifiability, CCS 2010.
![Page 4: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/4.jpg)
End-to-end verifiability
• How can one ensure integrity of traditional elections?• Observe
• How can one ensure integrity of electronic elections?
• Verify
• What shall we verify? Source code? Servers, clients?
• R. L. Rivest, J. Wack, Software Independence: A votingsystem is software-independent if an undetected change orerror in its software cannot cause an undetectable change orerror in an election outcome.
• S. Popoveniuc, J. Kelsey, A. Regenscheid, P. Vora.Performance Requirements for End-to-End VerifiableElections. EVT/WOTE 2010.
• R. Kusters, T. Truderung, A. Vogt, Accountability:definition and relationship to verifiability, CCS 2010.
![Page 5: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/5.jpg)
End-to-end verifiability
• How can one ensure integrity of traditional elections?• Observe
• How can one ensure integrity of electronic elections?
• Verify
• What shall we verify? Source code? Servers, clients?
• R. L. Rivest, J. Wack, Software Independence: A votingsystem is software-independent if an undetected change orerror in its software cannot cause an undetectable change orerror in an election outcome.
• S. Popoveniuc, J. Kelsey, A. Regenscheid, P. Vora.Performance Requirements for End-to-End VerifiableElections. EVT/WOTE 2010.
• R. Kusters, T. Truderung, A. Vogt, Accountability:definition and relationship to verifiability, CCS 2010.
![Page 6: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/6.jpg)
End-to-end verifiability
• How can one ensure integrity of traditional elections?• Observe
• How can one ensure integrity of electronic elections?• Verify
• What shall we verify? Source code? Servers, clients?
• R. L. Rivest, J. Wack, Software Independence: A votingsystem is software-independent if an undetected change orerror in its software cannot cause an undetectable change orerror in an election outcome.
• S. Popoveniuc, J. Kelsey, A. Regenscheid, P. Vora.Performance Requirements for End-to-End VerifiableElections. EVT/WOTE 2010.
• R. Kusters, T. Truderung, A. Vogt, Accountability:definition and relationship to verifiability, CCS 2010.
![Page 7: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/7.jpg)
End-to-end verifiability
• How can one ensure integrity of traditional elections?• Observe
• How can one ensure integrity of electronic elections?• Verify
• What shall we verify? Source code? Servers, clients?
• R. L. Rivest, J. Wack, Software Independence: A votingsystem is software-independent if an undetected change orerror in its software cannot cause an undetectable change orerror in an election outcome.
• S. Popoveniuc, J. Kelsey, A. Regenscheid, P. Vora.Performance Requirements for End-to-End VerifiableElections. EVT/WOTE 2010.
• R. Kusters, T. Truderung, A. Vogt, Accountability:definition and relationship to verifiability, CCS 2010.
![Page 8: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/8.jpg)
End-to-end verifiability
• How can one ensure integrity of traditional elections?• Observe
• How can one ensure integrity of electronic elections?• Verify
• What shall we verify? Source code? Servers, clients?• R. L. Rivest, J. Wack, Software Independence: A voting
system is software-independent if an undetected change orerror in its software cannot cause an undetectable change orerror in an election outcome.
• S. Popoveniuc, J. Kelsey, A. Regenscheid, P. Vora.Performance Requirements for End-to-End VerifiableElections. EVT/WOTE 2010.
• R. Kusters, T. Truderung, A. Vogt, Accountability:definition and relationship to verifiability, CCS 2010.
![Page 9: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/9.jpg)
End-to-end verifiability
• How can one ensure integrity of traditional elections?• Observe
• How can one ensure integrity of electronic elections?• Verify
• What shall we verify? Source code? Servers, clients?• R. L. Rivest, J. Wack, Software Independence: A voting
system is software-independent if an undetected change orerror in its software cannot cause an undetectable change orerror in an election outcome.
• S. Popoveniuc, J. Kelsey, A. Regenscheid, P. Vora.Performance Requirements for End-to-End VerifiableElections. EVT/WOTE 2010.
• R. Kusters, T. Truderung, A. Vogt, Accountability:definition and relationship to verifiability, CCS 2010.
![Page 10: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/10.jpg)
End-to-end verifiability
• How can one ensure integrity of traditional elections?• Observe
• How can one ensure integrity of electronic elections?• Verify
• What shall we verify? Source code? Servers, clients?• R. L. Rivest, J. Wack, Software Independence: A voting
system is software-independent if an undetected change orerror in its software cannot cause an undetectable change orerror in an election outcome.
• S. Popoveniuc, J. Kelsey, A. Regenscheid, P. Vora.Performance Requirements for End-to-End VerifiableElections. EVT/WOTE 2010.
• R. Kusters, T. Truderung, A. Vogt, Accountability:definition and relationship to verifiability, CCS 2010.
![Page 11: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/11.jpg)
E2E Verifiability – intuition
• Cast as intended
• Recorded as cast
• Tallied as recorded
![Page 12: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/12.jpg)
Basic Model of a Voter
The voter, V, is a human and is able to:
• read and compare short strings;
• choose a candidate to vote for;
• choose at random whether to cast or audit an encryption(Benaloh’s challenge)
• choose a random short string (this is required to secure theprotocol against clash-attacks, but low-entropy strings aresufficient—selected strings need to be unique only acrossvoting sessions active at that time).
![Page 13: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/13.jpg)
Basic Model of a Voter
The voter, V, is a human and is able to:
• read and compare short strings;
• choose a candidate to vote for;
• choose at random whether to cast or audit an encryption(Benaloh’s challenge)
• choose a random short string (this is required to secure theprotocol against clash-attacks, but low-entropy strings aresufficient—selected strings need to be unique only acrossvoting sessions active at that time).
![Page 14: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/14.jpg)
Basic Model of a Voter
The voter, V, is a human and is able to:
• read and compare short strings;
• choose a candidate to vote for;
• choose at random whether to cast or audit an encryption(Benaloh’s challenge)
• choose a random short string (this is required to secure theprotocol against clash-attacks, but low-entropy strings aresufficient—selected strings need to be unique only acrossvoting sessions active at that time).
![Page 15: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/15.jpg)
Basic Model of a Voter
The voter, V, is a human and is able to:
• read and compare short strings;
• choose a candidate to vote for;
• choose at random whether to cast or audit an encryption(Benaloh’s challenge)
• choose a random short string (this is required to secure theprotocol against clash-attacks, but low-entropy strings aresufficient—selected strings need to be unique only acrossvoting sessions active at that time).
![Page 16: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/16.jpg)
Benaloh’s challenge
• Simple Verifiable Elections
1 a voter V makes a choice Vx−→ M
2 a machine M:
1 generates randomness r2 prints encrypted ballot c := Enc(x , r)
3 the voter makes a decision:
Cast then V takes printout as a receipt,M sends c to BB,
Audit M prints r , V verifies, goes to the Step 1
• Properties:
1 cast as intended (Benaloh’s challange)2 recorded as cast (physical process e.g., in StarVote) and online
check with BB3 tallied as recorded
![Page 17: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/17.jpg)
Benaloh’s challenge
• Simple Verifiable Elections
1 a voter V makes a choice Vx−→ M
2 a machine M:
1 generates randomness r2 prints encrypted ballot c := Enc(x , r)
3 the voter makes a decision:
Cast then V takes printout as a receipt,M sends c to BB,
Audit M prints r , V verifies, goes to the Step 1
• Properties:
1 cast as intended (Benaloh’s challange)2 recorded as cast (physical process e.g., in StarVote) and online
check with BB3 tallied as recorded
![Page 18: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/18.jpg)
Benaloh’s challenge
• Simple Verifiable Elections
1 a voter V makes a choice Vx−→ M
2 a machine M:
1 generates randomness r2 prints encrypted ballot c := Enc(x , r)
3 the voter makes a decision:
Cast then V takes printout as a receipt,M sends c to BB,
Audit M prints r , V verifies, goes to the Step 1
• Properties:
1 cast as intended (Benaloh’s challange)2 recorded as cast (physical process e.g., in StarVote) and online
check with BB3 tallied as recorded
![Page 19: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/19.jpg)
Benaloh’s challenge
• Simple Verifiable Elections
1 a voter V makes a choice Vx−→ M
2 a machine M:
1 generates randomness r
2 prints encrypted ballot c := Enc(x , r)
3 the voter makes a decision:
Cast then V takes printout as a receipt,M sends c to BB,
Audit M prints r , V verifies, goes to the Step 1
• Properties:
1 cast as intended (Benaloh’s challange)2 recorded as cast (physical process e.g., in StarVote) and online
check with BB3 tallied as recorded
![Page 20: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/20.jpg)
Benaloh’s challenge
• Simple Verifiable Elections
1 a voter V makes a choice Vx−→ M
2 a machine M:
1 generates randomness r2 prints encrypted ballot c := Enc(x , r)
3 the voter makes a decision:
Cast then V takes printout as a receipt,M sends c to BB,
Audit M prints r , V verifies, goes to the Step 1
• Properties:
1 cast as intended (Benaloh’s challange)2 recorded as cast (physical process e.g., in StarVote) and online
check with BB3 tallied as recorded
![Page 21: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/21.jpg)
Benaloh’s challenge
• Simple Verifiable Elections
1 a voter V makes a choice Vx−→ M
2 a machine M:
1 generates randomness r2 prints encrypted ballot c := Enc(x , r)
3 the voter makes a decision:
Cast then V takes printout as a receipt,M sends c to BB,
Audit M prints r , V verifies, goes to the Step 1
• Properties:
1 cast as intended (Benaloh’s challange)2 recorded as cast (physical process e.g., in StarVote) and online
check with BB3 tallied as recorded
![Page 22: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/22.jpg)
Benaloh’s challenge
• Simple Verifiable Elections
1 a voter V makes a choice Vx−→ M
2 a machine M:
1 generates randomness r2 prints encrypted ballot c := Enc(x , r)
3 the voter makes a decision:
Cast then V takes printout as a receipt,M sends c to BB,
Audit M prints r , V verifies, goes to the Step 1
• Properties:
1 cast as intended (Benaloh’s challange)2 recorded as cast (physical process e.g., in StarVote) and online
check with BB3 tallied as recorded
![Page 23: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/23.jpg)
Benaloh’s challenge
• Simple Verifiable Elections
1 a voter V makes a choice Vx−→ M
2 a machine M:
1 generates randomness r2 prints encrypted ballot c := Enc(x , r)
3 the voter makes a decision:
Cast then V takes printout as a receipt,M sends c to BB,
Audit M prints r , V verifies, goes to the Step 1
• Properties:
1 cast as intended (Benaloh’s challange)2 recorded as cast (physical process e.g., in StarVote) and online
check with BB3 tallied as recorded
![Page 24: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/24.jpg)
Benaloh’s challenge
• Simple Verifiable Elections
1 a voter V makes a choice Vx−→ M
2 a machine M:
1 generates randomness r2 prints encrypted ballot c := Enc(x , r)
3 the voter makes a decision:
Cast then V takes printout as a receipt,M sends c to BB,
Audit M prints r , V verifies, goes to the Step 1
• Properties:
1 cast as intended (Benaloh’s challange)2 recorded as cast (physical process e.g., in StarVote) and online
check with BB3 tallied as recorded
![Page 25: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/25.jpg)
Benaloh’s challenge
• Simple Verifiable Elections
1 a voter V makes a choice Vx−→ M
2 a machine M:
1 generates randomness r2 prints encrypted ballot c := Enc(x , r)
3 the voter makes a decision:
Cast then V takes printout as a receipt,M sends c to BB,
Audit M prints r , V verifies, goes to the Step 1
• Properties:
1 cast as intended (Benaloh’s challange)
2 recorded as cast (physical process e.g., in StarVote) and onlinecheck with BB
3 tallied as recorded
![Page 26: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/26.jpg)
Benaloh’s challenge
• Simple Verifiable Elections
1 a voter V makes a choice Vx−→ M
2 a machine M:
1 generates randomness r2 prints encrypted ballot c := Enc(x , r)
3 the voter makes a decision:
Cast then V takes printout as a receipt,M sends c to BB,
Audit M prints r , V verifies, goes to the Step 1
• Properties:
1 cast as intended (Benaloh’s challange)2 recorded as cast (physical process e.g., in StarVote) and online
check with BB
3 tallied as recorded
![Page 27: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/27.jpg)
Benaloh’s challenge
• Simple Verifiable Elections
1 a voter V makes a choice Vx−→ M
2 a machine M:
1 generates randomness r2 prints encrypted ballot c := Enc(x , r)
3 the voter makes a decision:
Cast then V takes printout as a receipt,M sends c to BB,
Audit M prints r , V verifies, goes to the Step 1
• Properties:
1 cast as intended (Benaloh’s challange)2 recorded as cast (physical process e.g., in StarVote) and online
check with BB3 tallied as recorded
![Page 28: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/28.jpg)
Helios
• Ben Adida, Helios: Web-based Open-Audit Voting.,USENIX Security Symposium 2008
![Page 29: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/29.jpg)
![Page 30: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/30.jpg)
![Page 31: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/31.jpg)
![Page 32: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/32.jpg)
![Page 33: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/33.jpg)
![Page 34: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/34.jpg)
![Page 35: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/35.jpg)
Apollo
• D. Gawel, M. Kosarzecki, P. Vora, H. Wu, FZ,Apollo–End-to-End Verifiable Internet Voting withRecovery from Vote Manipulation, E-Vote-ID 2016
• Findings: Helios was vulnerable to:
• Cross-Site Scripting (non-persistent) – attacker could executeany arbitrary JavaScript code in the voter’s browser,
• Cross-Site Request Forgery (vulnerable methods: electionedition, adding a trustee and 5 other),
• Clickjacking.
• What happens if a voting booth or a server are dishonest?
• a voting booth casts a different ballot,• a voting booth overwrites cast ballot,• a server overwrites a ballot but does not send email.
• Goal: make Helios great again!
• focus on recorded as cast
![Page 36: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/36.jpg)
Apollo
• D. Gawel, M. Kosarzecki, P. Vora, H. Wu, FZ,Apollo–End-to-End Verifiable Internet Voting withRecovery from Vote Manipulation, E-Vote-ID 2016• Findings: Helios was vulnerable to:
• Cross-Site Scripting (non-persistent) – attacker could executeany arbitrary JavaScript code in the voter’s browser,
• Cross-Site Request Forgery (vulnerable methods: electionedition, adding a trustee and 5 other),
• Clickjacking.
• What happens if a voting booth or a server are dishonest?
• a voting booth casts a different ballot,• a voting booth overwrites cast ballot,• a server overwrites a ballot but does not send email.
• Goal: make Helios great again!
• focus on recorded as cast
![Page 37: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/37.jpg)
Apollo
• D. Gawel, M. Kosarzecki, P. Vora, H. Wu, FZ,Apollo–End-to-End Verifiable Internet Voting withRecovery from Vote Manipulation, E-Vote-ID 2016• Findings: Helios was vulnerable to:
• Cross-Site Scripting (non-persistent) – attacker could executeany arbitrary JavaScript code in the voter’s browser,
• Cross-Site Request Forgery (vulnerable methods: electionedition, adding a trustee and 5 other),
• Clickjacking.
• What happens if a voting booth or a server are dishonest?
• a voting booth casts a different ballot,• a voting booth overwrites cast ballot,• a server overwrites a ballot but does not send email.
• Goal: make Helios great again!
• focus on recorded as cast
![Page 38: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/38.jpg)
Apollo
• D. Gawel, M. Kosarzecki, P. Vora, H. Wu, FZ,Apollo–End-to-End Verifiable Internet Voting withRecovery from Vote Manipulation, E-Vote-ID 2016• Findings: Helios was vulnerable to:
• Cross-Site Scripting (non-persistent) – attacker could executeany arbitrary JavaScript code in the voter’s browser,
• Cross-Site Request Forgery (vulnerable methods: electionedition, adding a trustee and 5 other),
• Clickjacking.
• What happens if a voting booth or a server are dishonest?
• a voting booth casts a different ballot,• a voting booth overwrites cast ballot,• a server overwrites a ballot but does not send email.
• Goal: make Helios great again!
• focus on recorded as cast
![Page 39: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/39.jpg)
Apollo
• D. Gawel, M. Kosarzecki, P. Vora, H. Wu, FZ,Apollo–End-to-End Verifiable Internet Voting withRecovery from Vote Manipulation, E-Vote-ID 2016• Findings: Helios was vulnerable to:
• Cross-Site Scripting (non-persistent) – attacker could executeany arbitrary JavaScript code in the voter’s browser,
• Cross-Site Request Forgery (vulnerable methods: electionedition, adding a trustee and 5 other),
• Clickjacking.
• What happens if a voting booth or a server are dishonest?
• a voting booth casts a different ballot,• a voting booth overwrites cast ballot,• a server overwrites a ballot but does not send email.
• Goal: make Helios great again!
• focus on recorded as cast
![Page 40: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/40.jpg)
Apollo
• D. Gawel, M. Kosarzecki, P. Vora, H. Wu, FZ,Apollo–End-to-End Verifiable Internet Voting withRecovery from Vote Manipulation, E-Vote-ID 2016• Findings: Helios was vulnerable to:
• Cross-Site Scripting (non-persistent) – attacker could executeany arbitrary JavaScript code in the voter’s browser,
• Cross-Site Request Forgery (vulnerable methods: electionedition, adding a trustee and 5 other),
• Clickjacking.
• What happens if a voting booth or a server are dishonest?
• a voting booth casts a different ballot,• a voting booth overwrites cast ballot,• a server overwrites a ballot but does not send email.
• Goal: make Helios great again!
• focus on recorded as cast
![Page 41: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/41.jpg)
Apollo
• D. Gawel, M. Kosarzecki, P. Vora, H. Wu, FZ,Apollo–End-to-End Verifiable Internet Voting withRecovery from Vote Manipulation, E-Vote-ID 2016• Findings: Helios was vulnerable to:
• Cross-Site Scripting (non-persistent) – attacker could executeany arbitrary JavaScript code in the voter’s browser,
• Cross-Site Request Forgery (vulnerable methods: electionedition, adding a trustee and 5 other),
• Clickjacking.
• What happens if a voting booth or a server are dishonest?• a voting booth casts a different ballot,
• a voting booth overwrites cast ballot,• a server overwrites a ballot but does not send email.
• Goal: make Helios great again!
• focus on recorded as cast
![Page 42: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/42.jpg)
Apollo
• D. Gawel, M. Kosarzecki, P. Vora, H. Wu, FZ,Apollo–End-to-End Verifiable Internet Voting withRecovery from Vote Manipulation, E-Vote-ID 2016• Findings: Helios was vulnerable to:
• Cross-Site Scripting (non-persistent) – attacker could executeany arbitrary JavaScript code in the voter’s browser,
• Cross-Site Request Forgery (vulnerable methods: electionedition, adding a trustee and 5 other),
• Clickjacking.
• What happens if a voting booth or a server are dishonest?• a voting booth casts a different ballot,• a voting booth overwrites cast ballot,
• a server overwrites a ballot but does not send email.
• Goal: make Helios great again!
• focus on recorded as cast
![Page 43: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/43.jpg)
Apollo
• D. Gawel, M. Kosarzecki, P. Vora, H. Wu, FZ,Apollo–End-to-End Verifiable Internet Voting withRecovery from Vote Manipulation, E-Vote-ID 2016• Findings: Helios was vulnerable to:
• Cross-Site Scripting (non-persistent) – attacker could executeany arbitrary JavaScript code in the voter’s browser,
• Cross-Site Request Forgery (vulnerable methods: electionedition, adding a trustee and 5 other),
• Clickjacking.
• What happens if a voting booth or a server are dishonest?• a voting booth casts a different ballot,• a voting booth overwrites cast ballot,• a server overwrites a ballot but does not send email.
• Goal: make Helios great again!
• focus on recorded as cast
![Page 44: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/44.jpg)
Apollo
• D. Gawel, M. Kosarzecki, P. Vora, H. Wu, FZ,Apollo–End-to-End Verifiable Internet Voting withRecovery from Vote Manipulation, E-Vote-ID 2016• Findings: Helios was vulnerable to:
• Cross-Site Scripting (non-persistent) – attacker could executeany arbitrary JavaScript code in the voter’s browser,
• Cross-Site Request Forgery (vulnerable methods: electionedition, adding a trustee and 5 other),
• Clickjacking.
• What happens if a voting booth or a server are dishonest?• a voting booth casts a different ballot,• a voting booth overwrites cast ballot,• a server overwrites a ballot but does not send email.
• Goal: make Helios great again!
• focus on recorded as cast
![Page 45: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/45.jpg)
Apollo
• D. Gawel, M. Kosarzecki, P. Vora, H. Wu, FZ,Apollo–End-to-End Verifiable Internet Voting withRecovery from Vote Manipulation, E-Vote-ID 2016• Findings: Helios was vulnerable to:
• Cross-Site Scripting (non-persistent) – attacker could executeany arbitrary JavaScript code in the voter’s browser,
• Cross-Site Request Forgery (vulnerable methods: electionedition, adding a trustee and 5 other),
• Clickjacking.
• What happens if a voting booth or a server are dishonest?• a voting booth casts a different ballot,• a voting booth overwrites cast ballot,• a server overwrites a ballot but does not send email.
• Goal: make Helios great again!• focus on recorded as cast
![Page 46: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/46.jpg)
Helios – dishonest server
![Page 47: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/47.jpg)
ApolloBallot Generation
…
VBVoter
1. Candidate: X
3. Ask for Info
4. SID,
title and ballot
Bulletin Board
2. E
nc[x
,r]
5. Check
![Page 48: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/48.jpg)
PrivApollo
• Apollo introduced voting assistants
• Goal: make voting private• Idea: information about a vote is split between:
• a voting booth (VB),• an active voting assistant (AVA).
![Page 49: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/49.jpg)
PrivApollo
![Page 50: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/50.jpg)
PrivApollo
![Page 51: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/51.jpg)
PrivApollo
![Page 52: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/52.jpg)
PrivApollo
![Page 53: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/53.jpg)
PrivApollo
![Page 54: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/54.jpg)
PrivApollo
![Page 55: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/55.jpg)
PrivApollo
![Page 56: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/56.jpg)
PrivApollo
![Page 57: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/57.jpg)
Encoding/tallying
Each of N cast ballots consists of several encryptions.
• Encryption of the ballot layout (sent by VB to BB )
• List of encrypted inner codes (sent by VB to BB )
• Encryption of inner code (color) selected by the voter (innercode sent by V to AVA, encryption sent by AVA to BB ).
![Page 58: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/58.jpg)
PrivApollo: VoteCodes ReEncryption (Phase 1a)
Input: 〈ballotLayouti , voteCodesi , ci 〉Ni=1 = 〈bLi , vCi , ci 〉Ni=1
1 pick at random σ a permutation of N elements.
2 for each i = 1 . . .N do:
1 select k-element permutations πi,1, πi,22 on input:
bLi = [〈α1, β1〉 , . . . , 〈αk , βk〉];vCi = [〈γ1, δ1〉 , . . . , 〈γk , δk〉];ci .
3 output (for j = 1 . . . k):bLσ(i)[j ] :=
⟨ReEnc(απi,1(j)),ReEnc(βπi,1(j))
⟩;
vCσ(i)[j ] :=⟨ReEnc(γπi,2(j)),ReEnc(δπi,2(j))
⟩;
cσ(i) := ReEnc(ci ).
![Page 59: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/59.jpg)
PrivApollo: VoteCodes ReEncryption (Phase 1a)
Input: 〈ballotLayouti , voteCodesi , ci 〉Ni=1 = 〈bLi , vCi , ci 〉Ni=1
1 pick at random σ a permutation of N elements.
2 for each i = 1 . . .N do:
1 select k-element permutations πi,1, πi,22 on input:
bLi = [〈α1, β1〉 , . . . , 〈αk , βk〉];vCi = [〈γ1, δ1〉 , . . . , 〈γk , δk〉];ci .
3 output (for j = 1 . . . k):bLσ(i)[j ] :=
⟨ReEnc(απi,1(j)),ReEnc(βπi,1(j))
⟩;
vCσ(i)[j ] :=⟨ReEnc(γπi,2(j)),ReEnc(δπi,2(j))
⟩;
cσ(i) := ReEnc(ci ).
![Page 60: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/60.jpg)
PrivApollo: VoteCodes ReEncryption (Phase 1a)
Input: 〈ballotLayouti , voteCodesi , ci 〉Ni=1 = 〈bLi , vCi , ci 〉Ni=1
1 pick at random σ a permutation of N elements.
2 for each i = 1 . . .N do:
1 select k-element permutations πi,1, πi,2
2 on input:bLi = [〈α1, β1〉 , . . . , 〈αk , βk〉];vCi = [〈γ1, δ1〉 , . . . , 〈γk , δk〉];ci .
3 output (for j = 1 . . . k):bLσ(i)[j ] :=
⟨ReEnc(απi,1(j)),ReEnc(βπi,1(j))
⟩;
vCσ(i)[j ] :=⟨ReEnc(γπi,2(j)),ReEnc(δπi,2(j))
⟩;
cσ(i) := ReEnc(ci ).
![Page 61: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/61.jpg)
PrivApollo: VoteCodes ReEncryption (Phase 1a)
Input: 〈ballotLayouti , voteCodesi , ci 〉Ni=1 = 〈bLi , vCi , ci 〉Ni=1
1 pick at random σ a permutation of N elements.
2 for each i = 1 . . .N do:
1 select k-element permutations πi,1, πi,22 on input:
bLi = [〈α1, β1〉 , . . . , 〈αk , βk〉];vCi = [〈γ1, δ1〉 , . . . , 〈γk , δk〉];ci .
3 output (for j = 1 . . . k):bLσ(i)[j ] :=
⟨ReEnc(απi,1(j)),ReEnc(βπi,1(j))
⟩;
vCσ(i)[j ] :=⟨ReEnc(γπi,2(j)),ReEnc(δπi,2(j))
⟩;
cσ(i) := ReEnc(ci ).
![Page 62: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/62.jpg)
PrivApollo: VoteCodes ReEncryption (Phase 1a)
Input: 〈ballotLayouti , voteCodesi , ci 〉Ni=1 = 〈bLi , vCi , ci 〉Ni=1
1 pick at random σ a permutation of N elements.
2 for each i = 1 . . .N do:
1 select k-element permutations πi,1, πi,22 on input:
bLi = [〈α1, β1〉 , . . . , 〈αk , βk〉];vCi = [〈γ1, δ1〉 , . . . , 〈γk , δk〉];ci .
3 output (for j = 1 . . . k):bLσ(i)[j ] :=
⟨ReEnc(απi,1(j)),ReEnc(βπi,1(j))
⟩;
vCσ(i)[j ] :=⟨ReEnc(γπi,2(j)),ReEnc(δπi,2(j))
⟩;
cσ(i) := ReEnc(ci ).
![Page 63: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/63.jpg)
PrivApollo: VoteCodes Decryption (Phase 1b)
Input: 〈ballotLayouti , voteCodesi , ci 〉Ni=1 = 〈bLi , vCi , ci 〉Ni=1
Shared key: Km
1 pick at random σ a permutation of N elements.
2 for each i = 1 . . .N do:
1 select k-element permutations πi,1, πi,22 on input:
bLi = [〈α1, β1〉 , . . . , 〈αk , βk〉];vCi = [〈γ1, δ1〉 , . . . , 〈γk , δk〉];ci .
3 output (for j = 1 . . . k):bLσ(i)[j ] :=
⟨ReEnc(απi,1(j)),ReEnc(βπi,1(j))
⟩;
vCσ(i)[j ] :=⟨ReEnc(γπi,2(j)),DecKm(δπi,2(j))
⟩;
cσ(i) := DecKm(ci ).
![Page 64: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/64.jpg)
PrivApollo: VoteCodes Decryption (Phase 1b)
Input: 〈ballotLayouti , voteCodesi , ci 〉Ni=1 = 〈bLi , vCi , ci 〉Ni=1
Shared key: Km
1 pick at random σ a permutation of N elements.
2 for each i = 1 . . .N do:
1 select k-element permutations πi,1, πi,22 on input:
bLi = [〈α1, β1〉 , . . . , 〈αk , βk〉];vCi = [〈γ1, δ1〉 , . . . , 〈γk , δk〉];ci .
3 output (for j = 1 . . . k):bLσ(i)[j ] :=
⟨ReEnc(απi,1(j)),ReEnc(βπi,1(j))
⟩;
vCσ(i)[j ] :=⟨ReEnc(γπi,2(j)),DecKm(δπi,2(j))
⟩;
cσ(i) := DecKm(ci ).
![Page 65: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/65.jpg)
PrivApollo: VoteCodes Decryption (Phase 1b)
Input: 〈ballotLayouti , voteCodesi , ci 〉Ni=1 = 〈bLi , vCi , ci 〉Ni=1
Shared key: Km
1 pick at random σ a permutation of N elements.
2 for each i = 1 . . .N do:
1 select k-element permutations πi,1, πi,2
2 on input:bLi = [〈α1, β1〉 , . . . , 〈αk , βk〉];vCi = [〈γ1, δ1〉 , . . . , 〈γk , δk〉];ci .
3 output (for j = 1 . . . k):bLσ(i)[j ] :=
⟨ReEnc(απi,1(j)),ReEnc(βπi,1(j))
⟩;
vCσ(i)[j ] :=⟨ReEnc(γπi,2(j)),DecKm(δπi,2(j))
⟩;
cσ(i) := DecKm(ci ).
![Page 66: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/66.jpg)
PrivApollo: VoteCodes Decryption (Phase 1b)
Input: 〈ballotLayouti , voteCodesi , ci 〉Ni=1 = 〈bLi , vCi , ci 〉Ni=1
Shared key: Km
1 pick at random σ a permutation of N elements.
2 for each i = 1 . . .N do:
1 select k-element permutations πi,1, πi,22 on input:
bLi = [〈α1, β1〉 , . . . , 〈αk , βk〉];vCi = [〈γ1, δ1〉 , . . . , 〈γk , δk〉];ci .
3 output (for j = 1 . . . k):bLσ(i)[j ] :=
⟨ReEnc(απi,1(j)),ReEnc(βπi,1(j))
⟩;
vCσ(i)[j ] :=⟨ReEnc(γπi,2(j)),DecKm(δπi,2(j))
⟩;
cσ(i) := DecKm(ci ).
![Page 67: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/67.jpg)
PrivApollo: VoteCodes Decryption (Phase 1b)
Input: 〈ballotLayouti , voteCodesi , ci 〉Ni=1 = 〈bLi , vCi , ci 〉Ni=1
Shared key: Km
1 pick at random σ a permutation of N elements.
2 for each i = 1 . . .N do:
1 select k-element permutations πi,1, πi,22 on input:
bLi = [〈α1, β1〉 , . . . , 〈αk , βk〉];vCi = [〈γ1, δ1〉 , . . . , 〈γk , δk〉];ci .
3 output (for j = 1 . . . k):bLσ(i)[j ] :=
⟨ReEnc(απi,1(j)),ReEnc(βπi,1(j))
⟩;
vCσ(i)[j ] :=⟨ReEnc(γπi,2(j)),DecKm(δπi,2(j))
⟩;
cσ(i) := DecKm(ci ).
![Page 68: PrivApollo - Secret Ballot E2E-V Internet Voting · 2020. 10. 29. · PrivApollo Secret Ballot E2E-V Internet Voting Hua Wu, Poorvi Vora, Filip Zagorski Voting’19](https://reader035.fdocuments.in/reader035/viewer/2022071609/6148d1592918e2056c22ef7b/html5/thumbnails/68.jpg)
Conclusions
• PrivApollo – a fully electronic scheme that is end-to-end voterverifiable,
• Provides ballot secrecy from the devices used to cast a ballot.
• The privacy property holds if the Voting Booth does notcollude with the Active Voting Assistant.
• Integrity is achieved as long as at least one Voting Assistantused by the Voter is honest.
• We presented 3 aproaches of encoding, each with differentsecurity guaranties and usability properties (issues).