SlideShare une entreprise Scribd logo

Hardness of Online Voting

Giuliana Carullo
Giuliana Carullo

This talk has been presented for the Cryptographic Protocol Course at University of Salerno. It is about the hardness of online voting protocols. Other then describing which are the issues that need to be addressed while designing a voting protocol, it focuses on a web-based application: Helios 1.0. Any feedback is welcome. Feedbacks are welcome! If you get inspired by this presentation, please let me know and add credits to your work ;)

TechnologieActualités & Politique
1  sur  151
Online VotingGiuliana Carullo Cryptographic Protocols Course University of Salerno 2012/2013 Hardness of
Talk overview 1 2 3 4 5 Voting protocols: a big picture What makes voting so hard Cryptographic primitives Voting with Helios Helios: Security model and Threats Complexity Time
2 3 4 5 What makes voting so hard Cryptographic primitives Voting with Helios Helios: Security model and Threats Complexity Talk overview 1 Voting protocols: a big picture Time
Setup Ballot Preparation Ballot Recording Anonymization & Aggregation Results 1 2 3 4 5 Voting Protocols: A Big Picture VOTING PROCESS parameters generated and published
Setup Ballot Preparation Ballot Recording Anonymization & Aggregation Results 1 2 3 4 5 Voting Protocols: A Big Picture VOTING PROCESS the voter prepares own ballot the result is an encrypted vote
Setup Ballot Preparation Ballot Recording Anonymization & Aggregation Results 1 2 3 4 5 Voting Protocols: A Big Picture VOTING PROCESS identity and encrypted ballot are publicly available
Setup Ballot Preparation Ballot Recording Anonymization & Aggregation Results 1 2 3 4 5 Voting Protocols: A Big Picture VOTING PROCESS publicly-verifiable shuffling, with intermediate results posted on the bulleting board
Setup Ballot Preparation Ballot Recording Anonymization & Aggregation Results 1 2 3 4 5 Voting Protocols: A Big Picture VOTING PROCESS Election officials cooperate to produce a plaintext tally for each race (with publicly-verifiable proofs)
3 4 5 Cryptographic primitives Voting with Helios Helios: Security model and Threats Talk overview 1 Voting protocols: a big picture What makes voting so hard 2 Complexity Time
voting process Alice A AHardness of voting COERCION B Bob Others
voting process A B AHardness of voting COERCION B Alice Bob Others Carl
voting process B B AHardness of voting COERCION B Alice Bob Others Carl
Verifiability Secrecy Verify the entire process: own vote properly counted
Verifiability Secrecy Verify the entire process: own vote properly counted Vote selling becomes a threat
Verifiability Secrecy Verify the entire process: own vote properly counted Vote selling becomes a threat Enough information to personally verify own vote
Verifiability Secrecy Verify the entire process: own vote properly counted Vote selling becomes a threat Enough information to personally verify own vote But not so much to convince the coercer
Verifiability Secrecy Verify the entire process: own vote properly counted Vote selling becomes a threat Enough information to personally verify own vote But not so much to convince the coercer Tell the truth or lie
Verifiability Secrecy Verify the entire process: own vote properly counted Vote selling becomes a threat Enough information to personally verify own vote But not so much to convince the coercer Tell the truth or lie Cannot tell the difference
integrityverifiability accuracy
integrityverifiability accuracy Each vote should be counted correctly (completeness) and only valid votes should be counted (soundness)
integrityverifiability accuracy NO altered, duplicated or deleted votes
integrityverifiability accuracy NO invalid votes in the final tally
integrityverifiability accuracy Votes must not be compromised unnoticed
integrityverifiability accuracy Integrity of votes must be verifiable by voters by public
Auditing Process PROPERTIES Helpers Bulletin Board Alice Bob Carl Bulletin Board Intermediate Computation Bulletin Board Tally RESULTS Ballot Casting Assurance Universal Verifiability Verification Ballot Anyone can verify the proper processing of the bulletin board data
Auditing Process Helpers Bulletin Board Alice Bob Carl Bulletin Board Intermediate Computation Bulletin Board Tally RESULTS Ballot Casting Assurance Universal Verifiability Verification Ballot Anyone can verify the proper processing of the bulletin board data PROPERTIES An authenticated bulletin board is used, where voter’s identity and the ciphertext of the relative ballot are published. All observers can check that only eligible voters cast a ballot. (anonymizing mixnet)
Auditing Process Helpers Bulletin Board Alice Bob Carl Bulletin Board Intermediate Computation Bulletin Board Tally RESULTS Ballot Casting Assurance Universal Verifiability Verification Ballot Anyone can verify the proper processing of the bulletin board data PROPERTIES Two properties: End-to-end verification: typical voting security analyses distinguish the properties cast as intended and recorded as cast.
Auditing Process Helpers Bulletin Board Alice Bob Carl Bulletin Board Intermediate Computation Bulletin Board Tally RESULTS Ballot Casting Assurance Universal Verifiability Verification Ballot Anyone can verify the proper processing of the bulletin board data PROPERTIES Two properties: End-to-end verification: typical voting security analyses distinguish the properties cast as intended and recorded as cast. Direct verification: Alice, the voter, should get direct and immediate verification that her vote was correctly recorded.
What makes voting so hard 4 5 Voting with Helios Helios: Security model and Threats Talk overview 1 Voting protocols: a big picture Cryptographic primitives 2 Complexity Time 3
What makes voting so hard 4 5 Voting with Helios Helios: Security model and Threats Talk overview 1 Voting protocols: a big picture Cryptographic primitives ElGamal 2 Time Complexity 3 DDH Assumption Chaum - Pedersen Protocol Zero Knowledge Proofs Mixnet
KNOWLEDGE ZERO Interactive Proof
Cryptographic Primitives INTERACTIVEZERO KNOWLEDGE PROOF In an interactive zero knowledge proof, a prover P interacts with a verifier V to demonstrate the validity of an assertion without revealing anything about the assertion to the verifier V. Ref. 4
Cryptographic Primitives INTERACTIVEZERO KNOWLEDGE PROOF COMPLETENESS 1
Cryptographic Primitives INTERACTIVEZERO KNOWLEDGE PROOF COMPLETENESS 1 SOUNDNESS 2
Cryptographic Primitives INTERACTIVEZERO KNOWLEDGE PROOF COMPLETENESS 1 SOUNDNESS 2 ZERO KNOWLEDGE 3
Cryptographic Primitives INTERACTIVEZERO KNOWLEDGE PROOF – VOTING PROTOCOLS COMPLETENESS 1 SOUNDNESS 2 ZERO KNOWLEDGE 3 between authorities authorities and voters
Cryptographic Primitives INTERACTIVEZERO KNOWLEDGE PROOF - HONEST VERIFIER A Honest-Verifier Zero-Knowledge (HVZK) is a variation of ZK, in which the verifier V is expected to perform according to the protocol.
KNOWLEDGE ZERO NonInteractive Proof
Cryptographic Primitives NON INTERACTIVEZERO KNOWLEDGE PROOF - A SCENARIO
Cryptographic Primitives NON INTERACTIVEZERO KNOWLEDGE PROOF - A SCENARIO I have a new Theorem!
Cryptographic Primitives NON INTERACTIVEZERO KNOWLEDGE PROOF - A SCENARIO My new theorem is true! Sincerely, Persiano Alfredo De Santis
Cryptographic Primitives NON INTERACTIVEZERO KNOWLEDGE PROOF - CREDITS Ref. 7
EL-GAMAL encryption scheme
Cryptographic Primitives EL GAMAL ENCRYPTION SCHEME key generation encryption decryption asymmetric key encryption algorithm for public-key cryptography
Cryptographic Primitives EL GAMAL ENCRYPTION SCHEME key generation Sender Receiver large prime p ꞊ 2q+1 with q also prime
Cryptographic Primitives EL GAMAL ENCRYPTION SCHEME key generation Sender Receiver large prime p ꞊ 2q+1 with q also prime generator g of the q order subgroup of ℤp*
Cryptographic Primitives EL GAMAL ENCRYPTION SCHEME key generation Sender Receiver large prime p ꞊ 2q+1 with q also prime generator g of the q order subgroup of ℤp* Kpriv d in ℤq Kpub e ꞊ gd mod p
Cryptographic Primitives EL GAMAL ENCRYPTION SCHEME key generation Sender Receiver large prime p ꞊ 2q+1 with q also prime generator g of the q order subgroup of ℤp* Kpriv d in ℤq Kpub e ꞊ gd mod p (e, g, p)
Cryptographic Primitives EL GAMAL ENCRYPTION SCHEME Sender Receiver chooses r in ℤq encryption
Cryptographic Primitives EL GAMAL ENCRYPTION SCHEME Sender Receiver chooses r in ℤq KE ꞊ gr mod p encryption
Cryptographic Primitives EL GAMAL ENCRYPTION SCHEME Sender Receiver chooses r in ℤq KE ꞊ gr mod p KM ꞊ er mod p encryption
Cryptographic Primitives EL GAMAL ENCRYPTION SCHEME Sender Receiver chooses r in ℤq KE ꞊ gr mod p KM ꞊ er mod p chooses m of the q order subgroup of ℤp* encryption
Cryptographic Primitives EL GAMAL ENCRYPTION SCHEME Sender Receiver chooses r in ℤq KE ꞊ gr mod p KM ꞊ er mod p chooses m of the q order subgroup of ℤp* c ꞊ (KE , mKM) encryption
Cryptographic Primitives EL GAMAL ENCRYPTION SCHEME decryption Sender Receiver let c be the received ciphertext
Cryptographic Primitives EL GAMAL ENCRYPTION SCHEME Sender Receiver let c be the received ciphertext KM ꞊ KE d mod p ꞊ grd mod p decryption
Cryptographic Primitives EL GAMAL ENCRYPTION SCHEME Sender Receiver let c be the received ciphertext KM ꞊ KE d mod p ꞊ grd mod p m ꞊ KE -d m KM ꞊ g-dr m grd ꞊ grd-dr m ꞊ g0 m decryption
Cryptographic Primitives EL GAMAL ENCRYPTION SCHEME s in ℤq c' = ( gsKE , es mKM ) re-encryptionRecall Kpub e ꞊ gd mod p c ꞊ (KE , mKM) KE ꞊ gr mod p KM ꞊ er mod p Re-encryption c‘ decrypted using randomness s+r Decryption
ASSUMPTION Decisional Diffie-Hellman
DDH Assumption WHAT IS IT? Computational hardness assumption about a certain problem involving discrete logarithms in cyclic groups. Used to prove the security of many cryptographic protocols (e.g. ElGamal!!!)
DDH Assumption INFORMALDEFINITION Consider a (multiplicative) cyclic group G of order q, and with generator g. The DDH assumption states that, given ga and gb for uniformly and independently chosen a, b in ℤq, the value gab is indistinguishable from a random element in G.
DDH Assumption FORMAL DEFINITION Consider a (multiplicative) cyclic group G of order q, and with generator g. The following two probability distributions are computationally indistinguishable (in the security parameter q): (ga , gb , gab) where a, b are randomly and independently chosen in ℤq. (ga , gb , gc) where a, b, c are randomly and independently chosen in ℤq.
DDH Assumption DISCRETE LOG ASSUMPTION DDH is stronger than discrete log detecting DDH tuples is easy, DL is believed to be hard requiring DDH assumption is a more restricting requirement.
DDH Assumption DISCRETE LOG ASSUMPTION The DDH assumption does not hold for all groups. If the it holds for a certain group G, then the El Gamal encryption scheme is IND-CPA secure.
PROTOCOL Chaum Pedersen
Cryptographic Primitives CHAUMPEDERSEN Demonstrate that (g, y, w, u) = (g, gx , gr , grx) is a DDH tuple. P V s ∈ ℤq ( α, β ) = (gs , ys ) c ∈ ℤq t = s + cr accepts iff gt = α gc and yt = β uc
MIXNET Sako Kilian
Cryptographic Primitives MIXNET SCENARIO S1 Sn Si ... ... SHUFFLE m1 mi mn mπ(1) mπ(i) mπ(n) who is the sender?
Cryptographic Primitives MIXNET NOTATION C0,1 C0,2 C0,n C1,1 C1,2 C1,n Ci,1 Ci,2 Ci,n Cl,1 Cl,2 Cl,n … … … … … … ciphertext M1 Mi Ml
Cryptographic Primitives MIXNET TOPOLOGY Cascade topology i
Cryptographic Primitives MIXNET TOPOLOGY Free routing topology i
Cryptographic Primitives CHAUMIAN MIXNET Design Principle 1 (Encrypted Onion) A plaintext is repeatedly wrapped using a different public key and random padding at every layer. Each layer is unwrapped by the corresponding mix server. Ref. 39-thesis
Cryptographic Primitives CHAUMIAN MIXNET C1,1 C1,2 C1,n Ci,1 Ci,2 Ci,n Cl,1 Cl,2 Cl,n … … … … … … M1 Mi Ml C0,1 C0,2 C0,n Encryption
Cryptographic Primitives CHAUMIAN MIXNET C1,1 C1,2 C1,n Ci,1 Ci,2 Ci,n Cl,1 Cl,2 Cl,n … … … … … … M1 Mi Ml C0,1 C0,2 C0,n Mi has (pki , ski) and a randomness ri c0, j = Epk1 ( r1,j , Epk2 ( r2,j , …. Epkn ( rl,j , m) )
Cryptographic Primitives CHAUMIAN MIXNET C1,1 C1,2 C1,n Ci,1 Ci,2 Ci,n Cl,1 Cl,2 Cl,n … … … … … … M1 Mi Ml C0,1 C0,2 C0,n Mixing Stage
Cryptographic Primitives CHAUMIAN MIXNET C1,1 C1,2 C1,n Ci,1 Ci,2 Ci,n Cl,1 Cl,2 Cl,n … … … … … … M1 Mi Ml C0,1 C0,2 C0,n At each stage, Mi does: decrypt remove random padding send results lexicographically ordered to Mi+1
Cryptographic Primitives CHAUMIAN MIXNET modifiable messages refuse to take part in the protocol cipher size proportional to the number of mix servers (concatenation of randomness)
Cryptographic Primitives PARK ET AL REENCRYPTION MIXNET C1,1 C1,2 C1,n Ci,1 Ci,2 Ci,n Cl,1 Cl,2 Cl,n … … … … … … M1 Mi Ml C0,1 C0,2 C0,n Mi generates ski = xi ← ℤ*p-1 and pki = yi = gxi mod p Consider the Mixnet’s joint public key: PK = ∏ pki = g ∑ xi The input c0,i = EPK (m) and each mixserver reencrypts its input with a fresh randomness. Computation parameters A prime p and factorization of p-1 ~ g generator of ℤp* R i = 1 l i = 1 l
Cryptographic Primitives PARK ET AL REENCRYPTION MIXNET C1,1 C1,2 C1,n Ci,1 Ci,2 Ci,n Cl,1 Cl,2 Cl,n … … … … … … M1 Mi Ml C0,1 C0,2 C0,n Mi generates ski = xi ← ℤ*p-1 and pki = yi = gxi mod p Consider the Mixnet’s joint public key: PK = ∏ pki = g ∑ xi The final output is then joint-decrypted by the mix servers (El Gamal shared decryption) Computation parameters A prime p and factorization of p-1 ~ g generator of ℤp* R i = 1 l i = 1 l
Cryptographic Primitives PARK ET AL REENCRYPTION MIXNET - VARIATION C1,1 C1,2 C1,n Ci,1 Ci,2 Ci,n Cl,1 Cl,2 Cl,n … … … … … … M1 Mi Ml C0,1 C0,2 C0,n Partial Decryption (PD) Reencryption and decryption performed simultaneously: mix-servers perform PD at each reencryption stage Consider the Mixnet’s joint public key: PKi = ∏ pki' = g ∑ xi' l i' = i l i‘ = i
Cryptographic Primitives PARK ET AL REENCRYPTION MIXNET - VARIATION C1,1 C1,2 C1,n Ci,1 Ci,2 Ci,n Cl,1 Cl,2 Cl,n … … … … … … M1 Mi Ml C0,1 C0,2 C0,n Partial Decryption (PD) Reencryption and decryption performed simultaneously: mix-servers perform PD at each reencryption stage Consider the Mixnet’s joint public key: PKi = ∏ pki' = g ∑ xi' l i' = i l i‘ = i joint PK starting from Mi
Cryptographic Primitives PARK ET AL REENCRYPTION MIXNET - VARIATION C1,1 C1,2 C1,n Ci,1 Ci,2 Ci,n Cl,1 Cl,2 Cl,n … … … … … … M1 Mi Ml C0,1 C0,2 C0,n Partial Decryption (PD) Reencryption and decryption performed simultaneously: mix-servers perform PD at each reencryption stage Consider the Mixnet’s joint public key: PKi = ∏ pki' = g ∑ xi‘ PK1 = PK , the joint public key for all mix servers PKl = pkl , since Ml is the last mix server. l i' = i l i‘ = i
Cryptographic Primitives PARK ET AL REENCRYPTION MIXNET - VARIATION C1,1 C1,2 C1,n Ci,1 Ci,2 Ci,n Cl,1 Cl,2 Cl,n … … … … … … M1 Mi Ml C0,1 C0,2 C0,n Mi transforms Ci-1 , j under PKi into ci , j under PKi+1 (joint PK of the remaining mix servers) Ci-1 , j=(αi-1, βi-1)
Cryptographic Primitives PARK ET AL REENCRYPTION MIXNET - VARIATION C1,1 C1,2 C1,n Ci,1 Ci,2 Ci,n Cl,1 Cl,2 Cl,n … … … … … … M1 Mi Ml C0,1 C0,2 C0,n PDski (c) = (α, β · α−xi ) PDski (EPKi(m)) = EPKi+1 (m)← Ci-1 , j=(αi-1, βi-1)
Cryptographic Primitives PARK ET AL REENCRYPTION MIXNET - VARIATION C1,1 C1,2 C1,n Ci,1 Ci,2 Ci,n Cl,1 Cl,2 Cl,n … … … … … … M1 Mi Ml C0,1 C0,2 C0,n Ci-1 , j=(αi-1, βi-1) ci , j = REPKi+1 (PDski (ci -1, j ), ri , j )
Cryptographic Primitives MIXNET SECURITY LEVEL In the first conception, the ElGamal scheme was not semantically secure
Cryptographic Primitives MIXNET SECURITY LEVEL In the first conception, the ElGamal scheme was not semantically secure Pfitzmann Solution p safe prime g generator of a q-order subgroup of ℤp* and m ∈ ⟨g⟩ (presented ElGamal scheme)
Cryptographic Primitives MIXNET SECURITY LEVEL Moreover, non malleability is a required property. Solution Inputs are made not malleable including, for example, redundancy
Cryptographic Primitives SAKO KILIAN Sako Kilian: the first universally verifiable mixnet
Cryptographic Primitives SAKO KILIAN What’s new in Sako Kilian mixnet? proof of correct reencryption and shuffling proof of correct partial decryption PDski (ci, j) is published
Cryptographic Primitives SAKO KILIAN – PROOF OF CORRECT SHUFFLING typical zero-knowledge proof
Cryptographic Primitives SAKO KILIAN – PROOF OF CORRECT RANDOMIZATION VALUES BY HVZK Let π and (rj) be the permutation and randomization values used by a certain mix server. Secondary shuffle output: generated reencryping and shuffling using a new permutation λ and a list of randomization values (tj) The verifier can then challenge the mix server to reveal either (λ, (tj)) or (λ π-1, (rj -tj) ) 50% soundness
Cryptographic Primitives SAKO KILIAN – PROOF OF CORRECT SHUFFLING BY SECOND SHUFFLE Ci,1 Ci,2 Ci,n Ci-1,1 Ci-1,2 Ci-1,n Mi Mi' C'i,1 C'i,2 C'i,n challenge = 0 reveal (λ, tj) c'i, λ(j) = RE(ci-1, j , tj) challenge = 1 reveal (λ π-1, (ri - ti) ) ci, λ π-1 = RE(c'i, j , (ri - ti))
Cryptographic Primitives SAKO KILIAN – PROOF OF CORRECT PARTIAL DECRYPTION A decrypted ElGamal ciphertext can be proved to be correct using Chaum-Pedersen protocol. Given a ciphertext c = ( α, β ) and claimed m the prover shows that PD(c) = ( α’ , β’ ) yields β/ β’ = αxi
Cryptographic Primitives SAKO KILIAN – PROOF OF CORRECT PARTIAL DECRYPTION A decrypted ElGamal ciphertext can be proved to be correct using Chaum-Pedersen protocol. Given a ciphertext c = ( α, β ) and claimed m the prover shows that PD(c) = ( α’ , β’ ) yields β/ β’ = αxi . secret key of Mi
Cryptographic Primitives SAKO KILIAN – PROOF OF CORRECT PARTIAL DECRYPTION A decrypted ElGamal ciphertext can be proved to be correct using Chaum-Pedersen protocol. Given a ciphertext c = ( α, β ) and claimed m the prover shows that PD(c) = ( α’ , β’ ) yields β/ β’ = αxi . P must prove that (g, y, α, β/β’) is a DDH tuple. The mix server must then prove that (g, y, α, β/β’ ) forms a DDH tuple
Cryptographic Primitives CHAUMPEDERSEN APPLIED TO MIXNET Demonstrate that (g, y, w, u) = (g, gx , gr , grx) is a DDH tuple. P V s ∈ ℤq ( α, β ) = (gs , ys ) c ∈ ℤq t = s + cr accepts iff gt = α gc and yt = β uc
Cryptographic Primitives CHAUMPEDERSEN APPLIED TO MIXNET Demonstrate that (g, y, w, u) = (g, y, α, β/β’ ) is a DDH tuple. P V s ∈ ℤq ( α, β ) = (gs , ys ) c ∈ ℤq t = s + cx accepts iff gt = α gc and yt = β uc Let c = (α, β ), c’ = (α’, β’), y is the PK, c’ is obtained from c by partial decryption, x is the private key
Cryptographic Primitives CHAUMPEDERSEN APPLIED TO MIXNET Demonstrate that (g, y, w, u) = (g, y, α, β/β’ ) is a DDH tuple. P V s ∈ ℤq ( α’’, β’’ ) = (gs , ys ) c ∈ ℤq t = s + cx accepts iff gt = α gc and yt = β uc Let c = (α, β ), c’ = (α’, β’), y is the PK, c’ is obtained from c by partial decryption, x is the private key
Cryptographic Primitives CHAUMPEDERSEN APPLIED TO MIXNET Demonstrate that (g, y, w, u) = (g, y, α, β/β’ ) is a DDH tuple. P V s ∈ ℤq ( α’’, β’’ ) = (gs , ys ) c ∈ ℤq t = s + cx accepts iff gt = α’’ yc and yt = β’’ (β/β’)c Let c = (α, β ), c’ = (α’, β’), y is the PK, c’ is obtained from c by partial decryption, x is the private key
Cryptographic primitives What makes voting so hard 2 5 Voting with Helios Helios: Security model and Threats Talk overview 1 Voting protocols: a big picture Time 3 Complexity 4
UNIVERSAL VERIFIABILITY EL GAMAL VOTING SAKO KILIAN MIXNET Put it all together: Helios NON INTERACTIVE PROOF ANONYMITY
HELIOS Big Picture
Voting with Helios HELIOS – MAIN GOALS Open-Audit Ballot Casting Assurance Unconditional Integrity Unconditional Privacy Universal Verifiability Usability Web-Based Educate about Coercion Low Coercion Elections
Voting with Helios HELIOS – BULLETIN BOARD OF VOTES Bulletin Board publicly available run by a single server integrity ensured if enough voters check their votes
Voting with Helios HELIOS – THE WHOLE PROCESS Inspired by Benaloh’s Protocol (next talk!)
Voting with Helios HELIOS – THE WHOLE PROCESS Alice prepares and audits as many ballots she wants, ensuring that all of the audited ballots are consistent Helios Bulletin Board posts Alice’s name and encrypted ballot Election closes: Helios shuffles all ballots and produces Non-Interactive Proof of correct shuffling (with overwhelming probability) 1 2 3
Voting with Helios HELIOS – THE WHOLE PROCESS Alice prepares and audits as many ballots she wants, ensuring that all of the audited ballots are consistent Helios Bulletin Board posts Alice’s name and encrypted ballot Election closes: Helios shuffles all ballots and produces Non-Interactive Proof of correct shuffling (with overwhelming probability) 1 2 3
Voting with Helios HELIOS – THE WHOLE PROCESS Alice prepares and audits as many ballots she wants, ensuring that all of the audited ballots are consistent Helios Bulletin Board posts Alice’s name and encrypted ballot Election closes: Helios shuffles all ballots and produces Non-Interactive Proof of correct shuffling (with overwhelming probability) 1 2 3
Voting with Helios HELIOS – THE WHOLE PROCESS After a reasonable compliant period to let auditors check the shuffling, Helios decrypts all shuffled ballots and provides a decryption proof for each and performs the tally An auditor can download the entire election data and verify shuffle, decryption and tally. 4 5
Voting with Helios HELIOS – THE WHOLE PROCESS After a reasonable compliant period to let auditors check the shuffling, Helios decrypts all shuffled ballots and provides a decryption proof for each and performs the tally An auditor can download the entire election data and verify shuffle, decryption and tally. 4 5
Voting with Helios HELIOS – THE WHOLE PROCESS After a reasonable compliant period to let auditors check the shuffling, Helios decrypts all shuffled ballots and provides a decryption proof for each and performs the tally An auditor can download the entire election data and verify shuffle, decryption and tally. 4 5 Bulletin board performs its own independent shuffle and decryption (with relative proofs) if an election is made up of more than one race.
Voting with Helios SAKO KILIAN –INCREASING ASSURANCEOF INTEGRITY t shadow mixes challenge with t bits mixnet is correct with probability 1 – 2-t Cut and Choose technique
Voting with Helios SAKO KILIAN – PROOF OF CORRECT SHUFFLING AND DECRYPTION There are many verifiers, and it is not suitable to have a heavy computation for each of them. The HVZK proof previously described is transformed into a NIZK Proof using the Fiat-Shamir heuristic.
Election Creation Registered users can create elections Ballot Setup: election name, start and end dates Voters Management: add or remove voters Freeze Election: ElGamal keypair is generated and election starts Voting Fill in the ballot: Alice chooses a candidate Sealing: vote is encrypted and the ciphertext’s hash is showed Audit: Helios returns the randomness (verification via own code or Ballot Encryption Verification) Cast: Helios discards plaintext and randomness. Alice after logging in, receives a confirmation of her vote and its SHA1 Anonymization Shuffle, Shuffle Proof, Decrypt Proof, Tally 1 2 3 Voting Protocols: A Big Picture SUMMARIZING HELIOS’ VOTING PROCESS
Election Creation Registered users can create elections Ballot Setup: election name, start and end dates Voters Management: add or remove voters Freeze Election: ElGamal keypair is generated and election starts Voting Fill in the ballot: Alice chooses a candidate Sealing: vote is encrypted and the ciphertext’s hash is showed Audit: Helios returns the randomness (verification via own code or Ballot Encryption Verification) Cast: Helios discards plaintext and randomness. Alice after logging in, receives a confirmation of her vote and its SHA1 Anonymization Shuffle, Shuffle Proof, Decrypt Proof, Tally 1 2 3 Voting Protocols: A Big Picture SUMMARIZING HELIOS’ VOTING PROCESS
Election Creation Registered users can create elections Ballot Setup: election name, start and end dates Voters Management: add or remove voters Freeze Election: ElGamal keypair is generated and election starts Voting Fill in the ballot: Alice chooses a candidate Sealing: vote is encrypted and the ciphertext’s hash is showed Audit: Helios returns the randomness (verification via own code or Ballot Encryption Verification) Cast: Helios discards plaintext and randomness. Alice after logging in, receives a confirmation of her vote and its SHA1 Anonymization Shuffle, Shuffle Proof, Decrypt Proof, Tally 1 2 Voting Protocols: A Big Picture SUMMARIZING HELIOS’ VOTING PROCESS 3
HELIOS Web Component Server
Voting with Helios HELIOS – WEB COMPONENTS Ballot loaded: no network communication until the ballot is encrypted and the plaintext is discarded
Voting with Helios HELIOS – SERVER Python Web App CherryPie 3.0 Lighttpd web server
What makes voting so hard Voting with Helios 1 Voting protocols: a big picture Time 3 Cryptographic primitives 4 Talk overview Helios: Security model and Threats 2 Complexity 5
HELIOS Incorrect shuffle or decryption Occurs with overwhelming probability thanks the cryptographic verification.
HELIOS Changing Ballot Impersonating Substitute a new ciphertext or inject a vote. Succeed since it occurs before encryption
Auditing is crucial! Helios ensures that if a large majority of voters verifies their vote, then the outcome is correct
Present Future First publicly available Implementation web based. It focuses on trustworthy elections without the overhead of coercion-freeness. Support for other types of elections. Distributed shuffling and decryption. Improving authentication.
References 1. Ben Adida. Advances in Cryptographic Voting Systems. PhD thesis, August 2006. http://assets.adida.net/research/phd-thesis.pdf 2. Lucie Langer, Axel Schmidt, Johannes Buchmann, and Melanie Volkamer. A Taxonomy Refining the Security Requirements for Electronic Voting: Analyzing: Helios as a Proof of Concept. In Fifth International Conference on Availability, Reliability and Security (ARES), pages 475–480. IEEE Computer Society, 2010. 3. Ben Adida. Helios: web-based open-audit voting, in SS’08: Proceedings of the 17th conference on Security symposium. USENIX Association, 2008, pp. 335–348. 4. Laure Fouard, Mathilde Duclos, and Pascal Lafourcade. Survey on Electronic Voting Schemes. supported by the ANR project AVOTÉ, 2007. 5. Choonsik Park, Kazutomo Itoh, and Kaoru Kurosawa. Efficient anonymous channel and all/nothing election scheme. In Tor Helleseth, editor, EUROCRYPT, volume 765 of Lecture Notes in Computer Science, pages 248–259. Springer, 1994.
References 6. Sampigethaya K., Poovendran R., A Survey on Mix Networks and Their Secure Applications. Proceedings of the IEEE , vol.94, no.12, pp.2142,2181, Dec. 2006 doi: 10.1109/JPROC.2006.889687 7. Manuel Blum, Alfredo De Santis, Silvio Micali, Giuseppe Persiano. Noninteractive Zero-Knowledge, 1991 8. David Chaum and Torben P. Pedersen. Wallet databases with observers. In Ernest F. Brickell, editor, CRYPTO, volume 740 of Lecture Notes in Computer Science, pages 89–105. Springer, 1992. 9. Amos Fiat and Adi Shamir. How to prove your-self: Practical solutions to identification and signature problems. In Andrew M. Odlyzko, editor, CRYPTO, volume 263 of Lecture Notes in Computer Science, pages 186–194. Springer, 1986. 10. Kazue Sako and Joe Kilian. Receipt-free mix-type voting scheme - a practical solution to the implementation of a voting booth. In EUROCRYPT, pages 393–403, 1995.
Credits Thanks to all users that published their pictures under creative commons: 1. http://www.flickr.com/photos/71167649@N03/6435866935/ 2. http://www.flickr.com/photos/citizen_poeta/1446906402/sizes/z/in/ph otostream/ 3. http://kwicsys.com/wp-content/uploads/2012/10/Free-HD-Twins- Cherry-Wallpapers.jpg I also want to thank Jon Froehlich for getting inspired by his presentations’ design.
Backup Slides
TAXONOMY Verifiability Secrecy
Taxonomy INTEGRITY INTEGRITY universal tallying phase
Taxonomy INTEGRITY INTEGRITY individual voting and tallying phases
Taxonomy VERIFICABILITY VERIFIABILITY continuous 1 universal
Taxonomy VERIFICABILITY VERIFIABILITY continuous 1 universal VERIFIABILITY discrete 2 universal
Taxonomy VERIFICABILITY VERIFIABILITY continuous 1 universal VERIFIABILITY discrete 2 universal VERIFIABILITY inner 3 individual
Taxonomy VERIFICABILITY VERIFIABILITY continuous 1 universal VERIFIABILITY discrete 2 universal VERIFIABILITY inner 3 individual VERIFIABILITY outer 4 individual
Taxonomy VERIFICABILITY VERIFIABILITY continuous 1 universal VERIFIABILITY discrete 2 universal VERIFIABILITY inner 3 individual VERIFIABILITY outer 4 individual IVbefore casting (3-4).1
Taxonomy VERIFICABILITY VERIFIABILITY continuous 1 universal VERIFIABILITY discrete 2 universal VERIFIABILITY inner 3 individual VERIFIABILITY outer 4 individual IVbefore casting (3-4).1 IVafter casting (3-4).2
Taxonomy VERIFICABILITY VERIFIABILITY continuous 1 universal VERIFIABILITY discrete 2 universal VERIFIABILITY inner 3 individual VERIFIABILITY outer 4 individual IVbefore casting (3-4).1 IVafter casting (3-4).2 IVafter tallying (3-4).3
Taxonomy VERIFICABILITY VERIFIABILITY continuous 1 universal VERIFIABILITY discrete 2 universal VERIFIABILITY inner 3 individual VERIFIABILITY outer 4 individual OBJECTION change of 5 IVbefore casting (3-4).1 IVafter casting (3-4).2 IVafter tallying (3-4).3
Taxonomy VERIFICABILITY VERIFIABILITY continuous 1 universal VERIFIABILITY discrete 2 universal VERIFIABILITY inner 3 individual VERIFIABILITY outer 4 individual OBJECTION change of 5 OBJECTION secrecy 5.1 preserving IVbefore casting (3-4).1 IVafter casting (3-4).2 IVafter tallying (3-4).3
Taxonomy VERIFICABILITY VERIFIABILITY continuous 1 universal VERIFIABILITY discrete 2 universal VERIFIABILITY inner 3 individual VERIFIABILITY outer 4 individual OBJECTION change of 5 OBJECTION secrecy 5.2 compromising OBJECTION secrecy 5.1 preserving IVbefore casting (3-4).1 IVafter casting (3-4).2 IVafter tallying (3-4).3
Taxonomy SECRECY UNLINKABILITY voter vote/ballot
Taxonomy SECRECY UNLINKABILITY voter vote
Taxonomy SECRECY UNPROVABLE LINKABILITY voter ballot
Taxonomy SECRECY UNPROVABLE LINKABILITY voter vote
Taxonomy SECRECY ANONYMITY
ELGAMAL Reencryption Proof
Cryptographic Primitives EL GAMAL ENCRYPTION SCHEME c' = ( gsKE , es mKM ) = ( K'E , K'M ) re-encryptionRecall Kpub e ꞊ gd mod p c ꞊ (KE , mKM) KE ꞊ gr mod p KM ꞊ er mod p Decryption proof
Cryptographic Primitives EL GAMAL ENCRYPTION SCHEME c' = ( gsKE , es mKM ) = ( K'E , K'M ) K'M ꞊ K'E d mod p = gsKE mod p = gs gr mod p = gs+r mod p re-encryptionRecall Kpub e ꞊ gd mod p c ꞊ (KE , mKM) KE ꞊ gr mod p KM ꞊ er mod p Decryption proof
Cryptographic Primitives EL GAMAL ENCRYPTION SCHEME c' = ( gsKE , es mKM ) = ( K'E , K'M ) K'M ꞊ K'E d mod p = gsKE mod p = gs gr mod p = gs+r mod p m = K'E -d m K'M = g(s+r)-d m g(s+r)d = g(s+r)-d+ (s+r)d m = g(d-d)(s+r) m re-encryptionRecall Kpub e ꞊ gd mod p c ꞊ (KE , mKM) KE ꞊ gr mod p KM ꞊ er mod p Decryption proof
Cryptographic Primitives SAKO KILIAN – PROOF OF CORRECT PARTIAL DECRYPTION A decrypted ElGamal ciphertext can be proved to be correct using Chaum-Pedersen protocol. Given a ciphertext c = ( α, β ) and claimed m the prover shows that PD(c) = ( α’ , β’ ) yields β/ β’ = αxi . P must prove that (g, y, α, β/β’) is a DDH tuple. The mix server must then prove that (g, y, α, β/β’ ) forms a DDH tuple meaning that: logg (y) = logα (β/β’ ) mod p.

Recommandé

Fast Multiparty Threshold ECDSA with Fast TrustlessSetup
Fast Multiparty Threshold ECDSA with Fast TrustlessSetupFast Multiparty Threshold ECDSA with Fast TrustlessSetup
Fast Multiparty Threshold ECDSA with Fast TrustlessSetup
National Chengchi University
 
Secure electronic transactions (SET)
Secure electronic transactions (SET)Secure electronic transactions (SET)
Secure electronic transactions (SET)
Omar Ghazi
 
Payment Gateway
Payment GatewayPayment Gateway
Payment Gateway
Ashraf Bashir
 
Digital signature Brief Introduction
Digital signature Brief IntroductionDigital signature Brief Introduction
Digital signature Brief Introduction
Ganesh Kothe
 
How an online payment gateway works
How an online payment gateway worksHow an online payment gateway works
How an online payment gateway works
Ikajo International
 
Payment gateway
Payment gatewayPayment gateway
Payment gateway
Piyush Dua
 
Digital Certificate
Digital CertificateDigital Certificate
Digital Certificate
Sumant Diwakar
 
Seminar presentation on digital signature ppt
Seminar presentation on digital signature pptSeminar presentation on digital signature ppt
Seminar presentation on digital signature ppt
Ravi Ranjan
 

Recommandé

Fast Multiparty Threshold ECDSA with Fast TrustlessSetup
Fast Multiparty Threshold ECDSA with Fast TrustlessSetupFast Multiparty Threshold ECDSA with Fast TrustlessSetup
Fast Multiparty Threshold ECDSA with Fast TrustlessSetup
National Chengchi University
 
Secure electronic transactions (SET)
Secure electronic transactions (SET)Secure electronic transactions (SET)
Secure electronic transactions (SET)
Omar Ghazi
 
Payment Gateway
Payment GatewayPayment Gateway
Payment Gateway
Ashraf Bashir
 
Digital signature Brief Introduction
Digital signature Brief IntroductionDigital signature Brief Introduction
Digital signature Brief Introduction
Ganesh Kothe
 
How an online payment gateway works
How an online payment gateway worksHow an online payment gateway works
How an online payment gateway works
Ikajo International
 
Payment gateway
Payment gatewayPayment gateway
Payment gateway
Piyush Dua
 
Digital Certificate
Digital CertificateDigital Certificate
Digital Certificate
Sumant Diwakar
 
Seminar presentation on digital signature ppt
Seminar presentation on digital signature pptSeminar presentation on digital signature ppt
Seminar presentation on digital signature ppt
Ravi Ranjan
 
Blind Signature Scheme
Blind Signature SchemeBlind Signature Scheme
Blind Signature Scheme
Kelum Senanayake
 
Set Secure Electronic Transaction (SET)
Set Secure Electronic Transaction (SET)Set Secure Electronic Transaction (SET)
Set Secure Electronic Transaction (SET)
Suraj Dhalwar
 
Digital Signature.pptx
Digital Signature.pptxDigital Signature.pptx
Digital Signature.pptx
Md. AManullah Galib
 
Online Payment Gateway System
Online Payment Gateway SystemOnline Payment Gateway System
Online Payment Gateway System
Mannu Khani
 
Payment gateway
Payment gatewayPayment gateway
Payment gateway
HananBahy
 
Digital certificates
Digital certificatesDigital certificates
Digital certificates
Simmi Kamra
 
Payment Gateway
Payment GatewayPayment Gateway
Payment Gateway
Nyros Technologies
 
Blockchain consensus algorithms
Blockchain consensus algorithmsBlockchain consensus algorithms
Blockchain consensus algorithms
Anurag Dashputre
 
AI Banking Chatbot
AI Banking ChatbotAI Banking Chatbot
AI Banking Chatbot
MaurizioMartin
 
Payment gateway/payment service providers and future trends in mobile payment...
Payment gateway/payment service providers and future trends in mobile payment...Payment gateway/payment service providers and future trends in mobile payment...
Payment gateway/payment service providers and future trends in mobile payment...
Danail Yotov
 
Seminar ppt on digital signature
Seminar ppt on digital signatureSeminar ppt on digital signature
Seminar ppt on digital signature
jolly9293
 
Digital certificates
Digital certificatesDigital certificates
Digital certificates
Buddhika Karunanayaka
 
Secure Electronic Transaction (SET)
Secure Electronic Transaction (SET)Secure Electronic Transaction (SET)
Secure Electronic Transaction (SET)
Syed Taimoor Hussain Shah
 
Simont Braun - Webinar PSD3 PSR Evolution or Revolution?
Simont Braun - Webinar PSD3 PSR Evolution or Revolution?Simont Braun - Webinar PSD3 PSR Evolution or Revolution?
Simont Braun - Webinar PSD3 PSR Evolution or Revolution?
FinTech Belgium
 
Security In Internet Banking
Security In Internet BankingSecurity In Internet Banking
Security In Internet Banking
Chiheb Chebbi
 
E wallet
E walletE wallet
E wallet
Ayushi Shah
 
A Complete Model of the Payment Service Business
A Complete Model of the Payment Service BusinessA Complete Model of the Payment Service Business
A Complete Model of the Payment Service Business
Frank Steeneken
 
FIS Global Corporate Slide Library
FIS Global Corporate Slide LibraryFIS Global Corporate Slide Library
FIS Global Corporate Slide Library
Modicum
 
GraphTalks Copenhagen - Analyzing Fraud with Graph Databases
GraphTalks Copenhagen - Analyzing Fraud with Graph DatabasesGraphTalks Copenhagen - Analyzing Fraud with Graph Databases
GraphTalks Copenhagen - Analyzing Fraud with Graph Databases
Neo4j
 
Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor Authentication
Dilip Kr. Jangir
 
Elgamal & schnorr digital signature scheme copy
Elgamal & schnorr digital signature scheme copyElgamal & schnorr digital signature scheme copy
Elgamal & schnorr digital signature scheme copy
North Cap University (NCU) Formely ITM University
 
Ppt on online voting
Ppt on online votingPpt on online voting
Ppt on online voting
Debapriyo Dasgupta
 

Contenu connexe

Tendances

Digital certificates
Digital certificatesDigital certificates
Digital certificates
Simmi Kamra
 
Payment gateway/payment service providers and future trends in mobile payment...
Payment gateway/payment service providers and future trends in mobile payment...Payment gateway/payment service providers and future trends in mobile payment...
Payment gateway/payment service providers and future trends in mobile payment...
Danail Yotov
 
A Complete Model of the Payment Service Business
A Complete Model of the Payment Service BusinessA Complete Model of the Payment Service Business
A Complete Model of the Payment Service Business
Frank Steeneken
 
FIS Global Corporate Slide Library
FIS Global Corporate Slide LibraryFIS Global Corporate Slide Library
FIS Global Corporate Slide Library
Modicum
 
Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor Authentication
Dilip Kr. Jangir
 

Tendances (20)

Blind Signature Scheme
Blind Signature SchemeBlind Signature Scheme
Blind Signature Scheme
 
Set Secure Electronic Transaction (SET)
Set Secure Electronic Transaction (SET)Set Secure Electronic Transaction (SET)
Set Secure Electronic Transaction (SET)
 
Digital Signature.pptx
Digital Signature.pptxDigital Signature.pptx
Digital Signature.pptx
 
Online Payment Gateway System
Online Payment Gateway SystemOnline Payment Gateway System
Online Payment Gateway System
 
Payment gateway
Payment gatewayPayment gateway
Payment gateway
 
Digital certificates
Digital certificatesDigital certificates
Digital certificates
 
Payment Gateway
Payment GatewayPayment Gateway
Payment Gateway
 
Blockchain consensus algorithms
Blockchain consensus algorithmsBlockchain consensus algorithms
Blockchain consensus algorithms
 
AI Banking Chatbot
AI Banking ChatbotAI Banking Chatbot
AI Banking Chatbot
 
Payment gateway/payment service providers and future trends in mobile payment...
Payment gateway/payment service providers and future trends in mobile payment...Payment gateway/payment service providers and future trends in mobile payment...
Payment gateway/payment service providers and future trends in mobile payment...
 
Seminar ppt on digital signature
Seminar ppt on digital signatureSeminar ppt on digital signature
Seminar ppt on digital signature
 
Digital certificates
Digital certificatesDigital certificates
Digital certificates
 
Secure Electronic Transaction (SET)
Secure Electronic Transaction (SET)Secure Electronic Transaction (SET)
Secure Electronic Transaction (SET)
 
Simont Braun - Webinar PSD3 PSR Evolution or Revolution?
Simont Braun - Webinar PSD3 PSR Evolution or Revolution?Simont Braun - Webinar PSD3 PSR Evolution or Revolution?
Simont Braun - Webinar PSD3 PSR Evolution or Revolution?
 
Security In Internet Banking
Security In Internet BankingSecurity In Internet Banking
Security In Internet Banking
 
E wallet
E walletE wallet
E wallet
 
A Complete Model of the Payment Service Business
A Complete Model of the Payment Service BusinessA Complete Model of the Payment Service Business
A Complete Model of the Payment Service Business
 
FIS Global Corporate Slide Library
FIS Global Corporate Slide LibraryFIS Global Corporate Slide Library
FIS Global Corporate Slide Library
 
GraphTalks Copenhagen - Analyzing Fraud with Graph Databases
GraphTalks Copenhagen - Analyzing Fraud with Graph DatabasesGraphTalks Copenhagen - Analyzing Fraud with Graph Databases
GraphTalks Copenhagen - Analyzing Fraud with Graph Databases
 
Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor Authentication
 

En vedette

Project synopsis on online voting system
Project synopsis on online voting systemProject synopsis on online voting system
Project synopsis on online voting system
Lhakpa Yangji
 
Online voting system project
Online voting system projectOnline voting system project
Online voting system project
snauriyal1994
 
PROJECT REPORT_ONLINE VOTING SYSTEM
PROJECT REPORT_ONLINE VOTING SYSTEMPROJECT REPORT_ONLINE VOTING SYSTEM
PROJECT REPORT_ONLINE VOTING SYSTEM
Nandasaba Wilson
 

En vedette (20)

Elgamal & schnorr digital signature scheme copy
Elgamal & schnorr digital signature scheme copyElgamal & schnorr digital signature scheme copy
Elgamal & schnorr digital signature scheme copy
 
Ppt on online voting
Ppt on online votingPpt on online voting
Ppt on online voting
 
50120130405028
5012013040502850120130405028
50120130405028
 
Online voting
Online votingOnline voting
Online voting
 
Online voting system
Online voting systemOnline voting system
Online voting system
 
Online voting system presentation slide (1)
Online voting system presentation slide (1)Online voting system presentation slide (1)
Online voting system presentation slide (1)
 
Online voting system
Online voting systemOnline voting system
Online voting system
 
PHP_eVoting
PHP_eVotingPHP_eVoting
PHP_eVoting
 
Presentacion diapositiva 40
Presentacion diapositiva 40Presentacion diapositiva 40
Presentacion diapositiva 40
 
Parallel DNA Sequence Alignment
Parallel DNA Sequence AlignmentParallel DNA Sequence Alignment
Parallel DNA Sequence Alignment
 
Project synopsis on online voting system
Project synopsis on online voting systemProject synopsis on online voting system
Project synopsis on online voting system
 
Online Voting System
Online Voting SystemOnline Voting System
Online Voting System
 
Classical Encryption Techniques in Network Security
Classical Encryption Techniques in Network SecurityClassical Encryption Techniques in Network Security
Classical Encryption Techniques in Network Security
 
Online Voting System - Project
Online Voting System - ProjectOnline Voting System - Project
Online Voting System - Project
 
Online E-Voting System
Online E-Voting SystemOnline E-Voting System
Online E-Voting System
 
Online voting system
Online voting systemOnline voting system
Online voting system
 
Online voting system project
Online voting system projectOnline voting system project
Online voting system project
 
Online voting system ppt by anoop
Online voting system ppt by anoopOnline voting system ppt by anoop
Online voting system ppt by anoop
 
PROJECT REPORT_ONLINE VOTING SYSTEM
PROJECT REPORT_ONLINE VOTING SYSTEMPROJECT REPORT_ONLINE VOTING SYSTEM
PROJECT REPORT_ONLINE VOTING SYSTEM
 
online voting system
online voting systemonline voting system
online voting system
 

Similaire à Hardness of Online Voting

Castle Presentation 08-12-04
Castle Presentation 08-12-04Castle Presentation 08-12-04
Castle Presentation 08-12-04
Howard Hellman
 
HIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical InfrastructureHIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
AdaCore
 
IS Unit 3_Public Key Cryptography
IS Unit 3_Public Key CryptographyIS Unit 3_Public Key Cryptography
IS Unit 3_Public Key Cryptography
Sarthak Patel
 
CodeMeter - Your driving license to expert cryptography
CodeMeter - Your driving license to expert cryptographyCodeMeter - Your driving license to expert cryptography
CodeMeter - Your driving license to expert cryptography
team-WIBU
 
Workshop on 03 11-2012
Workshop on 03 11-2012Workshop on 03 11-2012
Workshop on 03 11-2012
Gaurav Gautam
 
Symmetric key encryption
Symmetric key encryptionSymmetric key encryption
Symmetric key encryption
mdhar123
 
Introduction to Digital signatures
Introduction to Digital signaturesIntroduction to Digital signatures
Introduction to Digital signatures
Rohit Bhat
 
amrapali builders@@sub way hacking.pdf
amrapali builders@@sub way hacking.pdfamrapali builders@@sub way hacking.pdf
amrapali builders@@sub way hacking.pdf
amrapalibuildersreviews
 

Similaire à Hardness of Online Voting (20)

Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Castle Presentation 08-12-04
Castle Presentation 08-12-04Castle Presentation 08-12-04
Castle Presentation 08-12-04
 
HIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical InfrastructureHIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
 
IS Unit 3_Public Key Cryptography
IS Unit 3_Public Key CryptographyIS Unit 3_Public Key Cryptography
IS Unit 3_Public Key Cryptography
 
network security
network securitynetwork security
network security
 
Ph d final_report
Ph d final_reportPh d final_report
Ph d final_report
 
Marco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overviewMarco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overview
 
CodeMeter - Your driving license to expert cryptography
CodeMeter - Your driving license to expert cryptographyCodeMeter - Your driving license to expert cryptography
CodeMeter - Your driving license to expert cryptography
 
Workshop on 03 11-2012
Workshop on 03 11-2012Workshop on 03 11-2012
Workshop on 03 11-2012
 
E-commerce security using asymmetric key algorithm
E-commerce security using asymmetric key algorithmE-commerce security using asymmetric key algorithm
E-commerce security using asymmetric key algorithm
 
Symmetric key encryption
Symmetric key encryptionSymmetric key encryption
Symmetric key encryption
 
Encryption symmetric key
Encryption symmetric keyEncryption symmetric key
Encryption symmetric key
 
Iss lecture 2
Iss lecture 2Iss lecture 2
Iss lecture 2
 
Introduction to Digital signatures
Introduction to Digital signaturesIntroduction to Digital signatures
Introduction to Digital signatures
 
amrapali builders@@sub way hacking.pdf
amrapali builders@@sub way hacking.pdfamrapali builders@@sub way hacking.pdf
amrapali builders@@sub way hacking.pdf
 
Information and data security pseudorandom number generation and stream cipher
Information and data security pseudorandom number generation and stream cipherInformation and data security pseudorandom number generation and stream cipher
Information and data security pseudorandom number generation and stream cipher
 
Authenticated Encryption Gcm Ccm
Authenticated Encryption Gcm CcmAuthenticated Encryption Gcm Ccm
Authenticated Encryption Gcm Ccm
 
Secure 3 kany-vanda
Secure 3 kany-vandaSecure 3 kany-vanda
Secure 3 kany-vanda
 
5967073.ppt
5967073.ppt5967073.ppt
5967073.ppt
 
15.Security
15.Security15.Security
15.Security
 

Dernier

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 

Dernier (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 

Hardness of Online Voting