Caltech/Mit Voting Technology Project

Total Page:16

File Type:pdf, Size:1020Kb

Caltech/Mit Voting Technology Project CALTECH/MIT VOTING TECHNOLOGY PROJECT A multi-disciplinary, collaborative project of the California Institute of Technology – Pasadena, California 91125 and the Massachusetts Institute of Technology – Cambridge, Massachusetts 02139 ADVANCES IN CRYPTOGRAPHIC VOTING SYSTEMS BEN ADIDA MIT Key words: voting systems, cryptographic, election administration, secret- ballot elections VTP WORKING PAPER #51 September 2006 Advances in Cryptographic Voting Systems by Ben Adida Submitted to the Department of Electrical Engineering and Computer Science in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science at the MASSACHUSETTS INSTITUTE OF TECHNOLOGY August 2006 c Massachusetts Institute of Technology 2006. All rights reserved. Author . .................................................................. Department of Electrical Engineering and Computer Science August 31st, 2006 Certified by . ............................................................. Ronald L. Rivest Viterbi Professor of Electrical Engineering and Computer Science Thesis Supervisor Accepted by . ............................................................ Arthur C. Smith Chairman, Department Committee on Graduate Students 2 Advances in Cryptographic Voting Systems by Ben Adida Submitted to the Department of Electrical Engineering and Computer Science on August 31st, 2006, in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science Abstract Democracy depends on the proper administration of popular elections. Voters should receive assurance that their intent was correctly captured and that all eligible votes were correctly tallied. The election system as a whole should ensure that voter coercion is unlikely, even when voters are willing to be influenced. These conflicting requirements present a significant challenge: how can voters receive enough assurance to trust the election result, but not so much that they can prove to a potential coercer how they voted? This dissertation explores cryptographic techniques for implementing verifiable, secret- ballot elections. We present the power of cryptographic voting, in particular its ability to successfully achieve both verifiability and ballot secrecy, a combination that cannot be achieved by other means. We review a large portion of the literature on cryptographic voting. We propose three novel technical ideas: 1. a simple and inexpensive paper-base cryptographic voting system with some interesting advantages over existing techniques, 2. a theoretical model of incoercibility for human voters with their inherent limited com- putational ability, and a new ballot casting system that fits the new definition, and 3. a new theoretical construct for shuffling encrypted votes in full view of public observers. Thesis Supervisor: Ronald L. Rivest Title: Viterbi Professor of Electrical Engineering and Computer Science 3 4 Acknowledgments Ron Rivest was already my Master’s Thesis Advisor in 1998-1999.He welcomed me back into his group after my 4-year leave of absence and found research funding for me by my second semester. His top-notch advice, endless encouragement, and bottomless well of knowledge were invaluable. His constant dedication to the field of cryptography, to scientific rigor, and to teaching, amaze me still every day. My committee members, Shafi Goldwasser and Srini Devadas, were so encouraging that my defense felt more like a family get-together than an exam (okay, not quite.) The Knight Foundation funded my work with the Caltech/MIT Voting Technology Project. Stephen Ansolabehere helped me get started with the group and provided precious advice along the way. His unrivaled expertise in election matters was crucial to our debates. His humor made our meetings seem much shorter than they actually were. Hal Abelson has been a close mentor for 10 years. His predictions seem outlandish only because they are, conservatively, 2 years ahead of their time. His dedication and unequaled talent for teaching will always be among my greatest inspirations. His positive impact on the world is exceeded only by his humility, and I am honored to have the opportunity to work with him in any fashion. Andy Neff, my long-distance collaborator, possesses a strength in the face of absurd adversity that I have rarely seen. His ideas are groundbreaking and elegant, and I struggle to keep up. He is maybe the ultimate unspoken hero of voting. If we ever achieve secure verifiable voting, it is hard to imagine that one of his ideas wouldn’t be part of the solution. Douglas Wikstr¨om, my other long-distance collaborator, smacked me around for incomplete proofs (I deserved it.) Mike Bond, Jolyon Clulow, and Ross Anderson hacked my ATM card with a British accent. John Herzog, Paul Youn, Amerson Lin, provided the American (and Singaporian) counter-part. Susan Hohenberger and I finally got our anti-phishing paper published, though it was a book chapter before it was a conference paper (go figure.) She and my other officemates Steve Weis, Seth Gilbert, and David Liben-Nowell, suffered my incessant yapping about policy, privacy, copyright reform, and free software. Chris Peikert reviewed large portions of this work as a last-minute favor, catching bugs I would surely have missed, and suggesting brilliant improvements. He, along with Rafael Pass, Alon Rosen, abhi shelat, and Guy Rothblum were always willing to explain the theoretical crypto concepts I had forgotten, missed, or just not understood. David Chaum, the man behind a disproportionate number of the major cryptographic break- throughs of the last 30 years, got me involved in voting standards work and provided endless entertainment at CRYPTO. Every voting crypto idea seems to have its root in one of David’s early proposals. 5 Danny Weitzner, Ralph Swick, and Eric Miller were my guides in the wild world of the W3C. Zak Kohane, Pete Szolovitz, and Ken Mandl were my guides in the land of medical informatics, bioinformatics, and genomic medicine. Philip Greenspun helped me return to MIT by offering me a TAship in his course for my first semester back. Gerald Ruderman provided unbeatable advice and encouragement. My parents, Pierre and Yvette, eventually stopped asking questions about the detail of my work—long past the point I expected—but never stopped encouraging me, congratulating me on successes big and small, and dismissing my failures as other people’s faults. I could not have asked for better parents. Claire regaled me with her stories of far-away lands and adventures, and Juliette found her path to success while helping me plan my wedding from across the Atlantic. I could not have asked for better sisters. Speaking of wedding... I met my wife Rita the first week I returned to MIT. The moment I met her, I knew. The rest, all of this, is details. 6 This work is dedicated to my grandparents, Marguerite, Adolf, Salomon, and Marcelle. They encouraged me to explore, and I went looking for things to decrypt. 7 8 Contents 1 Introduction 23 1.1 A Brief History of Voting ............................. 24 1.2 What Makes Voting so Hard? .......................... 26 1.2.1 Verifiability vs. Secrecy .......................... 26 1.2.2 Threat Modeling: Planes, Banks, and Voting Machines ........ 27 1.2.3 Auditing a Partially Secret Process ................... 29 1.3 Classic Voting Systems .............................. 29 1.3.1 Chain-of-Custody Security ........................ 30 1.3.2 The Erosion of the Secret Ballot ..................... 30 1.3.3 The Voter-Verified Paper Audit Trail . ............... 32 1.4 Cryptographic Voting Schemes .......................... 32 1.4.1 End-to-End Verifiability ......................... 33 1.4.2 A Bulletin Board of Votes ........................ 34 1.4.3 A Secret Voter Receipt .......................... 35 1.4.4 Tallying the Ballots ............................ 36 1.4.5 The Promise of Cryptographic Voting . ............... 39 1.5 Contributions of this Work ............................ 39 1.5.1 Mixnet Literature Review ........................ 39 1.5.2 Scratch & Vote .............................. 39 1.5.3 Ballot Casting Assurance &p 2503 4736287 45396786 Assisted-Human Interactive Proofs ................... 40 1.5.4 Public Mixing ............................... 40 1.5.5 Collaboration and Authorship ...................... 41 1.6 Organization ................................... 41 2 Preliminaries 43 2.1 Basics ....................................... 43 2.2 Public-Key Encryption .............................. 43 2.2.1 IND-CPA Security ............................. 44 2.2.2 IND-CCA Security ............................. 46 2.2.3 IND-CCA2 Security ............................ 47 2.2.4 IND-RCCA Security ............................ 48 2.3 Homomorphic Public-Key Encryption ...................... 48 9 2.3.1 Re-encryption ............................... 49 2.3.2 Security of Homomorphic Cryptosystems . ............... 49 2.3.3 Homomorphic Schemes in Practice ................... 49 2.4 Threshold Public-Key Cryptosystems ...................... 51 2.4.1 Secret Sharing ............................... 52 2.4.2 Secure Multi-Party Computation .................... 52 2.4.3 Efficient Threshold Schemes ....................... 53 2.5 Zero-Knowledge Proofs .............................. 54 2.5.1 Zero-Knowledge Variants ......................... 55 2.5.2 Proofs of Knowledge ........................... 56 2.6 Program Obfuscation ............................... 56 2.6.1 First Formalization ............................ 57 2.6.2 Auxiliary Inputs
Recommended publications
  • Integral Cryptanalysis on Full MISTY1⋆
    Integral Cryptanalysis on Full MISTY1? Yosuke Todo NTT Secure Platform Laboratories, Tokyo, Japan [email protected] Abstract. MISTY1 is a block cipher designed by Matsui in 1997. It was well evaluated and standardized by projects, such as CRYPTREC, ISO/IEC, and NESSIE. In this paper, we propose a key recovery attack on the full MISTY1, i.e., we show that 8-round MISTY1 with 5 FL layers does not have 128-bit security. Many attacks against MISTY1 have been proposed, but there is no attack against the full MISTY1. Therefore, our attack is the first cryptanalysis against the full MISTY1. We construct a new integral characteristic by using the propagation characteristic of the division property, which was proposed in 2015. We first improve the division property by optimizing a public S-box and then construct a 6-round integral characteristic on MISTY1. Finally, we recover the secret key of the full MISTY1 with 263:58 chosen plaintexts and 2121 time complexity. Moreover, if we can use 263:994 chosen plaintexts, the time complexity for our attack is reduced to 2107:9. Note that our cryptanalysis is a theoretical attack. Therefore, the practical use of MISTY1 will not be affected by our attack. Keywords: MISTY1, Integral attack, Division property 1 Introduction MISTY [Mat97] is a block cipher designed by Matsui in 1997 and is based on the theory of provable security [Nyb94,NK95] against differential attack [BS90] and linear attack [Mat93]. MISTY has a recursive structure, and the component function has a unique structure, the so-called MISTY structure [Mat96].
    [Show full text]
  • SAEB: a Lightweight Blockcipher-Based AEAD Mode of Operation
    SAEB: A Lightweight Blockcipher-Based AEAD Mode of Operation Yusuke Naito1, Mitsuru Matsui1, Takeshi Sugawara2 and Daisuke Suzuki1 1 Mitsubishi Electric Corporation, Japan {Naito.Yusuke@ce,Matsui.Mitsuru@ab,Suzuki.Daisuke@bx}.MitsubishiElectric.co.jp 2 The University of Electro-Communications, Japan [email protected] Abstract. Lightweight cryptography in computationally constrained devices is ac- tively studied. In contrast to advances of lightweight blockcipher in the last decade, lightweight mode of operation is seemingly not so mature, yet it has large impact in performance. Therefore, there is a great demand for lightweight mode of oper- ation, especially that for authenticated encryption with associated data (AEAD). Among many known properties of conventional modes of operation, the following four properties are essential for constrained devices: 1. Minimum State Size: the state size equals to a block size of a blockcipher. 2. Inverse Free: no need for a blockcipher decryption. 3. XOR Only: only XOR is needed in addition to a blockcipher encryption. 4. Online: a data block is processed only once. The properties 1 and 4 contribute to small memory usage, and the properties 2 and 3 contribute to small program/circuit footprint. On top of the above properties, the fifth property regarding associated data (AD) is also important for performance: 5. Efficient Handling of Static AD: static AD can be precomputed. We design a lightweight blockcipher-based AEAD mode of operation called SAEB: the first mode of operation that satisfies all the five properties to the best of our knowledge. Performance of SAEB is evaluated in various software and hardware platforms.
    [Show full text]
  • Organics Pail Announcement Flyer
    FREE KITCHEN PAILS ARE HERE! Collection Pail for FOOD SCRAPS and The City of Emeryville is providing FREE Kitchen FOOD-SOILED PAPER Questions? emeryville.wm.com - 510.613.8700 Pails for you to collect food waste in your own N unit. You may pick it up at PLASTIC (bags, wrap, cutlery, trays, containers, cup lids) POLYSTYRENE FOAM The pail’s label shows what you can compost, including all food scraps and all (cups, plates, containers) food-soiled paper (like coffee cups, napkins, pizza boxes, and paper or fiber ALUMINUM FOIL to-go boxes). METAL (foil pans, cans, jar lids, foil-lined paper) When the pail is full, empty it into the green cart in your building’s trash area, GLASS and wash it out with your dishes. PET WASTE LIQUIDS Remember: Composting helps reduce greenhouse gases by keeping organics out of the landfill and making compost for agricultural use instead. (More information is at http://epa.gov/climatechange/ghgemissions/gases/ch4.html) All multi-family properties are now required to provide collection service for compostables. (http://www.recyclingrulesac.org/multi-family/multi-family-faqs/) Please help make Emeryville’s food waste program a success! City of Emeryville Compostables Collection How-To’s Tips to keep your kitchen pail clean—it’s easy! Use paper to wrap food waste to absorb liquids, cut down odor, and reduce flies. Include all food-related paper, such as pizza boxes, paper towels, napkins, and to-go containers made of paper or fiber. Did you know? Paper absorbs liquids, which harbor bacteria, Empty your food waste often into the which cause odors.
    [Show full text]
  • Avrim Blum, John Hopcroft, Ravindran Kannan
    Foundations of Data Science This book provides an introduction to the mathematical and algorithmic founda- tions of data science, including machine learning, high-dimensional geometry, and analysis of large networks. Topics include the counterintuitive nature of data in high dimensions, important linear algebraic techniques such as singular value decompo- sition, the theory of random walks and Markov chains, the fundamentals of and important algorithms for machine learning, algorithms, and analysis for clustering, probabilistic models for large networks, representation learning including topic modeling and nonnegative matrix factorization, wavelets, and compressed sensing. Important probabilistic techniques are developed including the law of large num- bers, tail inequalities, analysis of random projections, generalization guarantees in machine learning, and moment methods for analysis of phase transitions in large random graphs. Additionally, important structural and complexity measures are discussed such as matrix norms and VC-dimension. This book is suitable for both undergraduate and graduate courses in the design and analysis of algorithms for data. Avrim Blum is Chief Academic Officer at the Toyota Technological Institute at Chicago and formerly Professor at Carnegie Mellon University. He has over 25,000 citations for his work in algorithms and machine learning. He has received the AI Journal Classic Paper Award, ICML/COLT 10-Year Best Paper Award, Sloan Fellowship, NSF NYI award, and Herb Simon Teaching Award, and is a fellow of the Association for Computing Machinery. John Hopcroft is the IBM Professor of Engineering and Applied Mathematics at Cornell University. He is a member National Academy of Sciences and National Academy of Engineering, and a foreign member of the Chinese Academy of Sciences.
    [Show full text]
  • Laboratory Supplies and Equipment
    Laboratory Supplies and Equipment Beakers: 9 - 12 • Beakers with Handles • Printed Square Ratio Beakers • Griffin Style Molded Beakers • Tapered PP, PMP & PTFE Beakers • Heatable PTFE Beakers Bottles: 17 - 32 • Plastic Laboratory Bottles • Rectangular & Square Bottles Heatable PTFE Beakers Page 12 • Tamper Evident Plastic Bottles • Concertina Collapsible Bottle • Plastic Dispensing Bottles NEW Straight-Side Containers • Plastic Wash Bottles PETE with White PP Closures • PTFE Bottle Pourers Page 39 Containers: 38 - 42 • Screw Cap Plastic Jars & Containers • Snap Cap Plastic Jars & Containers • Hinged Lid Plastic Containers • Dispensing Plastic Containers • Graduated Plastic Containers • Disposable Plastic Containers Cylinders: 45 - 48 • Clear Plastic Cylinder, PMP • Translucent Plastic Cylinder, PP • Short Form Plastic Cylinder, PP • Four Liter Plastic Cylinder, PP NEW Polycarbonate Graduated Bottles with PP Closures Page 21 • Certified Plastic Cylinder, PMP • Hydrometer Jar, PP • Conical Shape Plastic Cylinder, PP Disposal Boxes: 54 - 55 • Bio-bin Waste Disposal Containers • Glass Disposal Boxes • Burn-upTM Bins • Plastic Recycling Boxes • Non-Hazardous Disposal Boxes Printed Cylinders Page 47 Drying Racks: 55 - 56 • Kartell Plastic Drying Rack, High Impact PS • Dynalon Mega-Peg Plastic Drying Rack • Azlon Epoxy Coated Drying Rack • Plastic Draining Baskets • Custom Size Drying Racks Available Burn-upTM Bins Page 54 Dynalon® Labware Table of Contents and Introduction ® Dynalon Labware, a leading wholesaler of plastic lab supplies throughout
    [Show full text]
  • Supply Chain Packaging Guide
    Secondary Packaging Supply Chain Standards July 7, 2021 Business Confidential | ©2021 Walmart Stores, Inc. 177 // 338 Secondary Packaging Supply Chain Standards - Update Summary These standards have included multiple clarifications of what is required and what is NOT ALLOWED. These changes have been updated throughout the published standards to provide clarity to suppliers. The pages have been reorganized to provide a better flow. PAGE 2021 UPDATES Changes to Supply Chain Standards 185 SQEP Phase 2 and Phase 3 Defect Description/Definitions Added 202 General Case Markings Updated for Dates, Unprocessed Meats, and Cylindrical Items 210-213 Updated Pallet Standards 218 Update "Palletized Shipments" to "Unitized Shipments" 227 Add Inbound Appointment Scheduling Standard 228 Update TV Test Standards 235-237 Add Direct Store Delivery (DSD) aka Direct To Store (DTS) Standards 239 Update SIOC Standards 240 Add eCommerce Product Specific Requirement Standards 241-244 Add Drop Ship Vendor (DSV) Standards 268 Add Jewelry Distribution Center Standards 269-271 Add Optical Distribution Center Standards 275 Add Goods Not For Resale (GNFR) Standards 277-278 Update Meat/Poultry/Seafood Case and Pallet Label Standards 284 Add HACCP Pallet Placard for GCC Shipments 311-312 Add Frozen Seafood Carton Marking Requirements Appendix D Update Receiving Pulp Temperature Range Business Confidential | © 2021 Walmart Stores, Inc. The examples shown are for reference only. Supply Chain Standards 178 // 338 Table of Contents Supply Chain Stretch Wrap . 219 Produce Shipments . 280 Contact Information . 179 Trailer Loading . 220 Automated Grocery Handling . 281 Walmart Retail Link Resources . 180 Trailer Measurements. 221 Grocery Import Distribution Center (GIDC) . 282 Walmart Distribution Center Overview .
    [Show full text]
  • Include the Food Roll Cart Often
    Kitchen pail tips • Empty food scraps into the yard debris Include the Food roll cart often. • Line kitchen pail with a Biodegradable with Yard Debris Products Institute (BPI) certified compostable liner bag. • Wrap food items, like meat and fish, in newspaper and store in the freezer until collection day. Your food scraps • Wash kitchen pail in the dishwasher or by hand. make a difference! Nearly 30 percent of residential Roll cart tips garbage produced in our region is organic material that can be composted. • Keep lid closed. Composting food scraps creates a • Store the cart in nutrient-rich soil enhancement and the shade during prevents carbon emissions that occur warm weather. when food breaks down in the landfill. • Line bottom Look inside for 3 simple steps to help you of cart with succeed in collecting food scraps. newspaper or a paper bag to help absorb moisture. Learn more Starting February 2020 Hillsboro-Oregon.gov/Garbage • Layer food scraps in between the yard debris. Your guide to successful City of Hillsboro • Sprinkle baking soda in the roll cart 150 E Main St, Hillsboro, OR 97123 curbside food composting to reduce odors and deter insects. 503-681-6100 Hillsboro-Oregon.gov • Use soap and water to clean the roll cart after it is emptied. Three easy steps Leave it OUT Place • Cat litter/Pet waste kitchen pail in a convenient place. • Coffee cups • “Compostable” or “biodegradable” bags that are not BPI-certified Include • “Compostable” or all food scraps in “biodegradable” takeout the kitchen pail. containers and utensils • Corks Empty • Diapers your kitchen pail into • Facial tissue your yard debris cart.
    [Show full text]
  • Packaging Supplies
    PACKAGING SUPPLIES STEEL STRAPPING SAFETY CUTTERS t 4USPOHFTUNBUFSJBMGPSBXJEFSBOHFPGTUSBQQJOHSFRVJSFNFOUT t *EFBMGPSIFBWZTIJQNFOUTUIBUSFRVJSFTUSPOHFS FOR STEEL STRAPPING QSPUFDUJPOPWFSQPMZQSPQZMFOFBOEQPMZFTUFS t #MBDLQBJOUFEBOEXBYFEmOJTIFE STANDARDDUTY t $VUTTUFFMTUSBQQJOHXJEFYUIJDL t 4BGFUZEFTJHOIPMETTUSBQQJOHJOQMBDF UPQSFWFOUJOKVSJFTGSPNnZJOHFOET t 3VCCFSQBETHFOUMZSFMFBTF TUSBQQJOHXIFOCFJOHDVU Model Strap Core Strength Model No. PC446 No. Width" Dimensions" lbs. Coil' PF404 1/2 x 0.020 16 x 3 1200 2940 PF405 5/8 x 0.020 16 x 3 1500 2360 PF406 3/4 x 0.020 16 x 3 1800 1960 HEAVYDUTY PF407 1 1/4 x 0.031 16 x 1 1/4 5500 760 t $VUTTUFFMTUSBQQJOHXJEFYUIJDL t 1PXFSGVMESPQGPSHFETUFFMEFTJHO t )FBWZEVUZQFSGPSNBODFGPS STEEL SEALS JOEVTUSJBMBQQMJDBUJPOT t "MMGVMMZHBMWBOJ[FETUFFM Open Type t MPOH t 0QFO 4OBQPO UZQF Model No. PC479 6TFEPOnBUBOETNPPUITVSGBDFT t 'VMMZDMPTFE QVTI UZQF 6TFEPODVSWFSBOEJSSFHVMBSTVSGBDFT STEEL STRAPPING TENSIONERS Closed Type PUSH BAR STYLE t "DDFQUTTUFFMTUSBQQJOHUIJDL t -JHIUUFOTJPO MJNJUFEUBLFVQ t *EFBMGPSBQQMJDBUJPOTPOTNBMM SPVOEPSJSSFHVMBSTVSGBDFT t 'PSVTFXJUIQVTIUZQFDMPTFETFBMT PA567 Model Strap Qty Model Strap Qty No. Width" /Box No. Width" /Box FEEDWHEEL STYLE OPEN SNAPON FULLY CLOSED PUSH t "DDFQUTTUFFMTUSBQQJOHUIJDL PF408 1/2 2000 PF415 1/2 2000 t 'BTUBOEFBTZPQFSBUJPO PF409 5/8 2000 PF416 5/8 2000 t .FEJVNIFBWZUFOTJPO VOMJNJUFEUBLFVQ PF410 3/4 2000 PF417 3/4 2000 t *EFBMGPSBQQMJDBUJPOTPOnBUTVSGBDFT PF411 1/2 5000 PF418 1/8 5000 t 'PSVTFXJUIPQFOTFBMT PF412 5/8 5000 PF419 5/8 5000 PC938 PE350 PF413 3/4 5000 PF420
    [Show full text]
  • Improved Meet-In-The-Middle Distinguisher on Feistel Schemes
    Improved Meet-in-the-Middle Distinguisher on Feistel Schemes Li Lin1;2 and Wenling Wu1 1 Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China 2 Graduate University of Chinese Academy of Sciences, Beijing 100190, China flinli, [email protected] Abstract. Improved meet-in-the-middle cryptanalysis with efficient tab- ulation technique has been shown to be a very powerful form of crypt- analysis against SPN block ciphers. However, few literatures show the ef- fectiveness of this cryptanalysis against Balanced-Feistel-Networks (BFN) and Generalized-Feistel-Networks (GFN) ciphers due to the stagger of affected trail and special truncated differential trail. In this paper, we de- scribe a versatile and powerful algorithm for searching the best improved meet-in-the-middle distinguisher with efficient tabulation technique on word-oriented BFN and GFN block ciphers, which is based on recursion and greedy algorithm. To demonstrate the usefulness of our approach, we show key recovery attacks on 14/16-round CLEFIA-192/256 which are the best attacks. We also propose key recovery attacks on 13/15-round Camellia-192/256 (without F L=F L−1). Keywords: Block Ciphers, Improved Meet-in-the-Middle Attack, Effi- cient Tabulation Technique, Automatic Search Tool, Truncated Differ- ential Trail, CLEFIA, Camellia. 1 Introduction The meet-in-the-middle attack was first proposed by Diffie and Hellman to attack DES [7]. In recent years, it was widely researched due to its effectiveness against block cipher AES [4]. For AES, Gilbert and Minier showed in [10] a collision attack on 7-round AES.
    [Show full text]
  • The Scantegrity Voting System and Its Use in the Takoma Park Elections
    The Scantegrity Voting System and Its Use in the Takoma Park Elections The MIT Faculty has made this article openly available. Please share how this access benefits you. Your story matters. Citation Carback, Richard T. et al. "The Scantegrity Voting System and Its Use in the Takoma Park Elections." Real-World Electronic Voting: Design, Analysis and Deployment, edited by Feng Hao and Peter Y. A. Ryan, Auerbach Publications, 2016, 264-304. As Published http://dx.doi.org/10.1201/9781315371290 Publisher Auerbach Publications Version Author's final manuscript Citable link https://hdl.handle.net/1721.1/128360 Terms of Use Creative Commons Attribution-Noncommercial-Share Alike Detailed Terms http://creativecommons.org/licenses/by-nc-sa/4.0/ The Scantegrity Voting System and its Use in the Takoma Park Elections David Chaum Richard T. Carback Jeremy Clark Aleksander Essex Travis Mayberry Stefan Popoveniuc Ronald L. Rivest Emily Shen Alan T. Sherman Poorvi L. Vora John Wittrock Filip Zagórski 1 Introduction The Scantegrity project began with a simple question: is it possible to design a voting system offering the strong security properties of cryptographic end-to-end (E2E) election verification with the intuitive look and feel of a paper optical-scan ballot? This chapter recounts a decade-long research effort toward answering this question, from the design of Scantegrity’s precursor Punchscan, all the way to the first governmental election run by an E2E voting system. The main focus of this chapter is on the Scantegrity II voting system (hereafter referred to as simply Scantegrity) and its use in the municipal elections of Takoma Park, MD in 2009 and 2011.
    [Show full text]
  • Eurocrypt'2000 Conference Report
    Eurocrypt'2000 Conference Report May 15–18, 2000 Bruges Richard Graveman Telcordia Technologies Morristown, NJ USA [email protected] Welcome This was the nineteenth annual Eurocrypt conference. Thirty-nine out of 150 papers were accepted, and there were two invited talks along with the traditional rump session. About 480 participants from 39 countries were present. Bart Preneel was Program Chair. The Proceedings were published by Springer Verlag as Advances in Cryptology— Eurocrypt'98, Lecture Notes in Computer Science, Volume 1807, Bart Preneel, editor. Session 1: Factoring and Discrete Logarithm, Chair: Bart Preneel Factorization of a 512-bit RSA Modulus, Stefania Cavallar (CWI, The Netherlands), Bruce Dodson (Lehigh University, USA), Arjen K. Lenstra (Citibank, USA), Walter Lioen (CWI, The Netherlands), Peter L. Montgomery (Microsoft Research, USA and CWI, The Netherlands), Brian Murphy (The Australian National University, Australia), Herman te Riele (CWI, The Netherlands), Karen Aardal (Utrecht University, The Netherlands), Jeff Gilchrist (Entrust Technologies Ltd., Canada), Gérard Guillerm (École Polytechnique, France), Paul Leyland (Microsoft Research Ltd., UK), Joël Marchand (École Polytechnique/CNRS, France), François Morain (École Polytechnique, France), Alec Muffett (Sun Microsystems, UK), Chris and Craig Putnam (USA), Paul Zimmermann (Inria Lorraine and Loria, France) The authors factored the RSA challenge number RSA-512 with the general number field sieve (NFS). The algorithm has four steps: polynomial selection, sieving, linear algebra, and square root extraction. For N known to be composite, two irreducible polynomials with a common root mod N are needed. f1 (of degree 5 in this case) should have many roots modulo small primes as well as being as small as possible.
    [Show full text]
  • Engineering Practical End-To-End Verifiable Voting Systems
    ABSTRACT Title of Dissertation: Engineering Practical End-to-End Verifiable Voting Systems Richard T. Carback III, Doctor of Philosophy, 2010 Dissertationdirected by: Alan T. Sherman, Associate Professor Department of Computer Science and Electrical Engineering We designed, built, tested, and fielded a vote counting system called Scantegrity. Scan- tegrity is part of a new class of end-to-end (E2E) verifiable voting systems. E2E verifiable systems are designed to solve chain of custody problems in elections by providing a privacy-preserving receipt to each voter. The voter can use the receipt to check a public record and verify that his or her ballot is counted without revealing the selected candidate. The public record gives election officials the ability to provide a strong, universally-accessible audit of the results, enabling transparent, verifiable elections that maintain privacy expectations. E2E systems offer radical improvements to integrity and transparency of election systems, and the adoption of E2E systems in public-sector elections can improve outcome integrity. In our design, we carefully considered the balance between usability and security issues, and we discuss the changes we made to implement the system. We examined the implementation through the results of a practical test of Scantegrity in a mock election in April 2009, which evaluated the system’s performance and surveyed the election participants about their experience with the system. We describe a number of changes we made to the system as a result of this test. For example, Scantegrity required better printing technology and a tally reconciliation system. We evaluated the modified system a second time by fielding it in the Takoma Park, Maryland, November 2009 municipal election, where we were able to survey voters and observe events throughout election day.
    [Show full text]