Efficient Cryptosystem for Universally Verifiable Mixnets
Total Page:16
File Type:pdf, Size:1020Kb
EFFICIENT CRYPTOSYSTEM FOR UNIVERSALLY VERIFIABLE MIXNETS Sandra Guasch Castelló Company Supervisor: Jordi Puiggalí Allepuz Academic Supervisor: Miquel Soriano Ibáñez Bachelor Degree of Telecomunication Engineering Universitat Politècnica de Catalunya, ETSETB Scytl Secure Electronic Voting December 2009 This PFC has been done by means of a university-company collaboration program in Scytl Secure Electronic Voting. 1 2 Agraïments M’agradaria primer de tot agrair an es meus pares i an es meu germà es recolzament que m’han donat aquests últims dies de projecte, tot i que no acabéssin d’entendre sa feina i presió que comporta. Sobretot a sa meua mare, que m’ha fet correccions d’anglès a sa introducció i a ses conclusions “perquè lo altre, que és més tècnic, ja ho sabràs tu millor”. Després d’ells, es següent que és mereix es meu agraïment és en Ferran, que ha tengut (i té) infinita paciència amb es meus histerismes, dubtes i queixes. Amb ell he compartit s’últim any de sa carrera i es procés de realització des projecte, i poder comptar sempre amb una persona que estava en sa mateixa situació que jo m’ha ajudat molt. Grasis! També m’agradaria agrair as meus companys de classe de sa enginyeria superior es anys de carrera, durs però entretenguts, i a ses meues amigues de sa tècnica i d’Eivissa poder-nos ajuntar de quan en quan per fer uns cafès, contar-nos ses nostres experiències en es camins diferents que hem près, i riure’ns un poc de tot. No puc deixar d’anomenar aquí a la Paz Morillo, que ha estat sempre allí per a qualsevol dubte que he tengut. Finalment, m’agradaria agraïr al Miquel Soriano i al Jordi Puggalí sa oportunitat que m’han donat de entrar a treballar a Scytl per fer allí es meu PFC, i an es meus companys de feina, sobretot a en Miquel Comas i a en Jaume Poch, per fer de sa feina un lloc més agradable i entretengut. 3 4 Index of Contents 1. Introduction .......................................................................................................................... 9 1.1. Democracy and electoral processes: ............................................................................. 9 1.2. Security in remote e-Voting ........................................................................................ 10 1.3. Securing elections using basic cryptography .............................................................. 11 1.3.1. Vote encryption ................................................................................................... 11 1.3.2. Digital signature .................................................................................................. 12 2. e-Voting protocols focused in the protection of the voter privacy .................................... 15 2.1. Protocols that implement anonymity in the pre-election phase ................................ 15 2.2. Protocols that implement anonymity in the voting phase ......................................... 18 2.3. Protocols that implement anonymity in the counting phase ..................................... 20 2.3.1. Homomorphic tally protocols ............................................................................. 20 2.3.2. Mixnets ................................................................................................................ 25 3. Building Blocks .................................................................................................................... 35 3.1. Definition of a Vote anonymization system ................................................................ 35 3.2. Definition of the Integrity Proofs and the Verification process .................................. 37 3.3. Cryptosystem Definition .............................................................................................. 38 3.3.1. RSA ...................................................................................................................... 39 3.3.2. ElGamal ............................................................................................................... 42 3.3.3. Paillier .................................................................................................................. 43 4. Design of a Cryptosystem for an Efficient and Universally Verifiable Mixnet .................... 47 4.1. Initial Assumptions ...................................................................................................... 47 4.2. Analysis Model ............................................................................................................ 48 4.3. ElGamal Cryptosystem ................................................................................................ 49 4.3.1. Conventional ElGamal encryption ....................................................................... 50 4.3.2. ElGamal homomorphisms ................................................................................... 51 4.3.3. Definition of ElGamal for semantic security in voting applications .................... 52 4.4. Proposals for a new cryptosystem based on ElGamal encryption .............................. 54 4.4.1. Proposal 0: ElGamal conventional cryptosystem ................................................ 55 4.4.2. Proposal 1 ............................................................................................................ 56 4.4.3. Proposal 2 ............................................................................................................ 57 4.4.4. Proposal 3 (our first proposal) ............................................................................ 59 4.4.5. The re-encryption process .................................................................................. 64 4.4.6. Proposal 4 (our second proposal) ....................................................................... 65 5 4.4.7. Problems found in the previous proposals ......................................................... 71 4.4.8. Proposal 5 (our third proposal) ........................................................................... 75 4.4.9. Proposal 6 ............................................................................................................ 90 4.4.10. Conclusions about the proposed cryptosystems .............................................. 105 4.5. Elliptic Curve Cryptography: EC ElGamal Cryptosystem ........................................... 107 4.5.1. Elliptic Curve Cryptography ............................................................................... 107 4.5.2. EC Homomorphic Cryptosystems ...................................................................... 112 4.5.3. Use of the EC ElGamal cryptosystem in homomorphic schemes. Proposal for a mixing process ................................................................................................................... 114 5. Zero Knowledge Proofs in ElGamal cryptosystems ........................................................... 121 5.1. Schnorr Identification Protocol ................................................................................. 122 5.1.1. Protocol: ............................................................................................................ 123 5.1.2. Schnorr Signature .............................................................................................. 123 5.2. Proof of Discrete-Log equality - Chaum-Pedersen Protocol ..................................... 123 5.3. Proof of Plaintext Knowledge .................................................................................... 125 5.4. Proof of Plaintext Equivalence .................................................................................. 126 5.5. Proof of Subset Membership .................................................................................... 128 5.6. Proof of Correct Decryption using Schnorr Identification Protocol .......................... 130 6. Case Study: use of the proposed encryption algorithm in a Universally Verifiable Mixnet 133 6.1. Defining the cryptosystem ........................................................................................ 134 6.2. Voting Phase .............................................................................................................. 135 6.2.1. Vote casting ....................................................................................................... 135 6.2.2. Vote reception ................................................................................................... 135 6.3. Mixing Phase ............................................................................................................. 136 6.4. Decryption and Counting Phase ................................................................................ 141 7. Conclusions ....................................................................................................................... 145 8. References ......................................................................................................................... 147 6 Index of Figures Fig. 1 - 1 Electronic voting using basic cryptography .................................................................. 13 Fig. 2 - 1 Example of paper ballot in Pollsterless ......................................................................... 16 Fig. 2 - 2 Communications in a two agencies model ................................................................... 19 Fig. 2 - 3 Example of an additive homomorphic tally .................................................................. 21 Fig. 2 - 4 Example of a multiplicative homomorphic