Automated anonymity verification of the ThreeBallot and VAV voting systems

In recent years, a large number of secure voting protocols have been proposed in the literature. Often these protocols contain flaws, but because they are complex protocols, rigorous formal analysis has proven hard to come by. Rivest’s ThreeBallot and Vote/Anti-Vote/Vote (VAV) voting systems are important because they aim to provide security (voter anonymity and voter verifiability) without requiring cryptography. In this paper, we construct CSP models of ThreeBallot and VAV, and use them to produce the first automated formal analysis of their anonymity properties. Along the way, we discover that one of the crucial assumptions under which ThreeBallot and VAV (and many other voting systems) operate—the short ballot assumption—is highly ambiguous in the literature. We give various plausible precise interpretations and discover that in each case, the interpretation either is unrealistically strong or else fails to ensure anonymity. We give a revised version of the short ballot assumption for ThreeBallot and VAV that is realistic but still provides a guarantee of anonymity.     

基于FOO投票协议的无收据电子投票方案

安全且实用的电子投票协议是信息安全领域的热点问题之一。引入了盲签名、投票编号、申诉标识等工具,提出了一种新的无收据的电子投票方案,该方案进一步完善了FOO投票协议,可保证选票的匿名性、可验证性和无收据性,并且允许投票者中途弃权。该方案不仅保持了原方案的各种优点,而且增强了系统的安全性和灵活性。因此,与其他类似方案相比较,该方案具有更好的通用性和实用性。     

基于同态门限密码体制的投票协议

针对当前存在的投票协议普遍要求一个可信赖的管理机构的问题,提出一种新的投票协议。该协议综合运用同态加密、门限密码体制、盲签名、环签名、零知识证明等密码技术,在假设无人弃权或虽有人弃权但管理者不与其他投票人合谋作弊的情况下,消除了无可信第三方和健壮性共存的矛盾,同时满足了匿名性、合法性、健壮性、可验证性和无可信第三方等安全属性。     

基于信任评估的量子区块链网络匿名选举协议

为了在量子通信网络中实现效率更高且具备信任评估功能的匿名选举协议,引入了区块链技术与节点信任评估模型。区块链技术架构具有去中心化、去信任、匿名性、防窜改等优势,节点信任评估模型在选举协议开始前完成任意两节点间的身份可信评估,使选举协议更加高效且可信。协议安全模型分析与对比结果表明,与现有协议相比该协议安全性能更好,且具有更好的匿名性、不可窜改性、可验证性等优点,在现有的技术条件下也更容易被实现。     

基于环签名的安全电子投票方案

利用环签名协议和比特承诺技术,提出了一种新的安全电子投票方案。即使注册机构和计票机构相互勾结,该方案也可无条件地保证投票人身份的匿名性。此外,本方案还可以分类统计投票人的观点。协议具有秘密性、唯一性、完整性、匿名性、公平性、可验证性等优点,适合进行大规模的选举。     

Privacy and verifiability in voting systems: Methods,developments and trends

One of the most challenging aspects in computer-supported voting is to combine the apparently conflicting requirements of privacy and verifiability. On the one hand, privacy requires that a vote cannot be traced back from the result to a voter, while on the other hand, verifiability states that a voter can trace the effect of her vote on the result. This can be addressed using various privacy-enabling cryptographic primitives which also offer verifiability.As more and more refined voting systems were proposed, understanding of first privacy and later verifiability in voting increased, and notions of privacy as well as notions of verifiability in voting became increasingly more refined. This has culminated in a variety of verifiable systems that use cryptographic primitives to ensure specific kinds of privacy. However, the corresponding privacy and verifiability claims are not often verified independently. When they are investigated, claims have been invalidated sufficiently often to warrant a cautious approach to them.The multitude of notions, primitives and proposed solutions that claim to achieve both privacy and verifiability form an interesting but complex landscape. The purpose of this paper is to survey this landscape by providing an overview of the methods, developments and current trends regarding privacy and verifiability in voting systems.     

RLWE同态加密算法的多候选人电子投票协议

使用安全协议保护选民隐私、保证投票公正有效是投票电子信息化的基础,安全协议的复杂度则是电子投票应用的最大阻碍。提出了一种基于RLWE同态加密算法的多候选人电子投票协议,可支持多候选人,也能满足对选民隐私的保护。该协议利用基于RLWE的同态加密算法的加法同态性质在计票环节使用密文计票保护选民的私密,利用中国剩余定理的性质对选票进行批处理,提升计票能力。该投票协议能支持多候选人投票并最终知晓每个候选人最终票数,并设置公示机构公示投票过程中的每个步骤,用于公开验证。     

ESIV: an end-to-end secure internet voting system

Nowadays, with the growing popularity of e-Government services, security of client platforms and violation of citizen e-rights are of great concerns. Since Internet-voting protocols have no control over voter-side platforms, bribery/coercion and breaching vote’s privacy and voter’s anonymity are feasible. In fact, the voter-side platform (voter’s PC) is easily vulnerable to malicious software (cyber-attacks) and can totally breach security of the entire voting protocol. We have proposed ESIV: an end-to-end secure internet-voting system that highly guarantees: voter and server-side platform’s security, verifiability, fairness, resistance to bribery/coercion and voting authorities collusion besides simultaneous election support while preserving eligibility, anonymity, privacy and trust. In addition, we utilize Java Card 3 technology as an independent secure web-server which is connected directly to network in order to send/receive HTTP(S) requests using high-speed interfaces. This technology brings about independence from utilizing any trusted device at voter-side and provides end-to-end security. Finally, an implementation of ESIV is presented and ESIV security features are evaluated.     

基于半信任模型的无收据的电子投票

利用同态EIGamal加密、门限EIGamal加密和同指数知识证明等技术,给出了一种无收据的电子投票方案．该方案同时保证了选票的秘密性、广义可验证性和公平性．与以前协议不同的是,所提的方案基于半信任模型,即投票者不必无条件地信任所谓的“可信赖第三方”．文中首先给出了“半信任”的定义,然后证明了所提方案在半信任模型下该方案仍然满足无收据性,从而防止了选举中的“选票买卖”、“强迫选举”等犯罪行为．     

融合可链接环签密的智能合约电子投票协议

电子投票与传统投票方式相比更具经济性,但存在安全性论证不够严谨、运行时间长、计算消耗较大等问题。提出融合可链接环签密的智能合约电子投票协议,分别设计投票、秘密份额上传、计票等阶段的算法,在投票阶段基于椭圆曲线离散对数问题生成选票的可链接环签密,并在一个逻辑步骤内实现加密和签名,以确保投票的公正性、机密性和可验证性,避免重复投票情况的发生,从总体上降低协议运行时间和计算消耗的gas。此外,详细分析协议的安全性,基于椭圆曲线上的离散对数问题证明选票环签密的不可伪造性。使用truffle框架将智能合约部署到本地以太坊私有网络上,并通过挖矿以确认交易完成。实验结果表明,与Lyu协议相比,该协议节省了约10⁷ Gwei的计算消耗以及450 ms左右的运行时间。