Fixing the Achilles Heel of E-Voting: The Bulletin Board
| Autor: | Lucca Hirschi, David Basin, Lara Schmid |
|---|---|
| Přispěvatelé: | Proof techniques for security protocols (PESTO), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Eidgenössische Technische Hochschule - Swiss Federal Institute of Technology [Zürich] (ETH Zürich) |
| Jazyk: | angličtina |
| Rok vydání: | 2021 |
| Předmět: |
Protocol (science)
Electronic voting Computer science Cheating media_common.quotation_subject Probabilistic logic 16. Peace & justice Computer security computer.software_genre Bulletin board [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR] Voting Verifiable secret sharing Bulletin board system computer ComputingMilieux_MISCELLANEOUS media_common |
| Zdroj: | IEEE 34th Computer Security Foundations Symposium (CSF) IEEE 34th Computer Security Foundations Symposium (CSF), Jun 2021, Dubrovnik/Virtual, Croatia. pp.1-17, ⟨10.1109/CSF51468.2021.00016⟩ CSF CSF 2021-34th IEEE Computer Security Foundations Symposium CSF 2021-34th IEEE Computer Security Foundations Symposium, Jun 2021, Dubrovnik/Virtual, Croatia. pp.1-17, ⟨10.1109/CSF51468.2021.00016⟩ |
| Popis: | The results of electronic elections should be verifiable so that any cheating is detected. To support this, many protocols employ an electronic bulletin board (BB) for publishing data that can be read by participants and used for verifiability checks. We demonstrate that the BB is itself a security-critical component that has often been treated too casually in previous designs and analyses. In particular, we present novel attacks on the e-voting protocols Belenios, Civitas, and Helios that violate some of their central security claims under realistic system assumptions. These attacks were outside the scope of prior security analyses as their verifiability notions assume an idealized BB.To enable the analysis of protocols under realistic assumptions about the BB, we introduce a new verifiability definition applicable to arbitrary BBs. We identify a requirement, called final-agreement, and formally prove that it is sufficient and, in most cases, necessary to achieve verifiability. We then propose a BB protocol that satisfies final-agreement under weak, realistic trust assumptions and provide a machine-checked proof thereof. Our protocol can replace existing BBs, enabling verifiability under much weaker trust assumptions. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|