References of "Ryan, Peter 50002965"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailFaster Print on Demand for Prêt à Voter
Culnane, Chris; Heather, James; Joaquim, Rui UL et al

in Journal of Election Technology and Systems (2013), 2(1),

Printing Prêt à Voter ballots on demand is desirable both for convenience and security. It allows a polling station to serve numerous different ballots, and it avoids many problems associated with the ... [more ▼]

Printing Prêt à Voter ballots on demand is desirable both for convenience and security. It allows a polling station to serve numerous different ballots, and it avoids many problems associated with the custody of the printouts. This paper describes a new proposal for printing Prêt à Voter ballots on demand. The emphasis is on computational efficiency suitable for real elections, and on very general ballot types. [less ▲]

Detailed reference viewed: 179 (8 UL)
Full Text
Peer Reviewed
See detailProving Prêt à Voter Receipt Free Using Computational Security Models
Khader, Dalia UL; Ryan, Peter UL; Tang, Qiang UL

in USENIX Journal of Election Technology and Systems (2013), 1(1), 62-81

Pret a Voter is a supervised, end-to-end verifiable voting scheme. Informal analyses indicate that, subject to certain assumptions, Pret a Voter is receipt free, i.e. a voter has no way to construct a ... [more ▼]

Pret a Voter is a supervised, end-to-end verifiable voting scheme. Informal analyses indicate that, subject to certain assumptions, Pret a Voter is receipt free, i.e. a voter has no way to construct a proof to a coercer of how she voted. In this paper we propose a variant of Pret a Voter and prove receipt freeness of this scheme using computational methods. Our proof shows that if there exists an adversary that breaks receipt freeness of the scheme then there exists an adversary that breaks the IND-CCA2 security of the Naor-Yung encryption scheme. We propose a security model that defines receipt freeness based on the indistinguishability of receipts. We show that in order to simulate the game we require an IND-CCA2 encryption scheme to create the ballots and receipts. We show that, within our model, a non-malleable onion is sufficient to guarantee receipt freeness. Most of the existing Pret a Voter schemes do not employ IND-CCA2 encryption in the construction of the ballots, but they avoid such attacks by various additional mechanisms such as pre-commitment of ballot material to the bulletin board, digitally signed ballots etc. Our use of the Naor-Yung transformation provides the IND-CCA2 security required. [less ▲]

Detailed reference viewed: 207 (4 UL)
Full Text
Peer Reviewed
See detailPreventing Coercion in E-Voting: Be Open and Commit
Tabatabaei, Masoud UL; Jamroga, Wojciech UL; Ryan, Peter UL

Scientific Conference (2013, March 17)

Detailed reference viewed: 216 (11 UL)
Full Text
Peer Reviewed
See detailFaster print on demand for Prêt à Voter
Ryan, Peter UL; Teague, Vanessa; Schneider, Steve et al

in USENIX Journal of Election Technology and Systems (JETS) (2013), 2(1),

Printing Pret a Voter ballots on demand is desirable both for convenience and security. It allows a polling station to serve numerous different ballots, and it avoids many problems associated with the ... [more ▼]

Printing Pret a Voter ballots on demand is desirable both for convenience and security. It allows a polling station to serve numerous different ballots, and it avoids many problems associated with the custody of the printouts. This paper describes a new proposal for printing Pret a Voter ballots on demand. The emphasis is on computational efficiency suitable for real elections, and on very general ballot types. [less ▲]

Detailed reference viewed: 51 (0 UL)
Full Text
Peer Reviewed
See detailPrêt à Voter providing everlasting privacy
Ryan, Peter UL; Demirel, Denise; Henning, Maria et al

in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2013)

This paper shows how Prêt à Voter can be adjusted in order to provide everlasting privacy. This is achieved by adapting the ballot generation and anonymisation process, such that only unconditional hiding ... [more ▼]

This paper shows how Prêt à Voter can be adjusted in order to provide everlasting privacy. This is achieved by adapting the ballot generation and anonymisation process, such that only unconditional hiding commitments and zero knowledge proofs are published for verification, thus ensuring privacy towards the public. This paper presents a security analysis carried out in a collaboration between computer scientists and legal researchers. On the technical side it is shown that the modified Prêt à Voter provides verifiability, robustness, and everlasting privacy towards the public. Everlasting privacy towards the authorities can be achieved by implementing several organisational measures. A legal evaluation of these measures demonstrates that the level of privacy achieved would be acceptable under German law. [less ▲]

Detailed reference viewed: 81 (1 UL)
Full Text
Peer Reviewed
See detailCaveat Coercitor: coercion-evidence in electronic voting
Ryan, Peter UL; Grewal, Gurchetan S.; Ryan, Mark D. et al

in 2013 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP) (2013)

The balance between coercion-resistance, election verifiability and usability remains unresolved in remote electronic voting despite significant research over the last few years. We propose a change of ... [more ▼]

The balance between coercion-resistance, election verifiability and usability remains unresolved in remote electronic voting despite significant research over the last few years. We propose a change of perspective, replacing the requirement of coercion-resistance with a new requirement of coercion- evidence: there should be public evidence of the amount of coercion that has taken place during a particular execution of the voting system. We provide a formal definition of coercion-evidence that has two parts. Firstly, there should be a coercion-evidence test that can be performed against the bulletin board to accurately determine the degree of coercion that has taken place in any given run. Secondly, we require coercer independence, that is the ability of the voter to follow the protocol without being detected by the coercer. To show how coercion-evidence can be achieved, we propose a new remote voting scheme, Caveat Coercitor, and we prove that it satisfies coercion-evidence. Moreover, Caveat Coercitor makes weaker trust assumptions than other remote voting systems, such as JCJ/Civitas and Helios, and has better usability properties. [less ▲]

Detailed reference viewed: 57 (0 UL)
Full Text
Peer Reviewed
See detailVerifiable postal voting
Ryan, Peter UL; Benaloh, Josh; Teague, Vanessa

in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2013)

This proposal aims to combine the best properties of paper-based and end-to-end verifiable remote voting systems. Ballots are delivered electronically to voters, who return their votes on paper together ... [more ▼]

This proposal aims to combine the best properties of paper-based and end-to-end verifiable remote voting systems. Ballots are delivered electronically to voters, who return their votes on paper together with some cryptographic information that allows them to verify later that their votes were correctly included and counted. We emphasise the ease of the voter's experience, which is not much harder than basic electronic delivery and postal returns. A typical voter needs only to perform a simple check that the human-readable printout reflects the intended vote. The only extra work is adding some cryptographic information into the same envelope as the human-readable vote. The proposed scheme is not strictly end-to-end verifiable, because it depends on procedural assumptions at the point where the ballots are received. These procedures should be public and could be enforced by a group of observers, but are not publicly verifiable afterwards by observers who were absent at the time. [less ▲]

Detailed reference viewed: 78 (1 UL)
Full Text
Peer Reviewed
See detailEnhancements to prepare-and-measure based QKD protocols
Ryan, Peter UL; Christianson, Bruce

in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2013)

We propose some simple changes to a class of Quantum Key Distribution protocols. The first enhancement ensures early detection of any attempted Man-in-the-Middle attack and results in less leakage of key ... [more ▼]

We propose some simple changes to a class of Quantum Key Distribution protocols. The first enhancement ensures early detection of any attempted Man-in-the-Middle attack and results in less leakage of key material to any eavesdropping attacker. We argue that this version is at least as secure as the original BB'84 scheme, but ensures a closer binding of the key establishment and authentication components of the protocol. Further proposed enhancements lead to a doubling of the key rate, but the security arguments become more delicate. We also touch on the need to enhance the models used to analyze both the classical and quantum aspects of QKD protocols. This is prompted by the observation that existing analyses treat the quantum (key-establishment) and classical (authentication etc) phases separately and then combine them in a simple-minded fashion. [less ▲]

Detailed reference viewed: 70 (1 UL)
Full Text
Peer Reviewed
See detailGeneralized Information Theory for Hints
Ryan, Peter UL; Pouly, Marc; Kohlas, Juerg

in International Journal of Approximate Reasoning (2013), 54(1), 228-251

This paper develops a new uncertainty measure for the theory of hints that complies with the established semantics of statistical information theory and further satisfies all classical requirements for ... [more ▼]

This paper develops a new uncertainty measure for the theory of hints that complies with the established semantics of statistical information theory and further satisfies all classical requirements for such a measure imposed in the literature. The proposed functional decomposes into conversant uncertainty measures and therefore discloses a new interpretation of the latters as well. By abstracting to equivalence classes of hints we transport the new measure to mass functions in Dempster-Shafer theory and analyse its relationship with the aggregate uncertainty, which currently is the only known functional for the Dempster-Shafer theory of evidence that satisfies the same set of properties. Moreover, the perspective of hints reveals that the standard independence notion in Dempster-Shafer theory called non-interactivity corresponds to an amalgamation of probabilistic independence and qualitative independence between frames of discernment. All results in this paper are developed for arbitrary families of compatible frames generalizing the very specialized multi-variate systems that are usually studied in information theory. [less ▲]

Detailed reference viewed: 58 (1 UL)
Full Text
Peer Reviewed
See detailVerifiable Voting Systems
Ryan, Peter UL; Peacock, Thea; Schneider, Steve et al

in Computer and Information Security Handbook (2013)

The introduction of technology into voting systems can bring a number of benefits, such as improving accessibility, remote voting, and efficient, accurate processing of votes. A voting system that uses ... [more ▼]

The introduction of technology into voting systems can bring a number of benefits, such as improving accessibility, remote voting, and efficient, accurate processing of votes. A voting system that uses electronic technology in any part of processing the votes, from vote capture and transfer through to vote tallying, is known as an e-voting system. In addition to the undoubted benefits, the introduction of such technology introduces particular security challenges, some of which are unique to voting systems because of their specific nature and requirements. The key role that voting systems play in democratic elections means that such systems must not only be secure and trustworthy, but must be seen by the electorate to be secure and trustworthy. This chapter emphasizes the challenge to reconcile the secrecy of the ballot, with demonstrable correctness of the result. © 2013 Copyright © 2013 Elsevier Inc. All rights reserved. [less ▲]

Detailed reference viewed: 64 (0 UL)
Full Text
Peer Reviewed
See detailTesting Voters' Understanding of a Security Mechanism Used in Verifiable Voting
Ryan, Peter UL; Schneider, Steve; Xia, Zhe et al

in 53 USENIX Journal of Election Technology and Systems (JETS) (2013), 1(1), 53-61

Proposals for a secure voting technology can involve new mechanisms or procedures designed to provide greater ballot secrecy or verifiability. These mechanisms may be justified on the technical level, but ... [more ▼]

Proposals for a secure voting technology can involve new mechanisms or procedures designed to provide greater ballot secrecy or verifiability. These mechanisms may be justified on the technical level, but researchers and voting officials must also consider how voters will understand these technical details, and how understanding may affect interaction with the voting systems. In the context of verifiable voting, there is an additional impetus for this consideration as voters are provided with an additional choice; whether or not to verify their ballot. It is possible that differences in voter understanding of the voting technology or verification mechanism may drive differences in voter behaviour; particularly at the point of verification. In the event that voter understanding partially explains voter decisions to verify their ballot, then variance in voter understanding will lead to predictable differences in the way voters interact with the voting technology. This paper describes an experiment designed to test voters’ understanding of the ‘split ballot’, a particular mechanism at the heart of the secure voting system Prˆet `a Voter, used to provide both vote secrecy and voter verifiability. We used a controlled laboratory experiment in which voter behaviour in the experiment is dependent on their understanding of the secrecy mechanism for ballots. We found that a two-thirds majority of the participants expressed a confident comprehension of the secrecy of their ballot; indicating an appropriate level of understanding. Among the remaining third of participants, most exhibited a behaviour indicating a comprehension of the security mechanism, but were less confident in their understanding. A small number did not comprehend the system. We discuss the implications of this finding for the deployment of such voting systems. [less ▲]

Detailed reference viewed: 54 (1 UL)
See detailPassword-based Authenticated Key Establishment Protocols
Lancrenon, Jean UL; Khader, Dalia UL; Ryan, Peter UL et al

in Computer And Information Security Handbook (2013)

Detailed reference viewed: 327 (31 UL)
Full Text
Peer Reviewed
See detailUsing Prêt à Voter in Victorian State Elections
Ryan, Peter UL; Schneider, Steve; Peacock, Thea et al

in Electronic Voting Technology Workshop/Workshop on Trustworthy Elections (2012)

The Prêt à Voter cryptographic voting system was designed to be flexible and to offer voters a familiar and easy voting experience. In this paper we present a case study of our efforts to adapt Prêt à ... [more ▼]

The Prêt à Voter cryptographic voting system was designed to be flexible and to offer voters a familiar and easy voting experience. In this paper we present a case study of our efforts to adapt Prêt à Voter to the idiosyncrasies of elections in the Australian state of Victoria. The general background and desired user experience have previously been described; here we concentrate on the cryptographic protocols for dealing with some unusual aspects of Victorian voting. We explain the problems, present solutions, then analyse their security properties and explain how they tie in to other design decisions. We hope this will be an interesting case study on the application of end-to-end verifiable voting protocols to real elections. [less ▲]

Detailed reference viewed: 51 (1 UL)
Full Text
Peer Reviewed
See detailA Fair and Robust Voting System by Broadcast
Khader, Dalia UL; Smyth, Ben; Ryan, Peter UL et al

in Lecture Notes in Informatics (LNI), Proceedings - Series of the Gesellschaft fur Informatik (GI) (2012)

Hao, Ryan, and Zieliński (2010) propose a two-round decentralized voting protocol that is efficient in terms of rounds, computation, and bandwidth. However, the protocol has two drawbacks. First, if some ... [more ▼]

Hao, Ryan, and Zieliński (2010) propose a two-round decentralized voting protocol that is efficient in terms of rounds, computation, and bandwidth. However, the protocol has two drawbacks. First, if some voters abort then the election result cannot be announced, that is, the protocol is not robust. Secondly, the last voter can learn the election result before voting, that is, the protocol is not fair. Both drawbacks are typical of other decentralized e-voting protocols. This paper proposes a recovery round to enable the election result to be announced if voters abort, and we add a commitment round to ensure fairness. In addition, we provide a computational security proof of ballot secrecy. [less ▲]

Detailed reference viewed: 85 (2 UL)
Full Text
Peer Reviewed
See detailA Supervised Verifiable Voting Protocol for the Victorian Electoral Commission
Burton, Craig Burton; Culnane, Chris; Heather, James et al

in EVOTE 2012 (2012)

This paper describes the design of a supervised verifiable voting protocol suitable for use for elections in the state of Victoria, Australia. We provide a brief overview of the style and nature of the ... [more ▼]

This paper describes the design of a supervised verifiable voting protocol suitable for use for elections in the state of Victoria, Australia. We provide a brief overview of the style and nature of the elections held in Victoria and associated challenges. Our protocol, based on Prêt à Voter, presents a new ballot overprinting front-end design, which assists the voter in completing the potentially complex ballot. We also present and analyse a series of modifications to the back-end that will enable it to handle the large number of candidates, 35+ , with ranking single transferable vote (STV), which some Victorian elections require. We conclude with a threat analysis of the scheme and a discussion on the impact of the modifications on the integrity and privacy assumptions of Prêt à Voter. [less ▲]

Detailed reference viewed: 140 (0 UL)
Full Text
Peer Reviewed
See detailForeword from the Programme Chairs-STAST 2012
Ryan, Peter UL; Coles-Kemp, Lizzie

in Socio-Technical Aspects in Security and Trust (STAST), 2012 Workshop on (2012)

This volume comprises the proceedings of the second workshop on Socio-Technical Aspects of Security and Trust (STAST). The diversity of the topics covered in this proceedings reflect the vibrancy of the ... [more ▼]

This volume comprises the proceedings of the second workshop on Socio-Technical Aspects of Security and Trust (STAST). The diversity of the topics covered in this proceedings reflect the vibrancy of the socio-technical research community within information security. Contributions range from HCIoriented research through organizational process design and decision making. Twelve papers were submitted of which six papers were judged to be of high quality accepted for presentation and publication. We should like to offer our thanks for the professionalism of the authors, reviewers, sub-reviewers and the program committee members. All papers were reviewed by at least three reviewers from the program committee, with the help of external reviewers. [less ▲]

Detailed reference viewed: 55 (0 UL)
See detailSTAST 2011 Proc. of the 1st Workshop on Socio-Technical Aspects in Security and Trust
Coles-Kemp, Lizzie; Lenzini, Gabriele UL; Ryan, Peter UL et al

Book published by IEEE (2011)

Detailed reference viewed: 151 (2 UL)
Full Text
Peer Reviewed
See detailA Modular Multi-Modal Specification of Real-Timed, End-To-End Voter-Verifiable Voting Systems
Kramer, Simon UL; Ryan, Peter UL

in 2011 International Workshop on Requirements Engineering for Electronic Voting Systems (REVOTE) (2011)

We propose a modular multi-modal specification of real-timed, end-to-end voter-verifiable voting systems, i.e., a formal but intuitive specification of real-timed voting systems that are accountable (and ... [more ▼]

We propose a modular multi-modal specification of real-timed, end-to-end voter-verifiable voting systems, i.e., a formal but intuitive specification of real-timed voting systems that are accountable (and thus trustworthy) to their users. Our specification is expressed as a single but well-compounded formula in a logical language of temporal, epistemic, and provability modalities. The intuitiveness of the specification is the fruit of its modular and multi-modal form. This means that the specification can be appreciated compound-wise, as a logical conjunction of separate sub-requirements, each of which achieving the ideal of a formal transcription of a suitable natural-language formulation, thanks to powerful descriptive idioms in the form of our multiple modalities. The modular form reduces our proof of the satisfiability (consistency) and thus implementability of the specification to a proof by inspection, and induces the parallelisability of implementation-correctness verifications. The specification also pinpoints the implementation-specific part of particular voting systems, reuses a generic definition of accountability inducing trust in a formal sense, and, last but not least, counter-balances by its implementability some previous results about the contradictory conjunction of certain desirable property pairs of voting systems. So in some sense, ideal voting systems do exist. Our specific formalisation principles are agent correctness, i.e., the behavioural correctness of the voting-system-constituting agents, and data adequacy, i.e., the soundness and (relative) completeness of the voting data processed by the system. [less ▲]

Detailed reference viewed: 60 (2 UL)
Full Text
Peer Reviewed
See detailVersatile Prêt à Voter: Handling Multiple Election Methods with a Unified Interface
Xia, Zhe; Culnane, Chris; Heather, James et al

in Proc. 11th International Conference on Cryptology in India (IndoCrypt'10) (2010)

Detailed reference viewed: 176 (6 UL)
Full Text
Peer Reviewed
See detailSecurity protocols for Secret Santa
Mauw, Sjouke UL; Radomirovic, Sasa UL; Ryan, Peter UL

in Proc. 18th Security Protocols Workshop (2010)

Detailed reference viewed: 95 (3 UL)