References of "Mueller, Johannes 50035120"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailScalable Coercion-Resistant E-Voting under Weaker Trust Assumptions
Haines, Thomas; Mueller, Johannes UL; Querejeta-Azurmendi, Inigo

in Proceedings of ACM SAC Conference (SAC'23) (2023)

Electronic voting (e-voting) is regularly used in many countries and organizations for legally binding elections. In order to conduct such elections securely, numerous e-voting systems have been proposed ... [more ▼]

Electronic voting (e-voting) is regularly used in many countries and organizations for legally binding elections. In order to conduct such elections securely, numerous e-voting systems have been proposed over the last few decades. Notably, some of these systems were designed to provide coercion-resistance. This property protects against potential adversaries trying to swing an election by coercing voters. Despite the multitude of existing coercion-resistant e-voting systems, to date, only few of them can handle large-scale Internet elections efficiently. One of these systems, VoteAgain (USENIX Security 2020), was originally claimed secure under similar trust assumptions to state-of-the-art e-voting systems without coercion-resistance. In this work, we review VoteAgain's security properties. We discover that, unlike originally claimed, VoteAgain is no more secure than a trivial voting system with a completely trusted election authority. In order to mitigate this issue, we propose a variant of VoteAgain which effectively mitigates trust on the election authorities and, at the same time, preserves VoteAgain's usability and efficiency. Altogether, our findings bring the state of science one step closer to the goal of scalable coercion-resistant e-voting being secure under reasonable trust assumptions. [less ▲]

Detailed reference viewed: 45 (2 UL)
Full Text
Peer Reviewed
See detailSoK: Secure E-Voting with Everlasting Privacy
Haines, Thomas; Mueller, Johannes UL; Mosaheb, Rafieh UL et al

in Proceedings on Privacy Enhancing Technologies (PoPETs) (2023)

Vote privacy is a fundamental right, which needs to be protected not only during an election, or for a limited time afterwards, but for the foreseeable future. Numerous electronic voting (e-voting ... [more ▼]

Vote privacy is a fundamental right, which needs to be protected not only during an election, or for a limited time afterwards, but for the foreseeable future. Numerous electronic voting (e-voting) protocols have been proposed to address this challenge, striving for everlasting privacy. This property guarantees that even computationally unbounded adversaries cannot break privacy of past elections. The broad interest in secure e-voting with everlasting privacy has spawned a large variety of protocols over the last three decades. These protocols differ in many aspects, in particular the precise security properties they aim for, the threat scenarios they consider, and the privacy-preserving techniques they employ. Unfortunately, these differences are often opaque, making analysis and comparison cumbersome. In order to overcome this non-transparent state of affairs, we systematically analyze all e-voting protocols designed to provide everlasting privacy. First, we illustrate the relations and dependencies between all these different protocols. Next, we analyze in depth which protocols do provide secure and efficient approaches to e-voting with everlasting privacy under realistic assumptions, and which ones do not. Eventually, based on our extensive and detailed treatment, we identify which research problems in this field have already been solved, and which ones are still open. Altogether, our work offers a well-founded reference point for conducting research on secure e-voting with everlasting privacy as well as for future-proofing privacy in real-world electronic elections. [less ▲]

Detailed reference viewed: 175 (23 UL)
Full Text
Peer Reviewed
See detailVerifiable Decryption in the Head
Gjosteen, Kristian; Haines, Thomas; Mueller, Johannes UL et al

in ACISP 2022 (2022)

In this work we present a new approach to verifiable decryption which converts a 2-party passively secure distributed decryption protocol into a 1-party proof of correct decryption. This leads to an ... [more ▼]

In this work we present a new approach to verifiable decryption which converts a 2-party passively secure distributed decryption protocol into a 1-party proof of correct decryption. This leads to an efficient and simple verifiable decryption scheme for lattice-based cryptography, especially for large sets of ciphertexts; it has small size and lightweight computations as we reduce the need of zero-knowledge proofs for each ciphertext. We believe the flexibility of the general technique is interesting and provides attractive trade-offs between complexity and security, in particular for the interactive variant with smaller soundness. Finally, the protocol requires only very simple operations, making it easy to correctly and securely implement in practice. We suggest concrete parameters for our protocol and give a proof of concept implementation, showing that it is highly practical. [less ▲]

Detailed reference viewed: 43 (1 UL)
Full Text
Peer Reviewed
See detailHow Efficient are Replay Attacks against Vote Privacy? A Formal Quantitative Analysis
Mestel, David UL; Mueller, Johannes UL; Reisert, Pascal

in 35th IEEE Computer Security Foundations Symposium (2022)

Replay attacks are among the most well-known attacks against vote privacy. Many e-voting systems have been proven vulnerable to replay attacks, including systems like Helios that are used in real ... [more ▼]

Replay attacks are among the most well-known attacks against vote privacy. Many e-voting systems have been proven vulnerable to replay attacks, including systems like Helios that are used in real practical elections. Despite their popularity, it is commonly believed that replay attacks are inefficient but the actual threat that they pose to vote privacy has never been studied formally. Therefore, in this paper, we precisely analyze for the first time how efficient replay attacks really are. We study this question from commonly used and complementary perspectives on vote privacy, showing as an independent contribution that a simple extension of a popular game-based privacy definition corresponds to a strong entropy-based notion. Our results demonstrate that replay attacks can be devastating for a voter's privacy even when an adversary's resources are very limited. We illustrate our formal findings by applying them to a number of real-world elections, showing that a modest number of replays can result in significant privacy loss. Overall, our work reveals that, contrary to a common belief, replay attacks can be very efficient and must therefore be considered a serious threat. [less ▲]

Detailed reference viewed: 91 (3 UL)
Full Text
Peer Reviewed
See detailBreaking and Fixing Vote Privacy of the Estonian E-Voting Protocol IVXV
Mueller, Johannes UL

in Workshop on Advances in Secure Electronic Voting 2022 (2022)

We revisit the e-voting protocol IVXV that is used for legally-binding political elections in Estonia from a privacy perspective. We demonstrate that IVXV is vulnerable to attacks against vote privacy in ... [more ▼]

We revisit the e-voting protocol IVXV that is used for legally-binding political elections in Estonia from a privacy perspective. We demonstrate that IVXV is vulnerable to attacks against vote privacy in those threat scenarios that were considered for IVXV originally. We explain how to improve IVXV so that it protects against the privacy issues we discovered. [less ▲]

Detailed reference viewed: 150 (3 UL)
Full Text
Peer Reviewed
See detailKryvos: Publicly Tally-Hiding Verifiable E-Voting
Huber, Nicolas; Kuesters, Ralf; Krips, Toomas et al

in 2022 ACM SIGSAC Conference on Computer and Communications Security (2022)

Elections are an important corner stone of democratic processes. In addition to publishing the final result (e.g., the overall winner), elections typically publish the full tally consisting of all ... [more ▼]

Elections are an important corner stone of democratic processes. In addition to publishing the final result (e.g., the overall winner), elections typically publish the full tally consisting of all (aggregated) individual votes. This causes several issues, including loss of privacy for both voters and election candidates as well as so-called Italian attacks that allow for easily coercing voters. Several e-voting systems have been proposed to address these issues by hiding (parts of) the tally. This property is called tally-hiding. Existing tally-hiding e-voting systems in the literature aim at hiding (part of) the tally from everyone, including voting authorities, while at the same time offering verifiability, an important and standard feature of modern e-voting systems which allows voters and external observers to check that the published election result indeed corresponds to how voters actually voted. In contrast, real elections often follow a different common practice for hiding the tally: the voting authorities internally compute (and learn) the full tally but publish only the final result (e.g., the winner). This practice, which we coin publicly tally-hiding, indeed solves the aforementioned issues for the public, but currently has to sacrifice verifiability due to a lack of practical systems. In this paper, we close this gap. We formalize the common notion of publicly tally-hiding and propose the first provably secure verifiable e-voting system, called Kryvos, which directly targets publicly tally-hiding elections. We instantiate our system for a wide range of both simple and complex voting methods and various result functions. We provide an extensive evaluation which shows that Kryvos is practical and able to handle a large number of candidates, complex voting methods and result functions. Altogether, Kryvos shows that the concept of publicly tally-hiding offers a new trade-off between privacy and efficiency that is different from all previous tally-hiding systems and which allows for a radically new protocol design resulting in a practical e-voting system. [less ▲]

Detailed reference viewed: 19 (1 UL)
Full Text
Peer Reviewed
See detailOptimal Randomized Partial Checking for Decryption Mix Nets
Haines, Thomas; Mueller, Johannes UL

in Information Security and Privacy - 26th Australasian Conference, ACISP 2021, Virtual Event, December 1-3, 2021, Proceedings (2021)

Detailed reference viewed: 48 (0 UL)
Full Text
Peer Reviewed
See detailEpoque: Practical End-to-End Verifiable Post-Quantum-Secure E-Voting
Boyen, Xavier; Haines, Thomas; Mueller, Johannes UL

in IEEE European Symposium on Security and Privacy, EuroS&P 2021, Vienna, Austria, September 6-10, 2021 (2021)

Detailed reference viewed: 53 (3 UL)
Full Text
Peer Reviewed
See detailA Novel Proof of Shuffle: Exponentially Secure Cut-and-Choose
Haines, Thomas; Mueller, Johannes UL

in Information Security and Privacy - 26th Australasian Conference, ACISP 2021, Virtual Event, December 1-3, 2021, Proceedings (2021)

Detailed reference viewed: 51 (0 UL)
Full Text
Peer Reviewed
See detailA Verifiable and Practical Lattice-Based Decryption Mix Net with External Auditing
Boyen, Xavier; Haines, Thomas; Mueller, Johannes UL

in Computer Security - ESORICS 2020 - 25th European Symposium on Research in Computer Security, ESORICS 2020, Guildford, UK, September 14-18, 2020, Proceedings, Part II (2020)

Detailed reference viewed: 74 (6 UL)
Full Text
Peer Reviewed
See detailPost-Quantum Anonymous Veto Networks
Ding, Jintai; Emery, Doug; Mueller, Johannes UL et al

in E-Vote-ID 2020 (2020)

Detailed reference viewed: 105 (4 UL)
Full Text
Peer Reviewed
See detailSoK: Techniques for Verifiable Mix Nets
Mueller, Johannes UL

in Haines, Thomas; Mueller, Johannes (Eds.) IEEE Computer Security Foundations Symposium (2020)

Detailed reference viewed: 67 (8 UL)
Full Text
Peer Reviewed
See detailOrdinos: A Verifiable Tally-Hiding E-Voting System
Mueller, Johannes UL

in Küsters, Ralf; Liedtke, Julian; Mueller, Johannes (Eds.) et al IEEE European Symposium on Security and Privacy (2020)

Detailed reference viewed: 58 (1 UL)