Browse ORBilu by Open Access
- What it is and what it isn't
- Green Road / Gold Road?
- Ready to Publish. Now What?
- How can I support the OA movement?
- Where can I learn more?
ORBilu is a project developed by
   SoK: Secure E-Voting with Everlasting Privacy; Mueller, Johannes  ; Mosaheb, Rafieh et alin Proceedings on Privacy Enhancing Technologies (PoPETs) (2023) Vote privacy is a fundamental right, which needs to be protected not only during an election, or for a limited time afterwards, but for the foreseeable future. Numerous electronic voting (e-voting ... [more ▼] Vote privacy is a fundamental right, which needs to be protected not only during an election, or for a limited time afterwards, but for the foreseeable future. Numerous electronic voting (e-voting) protocols have been proposed to address this challenge, striving for everlasting privacy. This property guarantees that even computationally unbounded adversaries cannot break privacy of past elections. The broad interest in secure e-voting with everlasting privacy has spawned a large variety of protocols over the last three decades. These protocols differ in many aspects, in particular the precise security properties they aim for, the threat scenarios they consider, and the privacy-preserving techniques they employ. Unfortunately, these differences are often opaque, making analysis and comparison cumbersome. In order to overcome this non-transparent state of affairs, we systematically analyze all e-voting protocols designed to provide everlasting privacy. First, we illustrate the relations and dependencies between all these different protocols. Next, we analyze in depth which protocols do provide secure and efficient approaches to e-voting with everlasting privacy under realistic assumptions, and which ones do not. Eventually, based on our extensive and detailed treatment, we identify which research problems in this field have already been solved, and which ones are still open. Altogether, our work offers a well-founded reference point for conducting research on secure e-voting with everlasting privacy as well as for future-proofing privacy in real-world electronic elections. [less ▲] Detailed reference viewed: 68 (14 UL)Kryvos: Publicly Tally-Hiding Verifiable E-Voting; ; et al in 2022 ACM SIGSAC Conference on Computer and Communications Security (2022) Elections are an important corner stone of democratic processes. In addition to publishing the final result (e.g., the overall winner), elections typically publish the full tally consisting of all ... [more ▼] Elections are an important corner stone of democratic processes. In addition to publishing the final result (e.g., the overall winner), elections typically publish the full tally consisting of all (aggregated) individual votes. This causes several issues, including loss of privacy for both voters and election candidates as well as so-called Italian attacks that allow for easily coercing voters. Several e-voting systems have been proposed to address these issues by hiding (parts of) the tally. This property is called tally-hiding. Existing tally-hiding e-voting systems in the literature aim at hiding (part of) the tally from everyone, including voting authorities, while at the same time offering verifiability, an important and standard feature of modern e-voting systems which allows voters and external observers to check that the published election result indeed corresponds to how voters actually voted. In contrast, real elections often follow a different common practice for hiding the tally: the voting authorities internally compute (and learn) the full tally but publish only the final result (e.g., the winner). This practice, which we coin publicly tally-hiding, indeed solves the aforementioned issues for the public, but currently has to sacrifice verifiability due to a lack of practical systems. In this paper, we close this gap. We formalize the common notion of publicly tally-hiding and propose the first provably secure verifiable e-voting system, called Kryvos, which directly targets publicly tally-hiding elections. We instantiate our system for a wide range of both simple and complex voting methods and various result functions. We provide an extensive evaluation which shows that Kryvos is practical and able to handle a large number of candidates, complex voting methods and result functions. Altogether, Kryvos shows that the concept of publicly tally-hiding offers a new trade-off between privacy and efficiency that is different from all previous tally-hiding systems and which allows for a radically new protocol design resulting in a practical e-voting system. [less ▲] Detailed reference viewed: 12 (0 UL)Verifiable Decryption in the Head; ; Mueller, Johannes et alin ACISP 2022 (2022) In this work we present a new approach to verifiable decryption which converts a 2-party passively secure distributed decryption protocol into a 1-party proof of correct decryption. This leads to an ... [more ▼] In this work we present a new approach to verifiable decryption which converts a 2-party passively secure distributed decryption protocol into a 1-party proof of correct decryption. This leads to an efficient and simple verifiable decryption scheme for lattice-based cryptography, especially for large sets of ciphertexts; it has small size and lightweight computations as we reduce the need of zero-knowledge proofs for each ciphertext. We believe the flexibility of the general technique is interesting and provides attractive trade-offs between complexity and security, in particular for the interactive variant with smaller soundness. Finally, the protocol requires only very simple operations, making it easy to correctly and securely implement in practice. We suggest concrete parameters for our protocol and give a proof of concept implementation, showing that it is highly practical. [less ▲] Detailed reference viewed: 30 (1 UL)How Efficient are Replay Attacks against Vote Privacy? A Formal Quantitative AnalysisMestel, David ; Mueller, Johannes ; in 35th IEEE Computer Security Foundations Symposium (2022) Replay attacks are among the most well-known attacks against vote privacy. Many e-voting systems have been proven vulnerable to replay attacks, including systems like Helios that are used in real ... [more ▼] Replay attacks are among the most well-known attacks against vote privacy. Many e-voting systems have been proven vulnerable to replay attacks, including systems like Helios that are used in real practical elections. Despite their popularity, it is commonly believed that replay attacks are inefficient but the actual threat that they pose to vote privacy has never been studied formally. Therefore, in this paper, we precisely analyze for the first time how efficient replay attacks really are. We study this question from commonly used and complementary perspectives on vote privacy, showing as an independent contribution that a simple extension of a popular game-based privacy definition corresponds to a strong entropy-based notion. Our results demonstrate that replay attacks can be devastating for a voter's privacy even when an adversary's resources are very limited. We illustrate our formal findings by applying them to a number of real-world elections, showing that a modest number of replays can result in significant privacy loss. Overall, our work reveals that, contrary to a common belief, replay attacks can be very efficient and must therefore be considered a serious threat. [less ▲] Detailed reference viewed: 75 (3 UL)Breaking and Fixing Vote Privacy of the Estonian E-Voting Protocol IVXVMueller, Johannes in Workshop on Advances in Secure Electronic Voting 2022 (2022) We revisit the e-voting protocol IVXV that is used for legally-binding political elections in Estonia from a privacy perspective. We demonstrate that IVXV is vulnerable to attacks against vote privacy in ... [more ▼] We revisit the e-voting protocol IVXV that is used for legally-binding political elections in Estonia from a privacy perspective. We demonstrate that IVXV is vulnerable to attacks against vote privacy in those threat scenarios that were considered for IVXV originally. We explain how to improve IVXV so that it protects against the privacy issues we discovered. [less ▲] Detailed reference viewed: 99 (1 UL)A Novel Proof of Shuffle: Exponentially Secure Cut-and-Choose; Mueller, Johannes in Information Security and Privacy - 26th Australasian Conference, ACISP 2021, Virtual Event, December 1-3, 2021, Proceedings (2021) Detailed reference viewed: 44 (0 UL)Epoque: Practical End-to-End Verifiable Post-Quantum-Secure E-Voting; ; Mueller, Johannes in IEEE European Symposium on Security and Privacy, EuroS&P 2021, Vienna, Austria, September 6-10, 2021 (2021) Detailed reference viewed: 41 (2 UL)Optimal Randomized Partial Checking for Decryption Mix Nets; Mueller, Johannes in Information Security and Privacy - 26th Australasian Conference, ACISP 2021, Virtual Event, December 1-3, 2021, Proceedings (2021) Detailed reference viewed: 41 (0 UL)A Verifiable and Practical Lattice-Based Decryption Mix Net with External Auditing; ; Mueller, Johannes in Computer Security - ESORICS 2020 - 25th European Symposium on Research in Computer Security, ESORICS 2020, Guildford, UK, September 14-18, 2020, Proceedings, Part II (2020) Detailed reference viewed: 59 (3 UL)Post-Quantum Anonymous Veto Networks; ; Mueller, Johannes et alin E-Vote-ID 2020 (2020) Detailed reference viewed: 91 (4 UL)SoK: Techniques for Verifiable Mix NetsMueller, Johannes in Haines, Thomas; Mueller, Johannes (Eds.) IEEE Computer Security Foundations Symposium (2020) Detailed reference viewed: 57 (5 UL)Ordinos: A Verifiable Tally-Hiding E-Voting SystemMueller, Johannes in Küsters, Ralf; Liedtke, Julian; Mueller, Johannes (Eds.) et al IEEE European Symposium on Security and Privacy (2020) Detailed reference viewed: 49 (1 UL) |
||
