Results 11 
16 of
16
Constructing secret, verifiable auction schemes from election schemes
, 2015
"... Auctions and elections are seemingly disjoint research fields. Nevertheless, we observe that similar cryptographic primitives are used in both fields. For instance, mixnets, homomorphic encryption, and trapdoor bitcommitments, have been used by stateoftheart schemes in both fields. These develo ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Auctions and elections are seemingly disjoint research fields. Nevertheless, we observe that similar cryptographic primitives are used in both fields. For instance, mixnets, homomorphic encryption, and trapdoor bitcommitments, have been used by stateoftheart schemes in both fields. These developments have appeared independently. For example, the adoption of mixnets in elections preceded a similar adoption in auctions by over two decades. In this paper, we demonstrate a relation between auctions and elections: we present a generic construction for auctions from election schemes. Moreover, we show that the construction guarantees secrecy and verifiability, assuming the underlying election scheme satisfies secrecy and verifiability. We demonstrate the applicability of our work by deriving an auction scheme from the Helios election scheme. Our results inaugurate the unification of auctions and elections, thereby facilitating the advancement of both fields.
Election Verifiability: Cryptographic Definitions and an Analysis of Helios and JCJ
, 2015
"... Definitions of election verifiability in the computational model of cryptography are proposed. The definitions formalize notions of voters verifying their own votes, auditors verifying the tally of votes, and auditors verifying that only eligible voters vote. The Helios (Adida et al., 2009) and JCJ ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Definitions of election verifiability in the computational model of cryptography are proposed. The definitions formalize notions of voters verifying their own votes, auditors verifying the tally of votes, and auditors verifying that only eligible voters vote. The Helios (Adida et al., 2009) and JCJ (Juels et al., 2010) election schemes are analyzed using these definitions. Helios 4.0 satisfies the definitions, but Helios 2.0 does not because of previously known attacks. JCJ does not satisfy the definitions because of a trust assumption it makes, but it does satisfy a weakened definition. Two previous definitions of verifiability (Juels et al., 2010; Cortier et al., 2014) are shown to permit election schemes vulnerable to attacks, whereas the new definitions prohibit those schemes.
unknown title
"... Abstract. It is well known that any encryption scheme which supports any form of homomorphic operation cannot be secure against adaptive chosen ciphertext attacks. The question then arises as to what is the most stringent security definition which is achievable by homomorphic encryption schemes. Pri ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. It is well known that any encryption scheme which supports any form of homomorphic operation cannot be secure against adaptive chosen ciphertext attacks. The question then arises as to what is the most stringent security definition which is achievable by homomorphic encryption schemes. Prior work has shown that various schemes which support a single homomorphic encryption scheme can be shown to be INDCCA1, i.e. secure against lunchtime attacks. In this paper we extend this analysis to the recent fully homomorphic encryption scheme proposed by Gentry, as refined by Gentry, Halevi, Smart and Vercauteren. We show that the basic Gentry scheme is not INDCCA1; indeed a trivial lunchtime attack allows one to recover the secret key. We then show that a minor modification to the variant of the somewhat homomorphic encryption scheme of Smart and Vercauteren will allow one to achieve INDCCA1, indeed PA1, in the standard model assuming a lattice based knowledge assumption. We also examine the security of the scheme against another security notion, namely security in the presence of ciphertext validity checking oracles; and show why CCAlike notions are important in applications in which multiple parties submit encrypted data to the “cloud ” for secure processing. 1
Secrecy and independence for election schemes
, 2015
"... We study ballot secrecy and ballot independence for election schemes. First, we propose a definition of ballot secrecy as an indistinguishability game in the computational model of cryptography. Our definition builds upon and strengthens earlier definitions to ensure that ballot secrecy is preserved ..."
Abstract
 Add to MetaCart
We study ballot secrecy and ballot independence for election schemes. First, we propose a definition of ballot secrecy as an indistinguishability game in the computational model of cryptography. Our definition builds upon and strengthens earlier definitions to ensure that ballot secrecy is preserved in the presence of an adversary that controls the bulletin board and communication channel. Secondly, we propose a definition of ballot independence as a straightforward adaptation of a nonmalleability definition for asymmetric encryption. We also provide a simpler, equivalent definition as an indistinguishability game. Thirdly, we prove that ballot independence is necessary in election schemes satisfying ballot secrecy. Finally, we demonstrate the applicability of our results by analysing Helios. Our analysis identifies a new attack against Helios, which enables an adversary to determine if a voter did not vote for the adversary’s chosen candidate. The attack requires the adversary to control the bulletin board or communication channel, thus, it could not have been detected by earlier definitions of ballot secrecy.
Ceremonies for EndtoEnd Verifiable Elections
, 2015
"... Stateoftheart evoting systems rely on voters to perform certain actions to ensure that the election authorities are not manipulating the election result. This socalled “endtoend (E2E) verifiability ” is the hallmark of current evoting protocols; nevertheless, thorough analysis of current sys ..."
Abstract
 Add to MetaCart
Stateoftheart evoting systems rely on voters to perform certain actions to ensure that the election authorities are not manipulating the election result. This socalled “endtoend (E2E) verifiability ” is the hallmark of current evoting protocols; nevertheless, thorough analysis of current systems is still far from being complete. In this work, we initiate the study of evoting protocols as ceremonies. A ceremony, as introduced by Ellison [Ell07], is an extension of the notion of a protocol that includes human participants as separate nodes of the system that should be taken into account when performing the security analysis. We propose a model for secure evoting ceremonies that centers on the two properties of endtoend verifiability and privacy/receiptfreeness and allows the consideration of arbitrary behavioral distributions for the human participants. We then analyze the Helios system as an evoting ceremony. Security in the evoting ceremony model requires the specification of a class of human behaviors with respect to which the security properties can be preserved. We show how endtoend verifiability is sensitive to human behavior in the protocol by characterizing the set of behaviors under
Proving Prêt a ̀ Voter Receipt Free using Computational Security Models∗
"... Prêt a ̀ Voter is a supervised, endtoend verifiable voting scheme. Informal analyses indicate that, subject to certain assumptions, Prêt a ̀ Voter is receipt free, i.e. a voter has no way to construct a proof to a coercer of how she voted. In this paper we propose a variant of Prêt a ̀ Voter an ..."
Abstract
 Add to MetaCart
(Show Context)
Prêt a ̀ Voter is a supervised, endtoend verifiable voting scheme. Informal analyses indicate that, subject to certain assumptions, Prêt a ̀ Voter is receipt free, i.e. a voter has no way to construct a proof to a coercer of how she voted. In this paper we propose a variant of Prêt a ̀ Voter and prove receipt freeness of this scheme using computational methods. Our proof shows that if there exists an adversary that breaks receipt freeness of the scheme then there exists an adversary that breaks the INDCCA2 security of the NaorYung encryption scheme. We propose a security model that defines receipt freeness based on the indistinguishability of receipts. We show that in order to simulate the game we require an INDCCA2 encryption scheme to create the ballots and receipts. We show that, within our model, a nonmalleable onion is sufficient to guarantee receipt freeness. Most of the existing Prêt a ̀ Voter schemes do not employ INDCCA2 encryption in the construction of the ballots, but they avoid such attacks by various additional mechanisms such as precommitment of ballot material to the bulletin board, digitally signed ballots etc. Our use of the NaorYung transformation provides the INDCCA2 security required. 1