Cronus: Everlasting Privacy with Audit and Cast | SpringerLink
Skip to main content
Springer Nature Link
Log in

Cronus: Everlasting Privacy with Audit and Cast

  • Conference paper
  • First Online:
Secure IT Systems (NordSec 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11875))

Included in the following conference series:

  • 1018 Accesses

Abstract

We present a new online voting scheme with everlasting privacy and cast-as-intended verifiability. We follow the so called “audit-and-cast” paradigm where the voter audits the ballot before casting it. To mitigate the ability of this information to harm the voter’s privacy, we provide measures for avoiding coercion by allowing any party to create fake proofs for the content of any vote. We propose an efficient implementation and formally verify its security properties.

The author acknowledges support from the Luxembourg National Research Fund (FNR) and the Research Council of Norway for the joint project SURCVS. Part of this work was completed while the author was working at Polyas GmbH.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 5719
Price includes VAT (Japan)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 7149
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Abe, M., Haralambiev, K., Ohkubo, M.: Group to group commitments do not shrink. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 301–317. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_19

    Chapter  Google Scholar 

  2. Adida, B.: Helios: web-based open-audit voting. In: van Oorschot, P.C. (ed.) USENIX Security Symposium, pp. 335–348. USENIX Association (2008)

    Google Scholar 

  3. Benaloh, J.C., Yung, M.: Distributing the power of a government to enhance the privacy of voters. In: Proceedings of the Fifth Annual ACM Symposium on Principles of Distributed Computing, pp. 52–62. ACM (1986)

    Google Scholar 

  4. Benaloh, J.C., Tuinstra, D.: Receipt-free secret-ballot elections (extended abstract). In: Leighton, F.T., Goodrich, M.T. (eds.) STOC, pp. 544–553. ACM (1994)

    Google Scholar 

  5. Bernhard, D., Cortier, V., Galindo, D., Pereira, O., Warinschi, B.: SoK: a comprehensive analysis of game-based ballot privacy definitions. In: IEEE Symposium on Security and Privacy, pp. 499–516. IEEE Computer Society (2015)

    Google Scholar 

  6. Bernhard, D., Pereira, O., Warinschi, B.: How not to prove yourself: pitfalls of the Fiat-Shamir heuristic and applications to helios. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 626–643. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34961-4_38

    Chapter  Google Scholar 

  7. Chaum, D.: Untraceable mail, return addresses and digital pseudonyms. Commun. ACM 24(2), 84–88 (1981)

    Article  Google Scholar 

  8. Chaum, D.: Security without identification: transaction systems to make big brother obsolete. Commun. ACM 28(10), 1030–1044 (1985)

    Article  Google Scholar 

  9. Chaum, D.: Elections with unconditionally-secret ballots and disruption equivalent to breaking RSA. In: Barstow, D., Brauer, W., Brinch Hansen, P., Gries, D., Luckham, D., Moler, C., Pnueli, A., Seegmüller, G., Stoer, J., Wirth, N., Günther, C.G. (eds.) EUROCRYPT 1988. LNCS, vol. 330, pp. 177–182. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-45961-8_15

    Chapter  Google Scholar 

  10. Chaum, D., et al.: Scantegrity II: end-to-end verifiability for optical scan election systems using invisible ink confirmation codes. In: EVT. USENIX Association (2008)

    Google Scholar 

  11. Cohen, J.D.: Improving privacy in cryptographic elections. Citeseer (1986)

    Google Scholar 

  12. Cohen, J.D., Fischer, M.J.: A robust and verifiable cryptographically secure election scheme. In: FOCS, vol. 85, pp. 372–382 (1985)

    Google Scholar 

  13. Cuvelier, É., Pereira, O., Peters, T.: Election verifiability or ballot privacy: do we need to choose? In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 481–498. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40203-6_27

    Chapter  Google Scholar 

  14. Demirel, D., Van De Graaf, J., Araújo, R.: Improving Helios with everlasting privacy towards the public. In: Proceedings of the 2012s international conference on Electronic Voting Technology/Workshop on Trustworthy Elections, p. 8. USENIX Association (2012)

    Google Scholar 

  15. Escala, A., Guasch, S., Herranz, J., Morillo, P.: Universal cast-as-intended verifiability. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 233–250. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53357-4_16

    Chapter  Google Scholar 

  16. FIPS, P.: 186–4: Federal information processing standards publication. digital signature standard (DSS). Information Technology Laboratory, National Institute of Standards and Technology (NIST), Gaithersburg, MD, 20899–8900 (2013)

    Google Scholar 

  17. Guasch, S., Morillo, P.: How to challenge and cast your e-Vote. In: Grossklags, J., Preneel, B. (eds.) FC 2016. LNCS, vol. 9603, pp. 130–145. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54970-4_8

    Chapter  Google Scholar 

  18. Haines, T., Gritti, C.: Improvements in everlasting privacy: efficient and secure zero knowledge proofs. Cryptology ePrint Archive, Report 2019/901 (2019)

    Google Scholar 

  19. Halderman, J.A., Teague, V.: The new south wales ivote system: security failures and verification flaws in a live online election. In: Haenni, R., Koenig, R.E., Wikström, D. (eds.) VOTELID 2015. LNCS, vol. 9269, pp. 35–53. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22270-7_3

    Chapter  Google Scholar 

  20. Hazay, C., Mikkelsen, G.L., Rabin, T., Toft, T., Nicolosi, A.A.: Efficient RSA key generation and threshold paillier in the two-party setting. J. Cryptol. 32(2), 265–323 (2019)

    Article  MathSciNet  Google Scholar 

  21. Karayumak, F., Olembo, M.M., Kauer, M., Volkamer, M.: Usability analysis of Helios - an open source verifiable remote electronic voting system. In: Shacham, H., Teague, V. (eds.) 2011 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections, EVT/WOTE 2011, San Francisco, CA, USA, 8–9 August 2011. USENIX Association (2011)

    Google Scholar 

  22. Küsters, R., Truderung, T., Vogt, A.: Accountability: definition and relationship to verifiability. In: Al-Shaer, E., Keromytis, A.D., Shmatikov, V. (eds.) Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, Chicago, Illinois, USA, 4–8 October 2010, pp. 526–535. ACM (2010)

    Google Scholar 

  23. Locher, P., Haenni, R., Koenig, R.E.: Coercion-resistant internet voting with everlasting privacy. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 161–175. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53357-4_11

    Chapter  Google Scholar 

  24. Merrit, M.: Cryptographic protocols. Ph.D. thesis (1983)

    Google Scholar 

  25. Moran, T., Naor, M.: Split-ballot voting: Everlasting privacy with distributed trust. ACM Trans. Inf. Syst. Secur. 13(2), 16 (2010)

    Article  Google Scholar 

  26. Nishide, T., Sakurai, K.: Distributed Paillier cryptosystem without trusted dealer. In: Chung, Y., Yung, M. (eds.) WISA 2010. LNCS, vol. 6513, pp. 44–60. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-17955-6_4

    Chapter  Google Scholar 

  27. Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48910-X_16

    Chapter  Google Scholar 

  28. Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992). https://doi.org/10.1007/3-540-46766-1_9

    Chapter  Google Scholar 

  29. Ryan, P.Y.A., Rønne, P.B., Iovino, V.: Selene: voting with transparent verifiability and coercion-mitigation. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 176–192. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53357-4_12

    Chapter  Google Scholar 

  30. Ryan, P.: A variant of the Chaum voter-verifiable scheme. In: Proceedings of the 2005 Workshop on Issues in the Theory of Security, pp. 81–88. ACM (2005)

    Google Scholar 

  31. Springall, D., et al.: Security analysis of the Estonian internet voting system. In: ACM Conference on Computer and Communications Security, pp. 703–715. ACM (2014)

    Google Scholar 

  32. Benaloh, J. Simple verifiable elections. USENIX Association (2006)

    Google Scholar 

  33. Wikström, D.: A commitment-consistent proof of a shuffle. In: Boyd, C., González Nieto, J. (eds.) ACISP 2009. LNCS, vol. 5594, pp. 407–421. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02620-1_28

    Chapter  Google Scholar 

  34. Yang, N., Clark, J.: Practical governmental voting with unconditional integrity and privacy. In: Brenner, M., Rohloff, K., Bonneau, J., Miller, A., Ryan, P.Y.A., Teague, V., Bracciali, A., Sala, M., Pintore, F., Jakobsson, M. (eds.) FC 2017. LNCS, vol. 10323, pp. 434–449. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70278-0_27

    Chapter  Google Scholar 

  35. Cramer, R., Franklin, M., Schoenmakers, B., Yung, M.: Multi-authority secret-ballot elections with linear work. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 72–83. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68339-9_7

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Norwegian University of Science and Technology, Trondheim, Norway

    Thomas Haines

Authors
  1. Thomas Haines
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Thomas Haines .

Editor information

Editors and Affiliations

  1. Aarhus University, Aarhus, Denmark

    Aslan Askarov

  2. Aalborg University, Aalborg, Denmark

    René Rydhof Hansen

  3. IT University of Copenhagen, Copenhagen, Denmark

    Willard Rafnsson

A Sigma protocol for consistent Abe commitments

A Sigma protocol for consistent Abe commitments

We present a sigma protocol which shows that the prover can open two of Abe et al.’s [1] commitments to the same message. Recall that Abe et al.’s commitments are defined over an elliptic curve coupled with a bilinear pairing; we denote the groups of the curve as \(\mathbb {G}_1, \mathbb {G}_2, \mathbb {G}_T\). Given two generators for \(\mathbb {G}_1\) denoted \(G_0\), \(G_1\) and a generator for \(\mathbb {G}_2\) denoted H, a commitment to a message m using randomness r, \(r'\) is a tuple \((H^{r_1}m,G_0^rG_1^{r_1})\).

  • Sigma protocol for consistent commitments. Given a \(\mathbb {G}_1, \mathbb {G}_2, G_0, G_1, H,\) \((c_1,c_2),\) \((c'_1,c'_2)\) the prover shows that they know \((r, r', r_1, r'_1)\) such that \(c_1/c'_1=H^r/H^{r'}\), \(c_2=G_0^rG_1^{r_1}\), and \(c'_2 = G_0^{r'}G_1^{r'_1}\).

    1. 1.

      Prover chooses \((s,s',s_1,s'_1)\) at random and computes \(com_1=H^s/H^{s'}\), \(com_2=G_0^sG_1^{s_1}\), and \(com_3 =G_0^{s'}G_1^{s'_1}\) and returns (\(com_1, com_2, com_3\)).

    2. 2.

      Verifier sends a challenge e chosen at random in \(\mathbb {Z}_{N}\).

    3. 3.

      Prover computes \(t_1 := s+er\), \(t_2 := s'+er'\), \(t_3 := s_1+er_1\), and \(t_4 := s'_1+er'_1\) and sends these to the verifier.

    4. 4.

      The verifier accepts if \(com_1(c_1/c'_1)^e = H^{t_1}/H^{t_2}\) and \(com_2c_2^e = G_0^{t_1}G_1^{t_3}\) and \(com_3{c'}_2^e = G_0^{t_2}G_1^{t_4}\).

The proof is straightforward and we omit it due to lack of space.

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Haines, T. (2019). Cronus: Everlasting Privacy with Audit and Cast. In: Askarov, A., Hansen, R., Rafnsson, W. (eds) Secure IT Systems. NordSec 2019. Lecture Notes in Computer Science(), vol 11875. Springer, Cham. https://doi.org/10.1007/978-3-030-35055-0_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-35055-0_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-35054-3

  • Online ISBN: 978-3-030-35055-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics