Workshop on Electronic voting
Independent verifier for Mixnet
Fall
2011
Lecturer: Amnon
Ta-Shma.
T.A.: Tomer Hasid,
tomer.hasid@gmail.com
Lecture Hours: Wednesdays,
10:10-12:00. Location: Orenstein 102
** From now on we will meet the groups separately.
Unless otherwise stated, we will NOT meet on Wedensdays.
**
Date |
|
2.11.11 16.11.11 |
Background – Electronic Voting,
Crypto. Detailed description: DLOG, ElGamal
encryption, Zero-knowledge
proofs. High-level description of other important
crypto primitives: digital signatures, symmetric encryption, Mix-nets. Wombat, Mixnet Projects description. How to design an
independent verifier to Verificatum? |
16.11.11- 18.11.11 |
·
Send us E-mail telling us which team you are(and let us know if you still don't have one). |
20.11.11-26.11.11 |
·
Each person should read the project
description. ·
Set up a team meeting: Try to understand together
the parts that are less clear to you in the document and plan your work on
the design. |
27.11.11-13.12.11 |
·
Write the design specification - What
should be in your design specification? ·
Set up meetings with us or send E-mails if
you need help. |
14.12.11-19.12.11 |
·
Design approval (and design fixes if needed). |
20.12.11- 25.1.12 |
·
Implementing and testing. |
Mixnet
Verification |
4
students, further divided into specific tasks |
|
Wombat-
Ballot Verification using Mobile Phones (2 groups of 3-4 students) |
1
student |
Improving the GUI of last year project:
Given an audit ballot, scan it and verify
its correctness using android. Alternatively, write such an application for iphone (2 students). |
·
Verificatum
o
Verificatum
– a mixnet system
o
Slides
o
How to design an
independent verifier to Verificatum?
o
How
to install Verificatum? Install
scripts
·
General background on basic cryptographic
primitives.
o
Niko’s lecture
notes.
o
Great
summary of the main primitives we use (written by Tomer
Levinboim).
o
Number theory background: http://shoup.net/ntb/
o
Amos Fiat and Adi
Shamir: How to prove
yourself: practical solutions to identification and signatures problems.
o
Ben Riva's thesis.
·
General background on e-voting.
o
Links to some US
newspaper articles and other
sources of information.
·
Wombat
o
Wombat
home page
o
An android
application for verifying Wombat ballots.
(answers by Oded Schwartz and Ben Riva):
Q1 |
Should
we describe the ZKP needed in our project? |
|
Yes. |
Q2 |
What
is the coverage of the design (e.g. how many pages are expected?) |
|
The
design should be such that it is clear to us (and to you) what you are going to
do. It should be only a few pages long, but it should contain, for each part
of your project: - A
description of the interface (UI and/or software interface, whichever is
relevant). |
Q3 |
How do
we know for sure on which elements one may trust (e.g,
maybe the public board show a copy of your vote, then
later changes it to something else)? |
|
Actually
you don't. You should write in your design a short section describing the
trust issue (i.e, what one has to trust so that we
know the system works properly). |
Q4 |
How do
we do a non-interactive ZKP? |
|
The
method we use is called Fiat-Shamir heuristic (or method) because it is not
proven (see link above). In their paper they presented a signature protocol
which uses it, and on the way, they present the novel idea of using hash
function instead of a challenge. That is why this paper is cited in every
paper which use this method (even though it doesn't
generally talk about Non-Interactive-ZKP). |
Q5 |
Which
hash should we use in practice for the non-interactive ZK signature? |
|
I don't
think it really matters which hash you use. I basically like MD5 (Pseudocode and nice info at
http://en.wikipedia.org/wiki/MD5). Also, you can google
"md5 implementation" and find it implemented in any language. SHA-1
is also good (again, wiki is a good start
http://en.wikipedia.org/wiki/SHA-1). Moreover,
There are many implementations of other methods like in http://www.partow.net/programming/hashfunctions/ You
just need to choose and google a little. |
Q6 |
How
can we generate a large prime with the respective generator? |
|
Finding
general large primes and generators is not an easy task, but, finding a
specific kind is an easier problem. Usually
we use p = 2q + 1 as our primes (where p,q are
primes), and then we can find a generator by: while
1 choose
a random number x if x^2
!= 1 (mod p) and x^q != 1 (mod p) return
x See,
for example, slides 5-6 at: http://www.pinkas.net/teaching/itc/2005/lectures/lecture6.pdf |
Q8 |
We
have problems finding libraries which support large numbers on the one hand,
and UI on the other hand, and can be easily compiled together. |
|
A few
suggestions: For
C/C++ programs, you may want to use the GMP library. Unfortunately,
it doesn't compile all that well with MSVC (it is possible, but really it's a
lot easier to use on linux/unix
systems). To
make the UI programming easier, You may use a web-based solution: the UI is
programmed in PHP. PHP has modules for GMP and MySQL
databases, and it's very easy to learn (especially if you already know C or
Java). The only glaring omission is secure random number generation. If you
run the webserver on linux,
you can bypass that by reading from /dev/random
or /dev/urandom. You can see an example
server at where there
is also a link to the source code. Other suggestions are Crypto++ and MIRACL.
You may also search for “big integers” on google. |