Workshop on Electronic voting
Independent verifier for Mixnet
Fall 2014
Lecturer: Amnon Ta-Shma.
T.A.: Efraim Gelman, efigelman@gmail.com
Lecture Hours: Wednesdays,
10:10-12:00. Location: TBA
** Our first meeting is on Wedensday, 19/2/2014, 10:10 **
Date |
|
19.2.14 5.3.14 12.3.14 |
Background – Electronic Voting,
Crypto. Detailed description: DLOG, ElGamal
encryption, Zero-knowledge
proofs. High-level description of other important
crypto primitives: digital signatures, symmetric encryption, Mix-nets. Mixnet Projects description. How to design an independent verifier to
Verificatum? |
19.3.14 |
Send us E-mail telling us which team you
are(and let us know if you still don't have one). |
· Each
person should read the project description. ·
Set up a team meeting: Try to understand
together the parts that are less clear to you in the document and plan your
work on the design. |
|
26.3.14-2.4.14 |
·
Write
the design
specification - What
should be in your design specification? ·
Set
up meetings with us or send E-mails if you need help. |
7.4.14 |
·
Design approval (and design fixes if needed). |
·
Implementing and testing. |
Mixnet
Verification |
4
students, further divided into specific tasks |
·
Verificatum
o
Verificatum
– a mixnet system
o
Slides
o
How to design an
independent verifier to Verificatum?
o
How
to install Verificatum? Install scripts
·
General background on basic cryptographic
primitives.
o
Niko’s lecture notes.
o
Great
summary of the main primitives we use (written by Tomer Levinboim).
o
Number theory background: http://shoup.net/ntb/
o
Amos Fiat and Adi Shamir: How to prove yourself: practical
solutions to identification and signatures problems.
o
Ben Riva's thesis.
·
General background on e-voting.
o
Links to some US
newspaper articles and other
sources of information.
o
Voting system malfunction at the Likud's primaries
.
·
Wombat
o
Wombat
home page
o
An android
application for verifying Wombat ballots.
(answers by Oded Schwartz and Ben Riva):
Q1 |
Should
we describe the ZKP needed in our project? |
|
Yes. |
Q2 |
What
is the coverage of the design (e.g. how many pages are expected?) |
|
The
design should be such that it is clear to us (and to you) what you are going
to do. It should be only a few pages long, but it should contain, for each
part of your project: - A
description of the interface (UI and/or software interface, whichever is
relevant). |
Q3 |
How do
we know for sure on which elements one may trust (e.g, maybe the public board
show a copy of your vote, then later changes it to something else)? |
|
Actually
you don't. You should write in your design a short section describing the
trust issue (i.e, what one has to trust so that we know the system works
properly). |
Q4 |
How do
we do a non-interactive ZKP? |
|
The
method we use is called Fiat-Shamir heuristic (or method) because it is not
proven (see link above). In their paper they presented a signature protocol
which uses it, and on the way, they present the novel idea of using hash
function instead of a challenge. That is why this paper is cited in every
paper which use this method (even though it doesn't generally talk about
Non-Interactive-ZKP). |
Q5 |
Which
hash should we use in practice for the non-interactive ZK signature? |
|
I don't
think it really matters which hash you use. I basically like MD5 (Pseudocode
and nice info at http://en.wikipedia.org/wiki/MD5). Also, you can google
"md5 implementation" and find it implemented in any language. SHA-1
is also good (again, wiki is a good start
http://en.wikipedia.org/wiki/SHA-1). Moreover,
There are many implementations of other methods like in http://www.partow.net/programming/hashfunctions/ You
just need to choose and google a little. |
Q6 |
How
can we generate a large prime with the respective generator? |
|
Finding
general large primes and generators is not an easy task, but, finding a
specific kind is an easier problem. Usually
we use p = 2q + 1 as our primes (where p,q are primes), and then we can find
a generator by: while
1 choose
a random number x if x^2
!= 1 (mod p) and x^q != 1 (mod p) return
x See,
for example, slides 5-6 at: http://www.pinkas.net/teaching/itc/2005/lectures/lecture6.pdf |
Q8 |
We have
problems finding libraries which support large numbers on the one hand, and
UI on the other hand, and can be easily compiled together. |
|
A few
suggestions: For
C/C++ programs, you may want to use the GMP library. Unfortunately,
it doesn't compile all that well with MSVC (it is possible, but really it's a
lot easier to use on linux/unix systems). To
make the UI programming easier, You may use a web-based solution: the UI is
programmed in PHP. PHP has modules for GMP and MySQL databases, and it's very
easy to learn (especially if you already know C or Java). The only glaring
omission is secure random number generation. If you
run the webserver on linux, you can bypass that by reading from /dev/random
or /dev/urandom. You can see an example server at where
there is also a link to the source code. Other suggestions are Crypto++ and
MIRACL. You may also search for “big integers” on google. |