Riera and Borrell presentation (FWD)

DEMOREP1 at aol.com DEMOREP1 at aol.com
Tue Mar 16 19:48:26 PST 1999 

Subj:   Re: Riera and Borrell presentation
Date:  Tue, Mar 16, 1999 4:41 PM EDT
From:  lorrie at research.att.com
X-From: lorrie at research.att.com (Lorrie Faith Cranor)
Sender: owner-e-lection at research.att.com
To: e-lection at research.att.com

[A clarification from the author.... Note that this and other 
papers are available from the author's web site at: 
http://www.ccd.uab.es/~andreu/indexenglish.shtml --LFC]

From: "A. Riera" <andreu at abra.uab.es>

Hello, 

I would like to furtherly clarify some of the points of the
report by Tatyana Ryutov on our paper at the NDSS '99:

> "Next was an interesting paper "Practical Approach to Anonymity in
> Large Scale Electronic Voting Schemes" by Andreu Riera and Joan
> Borrell (Universitat Autonoma de Barcelona, Spain). Andreu Riera
> presented.  Their work considered how to implement a realistic large
> scale voting system.  Their scheme is based on cooperation of multiple
> hierarchically arranged electoral authorities. 

The main aim of the paper is to propose a suitable way to integrate
the mix functionality into the design of the voting scheme itself,
thus removing any need for mix-nets. Additional advantages are
achieved. The hierarchical arrangement of voting authorities that
allow to realistically implement a large scale voting system was 
adopted from a previous work:

A.Riera, J.Borrell, J.Rifa. Large Scale Elections by Coordinating
Electoral Colleges. In Proceedings of the IFIP SEC '97 Conference, 
Copenhagen. ISBN 0-412-81780-2, pp. 349-363.

> The advantages of this
> scheme are: single non-anonymous voting session (a widely accepted
> solution is based on two sessions anonymous and non-anonymous) and no
> requirements for external mixes.  

The advantages are:

The fairness requirement is fulfilled since all ballots remain enveloped 
while the voting phase is not completed. The voter casts the desired
ballot 
during a single session established with the ballot collecting
authority. 
If a ballot is removed from the tally, then there is a mechanism by
which 
the authority responsible for the election can identify the attacker. 
Problems of low traffic incoming at any shuffling server disappear, 
because shuffling is performed when all ballots are already cast. The 
system is totally self-contained, and therefore its implementation is 
simplified and any dependency on mix-nets is removed.

> The anonymity is provided by
> shuffling ballot boxes a number of times.  There are restrictions to
> this approach. The proposed scheme can model all commonly accepted
> security requirements, except uncoercibility (inability of voters to
> prove in which way they voted), which require hardware components to
> be added into the scheme.
> 

A practical proposal to solve uncoercibility without sacrificing
mobility
of voters can be found in:

A.Riera, J.Borrell. An uncoercible verifiable electronic voting
protocol.
Proceedings of the IFIP SEC '98 Conference, Vienna-Budapest, 1998. 
ISBN 3-85403-116-5, pp. 206-215.

> "A participant asked if the scheme was implemented. Andreu replied that
> they are working on the protocol.  Someone asked: authentication of
> the voter is required, how privacy is maintained?  Andreu explained
> that authentication of the voter private key is required, to assure
> privacy the blind signature mechanism is used.  

Voters are authenticated by the ballot collecting centres, in order to
preserve the democracy requirement. To assure privacy, we combine blind
signatures with the mix functionality.

> 
> "Another question was: Is this complexity practical for real system?
> Andreu: complexity is inevitable.

I meant that electronic voting schemes are inevitably complex in the
sense 
that many security requirements are involved and they are often
contradictory.
However, another question is the computational complexity. When
designing
voting schemes that have to be implemented, the complexity of the
various
alternative techniques has to influence the choice between them. For
example, blind signatures and the ANDOS protocol have the same effect
when used in a voting schemes. The computational cost of the former is
however much lower than that of the latter.

> Another question was about association between a voter and his vote.
> Andrew pointed out that it was not possible to detect association
> between a voter and his vote."

It is indeed not possible to link a voter to his or her vote, PROVIDED 
that at least one of the shuffling servers implementing the mix 
functionality remains honest and uncompromised. 

Andreu
-----------------------------------------------------------
Andreu Riera Jorba
Dept. Informxtica
Universitat AutUnoma de Barcelona
08193 BELLATERRA (BCN)
Catalonia - Spain

Phone# +34 93 581 1777
Fax#   +34 93 581 3033
E-mail ariera at ccd.uab.es
WWW    http://ccd.uab.es/~andreu

This message was distributed through the e-lection mailing list.
For info and archives see http://www.research.att.com/~lorrie/voting/

More information about the Election-Methods mailing list