Thomas Zacharias

Delegatable pseudorandom functions and applications

We put forth the problem of delegating the evaluation of a pseudorandom function (PRF) to an untrusted proxy and introduce a novel cryptographic primitive called delegatable pseudorandom functions, or DPRFs for short: A DPRF enables a proxy to evaluate a pseudorandom function on a strict subset of its domain using a trapdoor derived from the DPRF secret key. The trapdoor is constructed with respect to a certain policy predicate that determines the subset of input values which the proxy is allowed to compute. The main challenge in constructing DPRFs is to achieve bandwidth efficiency (which mandates that the trapdoor is smaller than the precomputed sequence of the PRF values conforming to the predicate), while maintaining the pseudorandomness of unknown values against an attacker that adaptively controls the proxy. A DPRF may be optionally equipped with an additional property we call policy privacy, where any two delegation predicates remain indistinguishable in the view of a DPRF-querying proxy: achieving this raises new design challenges as policy privacy and bandwidth efficiency are seemingly conflicting goals. For the important class of policy predicates described as (1-dimensional) ranges, we devise two DPRF constructions and rigorously prove their security. Built upon the well-known tree-based GGM PRF family, our constructions are generic and feature only logarithmic delegation size in the number of values conforming to the policy predicate. At only a constant-factor efficiency reduction, we show that our second construction is also policy private. Finally, we describe that their new security and efficiency properties render our DPRF schemes particularly useful in numerous security applications, including RFID, symmetric searchable encryption, and broadcast encryption.

End-to-End Verifiable Elections in the Standard Model

We present the cryptographic implementation of “DEMOS”, a new e-voting system that is end-to-end verifiable in the standard model, i.e., without any additional “setup” assumption or access to a random oracle (RO). Previously known end-to-end verifiable e-voting systems required such additional assumptions (specifically, either the existence of a “randomness beacon” or were only shown secure in the RO model). In order to analyze our scheme, we also provide a modeling of end-to-end verifiability as well as privacy and receipt-freeness that encompasses previous definitions in the form of two concise attack games.

D-DEMOS: A Distributed, End-to-End Verifiable, Internet Voting System

E-voting systems have emerged as a powerful technology for improving democracy by reducing election cost, increasing voter participation, and even allowing voters to directly verify the entire election procedure. Prior internet voting systems have single points of failure, which may result in the compromise of availability, voter secrecy, or integrity of the election results. In this paper, we present the design, implementation, security analysis, and evaluation of D-DEMOS, a complete e-voting system that is distributed, privacy-preserving and end-to-end verifiable. Our system includes a fully asynchronous vote collection subsystem that provides immediate assurance to the voter her vote was recorded as cast, without requiring cryptographic operations on behalf of the voter. We also include a distributed, replicated and fault-tolerant Bulletin Board component, that stores all necessary election-related information, and allows any party to read and verify the complete election process. Finally, we also incorporate trustees, i.e., individuals who control election result production while guaranteeing privacy and end-to-end-verifiability as long as their strong majority is honest. Our system is the first e-voting system whose voting operation is human verifiable, i.e., a voter can vote over the web, even when her web client stack is potentially unsafe, without sacrificing her privacy, and still be assured her vote was recorded as cast. Additionally, a voter can outsource election auditing to third parties, still without sacrificing privacy. Finally, as the number of auditors increases, the probability of election fraud going undetected is diminished exponentially. We provide a model and security analysis of the system. We implement a prototype of the complete system, we measure its performance experimentally, and we demonstrate its ability to handle large-scale elections.

On the Necessity of Auditing for Election Privacy in e-Voting Systems

The importance of voter auditing in order to ensure election integrity has been extensively studied in the e-voting literature. On the other hand, the necessity of auditing to protect voter privacy in an e-voting system has been mostly overlooked. In this work, we investigate election privacy issues that appear in the state-of-the-art implementations of e-voting systems that apply threshold public key encryption (TPKE) in the client like Helios and use a bulletin board (BB). More specifically, we show that without PKI support or -more generally- authenticated BB “append” operations, such systems are vulnerable to attacks where the malicious election server can act as a man-in-the-middle between the election trustees and the voters, hence it can learn how the voters have voted. We suggest compulsory trustee auditing as countermeasure for this type of man-in-the-middle attacks. Furthermore, we propose a list of guidelines to avoid some common, subtle, yet important problems that may appear during the implementation of any TPKE-based e-voting system.

Pressing the button for European elections: verifiable e-voting and public attitudes toward internet voting in Greece

We present the initial set of findings from a pilot experiment that used an Internet-based end-to-end verifiable e-voting system and was held during the European Elections 2014 in Athens, Greece. During the experiment, which took place on May 25th 2014, 747 people voted with our system in special voting stations that were placed outside two main polling places in Athens, Greece. The election mimicked the actual election that was taking place which included a great number of parties. After casting their ballot, voters were invited to complete online a post-election questionnaire that probed their attitudes towards e-voting. In total, 648 questionnaires were collected. We present a description of the experiment and a regression analysis of our results. Our results suggest that acceptance of the e-voting system was particularly high especially among the most educated, the technologically adept but also -somewhat surprisingly- older generations.

On the Security Properties of e-Voting Bulletin Boards

In state-of-the-art e-voting systems, a bulletin board (BB) is a critical component for preserving election integrity and availability. We introduce a framework for the formal security analysis of the BB functionality modeled as a distributed system. Our framework treats a secure BB as a robust public transaction ledger, defined by Garay et al. [Eurocrypt 2015], that additionally supports the generation of receipts for successful posting. Namely, in our model, a secure BB system achieves Persistence and Liveness that can be confirmable, in the sense that any malicious behavior can be detected via a verification mechanism.

A Universally Composable Framework for the Privacy of Email Ecosystems

Email communication is amongst the most prominent online activities, and as such, can put sensitive information at risk. It is thus of high importance that internet email applications are designed in a privacy-aware manner and analyzed under a rigorous threat model. The Snowden revelations (2013) suggest that such a model should feature a global adversary, in light of the observational tools available. Furthermore, the fact that protecting metadata can be of equal importance as protecting the communication context implies that end-to-end encryption may be necessary, but it is not sufficient.

Auditing for privacy in threshold PKE e-voting

Purpose This paper aims to investigate the importance of auditing for election privacy via issues that appear in the state-of-the-art implementations of e-voting systems that apply threshold public key encryption (TPKE) in the client such as Helios and use a bulletin board (BB). Design/methodology/approach Argumentation builds upon a formal description of a typical TPKE-based e-voting system where the election authority (EA) is the central node in a star network topology. The paper points out the weaknesses of the said topology with respect to privacy and analyzes how these weaknesses affect the security of several instances of TPKE-based e-voting systems. Overall, it studies the importance of auditing from a privacy aspect. Findings The paper shows that without public key infrastructure (PKI) support or – more generally – authenticated BB “append” operations, TPKE-based e-voting systems are vulnerable to attacks where the malicious EA can act as a man-in-the-middle between the election trustees and the voters; hence, it can learn how the voters have voted. As a countermeasure for such attacks, this work suggests compulsory trustee auditing. Furthermore, it analyzes how lack of cryptographic proof verification affects the level of privacy that can be provably guaranteed in a typical TPKE e-voting system. Originality/value As opposed to the extensively studied importance of auditing to ensure election integrity, the necessity of auditing to protect privacy in an e-voting system has been mostly overlooked. This paper reveals design weaknesses present in noticeable TPKE-based e-voting systems that can lead to a total breach of voters’ privacy and shows how auditing can be applied for providing strong provable privacy guarantees.

6th International Conference on Electronic Voting: Verifying the Vote, EVOTE 2014, Lochau / Bregenz, Austria, October 29-31, 2014

We present the initial set of findings from a pilot experiment that used an Internet-based end-to-end verifiable e-voting system and was held during the European Elections 2014 in Athens, Greece. During the experiment, which took place on May 25th 2014, 747 people voted with our system in special voting stations that were placed outside two main polling places in Athens, Greece. The election mimicked the actual election that was taking place which included a great number of parties. After casting their ballot, voters were invited to complete online a post-election questionnaire that probed their attitudes towards e-voting. In total, 648 questionnaires were collected. We present a description of the experiment and a regression analysis of our results. Our results suggest that acceptance of the e-voting system was particularly high especially among the most educated, the technologically adept but also -somewhat surprisingly- older generations.

Electronic Voting Systems – From Theory to Implementation

Electronic voting for local, regional and national elections and referenda is developing rapidly at a global scale as an efficient and low cost alternative to conventional methods of voting, with a positive impact on the quality of democratic representation. Still, despite the growing international experience, the harmonization of electronic voting systems with the legal and statutory frameworks poses a number of major legal, social and implementation challenges, subject to the national environment. This paper presents an overview of legal and social aspects of an electronic voting system focusing on the case of Greece.