Advertisement

How Not to Use a Privacy-Preserving Computation Platform: Case Study of a Voting Application

  • Jan WillemsonEmail author
Conference paper
  • 119 Downloads
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11980)

Abstract

We present an analysis of a recent proposal by Dang-awan et al. who develop a remote electronic voting protocol based on secure multi-party computation framework Sharemind. Even though Sharemind comes with provable security guarantees and an application development framework, the proposed protocol and its implementation contain a number of flaws making the result insecure. We hope this case study serves as a good educational material for future secure computation application and voting protocol developers.

Keywords

Secure computation Electronic voting Protocol analysis 

Notes

Acknowledgments

The research leading to these results has received funding from the Estonian Research Council under Institutional Research Grant IUT27-1 and the European Regional Development Fund through the Estonian Centre of Excellence in ICT Research (EXCITE) and the grant number EU48684.

References

  1. 1.
    Report of the National Workshop on Internet Voting: Issues and Research Agenda (March 2001), Internet Policy Institute. https://www.verifiedvoting.org/downloads/NSFInternetVotingReport.pdf
  2. 2.
    Archer, D.W., Bogdanov, D., Pinkas, B., Pullonen, P.: Maturity and performance of programmable secure computation. IEEE Secur. Priv. 14(5), 48–56 (2016).  https://doi.org/10.1109/MSP.2016.97CrossRefGoogle Scholar
  3. 3.
    Benaloh, J.C., Fischer, M.J.: A robust and verifiable cryptographically secure election scheme (extended abstract). In: 26th Annual Symposium on Foundations of Computer Science, Portland, Oregon, USA, October 21–23, 1985, pp. 372–382. IEEE Computer Society (1985).  https://doi.org/10.1109/SFCS.1985.2
  4. 4.
    Benaloh, J.C., Yung, M.: Distributing the power of a government to enhance the privacy of voters (extended abstract). In: Halpern, J.Y. (ed.) Proceedings of the Fifth Annual ACM Symposium on Principles of Distributed Computing, Calgary, Alberta, Canada, August 11–13, 1986, pp. 52–62. ACM (1986).  https://doi.org/10.1145/10590.10595
  5. 5.
    del Blanco, D.Y.M., Alonso, L.P., Alonso, J.A.H.: Review of cryptographic schemes applied to remote electronic voting systems: remaining challenges and the upcoming post-quantum paradigm. Open Math. 16(1), 95–112 (2018)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Bogdanov, D., Laud, P., Randmets, J.: Domain-polymorphic language for privacy-preserving applications. In: Proceedings of the First ACM Workshop on Language Support for Privacy-enhancing Technologies, PETShop 2013, pp. 23–26. ACM, New York (2013).  https://doi.org/10.1145/2517872.2517875
  7. 7.
    Bogdanov, D., Laur, S., Willemson, J.: Sharemind: a framework for fast privacy-preserving computations. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 192–206. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-88313-5_13CrossRefGoogle Scholar
  8. 8.
    Cramer, R., Damgård, I.B., Nielsen, J.B.: Secure Multiparty Computation and Secret Sharing. Cambridge University Press, Cambridge (2015)CrossRefGoogle Scholar
  9. 9.
    Damgård, I., Pastro, V., Smart, N., Zakarias, S.: Multiparty computation from somewhat homomorphic encryption. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 643–662. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-32009-5_38CrossRefGoogle Scholar
  10. 10.
    Dang-awan, R., Piscos, J.A., Chua, R.B.: Using Sharemind as a tool to develop an internet voting system with secure multiparty computation. In: 2018 9th International Conference on Information, Intelligence, Systems and Applications (IISA), pp. 1–7. IEEE (July 2018)Google Scholar
  11. 11.
    Eerikson, H., Orlandi, C., Pullonen, P., Puura, J., Simkin, M.: Use your brain! Arithmetic 3PC for any modulus with active security. Cryptology ePrint Archive, Report 2019/164 (2019). https://eprint.iacr.org/2019/164
  12. 12.
    Frikken, K.B.: Secure multiparty computation. In: Atallah, M.J., Blanton, M. (eds.) Algorithms and Theory of Computation Handbook, Volume 2: Special Topics and Techniques, pp. 14:1–14:16. CRC Press, Boca Raton (2009)Google Scholar
  13. 13.
    Gang, C.: An electronic voting scheme based on secure multi-party computation. In: 2008 International Symposium on Computer Science and Computational Technology, vol. 1, pp. 292–294 (December 2008)Google Scholar
  14. 14.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Mitzenmacher, M. (ed.) Proceedings of the 41st Annual ACM Symposium on Theory of Computing, STOC 2009, Bethesda, MD, USA, May 31–June 2, 2009, pp. 169–178. ACM (2009).  https://doi.org/10.1145/1536414.1536440
  15. 15.
    Gjøsteen, K.: The Norwegian Internet voting protocol. In: Kiayias, A., Lipmaa, H. (eds.) Vote-ID 2011. LNCS, vol. 7187, pp. 1–18. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-32747-6_1CrossRefGoogle Scholar
  16. 16.
    Gjøsteen, K., Strand, M.: A roadmap to fully homomorphic elections: stronger security, better verifiability. In: Brenner, M., et al. (eds.) FC 2017. LNCS, vol. 10323, pp. 404–418. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-70278-0_25CrossRefGoogle Scholar
  17. 17.
    Heiberg, S., Willemson, J.: Verifiable Internet voting in Estonia. In: Krimmer, R., Volkamer, M. (eds.) 6th International Conference on Electronic Voting: Verifying the Vote, EVOTE 2014, Lochau/Bregenz, Austria, October 29–31, 2014, pp. 1–8. IEEE (2014).  https://doi.org/10.1109/EVOTE.2014.7001135
  18. 18.
    Jonker, H., Mauw, S., Pang, J.: Privacy and verifiability in voting systems: methods, developments and trends. Comput. Sci. Rev. 10, 1–30 (2013).  https://doi.org/10.1016/j.cosrev.2013.08.002CrossRefzbMATHGoogle Scholar
  19. 19.
    Krimmer, R.: The evolution of e-voting: why voting technology is used and how it affects democracy. Ph. D. thesis, Tallinn University of Technology, doctoral Theses Series I: Social Sciences (2012)Google Scholar
  20. 20.
    Laud, P., Pankova, A., Jagomägis, R.: Preprocessing based verification of multiparty protocols with honest majority. PoPETs 2017(4), 23–76 (2017).  https://doi.org/10.1515/popets-2017-0038CrossRefGoogle Scholar
  21. 21.
    Liu, C., Wang, X.S., Nayak, K., Huang, Y., Shi, E.: ObliVM: a programming framework for secure computation. In: 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, May 17–21, 2015, pp. 359–376. IEEE Computer Society (2015).  https://doi.org/10.1109/SP.2015.29
  22. 22.
    Madise, Ü., Martens, T.: E-voting in Estonia 2005. The first practice of country-wide binding Internet voting in the world. In: Krimmer, R. (ed.) Electronic Voting 2006: 2nd International Workshop, Co-organized by Council of Europe, ESF TED, IFIP WG 8.6 and E-Voting.CC, August 2–4, 2006, Castle Hofen, Bregenz, Austria. LNI, vol. 86, pp. 15–26. GI (2006). http://subs.emis.de/LNI/Proceedings/Proceedings86/article4547.html
  23. 23.
    Martins, P., Sousa, L., Mariano, A.: A survey on fully homomorphic encryption: an engineering perspective. ACM Comput. Surv. 50(6), 83:1–83:33 (2017).  https://doi.org/10.1145/3124441CrossRefGoogle Scholar
  24. 24.
    Nair, D.G., Binu, V.P., Kumar, G.S.: An improved e-voting scheme using secret sharing based secure multi-party computation (2015)Google Scholar
  25. 25.
    Puiggalí, J., Cucurull, J., Guasch, S., Krimmer, R.: Verifiability experiences in government online voting systems. In: Krimmer, R., Volkamer, M., Braun Binder, N., Kersting, N., Pereira, O., Schürmann, C. (eds.) E-Vote-ID 2017. LNCS, vol. 10615, pp. 248–263. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-68687-5_15CrossRefGoogle Scholar
  26. 26.
    Riazi, M.S., Weinert, C., Tkachenko, O., Songhori, E.M., Schneider, T., Koushanfar, F.: Chameleon: a hybrid secure computation framework for machine learning applications. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, ASIACCS 2018, pp. 707–721. ACM, New York (2018).  https://doi.org/10.1145/3196494.3196522
  27. 27.
    Rivest, R.L.: On the notion of ‘software independence’ in voting systems. Philos. Trans. R. Soc. A Math. Phys. Eng. Sci. 366(1881), 3759–3767 (2008)MathSciNetCrossRefGoogle Scholar
  28. 28.
    Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)MathSciNetCrossRefGoogle Scholar
  29. 29.
    Springall, D., et al.: Security analysis of the Estonian Internet voting system. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 703–715. ACM (2014)Google Scholar
  30. 30.
    Yao, A.C.: Protocols for secure computations (extended abstract). In: 23rd Annual Symposium on Foundations of Computer Science, Chicago, Illinois, USA, November 3–5, 1982, pp. 160–164. IEEE Computer Society (1982).  https://doi.org/10.1109/SFCS.1982.38

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Cybernetica ASTartuEstonia
  2. 2.STACCTartuEstonia

Personalised recommendations