Skip to main content
SpringerLink
Log in

When Is a Test Not a Proof?

  • Conference paper
  • First Online:
Computer Security – ESORICS 2020 (ESORICS 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12309))

Included in the following conference series:

Abstract

A common primitive in election and auction protocols is a plaintext equivalence test (PET) in which two ciphertexts are tested for equality of their plaintexts, and a verifiable proof of the test’s outcome is provided. The most commonly-cited PETs require at least one honest party, but many applications claim universal verifiability, at odds with this requirement. If a test that relies on at least one honest participant is mistakenly used in a place where a universally verifiable proof is needed, then a collusion by all participants can insert a forged proof of equality into the tallying transcript. We show this breaks universal verifiability for the JCJ/Civitas scheme among others, because the only PETs they reference are not universally verifiable. We then demonstrate how to fix the problem.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The test may fail if by pure bad luck, \(\rho _1 = -\rho _2 \bmod q\). This happens only with the negligible probability 1/q, where q is large.

  2. 2.

    Indeed, one of the only implementations we were able to find.

  3. 3.

    Public verifiability is a synonym for UV.

  4. 4.

    Also called adaptively sound in other literature.

  5. 5.

    The commitment is elided from Protocol 1, as it is not relevant in the case that every teller colludes.

  6. 6.

    Also called adaptive soundness.

References

  1. Abe, M.: Universally verifiable mix-net with verification work independent of the number of mix-servers. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 437–447. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054144

    Chapter  Google Scholar 

  2. Abe, M., Suzuki, K.: M+ 1-st price auction using homomorphic encryption. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 115–124. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45664-3_8

    Chapter  Google Scholar 

  3. Benaloh, J.: Verifiable secret-ballot elections (1988)

    Google Scholar 

  4. Bernhard, D., Pereira, O., Warinschi, B.: How not to prove yourself: pitfalls of the Fiat-Shamir heuristic and applications to helios. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 626–643. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34961-4_38

    Chapter  Google Scholar 

  5. Boneh, D., Shoup, V.: A graduate course in applied cryptography. Draft 0.5 (2020)

    Google Scholar 

  6. Bradford, P.G., Park, S., Rothkopf, M.H., Park, H.: Protocol completion incentive problems in cryptographic vickrey auctions. Electron. Commer. Res. 8(1–2), 57–77 (2008)

    Article  Google Scholar 

  7. Clark, J., Hengartner, U.: Selections: internet voting with over-the-shoulder coercion-resistance. In: Danezis, G. (ed.) FC 2011. LNCS, vol. 7035, pp. 47–61. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-27576-0_4

    Chapter  Google Scholar 

  8. Clarkson, M.R., Chong, S., Myers, A.C.: Civitas: Toward a secure voting system. In: 2008 IEEE Symposium on Security and Privacy (SP 2008), pp. 354–368. IEEE (2008)

    Google Scholar 

  9. Cortier, V., Galindo, D., Küsters, R., Mueller, J., Truderung, T.: SoK: verifiability notions for e-voting protocols. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 779–798. IEEE (2016)

    Google Scholar 

  10. Delfs, H., Knebl, H.: Introduction to Cryptography, vol. 3. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47974-2

    Book  MATH  Google Scholar 

  11. Essex, A., Clark, J., Hengartner, U.: Cobra: toward concurrent ballot authorization for internet voting. EVT/WOTE 12 (2012)

    Google Scholar 

  12. Grewal, G.S., Ryan, M.D., Bursuc, S., Ryan, P.Y.: Caveat coercitor: coercion-evidence in electronic voting. In: 2013 IEEE Symposium on Security and Privacy, pp. 367–381. IEEE (2013)

    Google Scholar 

  13. Haenni, R.: Swiss Post Public Intrusion Test: Undetectable attack against vote integrity and secrecy, March 2019. https://e-voting.bfh.ch/app/download/7833162361/PIT2.pdf?t=1552395691

  14. Haines, T., Lewis, S.J., Pereira, O., Teague, V.: How not to prove your election outcome. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 784–800 (2019)

    Google Scholar 

  15. Heather, J., Ryan, P.Y.A., Teague, V.: Pretty good democracy for more expressive voting schemes. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 405–423. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15497-3_25

    Chapter  Google Scholar 

  16. Hevia, A., Kiwi, M.: Electronic jury voting protocols. Theoret. Comput. Sci. 321(1), 73–94 (2004)

    Article  MathSciNet  Google Scholar 

  17. Jakobsson, M., Juels, A.: Mix and match: secure function evaluation via ciphertexts. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 162–177. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44448-3_13

    Chapter  Google Scholar 

  18. Juels, A., Catalano, D., Jakobsson, M.: Coercion-resistant electronic elections. In: Chaum, D., et al. (eds.) Towards Trustworthy Elections. LNCS, vol. 6000, pp. 37–63. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12980-3_2

    Chapter  MATH  Google Scholar 

  19. MacKenzie, P., Shrimpton, T., Jakobsson, M.: Threshold password-authenticated key exchange. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 385–400. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45708-9_25

    Chapter  Google Scholar 

  20. Quaglia, E.A., Smyth, B.: Secret, verifiable auctions from elections. Theoret. Comput. Sci. 730, 44–92 (2018)

    Article  MathSciNet  Google Scholar 

  21. Ryan, P.Y.A., Teague, V.: Pretty good democracy. In: Christianson, B., Malcolm, J.A., Matyáš, V., Roe, M. (eds.) Security Protocols 2009. LNCS, vol. 7028, pp. 111–130. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36213-2_15

    Chapter  Google Scholar 

  22. Sako, K., Kilian, J.: Receipt-free mix-type voting scheme. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 393–403. Springer, Heidelberg (1995). https://doi.org/10.1007/3-540-49264-X_32

    Chapter  Google Scholar 

  23. Spycher, O., Koenig, R., Haenni, R., Schläpfer, M.: A new approach towards coercion-resistant remote E-voting in linear time. In: Danezis, G. (ed.) FC 2011. LNCS, vol. 7035, pp. 182–189. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-27576-0_15

    Chapter  Google Scholar 

Download references

Acknowledgements

The research carried out by O. Pereira was partially supported by the F.N.R.S. PDR SeVoTe.

Author information

Authors and Affiliations

  1. University of Melbourne, Melbourne, Australia

    Eleanor McMurtry

  2. Université catholique de Louvain, ICTEAM, Louvain-la-Neuve, Belgium

    Olivier Pereira

  3. Thinking Cybersecurity Pty. Ltd. and the Australian National University, Canberra, Australia

    Vanessa Teague

Authors
  1. Eleanor McMurtry
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Olivier Pereira
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Vanessa Teague
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vanessa Teague .

Editor information

Editors and Affiliations

  1. University of Surrey, Guildford, UK

    Liqun Chen

  2. Purdue University, West Lafayette, IN, USA

    Ninghui Li

  3. Delft University of Technology, Delft, The Netherlands

    Kaitai Liang

  4. University of Surrey, Guildford, UK

    Steve Schneider

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

McMurtry, E., Pereira, O., Teague, V. (2020). When Is a Test Not a Proof?. In: Chen, L., Li, N., Liang, K., Schneider, S. (eds) Computer Security – ESORICS 2020. ESORICS 2020. Lecture Notes in Computer Science(), vol 12309. Springer, Cham. https://doi.org/10.1007/978-3-030-59013-0_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-59013-0_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-59012-3

  • Online ISBN: 978-3-030-59013-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation