Abstract / Description of output
In state-of-the-art e-voting systems, a bulletin board (BB) is a critical component for preserving election integrity and availability. Although it is common in the literature to assume that a BB is a centralized entity that is trusted, in the recent works of Culnane and Schneider [CSF 2014] and Chondros et al. [ICDCS 2016], the importance of removing BB as a single point of failure has been extensively discussed. Motivated by these works, we introduce a framework for the formal security analysis of the BB functionality. Our framework treats a secure BB as a robust public transaction ledger, defined by Garay et al. [Eurocrypt 2015], that additionally supports the generation of receipts for successful posting. Namely, in our model, a secure BB system achieves Persistence and Liveness that are confirmable, in the sense that any malicious behavior of the BB system can be detected via a verification mechanism.
As a case study for our framework, we analyze the BB system of Culnane and Schneider and point out its weaknesses. We demonstrate an attack revealing that the said system does not achieve Confirmable Liveness, even in the case where the adversary is computationally bounded and covert, i.e., it may deviate from the protocol specification but does not want to be detected. In addition, we show that special care should be taken for the choice of the underlying cryptographic primitives, so that the claimed fault tolerance threshold of N=3 out-of N corrupted peers is preserved. Next, based on our analysis, we introduce a new BB protocol that upgrades the [CSF 2014] protocol. We prove that it tolerates any number less than N=3 out-of N corrupted peers both for Persistence and Confirmable Liveness, against a computationally bounded general Byzantine adversary.
As a case study for our framework, we analyze the BB system of Culnane and Schneider and point out its weaknesses. We demonstrate an attack revealing that the said system does not achieve Confirmable Liveness, even in the case where the adversary is computationally bounded and covert, i.e., it may deviate from the protocol specification but does not want to be detected. In addition, we show that special care should be taken for the choice of the underlying cryptographic primitives, so that the claimed fault tolerance threshold of N=3 out-of N corrupted peers is preserved. Next, based on our analysis, we introduce a new BB protocol that upgrades the [CSF 2014] protocol. We prove that it tolerates any number less than N=3 out-of N corrupted peers both for Persistence and Confirmable Liveness, against a computationally bounded general Byzantine adversary.
| Original language | English |
|---|---|
| Title of host publication | 11th Conference on Security and Cryptography for Networks (SCN 2018) |
| Place of Publication | Amalfi, Italy |
| Publisher | Springer, Cham |
| Pages | 505-523 |
| Number of pages | 19 |
| ISBN (Electronic) | 978-3-319-98113-0 |
| ISBN (Print) | 978-3-319-98112-3 |
| DOIs | |
| Publication status | Published - 3 Aug 2018 |
| Event | 11th Conference on Security and Cryptography for Networks - Amalfi, Italy Duration: 5 Sept 2018 → 7 Sept 2018 http://scn.di.unisa.it/index.shtml |
Publication series
| Name | Lecture Notes in Computer Science |
|---|---|
| Publisher | Springer, Cham |
| Volume | 11035 |
| ISSN (Print) | 0302-9743 |
| ISSN (Electronic) | 1611-3349 |
Conference
| Conference | 11th Conference on Security and Cryptography for Networks |
|---|---|
| Abbreviated title | SCN 2018 |
| Country/Territory | Italy |
| City | Amalfi |
| Period | 5/09/18 → 7/09/18 |
| Internet address |
Keywords / Materials (for Non-textual outputs)
- Bulletin board
- E-voting
- Liveness
- Persistence