04-02-2013, 04:18 PM
Applying MESE processes to Improve Online E-Voting Prototype System with Paillier Threshold Cryptosystem Web Services
Applying MESE processes.doc (Size: 281.5 KB / Downloads: 162)
Abstract
The purpose of this master’s project is to develop an Online E-Voting prototype system utilizing the Paillier Threshold Cryptosystem (PTC) web services and applying MESE processes to it in an attempt to find possible solutions to further improve existing PTC web services.
Online voting (e-voting) would be more convenient, relatively secure and utilize fewer resources. To be able to access e-voting system from a personal, business or even a public library computer may be more convenient for many people needing to vote. This could potentially be a solution for the low voter turnout at the polls. However, it is still questionable whether elections can be conducted online or over the internet due to the high level of concern over security.
Systems considered to be apart of e-voting are Machine readable (create, read, count) ballot systems, Direct Recording Electronic (DRE) systems, voting using mobile devices and internet voting [1]. As part of this project, an online e-voting prototype system has been constructed using the demonstration windows application tool created for PTC web services. A pre-computation process is applied due to efficiency improvements. The details of this optimization and improvement in the web services process will be explained in the subsequent sections.
Introduction
In traditional elections, a voter usually goes to the voting stations. After direct person-person verification with some IDs, the voter is allowed to vote. The voter is then given a ballot which allows a single vote. Once the ballot is used, it cannot be used again. However, this ballot must also be anonymous. The ballot must identify the voter as being permitted to vote, but not reveal their actual identity, and the voter must also be given assurances of this. Traditional polling methods trust a lot of parties during the election. The current methods require an attacker interact directly with the voting process to disrupt it. There is a greater chance of getting caught as there will be physical evidence in the traditional polling.
On the other end, internet is harder to control and manage the security as Network and internet related attacks are more difficult to trace. In the traditional polling, you know who is in the election room. Also with the internet or network related voting, from all around the world you will have attackers, not only by the few people in the room [3]. Figure 1 shows the hierarchy of the voting schemes just discussed [17].
Public Key Cryptography
Public key cryptography, also known as asymmetric cryptography, is a form of cryptography in which each user will have a key that didn’t have to be kept secret. Having this public key will not inhibit the system’s secrecy as a message encrypted with the public key can be decrypted only with the corresponding private key. The private key is kept secret, while the public key may be widely distributed. The public and private keys are related mathematically. The private key cannot be practically derived from the public key [4]. The two main branches of public key cryptography are:
Public key encryption — a message encrypted with a recipient's public key cannot be decrypted by anyone except the recipient possessing the corresponding private key. This is used to ensure confidentiality [4].
The problem with the public key encryption is the intruder can easily replace the private key with his when the sender requests the public key. This means the newly received public key will have the intruder’s private key and he can easily decrypt the message. To avoid this issue digital signature can be used.
Homomorphic Encryption
The encryption algorithm E ( ) is homomorphic if given E(x) and E(y), one can obtain E(x Φ y) without decrypting x; y for some operation Φ.
In that case, homomorphic encryption is a special type of cryptography in which the sum of two encrypted values is equal to the encrypted sum of the values. In simple mathematics, this is equivalent to the communicative property of multiplication. For a majority of cryptographic algorithms, this does not hold true.
It is one of the schemes that can be used in e-voting especially to be able to tally the votes even though the results are encrypted. There are few cryptosystems which uses homographic encryption. They will be discussed in the next section.
Zero Knowledge Proofs
In cryptography it is often needed to prove some statement to someone without giving extra information. This is accomplished by Zero Knowledge Proofs. Especially for the authentication systems Zero Knowledge Proofs can be used. For example, a party might want to prove his identity with secret information and does not want the other party to learn anything about this secret. In other words, second party can only know the correctness of the statement or identity of the first party and no more information.
Issues in secure e-voting system
The issues behind e-voting need to be examined conservatively before such potentially dangerous moves are made. In a voting system, privacy and security are desired, but are not always simultaneously achievable at a reasonable cost. In online voting systems, verification is very difficult to do accurately, and anonymity is difficult to ensure. This document shows some of the many problems with practical e-voting and why public elections are too important to trust to it [3].
When e-voting system scheme is considered there are different modules involved to consider the security and design. Three important phases of having a secure system are considered as design, development and deployment. In other words, it is important tp have the foundation in designing a secure and practical e-voting scheme to produce a secure, efficient and publicly acceptable implementation of voting schemes in the real world.
Conclusion
Online E-voting system is a prototype developed by using PTC Web services. As the need for voting system has started to increase and some organizations or countries has started to look for the solutions, this can be the starting point to improve and deploy in the real world scenarios.
In this project I have tried to explain the importance of Paillier cryptosystem, , its unique properties and its application areas especially in e-voting.
We need to keep in mind htat voting is not the only process during the whole voting processes. There might be some other security concerns that need to be considered when such an application is built for practical reasons.
Lastly, Paillier Cryptosystem efficiency can be improved as suggested in many papers [1], [8]. Random numbers pre-computation is one of the ways implemented in this project. It has increased the calculation more than one of the ways. In the next section, I will be listing all improvements that can be done to this web service and application.