slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
A Pairing-Based Blind Signature E-Voting Scheme PowerPoint Presentation
Download Presentation
A Pairing-Based Blind Signature E-Voting Scheme

Loading in 2 Seconds...

play fullscreen
1 / 31

A Pairing-Based Blind Signature E-Voting Scheme - PowerPoint PPT Presentation


  • 163 Views
  • Uploaded on

A Pairing-Based Blind Signature E-Voting Scheme. LOURDES L PEZ-GARC A, LUIS J. DOMINGUEZ PEREZ, FRANCISCO RODR GUEZ-HENR QUEZ The Computer Journal July 2013 Presenter: 陳昱安 Date:2013/10/14. Outline. Introduction Mathematical Background Digital Signatures The Proposed E-Voting Scheme

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'A Pairing-Based Blind Signature E-Voting Scheme' - colin


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

A Pairing-Based Blind Signature

E-Voting Scheme

LOURDES LPEZ-GARCA, LUIS J. DOMINGUEZ PEREZ,

FRANCISCO RODRGUEZ-HENRQUEZ

The Computer Journal July 2013

Presenter:陳昱安

Date:2013/10/14

outline
Outline
  • Introduction
  • Mathematical Background
  • Digital Signatures
  • The Proposed E-Voting Scheme
  • Security Analysis
  • Implementation Aspects
  • Conclusions

2

outline1
Outline
  • Introduction
  • Mathematical Background
  • Digital Signatures
  • The Proposed E-Voting Scheme
  • Security Analysis
  • Implementation Aspects
  • Conclusions

3

introduction 2 2
Introduction(2/2)
  • Eligibility
  • Uniqueness
  • No-coercion
  • Accuracy
  • Receipt-freeness
  • Variability

5

outline2
Outline
  • Introduction
  • Mathematical Background
  • Digital Signatures
  • The Proposed E-Voting Scheme
  • Security Analysis
  • Implementation Aspects
  • Conclusions

6

mathematical background
Mathematical Background
  • Elliptic curves
  • Bilinear pairings over Barreto-Naehig curves
  • Security assumptions

7

outline3
Outline
  • Introduction
  • Mathematical Background
  • Digital Signatures
  • The Proposed E-Voting Scheme
  • Security Analysis
  • Implementation Aspects
  • Conclusions

8

digital signatures 1 4
Digital Signatures(1/4)
  • The Boneh-Lynn-Shacham short signature scheme

Let (1 =〈P〉 , 2 =〈Q〉) : additive groups of order r

P , Q : points over an elliptic curve

r : a prime number

H1 : the map-to-point function H1: → 1

9

digital signatures 2 4
Digital Signatures(2/4)
  • Key generation

Pick a random integer d ∈ r and compute V = dQ.

V ∈ 2: public key , d : private key.

  • Signing

Given a private key d, a message m ∈

Compute M= H1(m) and S= dM.

The signature of m is S∈ 1.

  • Verification

Given a public key V ∈ 2, a message m ∈ ,

and a signature S∈ 1.

= (V,H1(m))

?

10

digital signatures 3 4
Digital Signatures(3/4)
  • Blind signatures

(1, 2, P , Q , r , H1)

  • Key generation

Pick a random integer d ∈ r and compute V = dQ.

V ∈ 2 : public key , d : private key.

  • Blinding (user)

Given a message m , calculate M= H1(m) , randomly find

b ∈; compute.

11

digital signatures 4 4
Digital Signatures(4/4)
  • Signature (signer)

Given a blind message; d : private key of the signer,

compute

  • Unblinding(user)

Given a blind signatureand a blind factor b,

calculate .

Then Sis the signature of the message m.

  • Signature Verification (third party)

Given a message m, a signature S ; V : public key of the

signer , check = (V,H1(m))

?

12

outline4
Outline
  • Introduction
  • Mathematical Background
  • Digital Signatures
  • The Proposed E-Voting Scheme
  • Security Analysis
  • Implementation Aspects
  • Conclusions

13

the proposed e voting scheme 2 4
The Proposed E-Voting Scheme(2/4)
  • Protocol dataflow

Notation

Authentication Server (AS) ; Voting Server (VS)

{dAS , VAS}: private/public key pair of AS.

{dVS, VVS}: private/publickey pair of VS.

{IDV , dV , VV}: identifier and private/public key

15

outline5
Outline
  • Introduction
  • Mathematical Background
  • Digital Signatures
  • The Proposed E-Voting Scheme
  • Security Analysis
  • Implementation Aspects
  • Conclusions

18

security analysis 1 6
Security Analysis (1/6)
  • Voter privacy

The pseudonym private key dtand public key Vt are

randomly generated.

Knowing themessage m implies finding b in the

equation.

19

security analysis 2 6
Security Analysis (2/6)
  • Eligibility

The voter requests from the AS a blind signed ballot that

will be accepted as legitimate.

Before producing the blind signature , the AS must

authenticate the voter by reviewing the nominal list, S

using the public key of the voter who is requesting the

blank ballot.

20

security analysis 3 6
Security Analysis (3/6)
  • Uniqueness

During the authentication phase the AS marks the voter

record in the nominal list.

In the voting phase, the VS checks the ballots, if both

signaturesare valid, then the ballot is stored as valid or

invalid otherwise.

In the counting phase, the VS verifies the signatures with

which was generated for the ballot.

21

security analysis 4 6
Security Analysis (4/6)
  • No-coercion ; Receipt-freeness

When the results are published after the counting phase,

the voter cannot prove who she voted for.

This is because of the generation of a random value a

that adds randomness to the hash message used as

a receipt.

The ACK has the goal to show to the voter that the ballot

was received by the VS.

22

security analysis 5 6
Security Analysis (5/6)
  • Accuracy

To identifya fraudulent ballot means to find a pair that

uses the same value for Vt.

If when comparing two ballots, both have the same Vt,

then the VS discards the second ballot as

fraudulent/repeatedand counts only the first one.

23

security analysis 6 6
Security Analysis (6/6)
  • Verifiability

The ACK guarantees two things :

a. The voter can verify if her ACKis found in the list of

valid votes , no chance to extract the value of the vote,

due to the random number aand the hash of all values

mentioned.

b.The VS can prove the accuracy of the results to show

that all ACK are unique.

24

outline6
Outline
  • Introduction
  • Mathematical Background
  • Digital Signatures
  • The Proposed E-Voting Scheme
  • Security Analysis
  • Implementation Aspects
  • Conclusions

25

outline7
Outline
  • Introduction
  • Mathematical Background
  • Digital Signatures
  • The Proposed E-Voting Scheme
  • Security Analysis
  • Implementation Aspects
  • Conclusions

30

conclusions
Conclusions
  • An electronic voting scheme based on blind signature is proposed which meets the necessary requirements to guarantee a reliable election.
  • This proposal requires a minimal number of interactions with electoral entities and more efficient than other

e-voting schemes based on RSA or DSA crypto schemes.

31