E-Voting Prototype Project Report

advertisement
Applying MESE processes to Improve Online E-Voting
Prototype System with
Paillier Threshold Cryptosystem
Web Services
Version 1.00
A project submitted to the Faculty of Graduate School, University of Colorado at
Colorado Springs in Partial Fulfillment of the Requirements for the Degree of
Master of Engineering in Software Engineering Department of Computer Science
Prepared by Hakan Evecek
CS701
Dr. Chow
Spring 2007
Online E-Voting Prototype System
Evecek / Page 1 of 38
This project for the Masters of Engineering in Software Engineer degree by
Hakan Evecek
has been approved for the
Department of Computer Science
By
_______________________________________________________
Dr. C. Edward Chow, Chair
_______________________________________________________
Dr. Richard Weiner
_______________________________________________________
Dr. Xiaobo Zhou
Date
Online E-Voting Prototype System
Evecek / Page 2 of 38
Table of Contents
Online E-Voting System Project Documentation
Abstract
1. Introduction
2. E-Voting System Related Literature
2.1. Public Key Cryptography
2.2. Homomorphic Encryption
2.3. Zero Knowledge Proofs
2.4. Threshold Cryptography
2.5. Cryptographic Voting Protocol
2.6. Issues in secure e-voting system
2.7. Completely Automated Public Turing test to tell Computers and Humans Apart
(CAPTCHA)
2.8. Chinese Remainder Theorem (CRT)
3. Online E-Voting System Project Description
3.1. Paillier Threshold Crytosystem Web Services Architecture and Design
4. Online E-Voting Prototype System
4.1. E-Voting System Overview
4.1.1 User Login
4.1.2. Election Set-Up
4.1.3. Creating Ballots
4.1.4. Vote Format
4.2. Voting
4.2.1. Creating the Vote
4.3. Tally the Vote
5. PTC Web Services Efficiency Improvement
5.1 Pre-Computation
5.2 Chinese Remainder Theorem (CRT)
5.3 Paillier Scheme Pre-computations for Decryption
6. Results
6.1 Pre-Computation Performance Evaluations
6.2. Defects Found
6.3. Conclusion
6.5. Future Suggestions
7. References
Online E-Voting Prototype System
Evecek / Page 3 of 38
4
6
7
9
9
10
10
10
11
12
13
14
17
17
22
22
23
24
25
26
27
27
28
29
29
29
30
31
31
33
35
36
37
Online E-Voting System Project Documentation
The subsequent files are located on the following web site:
http://cs.uccs.edu/~gsc/pub/master/hevecek/doc/
o CS701Proposal_EVotingPrototype.doc : This document describes what the project
would be for the advisory committee. It was submitted in February 2007.
o EVoting_SRS Document.doc: This is the online E-Voting prototype System
Requirements Specification document for the project. The demonstration windows
application created used to get the requirements for the online tool. It also has the use
cases.
o EVoting_SDS Document.doc : This describes the internal design of the project.
This document has both black box and white box designs. Also class diagrams from
the web services are also prepared for documenting although they were developed
previously. It has the main use cases to make it easier to create the SDS. It also
involves database design.
o EVoting_Test Plan.doc: The tests for the project are documented in this document.
Test plans cover all the requirements testing.
o Online E-Voting Prototype with PTC Web Services.doc: This is the project report
document. It is the final report for the project that has discussions about e-voting
system. There are some e-voting related papers researched about the online e-voting
system implementation and I tried to explain why it is so hard to implement, develop
and deploy today by using these papers. Also in this report for the PTC design section
and PTC develop description, [15] is used. Lastly, some efficiency improvements
Online E-Voting Prototype System
Evecek / Page 4 of 38
applied in the code and according to the results that will be explained, it has
improved.
o Paillier ThresholdCryptoService_UserGuide_Updated.doc: This document that is
the user guide for the PTC web services. Source files for the code is placed in the
link below:
http://cs.uccs.edu/~gsc/pub/master/hevecek/src/
Online E-Voting Prototype System
Evecek / Page 5 of 38
Abstract
The purpose of this master’s project is to develop an Online E-Voting prototype
system utilizing the Paillier Threshold Cryptosystem (PTC) web services and applying
MESE processes to it in an attempt to find possible solutions to further improve existing
PTC web services.
Online voting (e-voting) would be more convenient, relatively secure and utilize
fewer resources. To be able to access e-voting system from a personal, business or even a
public library computer may be more convenient for many people needing to vote. This
could potentially be a solution for the low voter turnout at the polls. However, it is still
questionable whether elections can be conducted online or over the internet due to the
high level of concern over security.
Systems considered to be apart of e-voting are Machine readable (create, read,
count) ballot systems, Direct Recording Electronic (DRE) systems, voting using mobile
devices and internet voting [1]. As part of this project, an online e-voting prototype
system has been constructed using the demonstration windows application tool created
for PTC web services. A pre-computation process is applied due to efficiency
improvements. The details of this optimization and improvement in the web services
process will be explained in the subsequent sections.
In addition to the application of the pre-computation to the process, the Chinese
Remainder Theorem can be applied during the decryption process. This change might not
be as noticeable as the pre-computation, however it will make it more efficient as the
calculation gets easier.
Online E-Voting Prototype System
Evecek / Page 6 of 38
1. Introduction
In traditional elections, a voter usually goes to the voting stations. After direct
person-person verification with some IDs, the voter is allowed to vote. The voter is then
given a ballot which allows a single vote. Once the ballot is used, it cannot be used again.
However, this ballot must also be anonymous. The ballot must identify the voter as being
permitted to vote, but not reveal their actual identity, and the voter must also be given
assurances of this. Traditional polling methods trust a lot of parties during the election.
The current methods require an attacker interact directly with the voting process to
disrupt it. There is a greater chance of getting caught as there will be physical evidence in
the traditional polling.
On the other end, internet is harder to control and manage the security as Network
and internet related attacks are more difficult to trace. In the traditional polling, you know
who is in the election room. Also with the internet or network related voting, from all
around the world you will have attackers, not only by the few people in the room [3].
Figure 1 shows the hierarchy of the voting schemes just discussed [17].
Online E-Voting Prototype System
Evecek / Page 7 of 38
Voting
Schemes
Traditional
Voting
Paper
Ballots
Electronic
Voting
Lever
Systems
Remote Evoting
Poll Station
E-Voting
Internet Evoting
DRE
machines
Chaum’s
scheme
Figure 1: The categorization of the voting schemes [17].
Another issue with e-voting is educating the voters. We can not consider that all
the users are computer gurus and they will use the e-voting systems easily. When evoting is designed it needs to be easy to use. We should consider the fact that a large
portion of the voting public has a very little knowledge about the computers. According
to some of the research done by the Public Policy Institute of California over 50% of 1844 years of age voters prefers Internet voting [3].
Some recent studies have focused on e-voting, its security concerns and making it
more secure. Below is the list of related literature about e-voting:
Online E-Voting Prototype System
Evecek / Page 8 of 38
2. E-Voting System Related Literature
2.1. Public Key Cryptography
Public key cryptography, also known as asymmetric cryptography, is a form of
cryptography in which each user will have a key that didn’t have to be kept secret.
Having this public key will not inhibit the system’s secrecy as a message encrypted with
the public key can be decrypted only with the corresponding private key. The private key
is kept secret, while the public key may be widely distributed. The public and private
keys are related mathematically. The private key cannot be practically derived from the
public key [4]. The two main branches of public key cryptography are:
Public key encryption — a message encrypted with a recipient's public key cannot
be decrypted by anyone except the recipient possessing the corresponding private key.
This is used to ensure confidentiality [4].
The problem with the public key encryption is the intruder can easily replace the
private key with his when the sender requests the public key. This means the newly
received public key will have the intruder’s private key and he can easily decrypt the
message. To avoid this issue digital signature can be used.
Digital Signatures — a message signed with a sender's private key can be verified
by anyone who has access to the sender's public key, thereby proving that the sender
signed it and that the message has not been tampered with. This is used to ensure
authenticity [4].
Conversely, Secret key cryptography, also known as symmetric cryptography
uses a single secret key for both encryption and decryption. It is also known as one-key
or private-key encryption. The requirement is the shared secret that both parties should
Online E-Voting Prototype System
Evecek / Page 9 of 38
have a copy. In this e-voting prototype shared keys will be used for the users’ encryption
in our tests.
2.2. Homomorphic Encryption
The encryption algorithm E ( ) is homomorphic if given E(x) and E(y), one can
obtain E(x Φ y) without decrypting x; y for some operation Φ.
In that case, homomorphic encryption is a special type of cryptography in which
the sum of two encrypted values is equal to the encrypted sum of the values. In simple
mathematics, this is equivalent to the communicative property of multiplication. For a
majority of cryptographic algorithms, this does not hold true.
It is one of the schemes that can be used in e-voting especially to be able to tally
the votes even though the results are encrypted. There are few cryptosystems which uses
homographic encryption. They will be discussed in the next section.
2.3. Zero Knowledge Proofs
In cryptography it is often needed to prove some statement to someone without
giving extra information. This is accomplished by Zero Knowledge Proofs. Especially for
the authentication systems Zero Knowledge Proofs can be used. For example, a party
might want to prove his identity with secret information and does not want the other party
to learn anything about this secret. In other words, second party can only know the
correctness of the statement or identity of the first party and no more information.
2.4. Threshold Cryptography
Threshold Cryptography is a term used to describe a cryptosystem in which the
ability to perform a cryptographic function can be distributed amongst several
Online E-Voting Prototype System
Evecek / Page 10 of 38
participants in such a way that only through cooperation of a specified subset of the
participants can the operation be performed. In addition, if less than the required number
of participants’ attempts to perform the action, no useful information can be constructed
or obtained. The threshold value is typically denoted by the letter t. In a threshold
system as defined here, only t+1 cooperating authorities can perform the desired
cryptographic operation.
The essential components of a threshold cryptography system are a key
generation algorithm, an encryption algorithm, a share decryption algorithm, and a
combining algorithm [5]. First, the key generation algorithm generates the public key
parameters, a set of secret key “shares”, and a set of “verifier keys”. The secret key
shares are distributed to the participants in a secure manner. The encryption algorithm
provides encryption services for an appropriately-sized message m by applying the public
key parameters and an encryption algorithm to generate the ciphertext c. The share
decryption algorithm is used by each participant with a secret key share to “partially
decrypt” the encrypted message c.
Each participant also uses the verifier key
corresponding to the secret key share to generate a proof of correct encryption. The
combining algorithm takes all of the “partial decryptions” or “decryption shares”, verifies
their corresponding proofs, and combines the decryption shares to reveal the original
message m. The combining step only succeeds if t+1 valid decryption shares are used.
2.5. Cryptographic Voting Protocol
Basic requirements for electronic voting

Privacy – All votes should be kept secret

Completeness – All valid votes should be counted correctly
Online E-Voting Prototype System
Evecek / Page 11 of 38

Soundness – Any invalid vote should not be counted

Unreusability – No voter can vote twice

Eligibility – Only authorized voters can cast a vote

Fairness – Nothing can affect the voting
Extended Requirements for electronic voting

Robustness – faulty behavior of any reasonably sized coalition of
participants can be tolerated. In other words, the system must be able to tolerate to certain
faulty conditions and must be able to manage these situations.

Universal Verifiability – any party can verify the result of the voting

Receipt-freeness – Voters are unable to prove the content of his/her vote

Incoercibility – Voter cannot be coerced into casting a particular vote by a
coercer.
There are four main approaches to efficient and fully secure elections:

Schemes based on homomorphic encryption

Schemes based on mixnets

Heterodox schemes

Schemes based on secret sharing among several mutually distrustful
election authorities.
2.6. Issues in secure e-voting system
The issues behind e-voting need to be examined conservatively before such
potentially dangerous moves are made. In a voting system, privacy and security are
desired, but are not always simultaneously achievable at a reasonable cost. In online
Online E-Voting Prototype System
Evecek / Page 12 of 38
voting systems, verification is very difficult to do accurately, and anonymity is difficult
to ensure. This document shows some of the many problems with practical e-voting and
why public elections are too important to trust to it [3].
When e-voting system scheme is considered there are different modules involved
to consider the security and design. Three important phases of having a secure system
are considered as design, development and deployment. In other words, it is important tp
have the foundation in designing a secure and practical e-voting scheme to produce a
secure, efficient and publicly acceptable implementation of voting schemes in the real
world.
2.7. Completely Automated Public Turing test to tell Computers and Humans Apart
(CAPTCHA)
Any additional check for the security or spam will decrease the security concerns
users have today for the e-voting systems. A CAPTCHA is a program that can generate
and grade tests that humans can pass but current computer programs cannot. In our
project this is used to confirm that users are trying to vote instead of the automated
computer systems. CAPTCHAs have several applications for practical security like
preventing comment spam in blogs, protecting web registrations, online polls where you
want to make sure that humans are voting not the programs, preventing dictionary
attacks, search engine bots, worms and spasm etc. Official Captcha site has published
some guidelines for it [6].
Accessibility: It should be easily accessible for reading the text. If it is a problem
due to legal reasons audio CAPTCHA can also be used.
Image Security: Images should be distorted randomly. Without random
distortion, application will be open to the attacks.
Online E-Voting Prototype System
Evecek / Page 13 of 38
Script Security: By using this, systems are closed to any computer attacks.
However we also need to make sure that scripts used are not easily accessible so that
attacker will find the easy way around them to use the systems.
Security Even After Wide Spread Adoption: Some of the sites might be using the
sites that have CAPTCHAs setup. It is important that the security level kept the same and
these sites are still secure even after a significant number of sites adopt them [6].
2.8. Chinese Remainder Theorem (CRT)
On several papers for improving the efficiency, CRT is recommended to use both
on encryption and encryption process [16], [21]. As described below CRT is not affecting
to the multiplication. In other words, multiplying two big prime numbers and processing
the multiplication will be the same as processing them first and then multiplying. This
way the process will be done with smaller numbers and will be faster. Then
multiplication can be done.
Theorem Statement:
Suppose n1, n2, …, nk are integers which are pairwise coprime. Then, for any
given integers a1,a2, …, ak, there exists an integer x solving the system of simultaneous
congruences
Furthermore, all solutions x to this system are congruent modulo the product
N = n1n2…nk.
Online E-Voting Prototype System
Evecek / Page 14 of 38
Sometimes, the simultaneous congruences can be solved even if the ni's are not
pairwise coprime. A solution x exists if and only if:
All solutions x are then congruent modulo the least common multiple of the ni.
In that case,
We can perform 2 operations mod p and mod q like below.
x ≡ a mod p,
x ≡ b mod q,
The Chinese Remainder Theorem can be used to efficiently reduce the decryption
workload of the cryptosystems [21]. To see this, one has to employ the functions Lp and
Lq defined over
By
Decryption can therefore be made faster by separately computing the message
mod p and mod q and recombining modular residues afterwards:
Online E-Voting Prototype System
Evecek / Page 15 of 38
With pre-computations
Where p - 1 and q - 1 have to be replaced by α in the fast variant.
Online E-Voting Prototype System
Evecek / Page 16 of 38
3. Online E-Voting System Project Description
In this project, PTC Web services are used. In this section, I will explain how the
PTC web services work. Efficiency improvement that will be applied to the PTC web
services required some changes on some of the classes used. Applying more
improvements will need more changes on the classes where calculations applied. Details
will be explained in the following sections of this report.
3.1. Paillier Threshold Crytosystem Web Services Architecture and Design
The Paillier cryptosystem is a probabilistic asymmetric algorithm for public key
cryptography, first published by Pascal Paillier in 1999. This probabilistic scheme has
generated a good amount of interest and further study since it was discovered.
The problem of computing n-th residue classes is believed to be computationally
difficult to compute. This is known as the Composite Residuosity (CR). The scheme is an
additive homomorphic cryptosystem; this means that, given only the public-key and the
encryption of m1 and m2, one can compute the encryption of m1 + m2.
One of the properties of Paillier as mentioned above is the homomorphic property
which can allow this cryptosystem to do simple addition operations on several encrypted
values and obtain the encrypted sum. The encrypted sum can later be decrypted without
ever knowing the encrypted values that made up the sum. Due to these useful
characteristics of Paillier, the scheme has been suggested for use in threshold
cryptosystems, secret sharing schemes and the design of voting protocols especially the
e-voting systems.
Another property of Paillier cryptosystem is self-blinding. This property is
essential as it means a ciphertext can be re-encrypted with a random parameter without
Online E-Voting Prototype System
Evecek / Page 17 of 38
changing the underlying cleartext and without changing the ability to decrypt the
ciphertext using the original keypair[15]. Probabilistic property of Paillier will help to
protect voter’s privacy since none of the votes will be encrypted to the same ciphertext.
Paillier has described three different methods in his research. PTC Web services
that will be used in this project are using one of these three methods. Below are the
schemes invented by Pascal Paillier [21] and
Scheme 1: Scheme 1 is probabilistic encryption scheme based on composite
residuosity. According to theorem mentioned in his paper [21] Scheme 1 is one-way if
an only if the Computational Composite Residuosity Assumption holds. It is also
semantically secure if and only if the Decisional Composite Residuosity Assumption
hold. n is the multiplication of two prime numbers, n = pq. g is randomly selected base.
This can be done by checking whether
. This is done on the
PTC web services used. n and g are public parameters and (p, q) or λ remains private.
Encryption:
plaintext m < n
randomly select r < n
ciphertext c =
Decryption:
ciphertext c < n2
Table 3.1 Paillier’s Scheme 1 [21]
Online E-Voting Prototype System
Evecek / Page 18 of 38
Scheme 2: Scheme 2 is a trapdoor permutation based on composite residuosity.
As described above n is the product of two prime numbers. From the table below, there
are steps explained for decryption. To be able to retrieve m, all these steps will be
required. Scheme 2 is one-way if and only if RSA [n,a] is hard [21].
Encryption:
plaintext m < n2
split m into m1, m2 such that m = m1 + nm2
ciphertext c =
Decryption:
ciphertext c < n2
plaintext m = m1 + n m2
Table 3.2 Paillier’s Scheme 2 [21]
Scheme 3: Third scheme is the variant with fast decryption. As this is a fast
decryption, this scheme can be applied to improve the efficiency. In the following
sections this scheme will be re-visited and it will be recommended for efficiency
improvements in the current web services.
Encryption:
plaintext m < n
randomly select r < n
ciphertext =
Decryption:
ciphertext c < n2
Table 3.3 Paillier’s Scheme 3 [21]
Online E-Voting Prototype System
Evecek / Page 19 of 38
It is assumed that g Є
for some 1 ≤ α ≤ λ. In other words α and λ are not the
same secret keys.
Below are the steps for the key generation, encryption and decryption used [22].
Key generation
1.
Choose two large prime numbers p and q randomly.
2.
Compute n = pq and λ = lcm(p − 1, q − 1)
3.
Select random integer g where
4.
Ensure n divides the order of g by checking the existence of the following
multiplicative inverse:
where function L is defined as
The public (encryption) key is (n,g).
The private (decryption) key is (λ,μ).
Encryption
1.
Let m be a message to be encrypted where
2.
Select random r where
3.
Compute ciphertext as:
Decryption
1.
Ciphertext
2.
Compute message:
Online E-Voting Prototype System
Evecek / Page 20 of 38
It is the same as the scheme 1 described above. This computation takes some time
due to the large prime numbers used. The secret key is SK = λ(n) = lcm((p-1),(q-1)).
Online E-Voting Prototype System
Evecek / Page 21 of 38
4. Online E-Voting Prototype System
The capabilities of the Paillier Threshold Cryptography system has been
demonstrated on an Online E-Voting Prototype system created for this project. This is a
prototype and should not be used in the real world scenarios. It shows the use of the
Paillier Threshold Cryptography Web Service. It also has some additional security
features like Completely Automated Public Turing test to tell Computers and Humans
Apart (CAPTCHA) added to decrease the security concerns. This prototype system SRS
and
SDS
document
are
all
created
and
they
can
be
downloaded
from
http://www.cs.uccs.edu/~gsc/pub/master/hevecek/doc/ folder.
4.1. E-Voting System Overview
The e-voting system allows for 1 out of L candidate ballots. No options are
provided for n out of L ballots or write-in ballots. An “election” may consist of more
than one ballot.
An election administrator creates the ballots and other election
parameters. The administrator requests the Paillier threshold encryption parameters from
the PTC Web Service during the initial election set-up. The administrator submits the
election parameters to a VotingService web service, and saves the election parameters
(including the cryptosystem parameters) to an XML file. Voters then load the election
parameters by opening the XML file, make their selection(s), and cast their encrypted
vote(s) to the VotingService web service. During the tally phase, the votes are multiplied
together, and, due to the homomorphic properties of the Paillier cryptosystem, the
product can be decrypted to reveal the sum total of all the votes [15].
Online E-Voting Prototype System
Evecek / Page 22 of 38
4.1.1 User Login
User Login is the first form users connected when the voting page is loaded from
the internet. It will have a connection to the database to validate the user credentials. User
types are either voters or Administrators. It is assumed that users have used another
interface or form to register for voting. In the same login page there will be Completely
Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA)
validation with random numbers. Six digit random numbers will be created each time the
page is loaded to be able to stop any kind of computer attacks to the voting site.
Figure 4.1 User Login Form
Online E-Voting Prototype System
Evecek / Page 23 of 38
4.1.2. Election Set-Up
The election administrator uses the Election Builder form to create or modify an
election (before the election is posted to the voting web service). To create a new
election, the administrator clicks on the “New Election” button. A new election is
created and a unique election id is assigned. The administrator must then enter his/her
name and a descriptive title for the election.
Election page is the most important
Administrator page as it has all the functionality setup for the election.
Before ballots can be added to the election, the encryption parameters must be
specified and retrieved from the web service. This must occur before the ballots are
added or created, since the vote format is dependent on the specified key size. The
administrator clicks to the “Encryption Parameters” . This button will be available after
the Administrator details are entered. Once this button is clicked, the administrator
specifies the key size and whether or not to encrypt the returned key shares. The
administrator can then add the key share owner information for each owner that is to
receive a secret key share. If the key shares will be encrypted, the administrator will be
required to enter the owner’s username which is the same as the users login and
certificate name to be able to choose automatically. Once all owners have been added, the
administrator selects the cryptosystem threshold value and then clicks “Send Request”,
which sends the request to the web service. In the current configuration, a key size of
larger than 256 and sometimes 512 bits will result in such a delay that a “timeout” error is
caused, so it is not recommended that key sizes greater than 256 be used for the web
application. The web service will generate the requested parameters, encrypt the key
shares (if specified), and return them [15]. The Encryption Parameter Request form will
Online E-Voting Prototype System
Evecek / Page 24 of 38
transfer the returned parameters to the Election Builder form and close automatically.
The election crypto parameters are displayed at the bottom of the Election Builder form.
Lastly, on the same election page ballots can be added for the election. If the
ballots are created prior to the election creation page, the list will appear in the window
for administrator to choose from the list. They can be added to any election by
highlighting from the list and clicking to the”Add Ballots” button. If the ballot is valid, it
will be imported into the election and displayed in the Election Summary textbox in the
form.
After all the users, ballots and Administrator details loaded from the election
form, the Administrator will need to save and post the election to be able to initialize
election voting. The election will be saved as an XML file. First save the election by
clicking to the “Save Election” button.
It will be saved in the web server
“App_Data/XMLFiles Folder”. Details of the folder structures are documented in the
Software Design Specification document. Posting the election to the voting web service
is a non-reversible operation in the application unless the details are manually deleted
from the database. Post Election button will be enabled after saving the election. To post
the election, click to “Post Election” button. A web service call will be made that posts
the election data to the web service, which then creates the appropriate database entries
that are used to manage the election [15].
4.1.3. Creating Ballots
Existing ballots can now be added to the election or new ballots can be created
using the options from the Election form. To create a new ballot, the administrator will
need to click to the “New Ballot” link from the elections page. It will open the Ballot
Online E-Voting Prototype System
Evecek / Page 25 of 38
Builder form. A new ballot will be created and the random ballot id displayed in the
form. Administrator will need to put ballot issue/ problem, and then enter all of the
available choices, one at a time by using the “Add Choices” button and the text box.
Each choice is entered by typing the appropriate text. A choice can be deleted by
selecting the choice in the list, and clicking “Delete Candidate” button. When the ballot
is complete, the ballot should be saved by clicking “Save ballot” button. This button will
get all the details entered and save the ballot in XML format in the web server
“App_Data\XML Files\Ballots” folder. The Ballot Builder Form must be closed and then
re-opened in order to create another ballot. Ballot creation page is also accessible from
the Administrator menu.
4.1.4. Vote Format
When a ballot is added to an election, the format of the vote for that ballot is
derived from the key size chosen for the election and the number of “candidate” choices
on the ballot. These two values determine the maximum number of voters allowed. The
total size of the vote is limited to the key size k (in bits). The vote is split into c bit fields
where c is the number of candidates. The size of the bit fields vc= k/c. However, vc is
limited to 32 bits so that each candidate’s field will fit into a 32-bit integer (for ease of
extraction only). Therefore, if k/c > 32, vc=32 and only the first 32*c bits of the vote will
be used.
To cast a vote, a voter votes the value 2^(ic*vc) where ic is the desired
candidates ballot index (0,…,c-1).
By using votes of this format, the tally can be
computed by multiplying all of the votes together and decrypting the product. Due to the
homomorphic property of the Paillier cryptosystem, the multiplication carried out in the
ciphertext space corresponds to addition in the cleartext space, and thus the decryption of
Online E-Voting Prototype System
Evecek / Page 26 of 38
the product will contain the summed votes for each candidate. Each candidate’s bit field
can then be extracted and evaluated to determine the total number of votes for that
candidate [15].
4.2. Voting
4.2.1. Creating the Vote
Once an election has been created, saved, and posted to the election web service,
voters can create and cast votes. After the user login page user logs in either as an
Administrator or a voter. If the user logs in as an Administrator, he will have a link from
the menu for the voting page. If the user has logged in with voter credentials, then he will
be connected to the voting page automatically. When connected to the voting page, a list
box will have all the elections available for the voters. This list is the list of the elections
in the elections folder. After highlighting the election and clicking to the button to load
the election, election details will be loaded for voters to vote. The ballots from the
election will be loaded, with each issue being loaded into the issue text box, and it’s
corresponding choices loaded into the textbox to the right (the choices textbox). The
voter can make his/her choice simply by clicking on the desired choice. That issue’s
choices will then be displayed in the choices textbox. Again, select the desired choice by
clicking on it in the choices textbox. Once a choice has been selected, the ballot issue
and the selected choice will appear in the “Current Votes” textbox. To the right of the
issue question and the selected choice is the hex value of the vote to be cast. Once all
choices have been made, the voter can submit his/her vote by selecting “Submit Vote”
button at the bottom of the page. This button will cal the web services and save the vote
into the database. Once the vote is submitted, no changes can be made.
Online E-Voting Prototype System
Evecek / Page 27 of 38
At any time after submitting his/her vote, a voter can check the posted values of
his/her vote by selecting “Check Submitted Vote” button. This invokes a web service call
to the voting web service which retrieves the encrypted vote values posted for that
election [15].
4.3. Tally the Vote
Administrator will have access to use the Tall Vote option during the election
process to tally the vote. Administrator will need to click the “Tally/Decrypt Vote”
button on the menu. The Tally form will open. In a list box elections list will appear for
Administrator to choose and tall the vote. If the secret key shares were encrypted, the
program will automatically get the certificates according to the issued names of the users
to decrypt the owner’s Paillier secret key share.
That’s why it is important for
Administrator to collect all the registration details from the user to be able to create the
users. He/she will assign the right certificates so that there won’t be any issues in the
future process like tally / decrypt vote process. The product of the votes for each ballot
is then calculated and displayed both encrypted and decrypted, and the candidate’s tallies
are extracted from the decrypted bit field and displayed.
Online E-Voting Prototype System
Evecek / Page 28 of 38
5. PTC Web Services Efficiency Improvement
This can be done in three different ways.
5.1 Pre-Computation
This change will be done for the key generation where the prime numbers will be
calculated prior. Any real-time computations will slow down the process on cryptography
application. Any pre-computation will improve the efficiency of the application. This
pre-computation can be done via background thread setup in the application.
<setting name="ServerPath" serializeAs="String">
<value>c:\inetpub\wwwroot\EVoting\PreComputation\</value>
</setting>
<setting
name="PrimeNumberCalculationType"
serializeAs="String">
<value>DB</value>
</setting>
This pre-computation is applied to the SafePrimeNumbers generator function.
This function is used for the pre-computation.
5.2 Chinese Remainder Theorem (CRT)
Chinese Remainder Theorem is one of the most useful theorems of number theory
as it says it is possible to reconstruct the integers in a certain range from their residues
module a set of pair wise relatively prime module. Details of CRT is explained in the
previous sections. Paillier has suggested to use CRT for especially key generation and
decryption processes [21]. Also CRT has become standard today in many RSA
applications as it increases the decryption up to 4 times [16]. Decryptions can be made
faster by separately computing the messages mod p and mod q instead of mod n and
recombining modular residues later.
Online E-Voting Prototype System
Evecek / Page 29 of 38
With pre-computations:
where p-1 and q-1 have to be placed by α
5.3 Paillier Scheme Pre-computations for Decryption
Scheme 1 used in this project is not the most efficient one especially for
decryption as it is also mentioned in Pascal papers study [21]. Scheme 3 improves the
performance of decryption and he suggested in the same paper to pre-compute the
constant
instead of only p and q values applied in this project. Also
another constant parameter below can be pre-computed [21].
These constant pre-computations can be done with the same methods used in this project.
Online E-Voting Prototype System
Evecek / Page 30 of 38
6. Results
6.1 Pre-Computation Performance Evaluations
Pre-computations results are put into both the text file and the Pre-Computation
tables created in the SQL Server. Both the text file and the database solutions have
increased the performance in other words response time more than 80% in average for
both 256 and 128 bit key sizes. Unfortunately this test failed with 1024 and 512 bit key
sizes due to time out issues.
There is a parameter setup in the settings to use the random prime number
generator either real time or text file or database. As a default it will set to the real time.
XML solution also needs some improvements and this will be suggested in the future
improvements section of the project.
Online E-Voting Prototype System
Evecek / Page 31 of 38
Algorithm
Regular
Avg
Max
Min
With Pre-Computation
Real Time Computation
Change %
128 bit
128 bit
128 bit
0.283
0.368
0.203
1.937
2.804
0.329
86%
38%
85%
Table 6.1a 128 bit safe Prime numbers calculation table
Encrpytion Parameters Process Period with
Key Size 128
3500
Time (msec)
3000
2500
2000
1500
1000
500
0
1
2
3
4
5
6
7
8
9
10 11 12 13 14 15 16 17 18 19 20
Number (#)
Table 6.1b 128 bit safe Prime numbers calculation.
Online E-Voting Prototype System
Evecek / Page 32 of 38
Algorithm
Regular
Avg
Max
Min
With Pre-Computation
Real Time Computation
Change %
256 bit
256 bit
256 bit
0.381
0.542
0.291
2.133
2.926
0.306
82%
81%
5%
Table 6.2a 256 bit safe Prime numbers calculation table
Encrpytion Parameters Process Period with
Key Size 256
4000
3500
Time (msec)
3000
2500
2000
1500
1000
500
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Num ber (#)
Table 6.2b 256 bit safe Prime numbers calculation.
6.2. Defects Found
These defects are listed in the order in which they were found. It only includes
those defects found while creating the automated test suites, not those found and fixed
during software development.
Online E-Voting Prototype System
Evecek / Page 33 of 38
DefectID 1: When the election is created, it can not save title and username
details in the xml file.
Solution: _election parameter stored in the session was not initialized in the
beginning of the function. After initializing it is fixed.
DefectID 2: Back button is required after the ballots are created.
Solution: After ballots are created, back button is required by the Administrator
to be able to complete the election creation or ballot creation. Two link buttons are added,
one to the Main menu link and the other one is a link to the Elections page.
DefectID 3: Outside the compiler application was not able to respond to the
certificate assignment for the users.
Solution: This is fixed by assigning ports each time we run the application. A
dedicated port needs to be used by the administrator.
DefectID 4: XML output for the pre-computation does not work properly and
need to be fixed. Only real time computation and DB computations work which is
enough to show the efficiency improvements in the code.
Solution: This need to be fixed in the future releases.
DefectID 5: User Login page does not hide the password text.
Solution: This is fixed by changing the text box property.
Online E-Voting Prototype System
Evecek / Page 34 of 38
DefectID 6: User Name is the same as the certificate issued name used in the
certificate. If these names do not match, certificate can not be used and this will throw an
error. To minimize the issues,
user name from the login page will be passed to the
voting page automatically. This enhancement needs to be applied as this is an additional
requirement.
Solution: This is done by using Sessions in ASP .Net. username session is created
and the username is passed to the next form which is voting form.
6.3. Conclusion
Online E-voting system is a prototype developed by using PTC Web services. As
the need for voting system has started to increase and some organizations or countries has
started to look for the solutions, this can be the starting point to improve and deploy in
the real world scenarios.
In this project I have tried to explain the importance of Paillier cryptosystem, , its
unique properties and its application areas especially in e-voting.
We need to keep in mind htat voting is not the only process during the whole
voting processes. There might be some other security concerns that need to be considered
when such an application is built for practical reasons.
Lastly, Paillier Cryptosystem efficiency can be improved as suggested in many
papers [1], [8]. Random numbers pre-computation is one of the ways implemented in this
project. It has increased the calculation more than one of the ways. In the next section, I
will be listing all improvements that can be done to this web service and application.
Online E-Voting Prototype System
Evecek / Page 35 of 38
6.5. Future Suggestions
In this project E-Voting Online prototype application has been implemented. PTC
Web Services are used for the encryption and decryption process. The method
implemented and used on the PTC Web services is the first scheme invented by Paillier
ad explained above. In the following years in numerous projects other similar method
called Second Paillier Cryptosystem is used and this calculation simplifies the decryption.
This can be implemented in PTC Web services to improve the efficiency.
Additionally, there are few suggestions made about the efficiency improvement
above. Any of these or all of these can be applied to make the web services more
efficient. Most of the suggestions involve pre-computation of the constants in the
schemes invented. The pre-computation applied in this project can be applied to more
generic constants and have a dll application running continuously on the back ground
thread from the server instead of a button from the web server.
Lastly, tests failed on 512 and 1024 bit key size encryption. Design can be
changed to make it work with these key sizes.
Online E-Voting Prototype System
Evecek / Page 36 of 38
7. References
[1] http://cris.joongbu.ac.kr/publication/evoting_implementation-APIEMS2004.pdf
Implementation issues in a secure e-voting schemes, Riza Aditya, Byoungcheon Lee,
Colin Boyd and Ed Dawson.
[2]
http://www.euractiv.com/en/egovernment/estonia-country-world-introduce-internet-
voting/article-145735, Estonia first country in the world to introduce internet voting,
October 2005.
[3] http://www.cs.virginia.edu/~pev5b/writing/academic/thesis/thesis.html
Vote Early, Vote Often, and VoteHere: A Security Analysis of VoteHere, Philip E. Varner,
May 11, 2001.
[4] http://en.wikipedia.org/wiki/Public-key_cryptography Public-key cryptography.
[5] http://www.trustycom.fr/pdf/FoPoSt00.pdf P. Fouque, G. Poupard, J.Stern, Sharing
Decryption in the Context of Voting or Lotteries, Financial Cryptography 2000
Proceedings.
[6] http://www.captcha.net/ , the Official CAPTCHA web site.
[7] http://www.vote.caltech.edu/reports/alv-nag_loyola.pdf R. Michael Alvarez, Jonathan
Nagler, The Likely consequences of Internet Voting for Political Representations.
[8] P. Paillier, Public-Key Cryptosystems Based on Composite Degree Residuosity Classes,
Eurocrypt ‘99
[9] P. Fouque, G. Poupard, J.Stern, Sharing Decryption in the Context of Voting or
Lotteries, Financial Cryptography 2000 Proceedings.
[0] I. Damgard, M. Jurik, J. Nielson, A Generalization of Paillier’s Public-Key System with
Applications to Electronic Voting, Aarhus University, Dept. of Computer Science.
[1] A. Shamir, How to Share a Secret, Communications of the ACM 1979
Online E-Voting Prototype System
Evecek / Page 37 of 38
[2] A.J. Menezes, P. C. van Oorschot, and S.A. Vanstone, Handbook of Applied
Cryptography, CRC Press, 1997.
[3] D. Naccache, Double-Speed Safe Prime Generation, Gemplus Card International.
[4] M. Wiener, Safe Prime Generation with a Combined Sieve, Cryptographic Clarity.
[5] B. Wilson, C. E. Chow, Paillier Threshold Cryptography Web Service User’s Guide,
University of Colorado – Colorado Springs Master’s Project, 2006.
[16]http://www.cs.rit.edu:8080/ms/static/spr/2005/4/kar1141/report.pdf , Progress on
Probabilistic Encryption Schemes, Kert Richardson, July 2006.
[17] http://www.cs.umd.edu/~jkatz/THESES/staub.pdf.gz An Analysis of Chaum’s voterverifiable election scheme, Julie Ann Staub, 2005
[18] http://www.brics.dk/RS/00/45/BRICS-RS-00-45.pdf Ivan Damgard and
Mads J.
Jurik, A Generalization, a Simplification and Some Applications of Paillier’s
Probabilistic Public-Key System, PKC 2001.
[19] http://www.cryptovirology.com/cryptovfiles/newbook/Chapter4.pdf Implementing
Perfect Questionable Encryptions, Adam L. Young and Moti M. Yung.
[20]
http://www.rsa.com/rsalabs/cryptobytes/CryptoBytes_January_2002_final.pdf
CryptoBytes, Dan Boneh, Hovav Shacham, Spring 2002.
[21]
http://www.gemplus.com/smart/rd/publications/pdf/Pai99pai.pdf
Public-Key
CryptoSystems Based on Composite Degree Residuosity Classes, Pascal Paillier, 1999
[22] http://en.wikipedia.org/wiki/Paillier_cryptosystem , Paillier Crytosystem from
Wikipedia, the free encyclopedia.
Online E-Voting Prototype System
Evecek / Page 38 of 38
Download