Provable anonymity

Garcia, Flavio D.; Hasuo, Ichiro; Pieters, Wolter; Rossum, Peter van

doi:10.1145/1103576.1103585

Cited by 48 publications

(73 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Instead of investigating whether the spy can recover the vote from forwarded messages, we judge whether the spy really knows what the voter's choice was, based on any possible receipt. This notion of knows is characteristic for the epistemic logic approach, and this justifies our choice for the anonymity framework of [7] as a basis.…”

Section: Discussionmentioning

confidence: 90%

“…Following the definitions of anonymity in [7], we introduced an approach to formally verify weak and strong receipt-freeness in epistemic logic. To the best of our knowledge, we are the first to do so.…”

Section: Discussionmentioning

confidence: 99%

“…Garcia, Hasuo, Pieters and Van Rossum defined a framework for describing anonymity properties of protocols in epistemic logic [7]. We use this framework as the basis for our definitions of privacy and receipt-freeness.…”

Section: Conclusion On Vote Influencingmentioning

confidence: 99%

“…It does need to be legitimate with respect to the initial possession function. Poss IPo (r, A, |r| − 1) denotes the possessions of agent A at the end of the original run (see [7]). Weak receipt-freeness implies that the voter cannot prove to the spy that she sent message m during the protocol, where m is the (part of a) message representing the vote.…”

Section: Conclusion On Vote Influencingmentioning

confidence: 99%

“…Intuitively, anonymity means that it is impossible to determine who sent which message to whom. Depending on the context, different formalizations of the notion of anonymity seem to be necessary [7].…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Anonymity in Voting Revisited

Jonker

Pieters

2010

Towards Trustworthy Elections

Self Cite

View full text Add to dashboard Cite

Abstract. According to international law, anonymity of the voter is a fundamental precondition for democratic elections. In electronic voting, several aspects of voter anonymity have been identified. In this paper, we re-examine anonymity with respect to voting, and generalise existing notions of anonymity in e-voting. First, we identify and categorise the types of attack that can be a threat to anonymity of the voter, including different types of vote buying and coercion. This analysis leads to a categorisation of anonymity in voting in terms of a) the strength of the anonymity achieved and b) the extent of interaction between voter and attacker. Some of the combinations, including weak and strong receiptfreeness, are formalised in epistemic logic.

show abstract

Section: Discussionmentioning

confidence: 90%

Section: Discussionmentioning

confidence: 99%

Section: Conclusion On Vote Influencingmentioning

confidence: 99%

Section: Conclusion On Vote Influencingmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Anonymity in Voting Revisited

Jonker

Pieters

2010

Towards Trustworthy Elections

Self Cite

View full text Add to dashboard Cite

show abstract

Analysing the MUTE Anonymous File-Sharing System Using the Pi-Calculus

Chothia

2006

Lecture Notes in Computer Science

View full text Add to dashboard Cite

This paper gives details of a formal analysis of the MUTE system for anonymous file-sharing. We build pi-calculus models of a node that is innocent of sharing files, a node that is guilty of file-sharing and of the network environment. We then test to see if an attacker can distinguish between a connection to a guilty node and a connection to an innocent node. A weak bi-simulation between every guilty network and an innocent network would be required to show possible innocence. We find that such a bi-simulation cannot exist. The point at which the bisimulation fails leads directly to a previously undiscovered attack on MUTE. We describe a fix for the MUTE system that involves using authentication keys as the nodes' pseudo identities and give details of its addition to the MUTE system.

show abstract

Towards Logical Specification of Statistical Machine Learning

Kawamoto

2019

Software Engineering and Formal Methods

View full text Add to dashboard Cite

We introduce a logical approach to formalizing statistical properties of machine learning. Specifically, we propose a formal model for statistical classification based on a Kripke model, and formalize various notions of classification performance, robustness, and fairness of classifiers by using epistemic logic. Then we show some relationships among properties of classifiers and those between classification performance and robustness, which suggests robustness-related properties that have not been formalized in the literature as far as we know. To formalize fairness properties, we define a notion of counterfactual knowledge and show techniques to formalize conditional indistinguishability by using counterfactual epistemic operators. As far as we know, this is the first work that uses logical formulas to express statistical properties of machine learning, and that provides epistemic (resp. counterfactually epistemic) views on robustness (resp. fairness) of classifiers.

show abstract

Provable anonymity

Cited by 48 publications

References 19 publications

Anonymity in Voting Revisited

Anonymity in Voting Revisited

Analysing the MUTE Anonymous File-Sharing System Using the Pi-Calculus

Towards Logical Specification of Statistical Machine Learning

Contact Info

Product

Resources

About