Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security 2019
DOI: 10.1145/3319535.3354247
|View full text |Cite
|
Sign up to set email alerts
|

Verified Verifiers for Verifying Elections

Abstract: The security and trustworthiness of elections is critical to democracy; alas, securing elections is notoriously hard. Powerful cryptographic techniques for verifying the integrity of electronic voting have been developed and are in increasingly common use. The claimed security guarantees of most of these techniques have been formally proved. However, implementing the cryptographic verifiers which utilise these techniques is a technical and error prone process, and often leads to critical errors appearing in th… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
5
0

Year Published

2020
2020
2022
2022

Publication Types

Select...
5
2

Relationship

1
6

Authors

Journals

citations
Cited by 9 publications
(5 citation statements)
references
References 43 publications
0
5
0
Order By: Relevance
“…For the machine checked proof we will make use of the interactive theorem prover Coq. Our work expands upon Haines et al [10]; who demonstrated how interactive theorem provers and code extraction can be used to gain much higher confidence in the outcome of elections; they achieved this by using the interactive theorem prover Coq and its code extraction facility to produce verifiers, for verifiable voting schemes, with the verifiers proven to be cryptographically correct. They also showed that it was possible to verify the correctness (completeness, soundness and zero-knowledge) of a proof of correct shuffle.…”
Section: Machine Checked Proofmentioning
confidence: 79%
“…For the machine checked proof we will make use of the interactive theorem prover Coq. Our work expands upon Haines et al [10]; who demonstrated how interactive theorem provers and code extraction can be used to gain much higher confidence in the outcome of elections; they achieved this by using the interactive theorem prover Coq and its code extraction facility to produce verifiers, for verifiable voting schemes, with the verifiers proven to be cryptographically correct. They also showed that it was possible to verify the correctness (completeness, soundness and zero-knowledge) of a proof of correct shuffle.…”
Section: Machine Checked Proofmentioning
confidence: 79%
“…In particular, in a setting-like ours-in which the tallier is honest, the shuffle is indeed indistinguishable from our idealization. Prior work [14], [15] has proved that the interactive variants of the verifiable shuffles suggested for use with Selene are zero-knowledge proofs which leak no information; this would suffice to prove equivalence with our idealisation. However, this has not been machine checked for the interactive variant due to issues the currently available tools have with handling random oracles.…”
Section: Selenementioning
confidence: 92%
“…One advantage of using Coq is that we able to take advantage of it's well-established code extraction facility to produce practical implementations of the verified specifications. This has been done before by Haines et al [23,24] who proved the security of the underlying sigma protocol in the Terelius-Wikström [42,44] proof of shuffle and used the extraction facility to produce a verifier to check real elections. Compared to their work ours is more general in that Terelius-Wikström was only proved for reencryption and re-randomisation whereas we cover a much wider class of underlying relations.…”
Section: Machine-checked Proofsmentioning
confidence: 99%
“…For this reason, we prove our transform under established definitions. We use the definition of a Σ-protocol from [24] which was subsequently refined in [23].…”
Section: Machine-checked Proofsmentioning
confidence: 99%