Skip to main content
SpringerLink
Log in
Book cover

International Workshop on the Security of Industrial Control Systems and Cyber-Physical Systems

International Workshop on Security and Privacy Requirements Engineering

International Workshop on Security, Privacy, Organizations, and Systems Engineering

International Workshop on Attacks and Defenses for Internet-of-Things

CyberICPS 2019, SECPRE 2019, SPOSE 2019, ADIoT 2019: Computer Security pp 111–121Cite as

How Not to Use a Privacy-Preserving Computation Platform: Case Study of a Voting Application

  • Conference paper
  • First Online:

  • 1624 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11980))

Abstract

We present an analysis of a recent proposal by Dang-awan et al. who develop a remote electronic voting protocol based on secure multi-party computation framework Sharemind. Even though Sharemind comes with provable security guarantees and an application development framework, the proposed protocol and its implementation contain a number of flaws making the result insecure. We hope this case study serves as a good educational material for future secure computation application and voting protocol developers.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    https://sharemind.cyber.ee/.

References

  1. Report of the National Workshop on Internet Voting: Issues and Research Agenda (March 2001), Internet Policy Institute. https://www.verifiedvoting.org/downloads/NSFInternetVotingReport.pdf

  2. Archer, D.W., Bogdanov, D., Pinkas, B., Pullonen, P.: Maturity and performance of programmable secure computation. IEEE Secur. Priv. 14(5), 48–56 (2016). https://doi.org/10.1109/MSP.2016.97

    Article  Google Scholar 

  3. Benaloh, J.C., Fischer, M.J.: A robust and verifiable cryptographically secure election scheme (extended abstract). In: 26th Annual Symposium on Foundations of Computer Science, Portland, Oregon, USA, October 21–23, 1985, pp. 372–382. IEEE Computer Society (1985). https://doi.org/10.1109/SFCS.1985.2

  4. Benaloh, J.C., Yung, M.: Distributing the power of a government to enhance the privacy of voters (extended abstract). In: Halpern, J.Y. (ed.) Proceedings of the Fifth Annual ACM Symposium on Principles of Distributed Computing, Calgary, Alberta, Canada, August 11–13, 1986, pp. 52–62. ACM (1986). https://doi.org/10.1145/10590.10595

  5. del Blanco, D.Y.M., Alonso, L.P., Alonso, J.A.H.: Review of cryptographic schemes applied to remote electronic voting systems: remaining challenges and the upcoming post-quantum paradigm. Open Math. 16(1), 95–112 (2018)

    Article  MathSciNet  Google Scholar 

  6. Bogdanov, D., Laud, P., Randmets, J.: Domain-polymorphic language for privacy-preserving applications. In: Proceedings of the First ACM Workshop on Language Support for Privacy-enhancing Technologies, PETShop 2013, pp. 23–26. ACM, New York (2013). https://doi.org/10.1145/2517872.2517875

  7. Bogdanov, D., Laur, S., Willemson, J.: Sharemind: a framework for fast privacy-preserving computations. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 192–206. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-88313-5_13

    Chapter  Google Scholar 

  8. Cramer, R., Damgård, I.B., Nielsen, J.B.: Secure Multiparty Computation and Secret Sharing. Cambridge University Press, Cambridge (2015)

    Book  Google Scholar 

  9. Damgård, I., Pastro, V., Smart, N., Zakarias, S.: Multiparty computation from somewhat homomorphic encryption. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 643–662. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_38

    Chapter  Google Scholar 

  10. Dang-awan, R., Piscos, J.A., Chua, R.B.: Using Sharemind as a tool to develop an internet voting system with secure multiparty computation. In: 2018 9th International Conference on Information, Intelligence, Systems and Applications (IISA), pp. 1–7. IEEE (July 2018)

    Google Scholar 

  11. Eerikson, H., Orlandi, C., Pullonen, P., Puura, J., Simkin, M.: Use your brain! Arithmetic 3PC for any modulus with active security. Cryptology ePrint Archive, Report 2019/164 (2019). https://eprint.iacr.org/2019/164

  12. Frikken, K.B.: Secure multiparty computation. In: Atallah, M.J., Blanton, M. (eds.) Algorithms and Theory of Computation Handbook, Volume 2: Special Topics and Techniques, pp. 14:1–14:16. CRC Press, Boca Raton (2009)

    Google Scholar 

  13. Gang, C.: An electronic voting scheme based on secure multi-party computation. In: 2008 International Symposium on Computer Science and Computational Technology, vol. 1, pp. 292–294 (December 2008)

    Google Scholar 

  14. Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Mitzenmacher, M. (ed.) Proceedings of the 41st Annual ACM Symposium on Theory of Computing, STOC 2009, Bethesda, MD, USA, May 31–June 2, 2009, pp. 169–178. ACM (2009). https://doi.org/10.1145/1536414.1536440

  15. Gjøsteen, K.: The Norwegian Internet voting protocol. In: Kiayias, A., Lipmaa, H. (eds.) Vote-ID 2011. LNCS, vol. 7187, pp. 1–18. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32747-6_1

    Chapter  Google Scholar 

  16. Gjøsteen, K., Strand, M.: A roadmap to fully homomorphic elections: stronger security, better verifiability. In: Brenner, M., et al. (eds.) FC 2017. LNCS, vol. 10323, pp. 404–418. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70278-0_25

    Chapter  Google Scholar 

  17. Heiberg, S., Willemson, J.: Verifiable Internet voting in Estonia. In: Krimmer, R., Volkamer, M. (eds.) 6th International Conference on Electronic Voting: Verifying the Vote, EVOTE 2014, Lochau/Bregenz, Austria, October 29–31, 2014, pp. 1–8. IEEE (2014). https://doi.org/10.1109/EVOTE.2014.7001135

  18. Jonker, H., Mauw, S., Pang, J.: Privacy and verifiability in voting systems: methods, developments and trends. Comput. Sci. Rev. 10, 1–30 (2013). https://doi.org/10.1016/j.cosrev.2013.08.002

    Article  MATH  Google Scholar 

  19. Krimmer, R.: The evolution of e-voting: why voting technology is used and how it affects democracy. Ph. D. thesis, Tallinn University of Technology, doctoral Theses Series I: Social Sciences (2012)

    Google Scholar 

  20. Laud, P., Pankova, A., Jagomägis, R.: Preprocessing based verification of multiparty protocols with honest majority. PoPETs 2017(4), 23–76 (2017). https://doi.org/10.1515/popets-2017-0038

    Article  Google Scholar 

  21. Liu, C., Wang, X.S., Nayak, K., Huang, Y., Shi, E.: ObliVM: a programming framework for secure computation. In: 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, May 17–21, 2015, pp. 359–376. IEEE Computer Society (2015). https://doi.org/10.1109/SP.2015.29

  22. Madise, Ü., Martens, T.: E-voting in Estonia 2005. The first practice of country-wide binding Internet voting in the world. In: Krimmer, R. (ed.) Electronic Voting 2006: 2nd International Workshop, Co-organized by Council of Europe, ESF TED, IFIP WG 8.6 and E-Voting.CC, August 2–4, 2006, Castle Hofen, Bregenz, Austria. LNI, vol. 86, pp. 15–26. GI (2006). http://subs.emis.de/LNI/Proceedings/Proceedings86/article4547.html

  23. Martins, P., Sousa, L., Mariano, A.: A survey on fully homomorphic encryption: an engineering perspective. ACM Comput. Surv. 50(6), 83:1–83:33 (2017). https://doi.org/10.1145/3124441

    Article  Google Scholar 

  24. Nair, D.G., Binu, V.P., Kumar, G.S.: An improved e-voting scheme using secret sharing based secure multi-party computation (2015)

    Google Scholar 

  25. Puiggalí, J., Cucurull, J., Guasch, S., Krimmer, R.: Verifiability experiences in government online voting systems. In: Krimmer, R., Volkamer, M., Braun Binder, N., Kersting, N., Pereira, O., Schürmann, C. (eds.) E-Vote-ID 2017. LNCS, vol. 10615, pp. 248–263. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-68687-5_15

    Chapter  Google Scholar 

  26. Riazi, M.S., Weinert, C., Tkachenko, O., Songhori, E.M., Schneider, T., Koushanfar, F.: Chameleon: a hybrid secure computation framework for machine learning applications. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, ASIACCS 2018, pp. 707–721. ACM, New York (2018). https://doi.org/10.1145/3196494.3196522

  27. Rivest, R.L.: On the notion of ‘software independence’ in voting systems. Philos. Trans. R. Soc. A Math. Phys. Eng. Sci. 366(1881), 3759–3767 (2008)

    Article  MathSciNet  Google Scholar 

  28. Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)

    Article  MathSciNet  Google Scholar 

  29. Springall, D., et al.: Security analysis of the Estonian Internet voting system. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 703–715. ACM (2014)

    Google Scholar 

  30. Yao, A.C.: Protocols for secure computations (extended abstract). In: 23rd Annual Symposium on Foundations of Computer Science, Chicago, Illinois, USA, November 3–5, 1982, pp. 160–164. IEEE Computer Society (1982). https://doi.org/10.1109/SFCS.1982.38

Download references

Acknowledgments

The research leading to these results has received funding from the Estonian Research Council under Institutional Research Grant IUT27-1 and the European Regional Development Fund through the Estonian Centre of Excellence in ICT Research (EXCITE) and the grant number EU48684.

Author information

Authors and Affiliations

  1. Cybernetica AS, Ülikooli 2, 51003, Tartu, Estonia

    Jan Willemson

  2. STACC, Ülikooli 2, 51003, Tartu, Estonia

    Jan Willemson

Authors
  1. Jan Willemson
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jan Willemson .

Editor information

Editors and Affiliations

  1. Open University of Cyprus, Latsia, Cyprus

    Sokratis Katsikas

  2. IMT Atlantique, Brest, France

    Frédéric Cuppens

  3. IMT Atlantique, Brest, France

    Nora Cuppens

  4. University of Piraeus, Piraeus, Greece

    Costas Lambrinoudakis

  5. University of the Aegean, Mytilene, Greece

    Christos Kalloniatis

  6. University of Toronto, Toronto, ON, Canada

    John Mylopoulos

  7. Georgia Institute of Technology, Atlanta, GA, USA

    Annie Antón

  8. University of Piraeus, Piraeus, Greece

    Stefanos Gritzalis

  9. Technical University of Berlin, Berlin, Germany

    Frank Pallas

  10. Alexander von Humboldt Institute for Internet and Society, Berlin, Germany

    Jörg Pohle

  11. Ruhr University Bochum, Bochum, Germany

    Angela Sasse

  12. Technical University of Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

  13. University of Plymouth, Plymouth, UK

    Steven Furnell

  14. Télécom SudParis, Evry, France

    Joaquin Garcia-Alfaro

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Willemson, J. (2020). How Not to Use a Privacy-Preserving Computation Platform: Case Study of a Voting Application. In: Katsikas, S., et al. Computer Security. CyberICPS SECPRE SPOSE ADIoT 2019 2019 2019 2019. Lecture Notes in Computer Science(), vol 11980. Springer, Cham. https://doi.org/10.1007/978-3-030-42048-2_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-42048-2_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-42047-5

  • Online ISBN: 978-3-030-42048-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation