Abstract
We present an analysis of a recent proposal by Dang-awan et al. who develop a remote electronic voting protocol based on secure multi-party computation framework Sharemind. Even though Sharemind comes with provable security guarantees and an application development framework, the proposed protocol and its implementation contain a number of flaws making the result insecure. We hope this case study serves as a good educational material for future secure computation application and voting protocol developers.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
References
Report of the National Workshop on Internet Voting: Issues and Research Agenda (March 2001), Internet Policy Institute. https://www.verifiedvoting.org/downloads/NSFInternetVotingReport.pdf
Archer, D.W., Bogdanov, D., Pinkas, B., Pullonen, P.: Maturity and performance of programmable secure computation. IEEE Secur. Priv. 14(5), 48–56 (2016). https://doi.org/10.1109/MSP.2016.97
Benaloh, J.C., Fischer, M.J.: A robust and verifiable cryptographically secure election scheme (extended abstract). In: 26th Annual Symposium on Foundations of Computer Science, Portland, Oregon, USA, October 21–23, 1985, pp. 372–382. IEEE Computer Society (1985). https://doi.org/10.1109/SFCS.1985.2
Benaloh, J.C., Yung, M.: Distributing the power of a government to enhance the privacy of voters (extended abstract). In: Halpern, J.Y. (ed.) Proceedings of the Fifth Annual ACM Symposium on Principles of Distributed Computing, Calgary, Alberta, Canada, August 11–13, 1986, pp. 52–62. ACM (1986). https://doi.org/10.1145/10590.10595
del Blanco, D.Y.M., Alonso, L.P., Alonso, J.A.H.: Review of cryptographic schemes applied to remote electronic voting systems: remaining challenges and the upcoming post-quantum paradigm. Open Math. 16(1), 95–112 (2018)
Bogdanov, D., Laud, P., Randmets, J.: Domain-polymorphic language for privacy-preserving applications. In: Proceedings of the First ACM Workshop on Language Support for Privacy-enhancing Technologies, PETShop 2013, pp. 23–26. ACM, New York (2013). https://doi.org/10.1145/2517872.2517875
Bogdanov, D., Laur, S., Willemson, J.: Sharemind: a framework for fast privacy-preserving computations. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 192–206. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-88313-5_13
Cramer, R., Damgård, I.B., Nielsen, J.B.: Secure Multiparty Computation and Secret Sharing. Cambridge University Press, Cambridge (2015)
Damgård, I., Pastro, V., Smart, N., Zakarias, S.: Multiparty computation from somewhat homomorphic encryption. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 643–662. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_38
Dang-awan, R., Piscos, J.A., Chua, R.B.: Using Sharemind as a tool to develop an internet voting system with secure multiparty computation. In: 2018 9th International Conference on Information, Intelligence, Systems and Applications (IISA), pp. 1–7. IEEE (July 2018)
Eerikson, H., Orlandi, C., Pullonen, P., Puura, J., Simkin, M.: Use your brain! Arithmetic 3PC for any modulus with active security. Cryptology ePrint Archive, Report 2019/164 (2019). https://eprint.iacr.org/2019/164
Frikken, K.B.: Secure multiparty computation. In: Atallah, M.J., Blanton, M. (eds.) Algorithms and Theory of Computation Handbook, Volume 2: Special Topics and Techniques, pp. 14:1–14:16. CRC Press, Boca Raton (2009)
Gang, C.: An electronic voting scheme based on secure multi-party computation. In: 2008 International Symposium on Computer Science and Computational Technology, vol. 1, pp. 292–294 (December 2008)
Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Mitzenmacher, M. (ed.) Proceedings of the 41st Annual ACM Symposium on Theory of Computing, STOC 2009, Bethesda, MD, USA, May 31–June 2, 2009, pp. 169–178. ACM (2009). https://doi.org/10.1145/1536414.1536440
Gjøsteen, K.: The Norwegian Internet voting protocol. In: Kiayias, A., Lipmaa, H. (eds.) Vote-ID 2011. LNCS, vol. 7187, pp. 1–18. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32747-6_1
Gjøsteen, K., Strand, M.: A roadmap to fully homomorphic elections: stronger security, better verifiability. In: Brenner, M., et al. (eds.) FC 2017. LNCS, vol. 10323, pp. 404–418. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70278-0_25
Heiberg, S., Willemson, J.: Verifiable Internet voting in Estonia. In: Krimmer, R., Volkamer, M. (eds.) 6th International Conference on Electronic Voting: Verifying the Vote, EVOTE 2014, Lochau/Bregenz, Austria, October 29–31, 2014, pp. 1–8. IEEE (2014). https://doi.org/10.1109/EVOTE.2014.7001135
Jonker, H., Mauw, S., Pang, J.: Privacy and verifiability in voting systems: methods, developments and trends. Comput. Sci. Rev. 10, 1–30 (2013). https://doi.org/10.1016/j.cosrev.2013.08.002
Krimmer, R.: The evolution of e-voting: why voting technology is used and how it affects democracy. Ph. D. thesis, Tallinn University of Technology, doctoral Theses Series I: Social Sciences (2012)
Laud, P., Pankova, A., Jagomägis, R.: Preprocessing based verification of multiparty protocols with honest majority. PoPETs 2017(4), 23–76 (2017). https://doi.org/10.1515/popets-2017-0038
Liu, C., Wang, X.S., Nayak, K., Huang, Y., Shi, E.: ObliVM: a programming framework for secure computation. In: 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, May 17–21, 2015, pp. 359–376. IEEE Computer Society (2015). https://doi.org/10.1109/SP.2015.29
Madise, Ü., Martens, T.: E-voting in Estonia 2005. The first practice of country-wide binding Internet voting in the world. In: Krimmer, R. (ed.) Electronic Voting 2006: 2nd International Workshop, Co-organized by Council of Europe, ESF TED, IFIP WG 8.6 and E-Voting.CC, August 2–4, 2006, Castle Hofen, Bregenz, Austria. LNI, vol. 86, pp. 15–26. GI (2006). http://subs.emis.de/LNI/Proceedings/Proceedings86/article4547.html
Martins, P., Sousa, L., Mariano, A.: A survey on fully homomorphic encryption: an engineering perspective. ACM Comput. Surv. 50(6), 83:1–83:33 (2017). https://doi.org/10.1145/3124441
Nair, D.G., Binu, V.P., Kumar, G.S.: An improved e-voting scheme using secret sharing based secure multi-party computation (2015)
Puiggalí, J., Cucurull, J., Guasch, S., Krimmer, R.: Verifiability experiences in government online voting systems. In: Krimmer, R., Volkamer, M., Braun Binder, N., Kersting, N., Pereira, O., Schürmann, C. (eds.) E-Vote-ID 2017. LNCS, vol. 10615, pp. 248–263. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-68687-5_15
Riazi, M.S., Weinert, C., Tkachenko, O., Songhori, E.M., Schneider, T., Koushanfar, F.: Chameleon: a hybrid secure computation framework for machine learning applications. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, ASIACCS 2018, pp. 707–721. ACM, New York (2018). https://doi.org/10.1145/3196494.3196522
Rivest, R.L.: On the notion of ‘software independence’ in voting systems. Philos. Trans. R. Soc. A Math. Phys. Eng. Sci. 366(1881), 3759–3767 (2008)
Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)
Springall, D., et al.: Security analysis of the Estonian Internet voting system. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 703–715. ACM (2014)
Yao, A.C.: Protocols for secure computations (extended abstract). In: 23rd Annual Symposium on Foundations of Computer Science, Chicago, Illinois, USA, November 3–5, 1982, pp. 160–164. IEEE Computer Society (1982). https://doi.org/10.1109/SFCS.1982.38
Acknowledgments
The research leading to these results has received funding from the Estonian Research Council under Institutional Research Grant IUT27-1 and the European Regional Development Fund through the Estonian Centre of Excellence in ICT Research (EXCITE) and the grant number EU48684.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Willemson, J. (2020). How Not to Use a Privacy-Preserving Computation Platform: Case Study of a Voting Application. In: Katsikas, S., et al. Computer Security. CyberICPS SECPRE SPOSE ADIoT 2019 2019 2019 2019. Lecture Notes in Computer Science(), vol 11980. Springer, Cham. https://doi.org/10.1007/978-3-030-42048-2_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-42048-2_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-42047-5
Online ISBN: 978-3-030-42048-2
eBook Packages: Computer ScienceComputer Science (R0)