Post-Quantum Secure Verifiable Tally-Hiding Remote E-Voting

后量子安全可验证隐藏计票远程电子投票

• 批准号: 411720488
• 负责人: Professor Dr. Ralf Küsters
• 金额: --
• 依托单位: Institut für Informationssicherheit
• 依托单位国家: 德国
• 项目类别: Research Grants
• 资助国家: 德国
• 项目状态: 未结题
• 来源: https://gepris.dfg.de/gepris/projekt/411720488?language=en
• 关键词: Post; Quantum; Secure; Verifiable; Tally

Elections are an important corner stone of democratic processes. In recent years, remote electronic voting (e-voting) has gained a lot of popularity for both major political elections and small to medium-sized elections in companies and associations. A key security property of modern e-voting systems is verifiability: voters should be able to verify that their votes were actually counted and everyone should be able to verify whether the election outcome corresponds to the submitted votes, even if election servers have programming errors or are outright malicious. To achieve verifiability, most e-voting systems publish the full tally, i.e., the set of all ballots or an aggregation thereof (number of votes per candidate), along with some additional information, such as zero-knowledge proofs, which prove that the tally is correct. From the tally, everyone can then compute the election result, e.g., the winning candidate(s). Publishing the full tally as an intermediate step comes, however, with several downsides such as biasing voters, weakening mandates, and enabling so-called Italian attacks. These issues are addressed by tally-hiding e-voting systems that only publish the actual election result, say, the winning candidate, while keeping intermediate information, such as the full tally, hidden. In the predecessor project, we made several major contributions to tally-hiding e-voting. Among others, we proposed the first provably secure verifiable and tally-hiding systems. However, none of the existing tally-hiding systems provide post-quantum security, and hence, they break down in presence of quantum attackers. Guaranteeing security also in presence of such attackers is pressing already today as future attackers with access to quantum computers could retroactively break vote privacy of today's elections using data stored about such elections. The goal of this follow-up project is therefore to fill this research gap by lifting verifiable tally-hiding voting to the post-quantum setting. As part of this project we will, among others, build the first provably post-quantum secure tally-hiding and verifiable e-voting systems. To achieve post-quantum security and also obtain practical performance for these systems, we will make use of, adapt, and devise new post-quantum secure cryptographic schemes and techniques, including general purpose non-interactive zero-knowledge proofs, homomorphic encryption schemes, and publicly verifiable multi-party computation protocols.

选举是民主进程的重要基石。近年来，远程电子投票（e-voting）在大型政治选举以及公司和协会的中小型选举中都得到了广泛的普及。现代电子投票系统的一个关键安全属性是可验证性：选民应该能够验证他们的选票是否被实际统计，每个人都应该能够验证选举结果是否与提交的选票相对应，即使选举服务器有编程错误或完全恶意。为了实现可验证性，大多数电子投票系统都会发布完整的计票结果，即所有选票的集合或其聚合（每位候选人的投票数），以及一些额外的信息，例如证明计票结果正确的零知识证明。从点票中，每个人都可以计算出选举结果，例如，获胜的候选人。然而，作为中间步骤，公布完整的计票结果有几个缺点，比如偏袒选民，削弱授权，以及使所谓的意大利攻击成为可能。这些问题是通过隐藏计票结果的电子投票系统解决的，该系统只公布实际的选举结果，比如获胜的候选人，同时隐藏中间信息，比如完整的计票结果。在前一个项目中，我们对隐藏计数的电子投票做出了几个主要贡献。其中，我们提出了第一个可证明安全的可验证和记录隐藏系统。然而，现有的计数隐藏系统都没有提供后量子安全，因此，它们在量子攻击者面前会崩溃。在这样的攻击者面前保证安全已经迫在眉睫，因为未来的攻击者可以访问量子计算机，利用存储在这些选举中的数据追溯性地破坏今天选举的投票隐私。因此，这个后续项目的目标是通过将可验证的计数隐藏投票提升到后量子设置来填补这一研究空白。作为该项目的一部分，我们将建立第一个可证明的后量子安全计数隐藏和可验证的电子投票系统。为了实现后量子安全并获得这些系统的实际性能，我们将利用、调整和设计新的后量子安全加密方案和技术，包括通用的非交互式零知识证明、同态加密方案和可公开验证的多方计算协议。