如何不证明你的选举结果

2020 IEEE Symposium on Security and Privacy (SP) Pub Date : 2020-05-01 DOI:10.1109/SP40000.2020.00048

Thomas Haines, Sarah Jamie Lewis, Olivier Pereira, Vanessa Teague

{"title":"如何不证明你的选举结果","authors":"Thomas Haines, Sarah Jamie Lewis, Olivier Pereira, Vanessa Teague","doi":"10.1109/SP40000.2020.00048","DOIUrl":null,"url":null,"abstract":"The Scytl/SwissPost e-voting solution was intended to provide complete verifiability for Swiss government elections. We show failures in both individual verifiability and universal verifiability (as defined in Swiss Federal Ordinance 161.116), based on mistaken implementations of cryptographic components. These failures allow for the construction of \"proofs\" of an accurate election outcome that pass verification though the votes have been manipulated. Using sophisticated cryptographic protocols without a proper consideration of what properties they offer, and under which conditions, can introduce opportunities for undetectable fraud even though the system appears to allow verification of the outcome.Our findings are immediately relevant to systems in use in Switzerland and Australia, and probably also elsewhere.","PeriodicalId":6849,"journal":{"name":"2020 IEEE Symposium on Security and Privacy (SP)","volume":"9 1","pages":"644-660"},"PeriodicalIF":0.0000,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"38","resultStr":"{\"title\":\"How not to prove your election outcome\",\"authors\":\"Thomas Haines, Sarah Jamie Lewis, Olivier Pereira, Vanessa Teague\",\"doi\":\"10.1109/SP40000.2020.00048\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The Scytl/SwissPost e-voting solution was intended to provide complete verifiability for Swiss government elections. We show failures in both individual verifiability and universal verifiability (as defined in Swiss Federal Ordinance 161.116), based on mistaken implementations of cryptographic components. These failures allow for the construction of \\\"proofs\\\" of an accurate election outcome that pass verification though the votes have been manipulated. Using sophisticated cryptographic protocols without a proper consideration of what properties they offer, and under which conditions, can introduce opportunities for undetectable fraud even though the system appears to allow verification of the outcome.Our findings are immediately relevant to systems in use in Switzerland and Australia, and probably also elsewhere.\",\"PeriodicalId\":6849,\"journal\":{\"name\":\"2020 IEEE Symposium on Security and Privacy (SP)\",\"volume\":\"9 1\",\"pages\":\"644-660\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-05-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"38\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 IEEE Symposium on Security and Privacy (SP)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SP40000.2020.00048\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE Symposium on Security and Privacy (SP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SP40000.2020.00048","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 38

摘要

Scytl/SwissPost电子投票解决方案旨在为瑞士政府选举提供完整的可验证性。我们展示了基于错误实现加密组件的个人可验证性和通用可验证性(如瑞士联邦条例161.116所定义)的失败。这些失败使得构建准确选举结果的“证据”成为可能，尽管选票被操纵，但这些“证据”可以通过核查。使用复杂的加密协议，而没有适当考虑它们提供的属性，以及在什么条件下，可能会引入无法检测到的欺诈机会，即使系统似乎允许验证结果。我们的发现与瑞士和澳大利亚使用的系统立即相关，可能也与其他地方相关。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

How not to prove your election outcome

The Scytl/SwissPost e-voting solution was intended to provide complete verifiability for Swiss government elections. We show failures in both individual verifiability and universal verifiability (as defined in Swiss Federal Ordinance 161.116), based on mistaken implementations of cryptographic components. These failures allow for the construction of "proofs" of an accurate election outcome that pass verification though the votes have been manipulated. Using sophisticated cryptographic protocols without a proper consideration of what properties they offer, and under which conditions, can introduce opportunities for undetectable fraud even though the system appears to allow verification of the outcome.Our findings are immediately relevant to systems in use in Switzerland and Australia, and probably also elsewhere.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2020 IEEE Symposium on Security and Privacy (SP)

自引率

0.00%

发文量

期刊最新文献

Unexpected Data Dependency Creation and Chaining: A New Attack to SDN TextExerciser: Feedback-driven Text Input Exercising for Android Applications Ijon: Exploring Deep State Spaces via Fuzzing Efficient and Secure Multiparty Computation from Fixed-Key Block Ciphers EverCrypt: A Fast, Verified, Cross-Platform Cryptographic Provider