论文信息 - Clash Attacks and the STAR-Vote System

Clash Attacks and the STAR-Vote System

STAR-Vote is an end-to-end cryptographic voting system that produces both plaintext paper ballots and encrypted electronic records of each ballot. We describe how clash attacks against STAR-Vote could weaken its security guarantees: corrupt voting terminals could identify voters with identical ballot preferences and print identical receipts for them, while generating electronic ballot ciphertexts for other candidates. Each voter would then be able to “verify” their ballot on the public bulletin board, but the electronic tally would include alternative ciphertexts corresponding to the duplicate voters. We describe how this threat can be exploited and mitigated with existing STAR-Vote mechanisms, including STAR-Vote’s use of Benaloh challenges and a cryptographic hash chain. We also describe how this threat can be mitigated through statistical sampling of the printed paper ballots as an extension to the risk-limiting audits that STAR-Vote already requires.

Dan S. Wallach | Olivier Pereira | D. Wallach | Olivier Pereira

[1] Ronald L. Rivest,et al. Marked Mix-Nets , 2017, Financial Cryptography Workshops.

[2] Ralf Küsters,et al. Clash Attacks on the Verifiability of E-Voting Systems , 2012, 2012 IEEE Symposium on Security and Privacy.

[3] Douglas Wikström,et al. A Commitment-Consistent Proof of a Shuffle , 2009, ACISP.

[4] Philip B. Stark,et al. SOBA: Secrecy-preserving Observable Ballot-level Audit , 2011, EVT/WOTE.

[5] Ben Riva,et al. A New Implementation of a Dual (Paper and Cryptographic) Voting System , 2012, Electronic Voting.

[6] Philip B. Stark,et al. STAR-Vote: A Secure, Transparent, Auditable, and Reliable Voting System , 2012, EVT/WOTE.

[7] Jean-Jacques Quisquater,et al. Electing a University President Using Open-Audit Voting: Analysis of Real-World Use of Helios , 2009, EVT/WOTE.

[8] Markus Jakobsson,et al. Making Mix Nets Robust for Electronic Voting by Randomized Partial Checking , 2002, USENIX Security Symposium.

[9] Anirban DasGupta,et al. The matching, birthday and the strong birthday problem: a contemporary review , 2005 .

[10] Thomas Peters,et al. Election Verifiability or Ballot Privacy: Do We Need to Choose? , 2013, ESORICS.

[11] Warren D. Smith. Three Voting Protocols: ThreeBallot, VAV, and Twin , 2007, EVT.

[12] Josh Benaloh,et al. Simple Verifiable Elections , 2006, EVT.

[13] Josh Benaloh,et al. Ballot Casting Assurance via Voter-Initiated Poll Station Auditing , 2007, EVT.