Registro Prático Aplicado a um Sistema de Votação Resistente à Coerção
Resumo
A pandemia recente levou muitas instituições brasileiras a adotarem votações via Internet. Todavia, elas certamente ignoram o problema da coerção. Embora esse problema não possua uma solução apropriada, alguns protocolos de votação possibilitam mitigá-lo. Para isso, eles utilizam a ideia de credenciais anônimas. Votantes recebem essas credenciais em uma fase de registro e as utilizam posteriormente para votar. Infelizmente protocolos de votação como o de ABRTY não consideram aspectos práticos na fase de registro, o que dificulta o uso desses protocolos em eleições reais. Neste contexto, este trabalho introduz um protocolo prático para o registro de credenciais no esquema de ABRTY. A nova ideia é também aplicada a um sistema de votação resistente à coerção.
Referências
Adida, B. (2008). Helios: Web-based open-audit voting. In van Oorschot, P. C., editor, Proceedings of the 17th USENIX Security Symposium, July 28-August 1, 2008, San Jose, CA, USA, pages 335–348. USENIX Association.
Amin, V. (2020). Servidores e estudantes têm até 21h para participar de consulta pública. Disponível em [link]. Acesso em 30/07/2020.
Araújo, R., Neto, A., and Traoré, J. (2018). CIVIS A Coercion-Resistant Election System. In Anais do XVIII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, pages 29–42, Natal, RN, Brasil. Sociedade Brasileira de Computação (SBC).
Araújo, R., Rajeb, N. B., Robbana, R., Traoré, J., and Yousfi, S. (2010). Towards practical and secure coercion-resistant electronic elections. In Heng, S., Wright, R. N., and Goi, B., editors, Cryptology and Network Security 9th International Conference, CANS 2010, Kuala Lumpur, Malaysia, December 12-14, 2010. Proceedings, volume 6467 of Lecture Notes in Computer Science, pages 278–297. Springer.
Araújo, R. and Traoré, J. (2013). A practical coercion resistant voting scheme revisited. In Heather, J., Schneider, S. A., and Teague, V., editors, E-Voting and Identify 4th International Conference, Vote-ID 2013, Guildford, UK, July 17-19, 2013. Proceedings, volume 7985 of Lecture Notes in Computer Science, pages 193–209. Springer.
Boneh, D. (1998). The decision diffie-hellman problem. In Buhler, J., editor, Algorithmic Number Theory, Third International Symposium, ANTS-III, Portland, Oregon, USA, June 21-25, 1998, Proceedings, volume 1423 of Lecture Notes in Computer Science, pages 48–63. Springer.
Boneh, D. and Boyen, X. (2004). Short signatures without random oracles. In Cachin, C. and Camenisch, J., editors, Advances in Cryptology EUROCRYPT 2004, International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, May 2-6, 2004, Proceedings, volume 3027 of Lecture Notes in Computer Science, pages 56–73. Springer.
Camenisch, J., Hohenberger, S., Kohlweiss, M., Lysyanskaya, A., and Meyerovich, M. (2006). How to win the clonewars: Efficient periodic n-times anonymous authentication. In Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS ’06, page 201–210, New York, NY, USA. Association for Computing Machinery.
Camenisch, J. and Stadler, M. (1997). Proof systems for general statements about discrete logarithms. Technical report, Institute for Theoretical Computer Science, ETH Zurich.
Chaum, D. and Pedersen, T. P. (1992). Wallet databases with observers. In Brickell, E. F., editor, Advances in Cryptology CRYPTO ’92, 12th Annual International Cryptology Conference, Santa Barbara, California, USA, August 16-20, 1992, Proceedings, volume 740 of Lecture Notes in Computer Science, pages 89–105. Springer.
Clark, J. and Hengartner, U. (2008). Panic passwords: Authenticating under duress. In Provos, N., editor, 3rd USENIX Workshop on Hot Topics in Security, HotSec’08, San Jose, CA, USA, July 29, 2008, Proceedings. USENIX Association.
Clark, J. and Hengartner, U. (2011). Selections: Internet voting with over-the-shoulder coercion-resistance. In Danezis, G., editor, Financial Cryptography and Data Security 15th International Conference, FC 2011, Gros Islet, St. Lucia, February 28 March 4, 2011, Revised Selected Papers, volume 7035 of Lecture Notes in Computer Science, pages 47–61. Springer.
DSF, D. S. F. (2020). Django The web framework for perfectionists with deadlines. https://www.djangoproject.com/. Acesso em Agosto/2020.
Fiat, A. and Shamir, A. (1986). How to prove yourself: Practical solutions to identification and signature problems. In Odlyzko, A. M., editor, Advances in Cryptology CRYPTO ’86, Santa Barbara, California, USA, 1986, Proceedings, volume 263 of Lecture Notes in Computer Science, pages 186–194. Springer.
Jakobsson, M., Sako, K., and Impagliazzo, R. (1996). Designated verifier proofs and their applications. In Maurer, U. M., editor, Advances in Cryptology EUROCRYPT ’96, International Conference on the Theory and Application of Cryptographic Techniques, Saragossa, Spain, May 12-16, 1996, Proceeding, volume 1070 of Lecture Notes in Computer Science, pages 143–154. Springer.
Juels, A., Catalano, D., and Jakobsson, M. (2005). Coercion-resistant electronic elections. In Atluri, V., di Vimercati, S. D. C., and Dingledine, R., editors, Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society, WPES 2005, Alexandria, VA, USA, November 7, 2005, pages 61–70. ACM.
Kaliski, B. (2000). PKCS 5: Password-Based Cryptography Specification Version 2.0. RFC 2898.
Leite, M. and Araújo, R. S. (2019). Credenciais de votação baseadas em bip para protocolos de votação resistentes à coerção. In Anais do XIX Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais - IV Workshop de Tecnologia Eleitoral, São Paulo, SP, Brasil. Sociedade Brasileira de Computação (SBC).
MDN (2020). MDN Web Docs Javascript. https://developer.mozilla.org/en-US/docs/Web/JavaScript. Acesso em Agosto/2020.
NIST (2015). FIPS PUB 202 – SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. Disponível em https://csrc.nist.gov/publications/detail/fips/202/final.
Palatinus, M., Rusnak, P., Voisine, A., and Bowe, S. (2013). Mnemonic code for generating deterministic keys. Disponível em https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki. GitHub repository.
PSF, P. S. F. (2020). Python language reference. http://www.python.org/. Acesso em Agosto/2020.
Schnorr, C. (1991). Efficient signature generation by smart cards. J. Cryptology, 4(3):161–174.
Amin, V. (2020). Servidores e estudantes têm até 21h para participar de consulta pública. Disponível em [link]. Acesso em 30/07/2020.
Araújo, R., Neto, A., and Traoré, J. (2018). CIVIS A Coercion-Resistant Election System. In Anais do XVIII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, pages 29–42, Natal, RN, Brasil. Sociedade Brasileira de Computação (SBC).
Araújo, R., Rajeb, N. B., Robbana, R., Traoré, J., and Yousfi, S. (2010). Towards practical and secure coercion-resistant electronic elections. In Heng, S., Wright, R. N., and Goi, B., editors, Cryptology and Network Security 9th International Conference, CANS 2010, Kuala Lumpur, Malaysia, December 12-14, 2010. Proceedings, volume 6467 of Lecture Notes in Computer Science, pages 278–297. Springer.
Araújo, R. and Traoré, J. (2013). A practical coercion resistant voting scheme revisited. In Heather, J., Schneider, S. A., and Teague, V., editors, E-Voting and Identify 4th International Conference, Vote-ID 2013, Guildford, UK, July 17-19, 2013. Proceedings, volume 7985 of Lecture Notes in Computer Science, pages 193–209. Springer.
Boneh, D. (1998). The decision diffie-hellman problem. In Buhler, J., editor, Algorithmic Number Theory, Third International Symposium, ANTS-III, Portland, Oregon, USA, June 21-25, 1998, Proceedings, volume 1423 of Lecture Notes in Computer Science, pages 48–63. Springer.
Boneh, D. and Boyen, X. (2004). Short signatures without random oracles. In Cachin, C. and Camenisch, J., editors, Advances in Cryptology EUROCRYPT 2004, International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, May 2-6, 2004, Proceedings, volume 3027 of Lecture Notes in Computer Science, pages 56–73. Springer.
Camenisch, J., Hohenberger, S., Kohlweiss, M., Lysyanskaya, A., and Meyerovich, M. (2006). How to win the clonewars: Efficient periodic n-times anonymous authentication. In Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS ’06, page 201–210, New York, NY, USA. Association for Computing Machinery.
Camenisch, J. and Stadler, M. (1997). Proof systems for general statements about discrete logarithms. Technical report, Institute for Theoretical Computer Science, ETH Zurich.
Chaum, D. and Pedersen, T. P. (1992). Wallet databases with observers. In Brickell, E. F., editor, Advances in Cryptology CRYPTO ’92, 12th Annual International Cryptology Conference, Santa Barbara, California, USA, August 16-20, 1992, Proceedings, volume 740 of Lecture Notes in Computer Science, pages 89–105. Springer.
Clark, J. and Hengartner, U. (2008). Panic passwords: Authenticating under duress. In Provos, N., editor, 3rd USENIX Workshop on Hot Topics in Security, HotSec’08, San Jose, CA, USA, July 29, 2008, Proceedings. USENIX Association.
Clark, J. and Hengartner, U. (2011). Selections: Internet voting with over-the-shoulder coercion-resistance. In Danezis, G., editor, Financial Cryptography and Data Security 15th International Conference, FC 2011, Gros Islet, St. Lucia, February 28 March 4, 2011, Revised Selected Papers, volume 7035 of Lecture Notes in Computer Science, pages 47–61. Springer.
DSF, D. S. F. (2020). Django The web framework for perfectionists with deadlines. https://www.djangoproject.com/. Acesso em Agosto/2020.
Fiat, A. and Shamir, A. (1986). How to prove yourself: Practical solutions to identification and signature problems. In Odlyzko, A. M., editor, Advances in Cryptology CRYPTO ’86, Santa Barbara, California, USA, 1986, Proceedings, volume 263 of Lecture Notes in Computer Science, pages 186–194. Springer.
Jakobsson, M., Sako, K., and Impagliazzo, R. (1996). Designated verifier proofs and their applications. In Maurer, U. M., editor, Advances in Cryptology EUROCRYPT ’96, International Conference on the Theory and Application of Cryptographic Techniques, Saragossa, Spain, May 12-16, 1996, Proceeding, volume 1070 of Lecture Notes in Computer Science, pages 143–154. Springer.
Juels, A., Catalano, D., and Jakobsson, M. (2005). Coercion-resistant electronic elections. In Atluri, V., di Vimercati, S. D. C., and Dingledine, R., editors, Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society, WPES 2005, Alexandria, VA, USA, November 7, 2005, pages 61–70. ACM.
Kaliski, B. (2000). PKCS 5: Password-Based Cryptography Specification Version 2.0. RFC 2898.
Leite, M. and Araújo, R. S. (2019). Credenciais de votação baseadas em bip para protocolos de votação resistentes à coerção. In Anais do XIX Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais - IV Workshop de Tecnologia Eleitoral, São Paulo, SP, Brasil. Sociedade Brasileira de Computação (SBC).
MDN (2020). MDN Web Docs Javascript. https://developer.mozilla.org/en-US/docs/Web/JavaScript. Acesso em Agosto/2020.
NIST (2015). FIPS PUB 202 – SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. Disponível em https://csrc.nist.gov/publications/detail/fips/202/final.
Palatinus, M., Rusnak, P., Voisine, A., and Bowe, S. (2013). Mnemonic code for generating deterministic keys. Disponível em https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki. GitHub repository.
PSF, P. S. F. (2020). Python language reference. http://www.python.org/. Acesso em Agosto/2020.
Schnorr, C. (1991). Efficient signature generation by smart cards. J. Cryptology, 4(3):161–174.
Publicado
13/10/2020
Como Citar
SÁ, Matheus O. L. de; ARAÚJO, Roberto; SOBRINHO, Alberto; TRAORÉ, Jacques.
Registro Prático Aplicado a um Sistema de Votação Resistente à Coerção. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 20. , 2020, Petrópolis.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2020
.
p. 408-421.
DOI: https://doi.org/10.5753/sbseg.2020.19253.
