@@ 7,7 7,7 @@
\usepackage{amssymb}
-\title{Securing Election with Homomorphic Cryptography}
+\title{Securing Elections using Homomorphic Cryptography}
\author{David Florness}
\date{February \nth{10}, 2020}
@@ 31,7 31,7 @@
\end{itemize}
\end{frame}
-\begin{frame}[allowframebreaks]{The Traditional Approach in the Electronic World}
+\begin{frame}[allowframebreaks]{The Traditional Approach in Electronic Terms}
\begin{enumerate}
\item voters register with a server
@@ 51,49 51,57 @@
\begin{center}
\includegraphics[height=0.8\textheight]{graphics/traditional.png}
\end{center}
+\end{frame}
- \framebreak
-
+\begin{frame}
\begin{itemize}
- \item Pros
+ \item Pros \pause
\begin{enumerate}
\item easy and simple
\item reliable
\item allows registration
- \end{enumerate}
+ \end{enumerate} \pause
\item Cons
\begin{enumerate}
- \item faith in a single authority
- \item unverifiable
- \item vulnerable to denial-of-service attacks
+ \item trust in a single authority; such a system would be rife with
+ corruption
\end{enumerate}
\end{itemize}
\end{frame}
\begin{frame}
\begin{itemize}
- \item We want a system that \pause
+ \item We want an election system that \pause
\begin{itemize}
\item requires registration / authentication, allowing us to limit who can
- to vote \pause
+ vote \pause
\begin{itemize}
- \item may want to limit voters members of a club, citizens of the
- jurisdiction, etc.
+ \item we may want to limit voting to members of a club, citizens of a
+ jurisdiction, etc. \pause
+ \item without such authentication, stopping double-voting would be a
+ nightmare
\end{itemize} \pause
\item gives accurate aggregate results \pause
- \item protects voter privacy
+ \item protects voter privacy \pause
\begin{itemize}
- \item no individual voters' vote should be knowable by anyone except said
- voter
+ \item no individual voter's vote should be knowable by anyone except said
+ voter \pause
\end{itemize}
\end{itemize}
\end{itemize}
+ \dots these sound like conflicting desires\dots \pause but they're not!
+\end{frame}
+
+\begin{frame}
+ \begin{center}
+ \textbf{Disclaimer}: I did not come up with any of this.
+ \end{center}
\end{frame}
\begin{frame}[allowframebreaks]{A New Approach}
\begin{itemize}
- \item instead of a client-server approach, we have a peer-to-peer network
- (p2p) where voters connect directly to each other
+ \item instead of a client-server approach, let's have a peer-to-peer (p2p)
+ network where voters connect to each other directly
\end{itemize}
\framebreak
@@ 105,15 113,16 @@
\begin{frame}
\begin{itemize}
- \item voters use standard means to identify and authenicate themselves (thinks
- passwords, kerberos, LDAP, SSH/GPG finderprints, multipass, etc.)
+ \item Authentication is essentially the same as before: voters use standard
+ means to identify themselves (think passwords, kerberos, LDAP, SSH/GPG
+ finderprints, multipass, etc.)
\end{itemize}
\end{frame}
-\begin{frame}
+\begin{frame}{The big question}
\begin{itemize}
\item \textbf{Question}: how and to whom do we submit ballots? \pause
- \item \textbf{Answer}: we ``share'' our secret ballot with everyone!
+ \item \textbf{Answer}: we ``share'' pieces of our secret ballot with everyone!
\end{itemize}
\end{frame}
@@ 206,12 215,12 @@
Let's sum those values!
\begin{align*}
- S_i(x_i) = &P_1(x_i) + P_2(x_i) + \dots + P_k(x_i) \\
- = &\left( c_1 + a_{(1,1)} x_i + a_{(1,2)} x_i^2 + \dots + a_{(1,k-1)} x_i^{k-1} \right) + \\
- &\left( c_2 + a_{(2,1)} x_i + a_{(2,2)} x_i^2 + \dots + a_{(2,k-1)} x_i^{k-1} \right) + \\
- &\cdots \\
- &\left( c_k + a_{(k,1)} x_i + a_{(k,2)} x_i^2 + \dots + a_{(k,k-1)} x_i^{k-1} \right) \\
- = &\sum_{j=1}^k c_j + x_i \sum_{j=1}^k a_{(j,1)} + x_i^2 \sum_{j=1}^k a_{(j,2)} + \dots + x_i^{k-1} \sum_{j=1}^k a_{(k,2)}
+ S_i = &P_1(x_i) + P_2(x_i) + \cdots + P_k(x_i) \\
+ = &\left( c_1 + a_{(1,1)} x_i + a_{(1,2)} x_i^2 + \cdots + a_{(1,k-1)} x_i^{k-1} \right) + \\
+ &\left( c_2 + a_{(2,1)} x_i + a_{(2,2)} x_i^2 + \cdots + a_{(2,k-1)} x_i^{k-1} \right) + \\
+ &\cdots \\
+ &\left( c_k + a_{(k,1)} x_i + a_{(k,2)} x_i^2 + \cdots + a_{(k,k-1)} x_i^{k-1} \right) \\
+ = &\sum_{j=1}^k c_j + x_i \sum_{j=1}^k a_{(j,1)} + x_i^2 \sum_{j=1}^k a_{(j,2)} + \cdots + x_i^{k-1} \sum_{j=1}^k a_{(j,2)}
\end{align*}
\end{frame}
@@ 223,10 232,97 @@
\end{frame}
\begin{frame}
- Everyone now has $S_1$, $S_2$, $\dots$, $S_k$
+ \begin{itemize}
+ \item Everyone now has $S_1$, $S_2$, $\dots$, $S_k$: \pause
+ \begin{align*}
+ S_1 &= \sum_{j=1}^k c_j + x_1 \sum_{j=1}^k a_{(j,1)} + x_1^2 \sum_{j=1}^k a_{(j,2)} + \cdots + x_1^{k-1} \sum_{j=1}^k a_{(j,2)} \\
+ S_1 &= \sum_{j=1}^k c_j + x_2 \sum_{j=1}^k a_{(j,1)} + x_2^2 \sum_{j=1}^k a_{(j,2)} + \cdots + x_2^{k-1} \sum_{j=1}^k a_{(j,2)} \\
+ &\vdots \\
+ S_k &= \sum_{j=1}^k c_j + x_k \sum_{j=1}^k a_{(j,1)} + x_k^2 \sum_{j=1}^k a_{(j,2)} + \cdots + x_k^{k-1} \sum_{j=1}^k a_{(j,2)}
+ \end{align*} \pause
+ \item These are $k$ points all on the same $k-1$ degree polynomial:
+ \begin{equation*}
+ (x_1, S_1), (x_2, S_2), \dots, (x_k, S_k)
+ \end{equation*}
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \begin{itemize}
+ \item Since we know $k$ points of the $k-1$ degree polynomial, we can find the
+ coefficients and constant term of it with a little linear algebra: \pause
+ \begin{equation*}
+ \begin{bmatrix}
+ 1 & x_1 & x_1^2 & \cdots & x_1^k \\
+ 1 & x_2 & x_2^2 & \cdots & x_2^k \\
+ \vdots & & & \ddots \\
+ 1 & x_k & x_k^2 & \cdots & x_k^k
+ \end{bmatrix}
+ \begin{bmatrix}
+ \sum_{j=1}^k c_j \\
+ \sum_{j=1}^k a_{(j,1)} \\
+ \sum_{j=1}^k a_{(j,2)} \\
+ \vdots \\
+ \sum_{j=1}^k a_{(j,2)}
+ \end{bmatrix} =
+ \begin{bmatrix}
+ S_1 \\
+ S_2 \\
+ \vdots \\
+ S_k
+ \end{bmatrix}
+ \end{equation*}
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \begin{equation*}
+ \text{RREF}\left(
+ \begin{bmatrix}
+ 1 & x_1 & x_1^2 & \cdots & x_1^k & S_1 \\
+ 1 & x_2 & x_2^2 & \cdots & x_2^k & S_2 \\
+ \vdots & & & \ddots \\
+ 1 & x_k & x_k^2 & \cdots & x_k^k & S_k
+ \end{bmatrix}
+ \right)
+ \end{equation*}
+\end{frame}
+
+\begin{frame}
+ Notice that the constant term of the final polynomial is $\sum_{j=1}^k c_j$,
+ which is precisely the result of the election!
+\end{frame}
+
+\begin{frame}{In Summary}
+ \begin{enumerate}
+ \item Every voter creates and publishes an $x_i$. \pause
+ \item Every voter creates a random polynomial of degree $k-1$ where $k$ is the
+ number of voters and embeds their ballot in the constant term of the
+ polynomial. \pause
+ \item Every voter evaluates their polynomial with each of the inputs ($x_i$'s)
+ and sends each respective voter his/her result. \pause
+ \item Every voter sums the polynomial outputs they've received. \pause
+ \item All $k$ sums the voters compute are used to find the constant term of a
+ polynomial whose constant term is precisely the sum of all ballot.
+ \end{enumerate}
+\end{frame}
+
+\begin{frame}
+ \begin{center}
+ There's a problem\dots \\[0.5cm] \pause
+
+ What's to stop someone from putting an invalid ballot in the constant term
+ of their polynomial that sways the election in their favor? \\[0.5cm] \pause
+
+ For example, in a ``yes/no'' election, someone could put 2 for their ballot
+ and have the result of 2 votes.
+ \end{center}
\end{frame}
-\begin{frame}{A High-Level Overview of the Protocol}
+\begin{frame}{The Remedy}
+ The definitive answer:
+
+ \url{https://vitalik.ca/general/2017/11/09/starks\_part\_1.html}
\end{frame}
\end{document}=
\ No newline at end of file