Applying MESE processes to Improve Online E-Voting
Prototype System with
Paillier Threshold Cryptosystem We Services Version !"## A project submitted to the Faculty of Graduate School, University of Colorado at Colorado Springs in Partial Fulfillment of the Reuirements for the !egree of "aster of #ngineering in Soft$are #ngineering !epartment of Computer Science Prepared y $a%an Evece% CS&#! 'r" Chow Spring (##& %nline #&'oting Prototype System #vece( ) Page * of +, -his project for the "asters of #ngineering in Soft$are #ngineer degree by .a(an #vece( has been approved for the !epartment of Computer Science /y 0000000000000000000000000000000000000000000000000000000 !r1 C1 #d$ard Cho$, Chair 0000000000000000000000000000000000000000000000000000000 !r1 Richard 2einer 0000000000000000000000000000000000000000000000000000000 !r1 3iaobo 4hou
!ate %nline #&'oting Prototype System #vece( ) Page 5 of +, Tale o) Contents %nline #&'oting System Project !ocumentation 6 Abstract 7 *1 8ntroduction , 51 #&'oting System Related 9iterature : 51*1 Public ;ey Cryptography : 5151 .omomorphic #ncryption *< 51+1 4ero ;no$ledge Proofs *< 5161 -hreshold Cryptography *< 51=1 Cryptographic 'oting Protocol ** 5171 8ssues in secure e&voting system *5 51,1 Completely Automated Public -uring test to tell Computers and .umans Apart >CAP-C.A? *+ 51@1 Chinese Remainder -heorem >CR-? *6 +1 %nline #&'oting System Project !escription *, +1*1 Paillier -hreshold Crytosystem 2eb Services Architecture and !esign *, 61 %nline #&'oting Prototype System 55 61*1 #&'oting System %vervie$ 55 61*1* User 9ogin 5+ 61*151 #lection Set&Up 56 61*1+1 Creating /allots 5= 61*161 'ote Format 57 6151 'oting 5, 6151*1 Creating the 'ote 5, 61+1 -ally the 'ote 5@ =1 P-C 2eb Services #fficiency 8mprovement 5: =1* Pre&Computation 5: =15 Chinese Remainder -heorem >CR-? 5: =1+ Paillier Scheme Pre&computations for !ecryption +< 71 Results +* 71* Pre&Computation Performance #valuations +* 7151 !efects Found +5 71+1 Conclusion +6 71=1 Future Suggestions +6 ,1 References +7 %nline #&'oting Prototype System #vece( ) Page + of +, Online E-Voting System Pro*ect 'oc+mentation -he subseuent files are located on the follo$ing $eb siteA httpA))cs1uccs1edu)Bgsc)pub)master)hevece()doc) o CS&#!Proposal,EVotingPrototype"doc - -his document describes $hat the project $ould be for the advisory committee1 8t $as submitted in February 5<<,1 o EVoting,S.S 'oc+ment"doc- -his is the online #&'oting prototype System Reuirements Specification document for the project1 -he demonstration $indo$s application created used to get the reuirements for the online tool1 8t also has the use cases1 o EVoting,S'S 'oc+ment"doc - -his describes the internal design of the project1 -his document has both blac( boC and $hite boC designs1 Also class diagrams from the $eb services are also prepared for documenting although they $ere developed previously1 8t has the main use cases to ma(e it easier to create the S!S1 8t also involves database design1 o EVoting,Test Plan"doc- -he tests for the project are documented in this document1 -est plans cover all the reuirements testing1 o Online E-Voting Prototype with PTC We Services"doc- -his is the project report document1 8t is the final report for the project that has discussions about e&voting system1 -here are some e&voting related papers researched about the online e&voting system implementation and 8 tried to eCplain $hy it is so hard to implement, develop and deploy today by using these papers1 Also in this report for the P-C design section and P-C develop description, D*=E is used1 9astly, some efficiency improvements %nline #&'oting Prototype System #vece( ) Page 6 of +, applied in the code and according to the results that $ill be eCplained, it has improved1 o Paillier ThresholdCryptoService,/ser0+ide,/pdated"doc- -his document that is the user guide for the P-C $eb services1 Source files for the code is placed in the lin( belo$A httpA))cs1uccs1edu)Bgsc)pub)master)hevece()src) %nline #&'oting Prototype System #vece( ) Page = of +, Astract -he purpose of this masterFs project is to develop an %nline #&'oting prototype system utiliGing the Paillier -hreshold Cryptosystem >P-C? $eb services and applying "#S# processes to it in an attempt to find possible solutions to further improve eCisting P-C $eb services1 %nline voting >e&voting? $ould be more convenient, relatively secure and utiliGe fe$er resources1 -o be able to access e&voting system from a personal, business or even a public library computer may be more convenient for many people needing to vote1 -his could potentially be a solution for the lo$ voter turnout at the polls1 .o$ever, it is still uestionable $hether elections can be conducted online or over the internet due to the high level of concern over security1 Systems considered to be apart of e&voting are "achine readable >create, read, count? ballot systems, !irect Recording #lectronic >!R#? systems, voting using mobile devices and internet voting D*E1 As part of this project, an online e&voting prototype system has been constructed using the demonstration $indo$s application tool created for P-C $eb services1 A pre&computation process is applied due to efficiency improvements1 -he details of this optimiGation and improvement in the $eb services process $ill be eCplained in the subseuent sections1 8n addition to the application of the pre&computation to the process, the Chinese Remainder -heorem can be applied during the decryption process1 -his change might not be as noticeable as the pre&computation, ho$ever it $ill ma(e it more efficient as the calculation gets easier1 %nline #&'oting Prototype System #vece( ) Page 7 of +, !" Introd+ction 8n traditional elections, a voter usually goes to the voting stations1 After direct person&person verification $ith some 8!s, the voter is allo$ed to vote1 -he voter is then given a ballot $hich allo$s a single vote1 %nce the ballot is used, it cannot be used again1 .o$ever, this ballot must also be anonymous1 -he ballot must identify the voter as being permitted to vote, but not reveal their actual identity, and the voter must also be given assurances of this1 -raditional polling methods trust a lot of parties during the election1 -he current methods reuire an attac(er interact directly $ith the voting process to disrupt it1 -here is a greater chance of getting caught as there $ill be physical evidence in the traditional polling1 %n the other end, internet is harder to control and manage the security as Het$or( and internet related attac(s are more difficult to trace1 8n the traditional polling, you (no$ $ho is in the election room1 Also $ith the internet or net$or( related voting, from all around the $orld you $ill have attac(ers, not only by the fe$ people in the room D+E1 Figure * sho$s the hierarchy of the voting schemes just discussed D*,E1 %nline #&'oting Prototype System #vece( ) Page , of +, Figure *A -he categoriGation of the voting schemes D*,E1 Another issue $ith e&voting is educating the voters1 2e can not consider that all the users are computer gurus and they $ill use the e&voting systems easily1 2hen e&voting is designed it needs to be easy to use1 2e should consider the fact that a large portion of the voting public has a very little (no$ledge about the computers1 According to some of the research done by the Public Policy 8nstitute of California over =<I of *@&66 years of age voters prefers 8nternet voting D+E1 Some recent studies have focused on e&voting, its security concerns and ma(ing it more secure1 /elo$ is the list of related literature about e&votingA %nline #&'oting Prototype System #vece( ) Page @ of +, (" E-Voting System .elated 1iterat+re ("!" P+lic 2ey Cryptography Public (ey cryptography, also (no$n as asymmetric cryptography, is a form of cryptography in $hich each user $ill have a (ey that didnFt have to be (ept secret1 .aving this public (ey $ill not inhibit the systemFs secrecy as a message encrypted $ith the public (ey can be decrypted only $ith the corresponding private (ey1 -he private (ey is (ept secret, $hile the public (ey may be $idely distributed1 -he public and private (eys are related mathematically1 -he private (ey cannot be practically derived from the public (ey D6E1 -he t$o main branches of public (ey cryptography areA Public (ey encryption J a message encrypted $ith a recipientKs public (ey cannot be decrypted by anyone eCcept the recipient possessing the corresponding private (ey1 -his is used to ensure confidentiality D6E1 -he problem $ith the public (ey encryption is the intruder can easily replace the private (ey $ith his $hen the sender reuests the public (ey1 -his means the ne$ly received public (ey $ill have the intruderFs private (ey and he can easily decrypt the message1 -o avoid this issue digital signature can be used1 !igital Signatures J a message signed $ith a senderKs private (ey can be verified by anyone $ho has access to the senderKs public (ey, thereby proving that the sender signed it and that the message has not been tampered $ith1 -his is used to ensure authenticity D6E1 Conversely, Secret (ey cryptography, also (no$n as symmetric cryptography uses a single secret (ey for both encryption and decryption1 8t is also (no$n as one&(ey or private&(ey encryption1 -he reuirement is the shared secret that both parties should have %nline #&'oting Prototype System #vece( ) Page : of +, a copy1 8n this e&voting prototype shared (eys $ill be used for the usersF encryption in our tests1 ("(" $omomorphic Encryption -he encryption algorithm # > ? is homomorphic if given #>C? and #>y?, one can obtain #>C L y? $ithout decrypting CM y for some operation L1 8n that case, homomorphic encryption is a special type of cryptography in $hich the sum of t$o encrypted values is eual to the encrypted sum of the values1 8n simple mathematics, this is euivalent to the communicative property of multiplication1 For a majority of cryptographic algorithms, this does not hold true1 8t is one of the schemes that can be used in e&voting especially to be able to tally the votes even though the results are encrypted1 -here are fe$ cryptosystems $hich uses homographic encryption1 -hey $ill be discussed in the neCt section1 ("3" 4ero 2nowledge Proo)s 8n cryptography it is often needed to prove some statement to someone $ithout giving eCtra information1 -his is accomplished by 4ero ;no$ledge Proofs1 #specially for the authentication systems 4ero ;no$ledge Proofs can be used1 For eCample, a party might $ant to prove his identity $ith secret information and does not $ant the other party to learn anything about this secret1 8n other $ords, second party can only (no$ the correctness of the statement or identity of the first party and no more information1 ("5" Threshold Cryptography -hreshold Cryptography is a term used to describe a cryptosystem in $hich the ability to perform a cryptographic function can be distributed amongst several %nline #&'oting Prototype System #vece( ) Page *< of +, participants in such a $ay that only through cooperation of a specified subset of the participants can the operation be performed1 8n addition, if less than the reuired number of participantsF attempts to perform the action, no useful information can be constructed or obtained1 -he threshold value is typically denoted by the letter t1 8n a threshold system as defined here, only tN* cooperating authorities can perform the desired cryptographic operation1 -he essential components of a threshold cryptography system are a (ey generation algorithm, an encryption algorithm, a share decryption algorithm, and a combining algorithm D=E1 First, the (ey generation algorithm generates the public (ey parameters, a set of secret (ey OsharesP, and a set of Overifier (eysP1 -he secret (ey shares are distributed to the participants in a secure manner1 -he encryption algorithm provides encryption services for an appropriately&siGed message m by applying the public (ey parameters and an encryption algorithm to generate the cipherteCt c1 -he share decryption algorithm is used by each participant $ith a secret (ey share to Opartially decryptP the encrypted message c1 #ach participant also uses the verifier (ey corresponding to the secret (ey share to generate a proof of correct encryption1 -he combining algorithm ta(es all of the Opartial decryptionsP or Odecryption sharesP, verifies their corresponding proofs, and combines the decryption shares to reveal the original message m1 -he combining step only succeeds if tN* valid decryption shares are used1 ("6" Cryptographic Voting Protocol /asic reuirements for electronic voting Privacy Q All votes should be (ept secret %nline #&'oting Prototype System #vece( ) Page ** of +, Completeness Q All valid votes should be counted correctly Soundness Q Any invalid vote should not be counted Unreusability Q Ho voter can vote t$ice #ligibility Q %nly authoriGed voters can cast a vote Fairness Q Hothing can affect the voting #Ctended Reuirements for electronic voting Robustness Q faulty behavior of any reasonably siGed coalition of participants can be tolerated1 8n other $ords, the system must be able to tolerate to certain faulty conditions and must be able to manage these situations1 Universal 'erifiability Q any party can verify the result of the voting Receipt&freeness Q 'oters are unable to prove the content of his)her vote 8ncoercibility Q 'oter cannot be coerced into casting a particular vote by a coercer1 -here are four main approaches to efficient and fully secure electionsA Schemes based on homomorphic encryption Schemes based on miCnets .eterodoC schemes Schemes based on secret sharing among several mutually distrustful election authorities1 ("7" Iss+es in sec+re e-voting system %nline #&'oting Prototype System #vece( ) Page *5 of +, -he issues behind e&voting need to be eCamined conservatively before such potentially dangerous moves are made1 8n a voting system, privacy and security are desired, but are not al$ays simultaneously achievable at a reasonable cost1 8n online voting systems, verification is very difficult to do accurately, and anonymity is difficult to ensure1 -his document sho$s some of the many problems $ith practical e&voting and $hy public elections are too important to trust to it D+E1 2hen e&voting system scheme is considered there are different modules involved to consider the security and design1 -hree important phases of having a secure system are considered as design, development and deployment1 8n other $ords, it is important tp have the foundation in designing a secure and practical e&voting scheme to produce a secure, efficient and publicly acceptable implementation of voting schemes in the real $orld1 ("&" Completely A+tomated P+lic T+ring test to tell Comp+ters and $+mans Apart 8CAPTC$A9 Any additional chec( for the security or spam $ill decrease the security concerns users have today for the e&voting systems1 A CAP-C.A is a program that can generate and grade tests that humans can pass but current computer programs cannot1 8n our project this is used to confirm that users are trying to vote instead of the automated computer systems1 CAP-C.As have several applications for practical security li(e preventing comment spam in blogs, protecting $eb registrations, online polls $here you $ant to ma(e sure that humans are voting not the programs, preventing dictionary attac(s, search engine bots, $orms and spasm etc1 %fficial Captcha site has published some guidelines for it D7E1 %nline #&'oting Prototype System #vece( ) Page *+ of +, AccessibilityA 8t should be easily accessible for reading the teCt1 8f it is a problem due to legal reasons audio CAP-C.A can also be used1 8mage SecurityA 8mages should be distorted randomly1 2ithout random distortion, application $ill be open to the attac(s1 Script SecurityA /y using this, systems are closed to any computer attac(s1 .o$ever $e also need to ma(e sure that scripts used are not easily accessible so that attac(er $ill find the easy $ay around them to use the systems1 Security #ven After 2ide Spread AdoptionA Some of the sites might be using the sites that have CAP-C.As setup1 8t is important that the security level (ept the same and these sites are still secure even after a significant number of sites adopt them D7E1 (":" Chinese .emainder Theorem 8C.T9 %n several papers for improving the efficiency, CR- is recommended to use both on encryption and encryption process D*7E, D5*E1 As described belo$ CR- is not affecting to the multiplication1 8n other $ords, multiplying t$o big prime numbers and processing the multiplication $ill be the same as processing them first and then multiplying1 -his $ay the process $ill be done $ith smaller numbers and $ill be faster1 -hen multiplication can be done1 Theorem Statement- Suppose n*, n5, R, nk are integers $hich are pair$ise coprime1 -hen, for any given integers a*,a5, R, ak, there eCists an integer x solving the system of simultaneous congruences %nline #&'oting Prototype System #vece( ) Page *6 of +, Furthermore, all solutions x to this system are congruent modulo the product N S n*n5Rnk1 Sometimes, the simultaneous congruences can be solved even if the ni's are not pair$ise coprime1 A solution x eCists if and only ifA All solutions x are then congruent modulo the least common multiple of the ni1 8n that case, 2e can perform 5 operations mod p and mod li(e belo$1 C T a mod p, C T b mod , -he Chinese Remainder -heorem can be used to efficiently reduce the decryption $or(load of the cryptosystems D5*E1 -o see this, one has to employ the functions 9p and 9 defined over /y %nline #&'oting Prototype System #vece( ) Page *= of +, !ecryption can therefore be made faster by separately computing the message mod p and mod and recombining modular residues after$ardsA 2ith pre&computations 2here p & * and & * have to be replaced by U in the fast variant1 %nline #&'oting Prototype System #vece( ) Page *7 of +, 3" Online E-Voting System Pro*ect 'escription 8n this project, P-C 2eb services are used1 8n this section, 8 $ill eCplain ho$ the P-C $eb services $or(1 #fficiency improvement that $ill be applied to the P-C $eb services reuired some changes on some of the classes used1 Applying more improvements $ill need more changes on the classes $here calculations applied1 !etails $ill be eCplained in the follo$ing sections of this report1 3"!" Paillier Threshold Crytosystem We Services Architect+re and 'esign -he Paillier cryptosystem is a probabilistic asymmetric algorithm for public (ey cryptography, first published by Pascal Paillier in *:::1 -his probabilistic scheme has generated a good amount of interest and further study since it $as discovered1 -he problem of computing n&th residue classes is believed to be computationally difficult to compute1 -his is (no$n as the Composite Residuosity >CR?1 -he scheme is an additive homomorphic cryptosystemM this means that, given only the public&(ey and the encryption of m* and m5, one can compute the encryption of m* N m51 %ne of the properties of Paillier as mentioned above is the homomorphic property $hich can allo$ this cryptosystem to do simple addition operations on several encrypted values and obtain the encrypted sum1 -he encrypted sum can later be decrypted $ithout ever (no$ing the encrypted values that made up the sum1 !ue to these useful characteristics of Paillier, the scheme has been suggested for use in threshold cryptosystems, secret sharing schemes and the design of voting protocols especially the e&voting systems1 Another property of Paillier cryptosystem is self&blinding1 -his property is essential as it means a cipherteCt can be re&encrypted $ith a random parameter $ithout %nline #&'oting Prototype System #vece( ) Page *, of +, changing the underlying clearteCt and $ithout changing the ability to decrypt the cipherteCt using the original (eypairD*=E1 Probabilistic property of Paillier $ill help to protect voterFs privacy since none of the votes $ill be encrypted to the same cipherteCt1 Paillier has described three different methods in his research1 P-C 2eb services that $ill be used in this project are using one of these three methods1 /elo$ are the schemes invented by Pascal Paillier D5*E and Scheme !A Scheme * is probabilistic encryption scheme based on composite residuosity1 According to theorem mentioned in his paper D5*E Scheme * is one&$ay if an only if the Computational Composite Residuosity Assumption holds1 8t is also semantically secure if and only if the !ecisional Composite Residuosity Assumption hold1 n is the multiplication of t$o prime numbers, n S p1 g is randomly selected base1 -his can be done by chec(ing $hether 1 -his is done on the P-C $eb services used1 n and g are public parameters and >p, ? or V remains private1 Encryption- plainteCt m W n randomly select r W n cipherteCt c S 'ecryption- cipherteCt c W n5 -able +1* PaillierFs Scheme * D5*E %nline #&'oting Prototype System #vece( ) Page *@ of +, Scheme (- Scheme 5 is a trapdoor permutation based on composite residuosity1 As described above n is the product of t$o prime numbers1 From the table belo$, there are steps eCplained for decryption1 -o be able to retrieve m, all these steps $ill be reuired1 Scheme 5 is one&$ay if and only if RSA Dn,aE is hard D5*E1 Encryption- plainteCt m W n5 split m into m*, m5 such that m S m* N nm5 cipherteCt c S 'ecryption- cipherteCt c W n5 plainteCt m S m* N n m5 -able +15 PaillierFs Scheme 5 D5*E Scheme 3A -hird scheme is the variant $ith fast decryption1 As this is a fast decryption, this scheme can be applied to improve the efficiency1 8n the follo$ing sections this scheme $ill be re&visited and it $ill be recommended for efficiency improvements in the current $eb services1 Encryption- plainteCt m W n randomly select r W n cipherteCt S 'ecryption- cipherteCt c W n5
-able +1+ PaillierFs Scheme + D5*E 8t is assumed that g X for some * Y U Y V1 8n other $ords U and V are not the same secret (eys1 %nline #&'oting Prototype System #vece( ) Page *: of +, /elo$ are the steps for the (ey generation, encryption and decryption used D55E1 2ey generation *1 Choose t$o large prime numbers p and q randomly1 51 Compute n S pq and V S lcm>p Z *, q Z *? +1 Select random integer g $here 61 #nsure n divides the order of g by chec(ing the eCistence of the follo$ing multiplicative inverseA $here function L is defined as -he public >encryption? (ey is >n,g?1 -he private >decryption? (ey is >V,[?1 Encryption *1 9et m be a message to be encrypted $here 51 Select random r $here +1 Compute cipherteCt asA 'ecryption *1 CipherteCt 51 Compute messageA 8t is the same as the scheme * described above1 -his computation ta(es some time due to the large prime numbers used1 -he secret (ey is S; S V>n? S lcm>>p&*?,>&*??1 %nline #&'oting Prototype System #vece( ) Page 5< of +, 5" Online E-Voting Prototype System -he capabilities of the Paillier -hreshold Cryptography system has been demonstrated on an %nline #&'oting Prototype system created for this project1 -his is a prototype and should not be used in the real $orld scenarios1 8t sho$s the use of the Paillier -hreshold Cryptography 2eb Service1 8t also has some additional security features li(e Completely Automated Public -uring test to tell Computers and .umans Apart >CAP-C.A? added to decrease the security concerns1 -his prototype system SRS and S!S document are all created and they can be do$nloaded from httpA))$$$1cs1uccs1edu)Bgsc)pub)master)hevece()doc) folder1
5"!" E-Voting System Overview -he e&voting system allo$s for * out of 9 candidate ballots1 Ho options are provided for n out of 9 ballots or $rite&in ballots1 An OelectionP may consist of more than one ballot1 An election administrator creates the ballots and other election parameters1 -he administrator reuests the Paillier threshold encryption parameters from the P-C 2eb Service during the initial election set&up1 -he administrator submits the election parameters to a 'otingService $eb service, and saves the election parameters >including the cryptosystem parameters? to an 3"9 file1 'oters then load the election parameters by opening the 3"9 file, ma(e their selection>s?, and cast their encrypted vote>s? to the 'otingService $eb service1 !uring the tally phase, the votes are multiplied together, and, due to the homomorphic properties of the Paillier cryptosystem, the product can be decrypted to reveal the sum total of all the votes D*=E1 %nline #&'oting Prototype System #vece( ) Page 5* of +, 5"!"! /ser 1ogin User 9ogin is the first form users connected $hen the voting page is loaded from the internet1 8t $ill have a connection to the database to validate the user credentials1 User types are either voters or Administrators1 8t is assumed that users have used another interface or form to register for voting1 8n the same login page there $ill be Completely Automated Public -uring test to tell Computers and .umans Apart >CAP-C.A? validation $ith random numbers1 SiC digit random numbers $ill be created each time the page is loaded to be able to stop any (ind of computer attac(s to the voting site1 Figure 61* User 9ogin Form %nline #&'oting Prototype System #vece( ) Page 55 of +, 5"!"(" Election Set-/p -he election administrator uses the #lection /uilder form to create or modify an election >before the election is posted to the voting $eb service?1 -o create a ne$ election, the administrator clic(s on the OHe$ #lectionP button1 A ne$ election is created and a uniue election id is assigned1 -he administrator must then enter his)her name and a descriptive title for the election1 #lection page is the most important Administrator page as it has all the functionality setup for the election1 /efore ballots can be added to the election, the encryption parameters must be specified and retrieved from the $eb service1 -his must occur before the ballots are added or created, since the vote format is dependent on the specified (ey siGe1 -he administrator clic(s to the O#ncryption ParametersP 1 -his button $ill be available after the Administrator details are entered1 %nce this button is clic(ed, the administrator specifies the (ey siGe and $hether or not to encrypt the returned (ey shares1 -he administrator can then add the (ey share o$ner information for each o$ner that is to receive a secret (ey share1 8f the (ey shares $ill be encrypted, the administrator $ill be reuired to enter the o$nerFs username $hich is the same as the users login and certificate name to be able to choose automatically1 %nce all o$ners have been added, the administrator selects the cryptosystem threshold value and then clic(s OSend ReuestP, $hich sends the reuest to the $eb service1 8n the current configuration, a (ey siGe of larger than 5=7 and sometimes =*5 bits $ill result in such a delay that a OtimeoutP error is caused, so it is not recommended that (ey siGes greater than 5=7 be used for the $eb application1 -he $eb service $ill generate the reuested parameters, encrypt the (ey shares >if specified?, and return them D*=E1 -he #ncryption Parameter Reuest form $ill %nline #&'oting Prototype System #vece( ) Page 5+ of +, transfer the returned parameters to the #lection /uilder form and close automatically1 -he election crypto parameters are displayed at the bottom of the #lection /uilder form1 9astly, on the same election page ballots can be added for the election1 8f the ballots are created prior to the election creation page, the list $ill appear in the $indo$ for administrator to choose from the list1 -hey can be added to any election by highlighting from the list and clic(ing to thePAdd /allotsP button1 8f the ballot is valid, it $ill be imported into the election and displayed in the #lection Summary teCtboC in the form1 After all the users, ballots and Administrator details loaded from the election form, the Administrator $ill need to save and post the election to be able to initialiGe election voting1 -he election $ill be saved as an 3"9 file1 First save the election by clic(ing to the OSave #lectionP button1 8t $ill be saved in the $eb server OApp0!ata)3"9Files FolderP1 !etails of the folder structures are documented in the Soft$are !esign Specification document1 Posting the election to the voting $eb service is a non&reversible operation in the application unless the details are manually deleted from the database1 Post #lection button $ill be enabled after saving the election1 -o post the election, clic( to OPost #lectionP button1 A $eb service call $ill be made that posts the election data to the $eb service, $hich then creates the appropriate database entries that are used to manage the election D*=E1 5"!"3" Creating ;allots #Cisting ballots can no$ be added to the election or ne$ ballots can be created using the options from the #lection form1 -o create a ne$ ballot, the administrator $ill need to clic( to the OHe$ /allotP lin( from the elections page1 8t $ill open the /allot %nline #&'oting Prototype System #vece( ) Page 56 of +, /uilder form1 A ne$ ballot $ill be created and the random ballot id displayed in the form1 Administrator $ill need to put ballot issue) problem, and then enter all of the available choices, one at a time by using the OAdd ChoicesP button and the teCt boC1 #ach choice is entered by typing the appropriate teCt1 A choice can be deleted by selecting the choice in the list, and clic(ing O!elete CandidateP button1 2hen the ballot is complete, the ballot should be saved by clic(ing OSave ballotP button1 -his button $ill get all the details entered and save the ballot in 3"9 format in the $eb server OApp0!ata\3"9 Files\/allotsP folder1 -he /allot /uilder Form must be closed and then re&opened in order to create another ballot1 /allot creation page is also accessible from the Administrator menu1 5"!"5" Vote <ormat 2hen a ballot is added to an election, the format of the vote for that ballot is derived from the (ey siGe chosen for the election and the number of OcandidateP choices on the ballot1 -hese t$o values determine the maCimum number of voters allo$ed1 -he total siGe of the vote is limited to the (ey siGe k >in bits?1 -he vote is split into c bit fields $here c is the number of candidates1 -he siGe of the bit fields vcS k/c1 .o$ever, vc is limited to +5 bits so that each candidateFs field $ill fit into a +5&bit integer >for ease of eCtraction only?1 -herefore, if k/c ] +5, vcS+5 and only the first +5^c bits of the vote $ill be used1 -o cast a vote, a voter votes the value 5_>ic^vc? $here ic is the desired candidates ballot indeC ><,R,c&*?1 /y using votes of this format, the tally can be computed by multiplying all of the votes together and decrypting the product1 !ue to the homomorphic property of the Paillier cryptosystem, the multiplication carried out in the cipherteCt space corresponds to addition in the clearteCt space, and thus the decryption of %nline #&'oting Prototype System #vece( ) Page 5= of +, the product $ill contain the summed votes for each candidate1 #ach candidateFs bit field can then be eCtracted and evaluated to determine the total number of votes for that candidate D*=E1 5"(" Voting 5"("!" Creating the Vote %nce an election has been created, saved, and posted to the election $eb service, voters can create and cast votes1 After the user login page user logs in either as an Administrator or a voter1 8f the user logs in as an Administrator, he $ill have a lin( from the menu for the voting page1 8f the user has logged in $ith voter credentials, then he $ill be connected to the voting page automatically1 2hen connected to the voting page, a list boC $ill have all the elections available for the voters1 -his list is the list of the elections in the elections folder1 After highlighting the election and clic(ing to the button to load the election, election details $ill be loaded for voters to vote1 -he ballots from the election $ill be loaded, $ith each issue being loaded into the issue teCt boC, and itFs corresponding choices loaded into the teCtboC to the right >the choices teCtboC?1 -he voter can ma(e his)her choice simply by clic(ing on the desired choice1 -hat issueFs choices $ill then be displayed in the choices teCtboC1 Again, select the desired choice by clic(ing on it in the choices teCtboC1 %nce a choice has been selected, the ballot issue and the selected choice $ill appear in the OCurrent 'otesP teCtboC1 -o the right of the issue uestion and the selected choice is the heC value of the vote to be cast1 %nce all choices have been made, the voter can submit his)her vote by selecting OSubmit 'oteP button at the bottom of the page1 -his button $ill cal the $eb services and save the vote into the database1 %nce the vote is submitted, no changes can be made1 %nline #&'oting Prototype System #vece( ) Page 57 of +, At any time after submitting his)her vote, a voter can chec( the posted values of his)her vote by selecting OChec( Submitted 'oteP button1 -his invo(es a $eb service call to the voting $eb service $hich retrieves the encrypted vote values posted for that election D*=E1 5"3" Tally the Vote Administrator $ill have access to use the -all 'ote option during the election process to tally the vote1 Administrator $ill need to clic( the O-ally)!ecrypt 'oteP button on the menu1 -he -ally form $ill open1 8n a list boC elections list $ill appear for Administrator to choose and tall the vote1 8f the secret (ey shares $ere encrypted, the program $ill automatically get the certificates according to the issued names of the users to decrypt the o$nerFs Paillier secret (ey share1 -hatFs $hy it is important for Administrator to collect all the registration details from the user to be able to create the users1 .e)she $ill assign the right certificates so that there $onFt be any issues in the future process li(e tally ) decrypt vote process1 -he product of the votes for each ballot is then calculated and displayed both encrypted and decrypted, and the candidateFs tallies are eCtracted from the decrypted bit field and displayed1 %nline #&'oting Prototype System #vece( ) Page 5, of +, 6" PTC We Services E))iciency Improvement -his can be done in three different $ays1 6"! Pre-Comp+tation -his change $ill be done for the (ey generation $here the prime numbers $ill be calculated prior1 Any real&time computations $ill slo$ do$n the process on cryptography application1 Any pre&computation $ill improve the efficiency of the application1 -his pre& computation can be done via bac(ground thread setup in the application1 <setting name="ServerPath" serializeAs="String"> <value>c:\inetpub\wwwroot\EVoting\Preomputation\<!value > <!setting> <setting name="Prime"umberalculation#$pe" serializeAs="String"> <value>%&<!value> <!setting> -his pre&computation is applied to the SafePrimeHumbers generator function1 -his function is used for the pre&computation1 6"( Chinese .emainder Theorem 8C.T9 Chinese Remainder -heorem is one of the most useful theorems of number theory as it says it is possible to reconstruct the integers in a certain range from their residues module a set of pair $ise relatively prime module1 !etails of CR- is eCplained in the previous sections1 Paillier has suggested to use CR- for especially (ey generation and decryption processes D5*E1 Also CR- has become standard today in many RSA applications as it increases the decryption up to 6 times D*7E1 !ecryptions can be made faster by separately computing the messages mod p and mod instead of mod n and recombining modular residues later1 %nline #&'oting Prototype System #vece( ) Page 5@ of +, 2ith pre&computationsA $here p&* and &* have to be placed by U 6"3 Paillier Scheme Pre-comp+tations )or 'ecryption Scheme * used in this project is not the most efficient one especially for decryption as it is also mentioned in Pascal papers study D5*E1 Scheme + improves the performance of decryption and he suggested in the same paper to pre&compute the constant instead of only p and values applied in this project1 Also another constant parameter belo$ can be pre&computed D5*E1 -hese constant pre&computations can be done $ith the same methods used in this project1 %nline #&'oting Prototype System #vece( ) Page 5: of +, 7" .es+lts 7"! Pre-Comp+tation Per)ormance Eval+ations Pre&computations results are put into both the teCt file and the Pre&Computation tables created in the S`9 Server1 /oth the teCt file and the database solutions have increased the performance in other $ords response time more than @<I in average for both 5=7 and *5@ bit (ey siGes1 Unfortunately this test failed $ith *<56 and =*5 bit (ey siGes due to time out issues1 -here is a parameter setup in the settings to use the random prime number generator either real time or teCt file or database1 As a default it $ill set to the real time1 3"9 solution also needs some improvements and this $ill be suggested in the future improvements section of the project1 %nline #&'oting Prototype System #vece( ) Page +< of +, 2ith Pre&Computation Real -ime Computation Change I Algorithm *5@ bit *5@ bit *5@ bit Regular Avg <15@+ *1:+, @7I "aC <1+7@ 51@<6 +@I "in <15<+ <1+5: @=I -able 71*a *5@ bit safe Prime numbers calculation table -able 71*b *5@ bit safe Prime numbers calculation1 %nline #&'oting Prototype System #vece( ) Page +* of +, 2ith Pre&Computation Real -ime Computation Change I Algorithm 5=7 bit 5=7 bit 5=7 bit Regular Avg <1+@* 51*++ @5I "aC <1=65 51:57 @*I "in <15:* <1+<7 =I -able 715a 5=7 bit safe Prime numbers calculation table -able 715b 5=7 bit safe Prime numbers calculation1 7"(" 'e)ects <o+nd -hese defects are listed in the order in $hich they $ere found1 8t only includes those defects found $hile creating the automated test suites, not those found and fiCed during soft$are development1 %nline #&'oting Prototype System #vece( ) Page +5 of +, !efect8! *A 2hen the election is created, it can not save title and username details in the Cml file1 SolutionA 0election parameter stored in the session $as not initialiGed in the beginning of the function1 After initialiGing it is fiCed1 !efect8! 5A /ac( button is reuired after the ballots are created1 SolutionA After ballots are created, bac( button is reuired by the Administrator to be able to complete the election creation or ballot creation1 -$o lin( buttons are added, one to the "ain menu lin( and the other one is a lin( to the #lections page1 !efect8! +A %utside the compiler application $as not able to respond to the certificate assignment for the users1 SolutionA -his is fiCed by assigning ports each time $e run the application1 A dedicated port needs to be used by the administrator1 !efect8! 6A 3"9 output for the pre&computation does not $or( properly and need to be fiCed1 %nly real time computation and !/ computations $or( $hich is enough to sho$ the efficiency improvements in the code1 SolutionA -his need to be fiCed in the future releases1 !efect8! =A User 9ogin page does not hide the pass$ord teCt1 SolutionA -his is fiCed by changing the teCt boC property1 %nline #&'oting Prototype System #vece( ) Page ++ of +, !efect8! 7A User Hame is the same as the certificate issued name used in the certificate1 8f these names do not match, certificate can not be used and this $ill thro$ an error1 -o minimiGe the issues, user name from the login page $ill be passed to the voting page automatically1 -his enhancement needs to be applied as this is an additional reuirement1 SolutionA -his is done by using Sessions in ASP 1Het1 username session is created and the username is passed to the neCt form $hich is voting form. 7"3" Concl+sion %nline #&voting system is a prototype developed by using P-C 2eb services1 As the need for voting system has started to increase and some organiGations or countries has started to loo( for the solutions, this can be the starting point to improve and deploy in the real $orld scenarios1 8n this project 8 have tried to eCplain the importance of Paillier cryptosystem, , its uniue properties and its application areas especially in e&voting1 2e need to (eep in mind htat voting is not the only process during the $hole voting processes1 -here might be some other security concerns that need to be considered $hen such an application is built for practical reasons1 9astly, Paillier Cryptosystem efficiency can be improved as suggested in many papers D*E, D@E1 Random numbers pre&computation is one of the $ays implemented in this project1 8t has increased the calculation more than one of the $ays1 8n the neCt section, 8 $ill be listing all improvements that can be done to this $eb service and application1 %nline #&'oting Prototype System #vece( ) Page +6 of +, 7"6" <+t+re S+ggestions 8n this project #&'oting %nline prototype application has been implemented1 P-C 2eb Services are used for the encryption and decryption process1 -he method implemented and used on the P-C 2eb services is the first scheme invented by Paillier ad eCplained above1 8n the follo$ing years in numerous projects other similar method called Second Paillier Cryptosystem is used and this calculation simplifies the decryption1 -his can be implemented in P-C 2eb services to improve the efficiency1 Additionally, there are fe$ suggestions made about the efficiency improvement above1 Any of these or all of these can be applied to ma(e the $eb services more efficient1 "ost of the suggestions involve pre&computation of the constants in the schemes invented1 -he pre&computation applied in this project can be applied to more generic constants and have a dll application running continuously on the bac( ground thread from the server instead of a button from the $eb server1 9astly, tests failed on =*5 and *<56 bit (ey siGe encryption1 !esign can be changed to ma(e it $or( $ith these (ey siGes1 %nline #&'oting Prototype System #vece( ) Page += of +, &" .e)erences D*E httpA))cris1joongbu1ac1(r)publication)evoting0implementation&AP8#"S5<<61pdf Implementation issues in a secure e-voting schemes, RiGa Aditya, /youngcheon 9ee, Colin /oyd and #d !a$son1 D5E httpA))$$$1euractiv1com)en)egovernment)estonia&country&$orld&introduce&internet& voting)article&*6=,+=, Estonia first country in the worl to introuce internet voting, %ctober 5<<=1 D+E httpA))$$$1cs1virginia1edu)Bpev=b)$riting)academic)thesis)thesis1html !ote Early" !ote #ften" an !ote$ere% & 'ecurity &nalysis of !ote$ere, Philip #1 'arner, "ay **, 5<<*1 D6E httpA))en1$i(ipedia1org)$i(i)Public&(ey0cryptography (u)lic-key cryptography1 D=E httpA))$$$1trustycom1fr)pdf)FoPoSt<<1pdf P1 Fouue, G1 Poupard, a1Stern, 'haring *ecryption in the +ontext of !oting or Lotteries, Financial Cryptography 5<<< Proceedings1 D7E httpA))$$$1captcha1net) , the %fficial CAP-C.A $eb site1 D,E httpA))$$$1vote1caltech1edu)reports)alv&nag0loyola1pdf R1 "ichael AlvareG, aonathan Hagler, ,he Likely consequences of Internet !oting for (olitical -epresentations. D@E P1 Paillier, (u)lic-.ey +ryptosystems /ase on +omposite *egree -esiuosity +lasses, #urocrypt b:: D:E P1 Fouue, G1 Poupard, a1Stern, 'haring *ecryption in the +ontext of !oting or Lotteries, Financial Cryptography 5<<< Proceedings1 D<E 81 !amgard, "1 auri(, a1 Hielson, & 0enerali1ation of (aillier2s (u)lic-.ey 'ystem with &pplications to Electronic !oting, Aarhus University, !ept1 of Computer Science1 D*E A1 Shamir, $ow to 'hare a 'ecret, Communications of the AC" *:,: %nline #&'oting Prototype System #vece( ) Page +7 of +, D5E A1a1 "eneGes, P1 C1 van %orschot, and S1A1 'anstone, $an)ook of &pplie +ryptography, CRC Press, *::,1 D+E !1 Haccache, *ou)le-'pee 'afe (rime 0eneration, Gemplus Card 8nternational1 D6E "1 2iener, 'afe (rime 0eneration with a +om)ine 'ieve, Cryptographic Clarity1 D=E /1 2ilson, C1 #1 Cho$, (aillier ,hreshol +ryptography 3e) 'ervice 4ser2s 0uie, University of Colorado Q Colorado Springs "asterFs Project, 5<<71 D*7Ehttp://www.cs.rit.edu:8080/ms/static/spr/2005/4/kar1141/report.pdf , Progress on Probabilistic #ncryption Schemes, ;ert Richardson, auly 5<<71 D*,E http://www.cs.umd.edu/~jkatz/THEE/stau!.pdf."z An Analysis of ChaumFs voter&verifiable election scheme, aulie Ann Staub, 5<<= D*@E httpA))$$$1brics1d()RS)<<)6=)/R8CS&RS&<<&6=1pdf 8van !amgard and "ads a1 auri(, A GeneraliGation, a Simplification and Some Applications of PaillierFs Probabilistic Public&;ey System, P;C 5<<*1 D*:E httpA))$$$1cryptovirology1com)cryptovfiles)ne$boo()Chapter61pdf 8mplementing Perfect `uestionable #ncryptions, Adam 91 coung and "oti "1 cung1 D5<E httpA))$$$1rsa1com)rsalabs)cryptobytes)Crypto/ytes0aanuary05<<50final1pdf Crypto/ytes, !an /oneh, .ovav Shacham, Spring 5<<51 D5*E httpA))$$$1gemplus1com)smart)rd)publications)pdf)Pai::pai1pdf Public&;ey CryptoSystems /ased on Composite !egree Residuosity Classes, Pascal Paillier, *::: D55E httpA))en1$i(ipedia1org)$i(i)Paillier0cryptosystem , Paillier Crytosystem from 2i(ipedia, the free encyclopedia1 %nline #&'oting Prototype System #vece( ) Page +, of +,