# Confidential, Distributed Aggregation for Voting

Robert Riemann with supervision of Stéphane Grumbach

# Do you have confidence in Postal Voting?

Yes No Don't tell
# of votes 34 17 12

### Result:

The Voting Protocol shall provide legitimacy for the voting outcome.

# System-wide Voting Protocol Properties

## scalability

Further protocol properties:
coercion-resistance, proof of participation, support for write-ins, etc.

## 2

2. Buttons in black hole

# Computer-Assisted Voting by Show of Hands

Implements:

• correctness
• verifiability
• eligibility

Lacks:

• secrecy

# Online Voting Today

• PKI to identify eligible voter
• voter encrypts and signs own vote
• encrypted votes are gather by voting server
• to ensure secrecy:
• Mix-Networks destroy link between vote and voter
• Homomorphic encryption allows aggregation of encrypted votes
• verification with Zero-knowledge-Proofs

# Issues of Today’s Online Voting Protocols

• need trusted experts to witness protocol properties
• crypto unproven
• centralisation of knowledge / single point of failure
• rely on procedure compliance of voting officials
• early decryption of single votes

However, Online Voting used in:

Estonia, Australia, Brazil, India

# Promises of Distributed Online Voting

• balance of knowledge among all voters
• limited impact of data breaches
• balance of power (equipotent voters)
• no single point of failure
• interruption-resistant
• balance of trust (no voting officials)

## Concepts

Tree Overlay
(Peers = Leafs)

Aggregation Algebra

Aggregation Algorithm

# Aggregation Algebra

\oplus: \mathbb{A}\times\mathbb{A} \mapsto \mathbb{A}
$\oplus: \mathbb{A}\times\mathbb{A} \mapsto \mathbb{A}$

Two child aggregates are aggregated to a parent aggregate.

Aggregation Operator must be:

• commutative
• associative

For plurality voting, an aggregate corresponds to the set of casted votes and the operation is the union of sets.

# Tree Overlay Network

## based on the Kademlia DHT

Tree for:

• finding peers
• guiding aggregation

• BitTorrent Tracker
• IPFS file system
• Storj cloud storage

peer

# Aggregation Algorithm

1. peers connect (with a Tracker) to the DHT with KID
2. peers update their k-Buckets with peers in sibling subtrees
3. peers request intermediate aggregates of sibling subtrees
to compute aggregate of common parent node
x_i
$x_i$

L & R is the sum of inverse aggregate size of all sent & received aggregates of each peer.

# Robust Aggregation I

Eligibility:

• peers create key pair
• authorization token       (blind signature on        )
• KID                           hence determined by peer and authority

Verifiability:

• aggregates are embedded in aggregate container with
meta-data: hashes of child aggregate containers
• chain of hashes ensures immutability of descendant aggregates
(pk_i,sk_i)
$(pk_i,sk_i)$
x_i = \text{sha3}(t_i)
$x_i = \text{sha3}(t_i)$
t_i
$t_i$
pk_i
$pk_i$

# Robust Aggregation

Correctness and Completeness (probabilistic):

• signatures on aggregate container express consensus
• redundantant requests; find majority consens
• ban of Byzantine peers signing conflicting containers

# Protocol Outlook

## Scalability

• measure and reduce #
of exchanged messages
• distributed tracker

## Dishonest Peers

### Colluding

• analyse limits of
potential manipulations

## Applications

• distributed lottery
• distributed auction

## Peer Churn

• use case: peers partially offline

#### ADVOKAT for Distributed Aggregation for Voting Applications

By Robert Riemann

# ADVOKAT for Distributed Aggregation for Voting Applications

Introduction to a distributed online aggregation protocol ADVOKAT

• 722