Secure & Trustable Distrib. Aggregation based on Kademlia

Robert Riemann with supervision of Stéphane Grumbach

Do you have confidence in Postal Voting?

Yes No Don't tell
# of votes 61 43 2

Result:

The Voting Protocol shall provide legitimacy for the voting outcome.

Security Voting
Protocol Properties

secrecy

eligibility

correctness

verifiability

1

2

  1. Badge Reader
  2. Buttons in black hole

Computer-Assisted Voting by Show of Hands

Implements:

  • correctness
  • verifiability
  • eligibility

Lacks:

  • secrecy

System-wide Voting Protocol Properties

robustness (resilience)

convenience (mobility)

scalability

Further protocol properties:
coercion-resistance, proof of participation, support for write-ins, etc.

Online Voting Today

  • voter encrypts its ballot
  • ballots are sent to the voting server (authority)
  • secrecy mechanisms:
    • Mix-Networks destroy link between voter & ballot
    • Homomorphic encryption to aggregate encrypted ballots
  • verification with zero-knowledge proofs

Issues of Today’s Online Voting Protocols

  • need trusted experts to witness protocol properties
  • centralisation of knowledge / single point of failure
  • rely on procedure compliance of voting officials,
    e.g. early decryption of single votes

However, Online Voting used in:

Estonia, Australia, Brazil, India

Promises of Distributed Online Voting

  • balance of knowledge among all voters
    • limited impact of data breaches
  • balance of power (equipotent voters)
    • no single point of failure
    • interruption-resistant
  • balance of trust (no voting officials)

Distributed Online Voting: ADVOKAT

Concepts

Tree Overlay
(Peers = Leafs)

Aggregation Algebra

Aggregation Algorithm

Aggregation

Aggregation Algebra

\oplus: \mathbb{A}\times\mathbb{A} \mapsto \mathbb{A}
:A×AA\oplus: \mathbb{A}\times\mathbb{A} \mapsto \mathbb{A}

Two child aggregates are aggregated to a parent aggregate.

Aggregation Operator must be:

  • commutative
  • associative

For majority voting, an aggregate corresponds to the set of casted votes and the operation is the union of sets.

Tree Overlay Network

based on the Kademlia DHT

image/svg+xml

Tree for:

  • finding peers
  • guiding aggregation

Kademlia used in:

peer

Aggregation Algorithm

  1. peers connect (with a Tracker) to the DHT with KID
  2. peers update their k-Buckets with peers in sibling subtrees
  3. peers request intermediate aggregates of sibling subtrees
    to compute aggregate of common parent node
x_i
xix_i

L & R is the sum of inverse aggregate size of all sent & received aggregates of each peer.

Robust Aggregation I

Eligibility:

  • peers create key pair
  • authorization token       (blind signature on        )
  • KID                           hence determined by peer and authority

Verifiability:

  • aggregates are embedded in aggregate container with
    meta-data: hashes of child aggregate containers
  • chain of hashes ensures immutability of descendant aggregates
(pk_i,sk_i)
(pki,ski)(pk_i,sk_i)
x_i = \text{sha3}(t_i)
xi=sha3(ti)x_i = \text{sha3}(t_i)
t_i
tit_i
pk_i
pkipk_i

Robust Aggregation II

Correctness and Completeness (probabilistic):

  • signatures on aggregate container express consensus
  • redundantant requests; find majority consens
  • ban of Byzantine peers signing conflicting containers

Protocol Outlook

Efficiency

  • dynamically adapt №
    of confirmations to
    tree configuration

Dishonest Peers

Colluding

  • analyse limits of
    potential manipulations 

Applications

  • distributed lottery
  • distributed auction

Peer Churn

  • deal with peers arriving late
  • deal with peers leaving early

IFIP SEC 2017: Secure and Trustable Distributed Aggregation Based on Kademlia

By Robert Riemann

IFIP SEC 2017: Secure and Trustable Distributed Aggregation Based on Kademlia

presentation of the conference paper: Secure and Trustable Distributed Aggregation based on Kademlia. In F. Martinelli & S. De Capitani di Vimercati (Eds.), Proc. of IFIP ICT Systems Security and Privacy Protection (pp. 171–185). Rome: Springer. http://doi.org/10.1007/978-3-319-58469-0_12

  • 1,805