Secure & Trustable Distrib. Aggregation based on Kademlia
Robert Riemann with supervision of Stéphane Grumbach
Do you have confidence in Postal Voting?
| Yes | No | Don't tell | |
|---|---|---|---|
| # of votes | 61 | 43 | 2 |
Result:
The Voting Protocol shall provide legitimacy for the voting outcome.
Security Voting
Protocol Properties
secrecy
eligibility
correctness
verifiability
1
2
- Badge Reader
- Buttons in black hole
Computer-Assisted Voting by Show of Hands
Implements:
- correctness
- verifiability
- eligibility
Lacks:
- secrecy
System-wide Voting Protocol Properties
robustness (resilience)
convenience (mobility)
scalability
Further protocol properties:
coercion-resistance, proof of participation, support for write-ins, etc.
Online Voting Today
- voter encrypts its ballot
- ballots are sent to the voting server (authority)
- secrecy mechanisms:
- Mix-Networks destroy link between voter & ballot
- Homomorphic encryption to aggregate encrypted ballots
- verification with zero-knowledge proofs
Issues of Today’s Online Voting Protocols
- need trusted experts to witness protocol properties
- centralisation of knowledge / single point of failure
- rely on procedure compliance of voting officials,
e.g. early decryption of single votes
However, Online Voting used in:
Estonia, Australia, Brazil, India
Promises of Distributed Online Voting
- balance of knowledge among all voters
- limited impact of data breaches
- balance of power (equipotent voters)
- no single point of failure
- interruption-resistant
- balance of trust (no voting officials)
Distributed Online Voting: ADVOKAT
Concepts
Tree Overlay
(Peers = Leafs)
Aggregation Algebra
Aggregation Algorithm
Aggregation
Aggregation Algebra
\oplus: \mathbb{A}\times\mathbb{A} \mapsto \mathbb{A}
Two child aggregates are aggregated to a parent aggregate.
Aggregation Operator must be:
- commutative
- associative
For majority voting, an aggregate corresponds to the set of casted votes and the operation is the union of sets.
Tree Overlay Network
based on the Kademlia DHT
Maymounkov, P., & Mazieres, D. (2002). Kademlia: A peer-to-peer information system based on the xor metric
Tree for:
- finding peers
- guiding aggregation
Kademlia used in:
- BitTorrent
- IPFS file system
- Storj cloud storage
peer
Aggregation Algorithm
- peers connect (with a Tracker) to the DHT with KID
- peers update their k-Buckets with peers in sibling subtrees
- peers request intermediate aggregates of sibling subtrees
to compute aggregate of common parent node
x_i
L & R is the sum of inverse aggregate size of all sent & received aggregates of each peer.
Robust Aggregation I
Eligibility:
- peers create key pair
- authorization token (blind signature on )
- KID hence determined by peer and authority
Verifiability:
- aggregates are embedded in aggregate container with
meta-data: hashes of child aggregate containers - chain of hashes ensures immutability of descendant aggregates
(pk_i,sk_i)
x_i = \text{sha3}(t_i)
t_i
pk_i
Robust Aggregation II
Correctness and Completeness (probabilistic):
- signatures on aggregate container express consensus
- redundantant requests; find majority consens
- ban of Byzantine peers signing conflicting containers
Protocol Outlook
Efficiency
- dynamically adapt №
of confirmations to
tree configuration
Dishonest Peers
Colluding
- analyse limits of
potential manipulations
Applications
- distributed lottery
- distributed auction
Peer Churn
- deal with peers arriving late
- deal with peers leaving early
✓
IFIP SEC 2017: Secure and Trustable Distributed Aggregation Based on Kademlia
By Robert Riemann
IFIP SEC 2017: Secure and Trustable Distributed Aggregation Based on Kademlia
presentation of the conference paper: Secure and Trustable Distributed Aggregation based on Kademlia. In F. Martinelli & S. De Capitani di Vimercati (Eds.), Proc. of IFIP ICT Systems Security and Privacy Protection (pp. 171–185). Rome: Springer. http://doi.org/10.1007/978-3-319-58469-0_12
