Skip to content

Threshold Cryptography

Jump to bottom Edit New page
ilayluz edited this page Mar 31, 2016 · 25 revisions

Description

We use the threshold system described in http://moodle.tau.ac.il/pluginfile.php/217242/mod_resource/content/1/Tomer.pdf, with the following modifications:

  1. The underlying group is an Elliptic Curve group with parameters recommended by NIST: http://csrc.nist.gov/groups/ST/toolkit/documents/dss/NISTReCur.pdf
  2. Part 3 in the key generation process is done securely by converting the value of the polynomial (an integer) to an Elliptic Curve group member using the probabilistic method described in https://eprint.iacr.org/2013/373.pdf part 2.4. The method encodes the integer as 2 different group members. The group members are then encrypted using ElGamal method with the public key of the other party, and published to the Bulletin Board.

The code is written in Python, and is in the ThresholdCryptography folder: https://github.com/electronic-voting-workshop-2015/electronic-voting-workshop-2015/tree/master/ThresholdCryptography

High Level Workflow

  1. Each of the n parties are initialized:
    1. Group
    2. g - Group generator
    3. n – number of parties
    4. t – threshold
    5. party id – number from 1 to n
  2. each party randomly chooses it’s secret
  3. each party publishes commitments to the BB – g to the power of the secrets
  4. the voting public key is computed by the BB from the commitments after every party publishes
  5. the parties send each other secret messages by reading and writing encrypted messages to the BB with the other party’s public key
  6. each party validates the secret messages by comparing to the commitments in the BB
  7. if message is valid, each party publishes commitment of single value of polynomial to the BB
  8. for the rest of the day, votes are encrypted using the voting public key. Parties must keep the secret value of the polynomial safe and secure.
  9. Voting ends. The BB contains many encrypted messages, each message is a pair of group members (c, d)
  10. The mixnet reads the encrypted votes, mixes them internally, and publishes the mixed votes back to the BB
  11. Each party publishes to the BB a commitment and a ZKP for every message
  12. For every message, the BB verifies at least t parties have a valid commitment and ZKP, and for each message the BB computes the decrypted message using a set of t commitments

Notes

  1. Steps 1-7 should take very little time because it’s O(n) (number of parties)
  2. Voting can only begin after step 7, when there are at least t published commitments
  3. Each party must keep a single group member as a safe secret for the duration of the voting.
  4. Step 11 can take a long time – it’s O(number of votes) for every party . Can be done in parallel. It’s best that each party send all its data at once to the BB.
  5. Step 12 can take a long time - it’s O(n * number of votes), but the computation only happens locally on the BB.

Instructions

Setting up

On Windows: download and install the latest version of Python 3 from https://www.python.org/downloads/
On Linux: verify python 3 is installed by entering python3 on the command line (enter quit() to exit from the python shell)

Download to a local directory the files from the ThresholdCryptography folder - can be done using git: git clone https://github.com/electronic-voting-workshop-2015/electronic-voting-workshop-2015.git

Optional: install gmpy2 library to improve performance: On Windows: install appropriate version of gmpy2 from https://code.google.com/archive/p/gmpy/downloads
On Linux: install using: sudo apt-get install python3-gmpy2

phase 1

After the system parameters are initialized and the roles and private keys are assigned, each threshold party runs the following command (use python3 on Linux):

python ThresholdCryptography/main.py phase1

After every party completed the command successfully, the following command should be run on the BB:

python3 ThresholdCryptography/main.py compute_voting_public_key

On any error during this phase, restart phase 1. After this phase completed successfully, voting can begin.

phase 2

After voting ends, the mixnet team performs mixing of votes on the BB. After mixing, each threshold party runs the following command:

python ThresholdCryptography/main.py phase2

phase 3

After phase 2 completed successfully, the following command should be run on the BB:

python3 ThresholdCryptography/main.py phase3

The command should print the results in an un-friendly format, and output a file named result.json TBD: parsing the result.txt file and printing friendly result

Add a custom footer
Add a custom sidebar
Clone this wiki locally