Johannes Reinhart, Bastian Lüttig, Nicolas Huber, Julian Liedtke, and Björn Annighöfer, “Verifiable Computing in Avionics for Assuring Computer-Integrity without Replication,” in 2023 IEEE/AIAA 42nd Digital Avionics Systems Conference (DASC), 2023, pp. 1–10.
Abstract
Safety-critical digital systems such as Fly-by-wire control have demanding integrity and availability requirements which significantly exceed the occurrence rates of random hardware faults observed in digital computers. As a result, system designers need to employ reliable fault detection and mitigation techniques. Until now, the only method to achieve sufficiently reliable fault detection for systems that can cause hazardous or catastrophic events, is to replicate computer lanes and detect faults by comparing outputs. However, this comes with a large overhead in development cost, computing resources and additional requirements towards the application. We propose to apply a novel cryptographic technique to reliably detect faults and thereby assure integrity of avionics computers: Succinct Non-Interactive Arguments of Knowledge allow components to quickly verify computations without repeating the computation. We present a novel concept for building high-integrity avionics systems and set up a laboratory demonstrator for a simplified pitch control system. Our major results include the successful demonstration of the first self-proving and self-verifying cyber-physical system in a laboratory environment.BibTeX
Julian Liedtke, Jan Adomat, Alexander Aßenmacher, Patrick Baisch, Linus Fischer, Jonas Geiselhart, Alex Heller, Julian Kieslinger, Mike Lauer, Paul Mayer, Xuan Viet Pham, André Sperrle, Carmen Wabartha, Pia Wippermann, and Ralf Küsters, “Ordinos: Remote Verifiable Tally-Hiding E-Voting - A Fully-Fledged Web-Based Implementation,” in Eight International Joint Conference on Electronic Voting (E-Vote-ID 2023), 2023. To appear.
Abstract
Many so-called tally-hiding e-voting systems have been proposed in the literature. Tally-hiding elections only publish the election result, e.g., the election's winner, thus drastically improving the voters' privacy and offering many other desired features. However, all of these tally-hiding works focus on the core logic of the system but consider additional aspects, such as client and verification interfaces, to be out of scope. Altogether, there currently is no complete tally-hiding voting system that we can readily deploy in practice. In this work, we close this gap by designing the first fully-fledged tally-hiding e-voting system that one can readily deploy in various real-world elections, including those using voting methods such as Borda voting, multiple Condorcet methods, and instant-runoff voting. Our system builds on and extends the existing Ordinos framework for secure tally-hiding e-voting by, among others, developing clients, easy-to-use and cross-platform web interfaces, ballot verification zero-knowledge proofs, and a fully automated verification procedure to support and encourage voter verification.BibTeX
Carmen Wabartha, Julian Liedtke, Nicolas Huber, Daniel Rausch, and Ralf Küsters, “Fully Tally-Hiding Verifiable E-Voting for Real-World Elections with Seat-Allocations,” in 28th European Symposium on Research in Computer Security (ESORICS 2023), 2023. To appear.
Abstract
Modern e-voting systems provide what is called verifiability, i.e., voters are able to check that their votes have actually been counted despite potentially malicious servers and voting authorities. Some of these systems, called tally-hiding systems, provide increased privacy by revealing only the actual election result, e.g., the winner of the election, but no further information that is supposed to be kept secret. However, due to these very strong privacy guarantees, supporting complex voting methods at a real-world scale has proven to be very challenging for tally-hiding systems. A widespread class of elections, and at the same time, one of the most involved ones is parliamentary election with party-based seat-allocation. These elections are performed for millions of voters, dozens of parties, and hundreds of individual candidates competing for seats; they also use very sophisticated multi-step algorithms to compute the final assignment of seats to candidates based on, e.g., party lists, hundreds of electoral constituencies, possibly additional votes for individual candidates, overhang seats, and special exceptions for minorities. So far, it has not been investigated whether and in how far such elections can be performed in a verifiable tally-hiding manner. In this work, we design and implement the first verifiable (fully) tally-hiding e-voting system for an election from this class, namely, for the German parliament (Bundestag). As part of this effort, we propose several new tally-hiding building blocks that are of independent interest. We perform benchmarks based on actual election data, which show, perhaps surprisingly, that our proposed system is practical even at a real-world scale. Our work thus serves as a foundational feasibility study for this class of elections.BibTeX
Carmen Wabartha, Julian Liedtke, Nicolas Huber, Daniel Rausch, and Ralf Küsters, “Fully Tally-Hiding Verifiable E-Voting for Real-World Elections with Seat-Allocations,” Cryptology ePrint Archive, Technical Report 2023/1289, 2023.
Abstract
Modern e-voting systems provide what is called verifiability, i.e., voters are able to check that their votes have actually been counted despite potentially malicious servers and voting authorities. Some of these systems, called tally-hiding systems, provide increased privacy by revealing only the actual election result, e.g., the winner of the election, but no further information that is supposed to be kept secret. However, due to these very strong privacy guarantees, supporting complex voting methods at a real-world scale has proven to be very challenging for tally-hiding systems. A widespread class of elections, and at the same time, one of the most involved ones is parliamentary election with party-based seat-allocation. These elections are performed for millions of voters, dozens of parties, and hundreds of individual candidates competing for seats; they also use very sophisticated multi-step algorithms to compute the final assignment of seats to candidates based on, e.g., party lists, hundreds of electoral constituencies, possibly additional votes for individual candidates, overhang seats, and special exceptions for minorities. So far, it has not been investigated whether and in how far such elections can be performed in a verifiable tally-hiding manner. In this work, we design and implement the first verifiable (fully) tally-hiding e-voting system for an election from this class, namely, for the German parliament (Bundestag). As part of this effort, we propose several new tally-hiding building blocks that are of independent interest. We perform benchmarks based on actual election data, which show, perhaps surprisingly, that our proposed system is practical even at a real-world scale. Our work thus serves as a foundational feasibility study for this class of elections.BibTeX