]> Git — Sourcephile - majurity.git/blob - hjugement-protocol/hjugement-protocol.cabal
sourcephile / git / majurity.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
protocol: improve explanations
[majurity.git] / hjugement-protocol / hjugement-protocol.cabal
1 name: hjugement-protocol
2 -- PVP: +-+------- breaking API changes
3 -- | | +----- non-breaking API additions
4 -- | | | +--- code changes with no API change
5 version: 0.0.0.20190501
6 category: Politic
7 synopsis: A cryptographic protocol for the Majority Judgment.
8 description:
9 This work-in-progress library aims at implementing an online voting protocol
10 named <https://eprint.iacr.org/2013/177.pdf Helios-C> (Helios with Credentials)
11 by its authors from the <https://www.cnrs.fr/ CNRS>,
12 the <http://www.loria.fr INRIA>
13 and the <https://www.univ-lorraine.fr/ Université de Lorraine>:
14 <http://www.loria.fr/~cortier/ Véronique Cortier>,
15 <https://dgalindo.es/ David Galindo>,
16 <http://www.loria.fr/~gaudry/ Pierrick Gaudry>,
17 <http://stephane.glondu.net/ Stéphane Glondu>
18 and Malika Izabachène.
19 .
20 (TODO) Actually, this protocol is adapted a little bit here to better support
21 a better method of voting known as the <http://libgen.io/book/index.php?md5=BF67AA4298C1CE7633187546AA53E01D Majority Judgment>.
22 .
23 * A large-public introduction (in french) to Helios-C is available here:
24 <https://members.loria.fr/VCortier/files/Papers/Bulletin1024-2016.pdf Bulletin de la société informatique de France – numéro 9, novembre 2016>.
25 * A more scientific (yet understandable) introduction (in english) to Belenios
26 (an implementation of Helios-C) is available here:
27 <https://hal.inria.fr/hal-02066930/document Belenios: a simple private and verifiable electronic voting system>.
28 .
29 The main properties of this protocol are:
30 .
31 * /fully correct/: the published result are proven to correspond
32 to the (sum of) intended votes of the voters,
33 while accounting for a malicious bulletin board (BB) (adding fake ballots)
34 by requiring a registration authority (RA)
35 (responsible for generating and sending voters' credentials).
36 Assuming that the BB and the RA are not simultaneously dishonest.
37 .
38 * /verifiable/: each voter is able to check that:
39 his\/her ballot did contribute to the outcome (/individual verifiability/),
40 and that the tallying authorities did their job properly (/universal verifiability/).
41 .
42 * /private/: the identities of the voters who cast a vote are not publicly revealed.
43 .
44 More specifically, in this protocol :
45 .
46 * Ballots are encrypted using public-key cryptography
47 secured by the /Discrete Logarithm problem/:
48 finding @x@ in @g^x `mod` p@, where @p@ is a large prime
49 and @g@ a generator of @Gq@, the multiplicative subgroup of order @q@,
50 in @Fp@ (the finite prime field whose characteristic is @p@).
51 Here, @p@ is 2048-bit and @q@ is 256-bit.
52 The signing (Schnorr-like), the encrypting (ElGamal-like)
53 and the /Decisional Diffe Hellman/ (DDH) assumption,
54 all rely on the hardness of that problem.
55 * Ballots are added without being decrypted
56 because adding (multiplying actually) ciphertexts then decrypting,
57 is like decrypting then adding plaintexts (/additive homomorphism/).
58 Which requires to solve the /Discrete Logarithm Problem/
59 for numbers in the order of the number of voters,
60 which is not hard for small numbers (with a lookup table as here,
61 or with Pollard’s rho algorithm for logarithms).
62 * The /Schnorr protocol/ is used to prove that a voter has knowledge
63 of the secret key used to sign their votes.
64 A voter's credentials is a secret key (the signing key)
65 that has a public part (the verification key).
66 The association between the public part and the corresponding voter’s identity
67 does not need to be known, and actually should not be disclosed to satisfy
68 e.g. the French requirements regarding voting systems.
69 Using credentials prevent the submission of duplicated ballots
70 (because they are added as an additional input to the random oracle
71 in the /non-interactive zero-knowledge/ (NIZK) proofs for ciphertext well-formedness).
72 This allows a testing of duplicates which depends only on the size of the number of voters,
73 and thus enables Helios-C to scale for larger elections while attaining correctness.
74 * The /Chaum-Pedersen protocol/ (proving that equality of discrete logarithms)
75 is used to prove that ciphertexts are well-formed
76 (encrypting a 0 or a 1… or any expected natural) without decrypting them.
77 Which is known as a /Disjunctive Chaum-Pedersen/ proof of partial knowledge.
78 * A /strong Fiat-Shamir transformation/ is used
79 to transform the /interactive zero-knowledge/ (IZK) /Chaum-Pedersen protocol/
80 into a /non-interactive zero-knowledge/ (NIZK) proof, using a SHA256 hash.
81 * (TODO) A Pedersen's /distributed key generation/ (DKG) protocol
82 coupled with ElGamal keys (under the DDH assumption),
83 is used to have a fully distributed semantically secure encryption.
84 extra-doc-files:
85 license: GPL-3
86 license-file: COPYING
87 stability: experimental
88 author: Julien Moutinho <julm+hjugement@autogeree.net>
89 maintainer: Julien Moutinho <julm+hjugement@autogeree.net>
90 bug-reports: Julien Moutinho <julm+hjugement@autogeree.net>
91 -- homepage:
92
93 build-type: Simple
94 cabal-version: 1.24
95 tested-with: GHC==8.4.4
96 extra-source-files:
97 stack.yaml
98 extra-tmp-files:
99
100 Source-Repository head
101 location: git://git.autogeree.net/hjugement
102 type: git
103
104 Library
105 exposed-modules:
106 Protocol.Arithmetic
107 Protocol.Credential
108 Protocol.Election
109 Protocol.Utils
110 default-language: Haskell2010
111 default-extensions:
112 AllowAmbiguousTypes
113 ConstraintKinds
114 DefaultSignatures
115 FlexibleContexts
116 FlexibleInstances
117 GeneralizedNewtypeDeriving
118 LambdaCase
119 MonoLocalBinds
120 MultiParamTypeClasses
121 NamedFieldPuns
122 NoImplicitPrelude
123 NoMonomorphismRestriction
124 RecordWildCards
125 ScopedTypeVariables
126 TupleSections
127 TypeApplications
128 TypeFamilies
129 TypeOperators
130 UndecidableInstances
131 ghc-options:
132 -Wall
133 -Wincomplete-uni-patterns
134 -Wincomplete-record-updates
135 -fno-warn-tabs
136 -- -fhide-source-paths
137 build-depends:
138 base >= 4.6 && < 5
139 , bytestring >= 0.10
140 , containers >= 0.5
141 , cryptonite >= 0.25
142 -- , fixed-vector >= 1.1
143 -- , hashable >= 1.2.6
144 , memory >= 0.14
145 -- , mmorph >= 1.1
146 -- , monad-classes >= 0.3
147 , random >= 1.1
148 -- , reflection >= 2.1
149 , text >= 1.2
150 , transformers >= 0.5
151 , unordered-containers >= 0.2.8
152
153 Test-Suite hjugement-protocol-test
154 type: exitcode-stdio-1.0
155 hs-source-dirs: test
156 main-is: Main.hs
157 other-modules:
158 HUnit
159 HUnit.Arithmetic
160 HUnit.Credential
161 HUnit.Election
162 HUnit.Utils
163 -- QuickCheck
164 default-language: Haskell2010
165 default-extensions:
166 AllowAmbiguousTypes
167 ConstraintKinds
168 DefaultSignatures
169 FlexibleContexts
170 FlexibleInstances
171 GeneralizedNewtypeDeriving
172 LambdaCase
173 MonoLocalBinds
174 MultiParamTypeClasses
175 NamedFieldPuns
176 NoImplicitPrelude
177 NoMonomorphismRestriction
178 RecordWildCards
179 ScopedTypeVariables
180 TupleSections
181 TypeApplications
182 TypeFamilies
183 TypeOperators
184 UndecidableInstances
185 ghc-options:
186 -Wall
187 -Wincomplete-uni-patterns
188 -Wincomplete-record-updates
189 -fno-warn-tabs
190 -- -fhide-source-paths
191 build-depends:
192 hjugement-protocol
193 , base >= 4.6 && < 5
194 , containers >= 0.5
195 , hashable >= 1.2.6
196 , QuickCheck >= 2.0
197 -- , monad-classes >= 0.3
198 , random >= 1.1
199 -- , reflection >= 2.1
200 , tasty >= 0.11
201 , tasty-hunit >= 0.9
202 , tasty-quickcheck
203 , text >= 1.2
204 , transformers >= 0.5
205 , unordered-containers >= 0.2.8
Tools for voting with Majority Judgment and Helios-C