]> Git — Sourcephile - majurity.git/blob - hjugement-protocol/hjugement-protocol.cabal
protocol: add MeasuredList.empty
[majurity.git] / hjugement-protocol / hjugement-protocol.cabal
1 name: hjugement-protocol
2 -- PVP: +-+------- breaking API changes
3 -- | | +----- non-breaking API additions
4 -- | | | +--- code changes with no API change
5 version: 0.0.0.20190415
6 category: Politic
7 synopsis: A fully distributed threshold cryptosystem for the Majority Judgment.
8 description:
9 This library implements an online voting protocol
10 known as <https://eprint.iacr.org/2013/177.pdf Helios-C> (Helios with Credentials)
11 which is:
12 .
13 * /fully correct/: the published result are proven to correspond
14 to the (sum of) intended votes of the voters,
15 while accounting for a malicious bulletin board (BB) (adding fake ballots)
16 by requiring a registration authority (RA)
17 (responsible for generating and sending voters' credentials).
18 Assuming that the BB and the RA are not simultaneously dishonest.
19 .
20 * /verifiable/: voters are able to check that:
21 their ballots did contribute to the outcome (/individual verifiability/),
22 and that the tallying authorities did their job properly (/universal verifiability/).
23 .
24 * /private/: the identities of the voters who cast a vote are not publicly revealed.
25 .
26 Credentials:
27 A voter's credentials is a private key (the signing key)
28 that has a public part (the verification key).
29 The association between the public part and the corresponding voter’s identity
30 does not need to be known, and actually should not be disclosed to satisfy
31 e.g. the French requirements regarding voting systems.
32 Using credentials prevent the submission of duplicated ballots
33 (because they are added as an additional input to the random oracle
34 in the /non-interactive zero-knowledge/ (NIZK) proofs for ciphertext well-formedness).
35 This allows a testing of duplicates which depends only on the size of the number of voters,
36 and thus enables Helios-C to scale for larger elections while attaining correctness.
37 .
38 In this protocol :
39 .
40 * Ballots are encrypted using public-key cryptography
41 secured by the /Discrete Logarithm problem/:
42 finding @x@ in @g^x `mod` p@, where @p@ is a large prime
43 and @g@ a generator of @Gq@, the multiplicative subgroup of @Fp@
44 (the finite prime field whose characteristic is @p@) of order @q@.
45 Here, @p@ is 2048-bit and @q@ is 256-bit.
46 The signing (Schnorr-like), the encrypting (ElGamal-like)
47 and the /Decisional Diffe Hellman/ (DDH) assumption,
48 all rely on the hardness of that problem.
49 * Ballots are added without being decrypted
50 because adding ciphertexts then decrypting
51 is like decrypting then adding plaintexts (/additive homomorphism/).
52 This uses an /ElGamal encryption scheme/ with
53 a transformation so that from being a /multiplicative homomorphism/
54 it becomes an /additive homomorphism/.
55 Which requires to solve the /Discrete Logarithm Problem/
56 for numbers in the order of the number of voters,
57 which is not hard for small numbers (with a lookup table as here,
58 or with Pollard’s rho algorithm for logarithms).
59 * A Pedersen's /distributed key generation/ (DKG) protocol
60 coupled with ElGamal keys (under the DDH assumption),
61 is used to have a fully distributed semantically secure encryption.
62 * The /Schnorr protocol/ is used to prove that a voter has knowledge
63 of the secret key used to encrypt their votes.
64 * The /Chaum-Pedersen protocol/ (proving that equality of discrete logarithms)
65 is used to prove that two given ciphertexts
66 belonging to two voters with different public credentials,
67 are well-formed (encrypting a 0 or a 1) without decrypting them.
68 Which is known as a /Disjunctive Chaum-Pedersen/ proof of partial knowledge.
69 * A /Fiat-Shamir transformation/ is used
70 to transform the /interactive zero-knowledge/ (IZK) /Chaum-Pedersen protocol/
71 into a /non-interactive zero-knowledge/ (NIZK) proof, using a SHA256 hash.
72 extra-doc-files:
73 license: GPL-3
74 license-file: COPYING
75 stability: experimental
76 author: Julien Moutinho <julm+hjugement@autogeree.net>
77 maintainer: Julien Moutinho <julm+hjugement@autogeree.net>
78 bug-reports: Julien Moutinho <julm+hjugement@autogeree.net>
79 -- homepage:
80
81 build-type: Simple
82 cabal-version: 1.24
83 tested-with: GHC==8.4.4
84 extra-source-files:
85 stack.yaml
86 extra-tmp-files:
87
88 Source-Repository head
89 location: git://git.autogeree.net/hjugement
90 type: git
91
92 Library
93 exposed-modules:
94 Protocol.Arithmetic
95 Protocol.Credential
96 Protocol.Election
97 Utils.Constraint
98 Utils.MeasuredList
99 Utils.Natural
100 default-language: Haskell2010
101 default-extensions:
102 AllowAmbiguousTypes
103 ConstraintKinds
104 DefaultSignatures
105 FlexibleContexts
106 FlexibleInstances
107 GeneralizedNewtypeDeriving
108 LambdaCase
109 MonoLocalBinds
110 MultiParamTypeClasses
111 NamedFieldPuns
112 NoImplicitPrelude
113 NoMonomorphismRestriction
114 RecordWildCards
115 ScopedTypeVariables
116 TupleSections
117 TypeApplications
118 TypeFamilies
119 TypeOperators
120 UndecidableInstances
121 ghc-options:
122 -Wall
123 -Wincomplete-uni-patterns
124 -Wincomplete-record-updates
125 -fno-warn-tabs
126 -- -fhide-source-paths
127 build-depends:
128 base >= 4.6 && < 5
129 , bytestring >= 0.10
130 , containers >= 0.5
131 , cryptonite >= 0.25
132 -- , fixed-vector >= 1.1
133 , hashable >= 1.2.6
134 , memory >= 0.14
135 , random >= 1.1
136 , reflection >= 2.1
137 , text >= 1.2
138 , transformers >= 0.5
139 , unordered-containers >= 0.2.8
140
141 Test-Suite hjugement-protocol-test
142 type: exitcode-stdio-1.0
143 hs-source-dirs: test
144 main-is: Main.hs
145 other-modules:
146 HUnit
147 HUnit.Arithmetic
148 HUnit.Credential
149 HUnit.Election
150 HUnit.Utils
151 -- QuickCheck
152 default-language: Haskell2010
153 default-extensions:
154 AllowAmbiguousTypes
155 ConstraintKinds
156 DefaultSignatures
157 FlexibleContexts
158 FlexibleInstances
159 GeneralizedNewtypeDeriving
160 LambdaCase
161 MonoLocalBinds
162 MultiParamTypeClasses
163 NamedFieldPuns
164 NoImplicitPrelude
165 NoMonomorphismRestriction
166 RecordWildCards
167 ScopedTypeVariables
168 TupleSections
169 TypeApplications
170 TypeFamilies
171 TypeOperators
172 UndecidableInstances
173 ghc-options:
174 -Wall
175 -Wincomplete-uni-patterns
176 -Wincomplete-record-updates
177 -fno-warn-tabs
178 -- -fhide-source-paths
179 build-depends:
180 hjugement-protocol
181 , base >= 4.6 && < 5
182 , containers >= 0.5
183 , hashable >= 1.2.6
184 , QuickCheck >= 2.0
185 , random >= 1.1
186 , reflection >= 2.1
187 , tasty >= 0.11
188 , tasty-hunit >= 0.9
189 , tasty-quickcheck
190 , text >= 1.2
191 , transformers >= 0.5
192 , unordered-containers >= 0.2.8