]> Git — Sourcephile - majurity.git/blob - hjugement-protocol/hjugement-protocol.cabal
protocol: add FromNatural/ToNatural
[majurity.git] / hjugement-protocol / hjugement-protocol.cabal
1 name: hjugement-protocol
2 -- PVP: +-+------- breaking API changes
3 -- | | +----- non-breaking API additions
4 -- | | | +--- code changes with no API change
5 version: 0.0.0.20190428
6 category: Politic
7 synopsis: A cryptographic protocol for the Majority Judgment.
8 description:
9 This work-in-progress library aims at implementing an online voting protocol
10 named <https://eprint.iacr.org/2013/177.pdf Helios-C> (Helios with Credentials)
11 by its authors from the <https://www.cnrs.fr/ CNRS>,
12 the <http://www.loria.fr INRIA>
13 and the <https://www.univ-lorraine.fr/ Université de Lorraine>:
14 <http://www.loria.fr/~cortier/ Véronique Cortier>,
15 <https://dgalindo.es/ David Galindo>,
16 <http://www.loria.fr/~gaudry/ Pierrick Gaudry>,
17 <http://stephane.glondu.net/ Stéphane Glondu>
18 and Malika Izabachène.
19 .
20 (TODO) Actually, this protocol is adapted a little bit here to better support
21 a better method of voting known as the <http://libgen.io/book/index.php?md5=BF67AA4298C1CE7633187546AA53E01D Majority Judgment>.
22 .
23 * A large-public introduction (in french) to Helios-C is available here:
24 <https://members.loria.fr/VCortier/files/Papers/Bulletin1024-2016.pdf Bulletin de la société informatique de France – numéro 9, novembre 2016>.
25 * A more scientific (yet understandable) introduction (in english) to Belenios
26 (an implementation of Helios-C) is available here:
27 <https://hal.inria.fr/hal-02066930/document Belenios: a simple private and verifiable electronic voting system>.
28 .
29 The main properties of this protocol are:
30 .
31 * /fully correct/: the published result are proven to correspond
32 to the (sum of) intended votes of the voters,
33 while accounting for a malicious bulletin board (BB) (adding fake ballots)
34 by requiring a registration authority (RA)
35 (responsible for generating and sending voters' credentials).
36 Assuming that the BB and the RA are not simultaneously dishonest.
37 .
38 * /verifiable/: each voter is able to check that:
39 his\/her ballot did contribute to the outcome (/individual verifiability/),
40 and that the tallying authorities did their job properly (/universal verifiability/).
41 .
42 * /private/: the identities of the voters who cast a vote are not publicly revealed.
43 .
44 More specifically, in this protocol :
45 .
46 * Ballots are encrypted using public-key cryptography
47 secured by the /Discrete Logarithm problem/:
48 finding @x@ in @g^x `mod` p@, where @p@ is a large prime
49 and @g@ a generator of @Gq@, the multiplicative subgroup of order @q@,
50 in @Fp@ (the finite prime field whose characteristic is @p@).
51 Here, @p@ is 2048-bit and @q@ is 256-bit.
52 The signing (Schnorr-like), the encrypting (ElGamal-like)
53 and the /Decisional Diffe Hellman/ (DDH) assumption,
54 all rely on the hardness of that problem.
55 * Ballots are added without being decrypted
56 because adding (multiplying actually) ciphertexts then decrypting,
57 is like decrypting then adding plaintexts (/additive homomorphism/).
58 Which requires to solve the /Discrete Logarithm Problem/
59 for numbers in the order of the number of voters,
60 which is not hard for small numbers (with a lookup table as here,
61 or with Pollard’s rho algorithm for logarithms).
62 * The /Schnorr protocol/ is used to prove that a voter has knowledge
63 of the secret key used to sign their votes.
64 A voter's credentials is a secret key (the signing key)
65 that has a public part (the verification key).
66 The association between the public part and the corresponding voter’s identity
67 does not need to be known, and actually should not be disclosed to satisfy
68 e.g. the French requirements regarding voting systems.
69 Using credentials prevent the submission of duplicated ballots
70 (because they are added as an additional input to the random oracle
71 in the /non-interactive zero-knowledge/ (NIZK) proofs for ciphertext well-formedness).
72 This allows a testing of duplicates which depends only on the size of the number of voters,
73 and thus enables Helios-C to scale for larger elections while attaining correctness.
74 * The /Chaum-Pedersen protocol/ (proving that equality of discrete logarithms)
75 is used to prove that ciphertexts are well-formed
76 (encrypting a 0 or a 1… or any expected natural) without decrypting them.
77 Which is known as a /Disjunctive Chaum-Pedersen/ proof of partial knowledge.
78 * A /strong Fiat-Shamir transformation/ is used
79 to transform the /interactive zero-knowledge/ (IZK) /Chaum-Pedersen protocol/
80 into a /non-interactive zero-knowledge/ (NIZK) proof, using a SHA256 hash.
81 * (TODO) A Pedersen's /distributed key generation/ (DKG) protocol
82 coupled with ElGamal keys (under the DDH assumption),
83 is used to have a fully distributed semantically secure encryption.
84 extra-doc-files:
85 license: GPL-3
86 license-file: COPYING
87 stability: experimental
88 author: Julien Moutinho <julm+hjugement@autogeree.net>
89 maintainer: Julien Moutinho <julm+hjugement@autogeree.net>
90 bug-reports: Julien Moutinho <julm+hjugement@autogeree.net>
91 -- homepage:
92
93 build-type: Simple
94 cabal-version: 1.24
95 tested-with: GHC==8.4.4
96 extra-source-files:
97 stack.yaml
98 extra-tmp-files:
99
100 Source-Repository head
101 location: git://git.autogeree.net/hjugement
102 type: git
103
104 Library
105 exposed-modules:
106 Protocol.Arithmetic
107 Protocol.Credential
108 Protocol.Election
109 default-language: Haskell2010
110 default-extensions:
111 AllowAmbiguousTypes
112 ConstraintKinds
113 DefaultSignatures
114 FlexibleContexts
115 FlexibleInstances
116 GeneralizedNewtypeDeriving
117 LambdaCase
118 MonoLocalBinds
119 MultiParamTypeClasses
120 NamedFieldPuns
121 NoImplicitPrelude
122 NoMonomorphismRestriction
123 RecordWildCards
124 ScopedTypeVariables
125 TupleSections
126 TypeApplications
127 TypeFamilies
128 TypeOperators
129 UndecidableInstances
130 ghc-options:
131 -Wall
132 -Wincomplete-uni-patterns
133 -Wincomplete-record-updates
134 -fno-warn-tabs
135 -- -fhide-source-paths
136 build-depends:
137 base >= 4.6 && < 5
138 , bytestring >= 0.10
139 , containers >= 0.5
140 , cryptonite >= 0.25
141 -- , fixed-vector >= 1.1
142 -- , hashable >= 1.2.6
143 , memory >= 0.14
144 , mmorph >= 1.1
145 -- , monad-classes >= 0.3
146 , random >= 1.1
147 -- , reflection >= 2.1
148 , text >= 1.2
149 , transformers >= 0.5
150 , unordered-containers >= 0.2.8
151
152 Test-Suite hjugement-protocol-test
153 type: exitcode-stdio-1.0
154 hs-source-dirs: test
155 main-is: Main.hs
156 other-modules:
157 HUnit
158 HUnit.Arithmetic
159 HUnit.Credential
160 HUnit.Election
161 HUnit.Utils
162 -- QuickCheck
163 default-language: Haskell2010
164 default-extensions:
165 AllowAmbiguousTypes
166 ConstraintKinds
167 DefaultSignatures
168 FlexibleContexts
169 FlexibleInstances
170 GeneralizedNewtypeDeriving
171 LambdaCase
172 MonoLocalBinds
173 MultiParamTypeClasses
174 NamedFieldPuns
175 NoImplicitPrelude
176 NoMonomorphismRestriction
177 RecordWildCards
178 ScopedTypeVariables
179 TupleSections
180 TypeApplications
181 TypeFamilies
182 TypeOperators
183 UndecidableInstances
184 ghc-options:
185 -Wall
186 -Wincomplete-uni-patterns
187 -Wincomplete-record-updates
188 -fno-warn-tabs
189 -- -fhide-source-paths
190 build-depends:
191 hjugement-protocol
192 , base >= 4.6 && < 5
193 , containers >= 0.5
194 , hashable >= 1.2.6
195 , QuickCheck >= 2.0
196 -- , monad-classes >= 0.3
197 , random >= 1.1
198 -- , reflection >= 2.1
199 , tasty >= 0.11
200 , tasty-hunit >= 0.9
201 , tasty-quickcheck
202 , text >= 1.2
203 , transformers >= 0.5
204 , unordered-containers >= 0.2.8