]> Git — Sourcephile - majurity.git/blob - hjugement-protocol/hjugement-protocol.cabal
protocol: add key derivation
[majurity.git] / hjugement-protocol / hjugement-protocol.cabal
1 name: hjugement-protocol
2 -- PVP: +-+------- breaking API changes
3 -- | | +----- non-breaking API additions
4 -- | | | +--- code changes with no API change
5 version: 0.0.0.20190415
6 category: Politic
7 synopsis: A fully distributed threshold cryptosystem for the Majority Judgment.
8 description:
9 This work-in-progress library aims at implementing an online voting protocol
10 known as <https://eprint.iacr.org/2013/177.pdf Helios-C> (Helios with Credentials)
11 which is:
12 .
13 * /fully correct/: the published result are proven to correspond
14 to the (sum of) intended votes of the voters,
15 while accounting for a malicious bulletin board (BB) (adding fake ballots)
16 by requiring a registration authority (RA)
17 (responsible for generating and sending voters' credentials).
18 Assuming that the BB and the RA are not simultaneously dishonest.
19 .
20 * /verifiable/: voters are able to check that:
21 their ballots did contribute to the outcome (/individual verifiability/),
22 and that the tallying authorities did their job properly (/universal verifiability/).
23 .
24 * /private/: the identities of the voters who cast a vote are not publicly revealed.
25 .
26 Credentials:
27 A voter's credentials is a private key (the signing key)
28 that has a public part (the verification key).
29 The association between the public part and the corresponding voter’s identity
30 does not need to be known, and actually should not be disclosed to satisfy
31 e.g. the French requirements regarding voting systems.
32 Using credentials prevent the submission of duplicated ballots
33 (because they are added as an additional input to the random oracle
34 in the /non-interactive zero-knowledge/ (NIZK) proofs for ciphertext well-formedness).
35 This allows a testing of duplicates which depends only on the size of the number of voters,
36 and thus enables Helios-C to scale for larger elections while attaining correctness.
37 .
38 In this protocol :
39 .
40 * Ballots are encrypted using public-key cryptography
41 secured by the /Discrete Logarithm problem/:
42 finding @x@ in @g^x `mod` p@, where @p@ is a large prime
43 and @g@ a generator of @Gq@, the multiplicative subgroup of order @q@,
44 in @Fp@ (the finite prime field whose characteristic is @p@).
45 Here, @p@ is 2048-bit and @q@ is 256-bit.
46 The signing (Schnorr-like), the encrypting (ElGamal-like)
47 and the /Decisional Diffe Hellman/ (DDH) assumption,
48 all rely on the hardness of that problem.
49 * Ballots are added without being decrypted
50 because adding ciphertexts then decrypting
51 is like decrypting then adding plaintexts (/additive homomorphism/).
52 Which requires to solve the /Discrete Logarithm Problem/
53 for numbers in the order of the number of voters,
54 which is not hard for small numbers (with a lookup table as here,
55 or with Pollard’s rho algorithm for logarithms).
56 * The /Schnorr protocol/ is used to prove that a voter has knowledge
57 of the secret key used to encrypt their votes.
58 * The /Chaum-Pedersen protocol/ (proving that equality of discrete logarithms)
59 is used to prove that two given ciphertexts
60 belonging to two voters with different public credentials,
61 are well-formed (encrypting a 0 or a 1… or any expected natural)
62 without decrypting them.
63 Which is known as a /Disjunctive Chaum-Pedersen/ proof of partial knowledge.
64 * A /strong Fiat-Shamir transformation/ is used
65 to transform the /interactive zero-knowledge/ (IZK) /Chaum-Pedersen protocol/
66 into a /non-interactive zero-knowledge/ (NIZK) proof,
67 using a SHA256 hash.
68 * A Pedersen's /distributed key generation/ (DKG) protocol
69 coupled with ElGamal keys (under the DDH assumption),
70 is used to have a fully distributed semantically secure encryption.
71 extra-doc-files:
72 license: GPL-3
73 license-file: COPYING
74 stability: experimental
75 author: Julien Moutinho <julm+hjugement@autogeree.net>
76 maintainer: Julien Moutinho <julm+hjugement@autogeree.net>
77 bug-reports: Julien Moutinho <julm+hjugement@autogeree.net>
78 -- homepage:
79
80 build-type: Simple
81 cabal-version: 1.24
82 tested-with: GHC==8.4.4
83 extra-source-files:
84 stack.yaml
85 extra-tmp-files:
86
87 Source-Repository head
88 location: git://git.autogeree.net/hjugement
89 type: git
90
91 Library
92 exposed-modules:
93 Protocol.Arithmetic
94 Protocol.Credential
95 Protocol.Election
96 Utils.Constraint
97 Utils.MeasuredList
98 Utils.Natural
99 default-language: Haskell2010
100 default-extensions:
101 AllowAmbiguousTypes
102 ConstraintKinds
103 DefaultSignatures
104 FlexibleContexts
105 FlexibleInstances
106 GeneralizedNewtypeDeriving
107 LambdaCase
108 MonoLocalBinds
109 MultiParamTypeClasses
110 NamedFieldPuns
111 NoImplicitPrelude
112 NoMonomorphismRestriction
113 RecordWildCards
114 ScopedTypeVariables
115 TupleSections
116 TypeApplications
117 TypeFamilies
118 TypeOperators
119 UndecidableInstances
120 ghc-options:
121 -Wall
122 -Wincomplete-uni-patterns
123 -Wincomplete-record-updates
124 -fno-warn-tabs
125 -- -fhide-source-paths
126 build-depends:
127 base >= 4.6 && < 5
128 , bytestring >= 0.10
129 , containers >= 0.5
130 , cryptonite >= 0.25
131 -- , fixed-vector >= 1.1
132 , hashable >= 1.2.6
133 , memory >= 0.14
134 , random >= 1.1
135 -- , reflection >= 2.1
136 , text >= 1.2
137 , transformers >= 0.5
138 , unordered-containers >= 0.2.8
139
140 Test-Suite hjugement-protocol-test
141 type: exitcode-stdio-1.0
142 hs-source-dirs: test
143 main-is: Main.hs
144 other-modules:
145 HUnit
146 HUnit.Arithmetic
147 HUnit.Credential
148 HUnit.Election
149 HUnit.Utils
150 -- QuickCheck
151 default-language: Haskell2010
152 default-extensions:
153 AllowAmbiguousTypes
154 ConstraintKinds
155 DefaultSignatures
156 FlexibleContexts
157 FlexibleInstances
158 GeneralizedNewtypeDeriving
159 LambdaCase
160 MonoLocalBinds
161 MultiParamTypeClasses
162 NamedFieldPuns
163 NoImplicitPrelude
164 NoMonomorphismRestriction
165 RecordWildCards
166 ScopedTypeVariables
167 TupleSections
168 TypeApplications
169 TypeFamilies
170 TypeOperators
171 UndecidableInstances
172 ghc-options:
173 -Wall
174 -Wincomplete-uni-patterns
175 -Wincomplete-record-updates
176 -fno-warn-tabs
177 -- -fhide-source-paths
178 build-depends:
179 hjugement-protocol
180 , base >= 4.6 && < 5
181 , containers >= 0.5
182 , hashable >= 1.2.6
183 , QuickCheck >= 2.0
184 , random >= 1.1
185 , reflection >= 2.1
186 , tasty >= 0.11
187 , tasty-hunit >= 0.9
188 , tasty-quickcheck
189 , text >= 1.2
190 , transformers >= 0.5
191 , unordered-containers >= 0.2.8