hjugement-protocol/hjugement-protocol.cabal

   1 name: hjugement-protocol
   2 -- PVP:  +-+------- breaking API changes
   3 --       | | +----- non-breaking API additions
   4 --       | | | +--- code changes with no API change
   5 version: 0.0.0.20190415
   6 category: Politic
   7 synopsis: A fully distributed threshold cryptosystem for the Majority Judgment.
   8 description:
   9   This work-in-progress library aims at implementing an online voting protocol
  10   known as <https://eprint.iacr.org/2013/177.pdf Helios-C> (Helios with Credentials)
  11   which is:
  12   .
  13   * /fully correct/: the published result are proven to correspond
  14     to the (sum of) intended votes of the voters,
  15     while accounting for a malicious bulletin board (BB) (adding fake ballots)
  16     by requiring a registration authority (RA)
  17     (responsible for generating and sending voters' credentials).
  18     Assuming that the BB and the RA are not simultaneously dishonest.
  19   .
  20   * /verifiable/: voters are able to check that:
  21     their ballots did contribute to the outcome (/individual verifiability/),
  22     and that the tallying authorities did their job properly (/universal verifiability/).
  23   .
  24   * /private/: the identities of the voters who cast a vote are not publicly revealed.
  25   .
  26   Credentials:
  27     A voter's credentials is a private key (the signing key)
  28     that has a public part (the verification key).
  29     The association between the public part and the corresponding voter’s identity
  30     does not need to be known, and actually should not be disclosed to satisfy
  31     e.g. the French requirements regarding voting systems.
  32     Using credentials prevent the submission of duplicated ballots
  33     (because they are added as an additional input to the random oracle
  34     in the /non-interactive zero-knowledge/ (NIZK) proofs for ciphertext well-formedness).
  35     This allows a testing of duplicates which depends only on the size of the number of voters,
  36     and thus enables Helios-C to scale for larger elections while attaining correctness.
  37   .
  38   In this protocol :
  39   .
  40   * Ballots are encrypted using public-key cryptography
  41     secured by the /Discrete Logarithm problem/:
  42     finding @x@ in @g^x `mod` p@, where @p@ is a large prime
  43     and @g@ a generator of @Gq@, the multiplicative subgroup of order @q@,
  44     in @Fp@ (the finite prime field whose characteristic is @p@).
  45     Here, @p@ is 2048-bit and @q@ is 256-bit.
  46     The signing (Schnorr-like), the encrypting (ElGamal-like)
  47     and the /Decisional Diffe Hellman/ (DDH) assumption,
  48     all rely on the hardness of that problem.
  49   * Ballots are added without being decrypted
  50     because adding ciphertexts then decrypting
  51     is like decrypting then adding plaintexts (/additive homomorphism/).
  52     Which requires to solve the /Discrete Logarithm Problem/
  53     for numbers in the order of the number of voters,
  54     which is not hard for small numbers (with a lookup table as here,
  55     or with Pollard’s rho algorithm for logarithms).
  56   * The /Schnorr protocol/ is used to prove that a voter has knowledge
  57     of the secret key used to encrypt their votes.
  58   * The /Chaum-Pedersen protocol/ (proving that equality of discrete logarithms)
  59     is used to prove that two given ciphertexts
  60     belonging to two voters with different public credentials,
  61     are well-formed (encrypting a 0 or a 1… or any expected natural)
  62     without decrypting them.
  63     Which is known as a /Disjunctive Chaum-Pedersen/ proof of partial knowledge.
  64   * A /strong Fiat-Shamir transformation/ is used
  65     to transform the /interactive zero-knowledge/ (IZK) /Chaum-Pedersen protocol/
  66     into a /non-interactive zero-knowledge/ (NIZK) proof,
  67     using a SHA256 hash.
  68   * A Pedersen's /distributed key generation/ (DKG) protocol
  69     coupled with ElGamal keys (under the DDH assumption),
  70     is used to have a fully distributed semantically secure encryption.
  71 extra-doc-files:
  72 license: GPL-3
  73 license-file: COPYING
  74 stability: experimental
  75 author:      Julien Moutinho <julm+hjugement@autogeree.net>
  76 maintainer:  Julien Moutinho <julm+hjugement@autogeree.net>
  77 bug-reports: Julien Moutinho <julm+hjugement@autogeree.net>
  78 -- homepage:
  79
  80 build-type: Simple
  81 cabal-version: 1.24
  82 tested-with: GHC==8.4.4
  83 extra-source-files:
  84   stack.yaml
  85 extra-tmp-files:
  86
  87 Source-Repository head
  88  location: git://git.autogeree.net/hjugement
  89  type:     git
  90
  91 Library
  92   exposed-modules:
  93     Protocol.Arithmetic
  94     Protocol.Credential
  95     Protocol.Election
  96     Utils.Constraint
  97     Utils.MeasuredList
  98     Utils.Natural
  99   default-language: Haskell2010
 100   default-extensions:
 101     AllowAmbiguousTypes
 102     ConstraintKinds
 103     DefaultSignatures
 104     FlexibleContexts
 105     FlexibleInstances
 106     GeneralizedNewtypeDeriving
 107     LambdaCase
 108     MonoLocalBinds
 109     MultiParamTypeClasses
 110     NamedFieldPuns
 111     NoImplicitPrelude
 112     NoMonomorphismRestriction
 113     RecordWildCards
 114     ScopedTypeVariables
 115     TupleSections
 116     TypeApplications
 117     TypeFamilies
 118     TypeOperators
 119     UndecidableInstances
 120   ghc-options:
 121     -Wall
 122     -Wincomplete-uni-patterns
 123     -Wincomplete-record-updates
 124     -fno-warn-tabs
 125     -- -fhide-source-paths
 126   build-depends:
 127       base >= 4.6 && < 5
 128     , bytestring >= 0.10
 129     , containers >= 0.5
 130     , cryptonite >= 0.25
 131     -- , fixed-vector >= 1.1
 132     , hashable >= 1.2.6
 133     , memory >= 0.14
 134     , random >= 1.1
 135     -- , reflection >= 2.1
 136     , text >= 1.2
 137     , transformers >= 0.5
 138     , unordered-containers >= 0.2.8
 139
 140 Test-Suite hjugement-protocol-test
 141   type: exitcode-stdio-1.0
 142   hs-source-dirs: test
 143   main-is: Main.hs
 144   other-modules:
 145     HUnit
 146     HUnit.Arithmetic
 147     HUnit.Credential
 148     HUnit.Election
 149     HUnit.Utils
 150     -- QuickCheck
 151   default-language: Haskell2010
 152   default-extensions:
 153     AllowAmbiguousTypes
 154     ConstraintKinds
 155     DefaultSignatures
 156     FlexibleContexts
 157     FlexibleInstances
 158     GeneralizedNewtypeDeriving
 159     LambdaCase
 160     MonoLocalBinds
 161     MultiParamTypeClasses
 162     NamedFieldPuns
 163     NoImplicitPrelude
 164     NoMonomorphismRestriction
 165     RecordWildCards
 166     ScopedTypeVariables
 167     TupleSections
 168     TypeApplications
 169     TypeFamilies
 170     TypeOperators
 171     UndecidableInstances
 172   ghc-options:
 173     -Wall
 174     -Wincomplete-uni-patterns
 175     -Wincomplete-record-updates
 176     -fno-warn-tabs
 177     -- -fhide-source-paths
 178   build-depends:
 179       hjugement-protocol
 180     , base >= 4.6 && < 5
 181     , containers >= 0.5
 182     , hashable >= 1.2.6
 183     , QuickCheck >= 2.0
 184     , random >= 1.1
 185     , reflection >= 2.1
 186     , tasty >= 0.11
 187     , tasty-hunit >= 0.9
 188     , tasty-quickcheck
 189     , text >= 1.2
 190     , transformers >= 0.5
 191     , unordered-containers >= 0.2.8