Belenios ? a deployed voting protocol used already in more
than 200 elections. Belenios extends Helios with an explicit
registration authority to obtain eligibility guarantees.
We offer two main results. First, we build upon a recent
framework for proving ballot privacy in EasyCrypt. Inspired
by our application to Belenios, we adapt and extend the privacy
security notions to account for protocols that include a registration
phase. Our analysis identifies a trust assumption which
is missing in the existing (pen and paper) analysis of Belenios:
ballot privacy does not hold if the registrar misbehaves, even
if the role of the registrar is seemingly to provide eligibility
guarantees. Second, we develop a novel framework for proving
strong verifiability in EasyCrypt and apply it to Belenios. In
the process, we clarify several aspects of the pen-and-paper
proof, such as how to deal with revote policies.
Together, our results yield the first machine-checked analysis
of both ballot privacy and verifiability properties for a
deployed electronic voting protocol. Perhaps more importantly,
we identify several issues regarding the applicability of existing
definitions of privacy and verifiability to systems other than
Helios. While we show how to adapt the definitions to the
particular case of Belenios, our findings indicate the need for
more general security notions for electronic voting protocols
with registration authorities.
We argue that the way the profiles are used over (longer) periods of time should play a more prominent role in the initial trust establishment. Intuitively, verification policies, in addition to static data, could check whether profiles are being used on a regular basis and have a convincing footprint of activities over various periods of time to be perceived as more trustworthy.
In this paper, we introduce Timeline Activity Proofs (TAP) as a new trust factor. TAP allows online users to manage their timeline activities in a privacy-preserving way and use them to bootstrap online trust, e.g., as part of registration to a new service. In our model we do not rely on any centralized social media platform. Instead, users are given full control over the activities that they wish to use as part of TAP proofs. A distributed public ledger is used to provide the crucial integrity guarantees, i.e., that activities cannot be tampered with retrospectively. Our TAP construction adopts standard cryptographic techniques to enable authorized access to encrypted activities of a user for the purpose of policy verification and is proven to provide data confidentiality protecting the privacy of user?s activities and authenticated policy compliance protecting verifiers from users who cannot show the required footprint of past activities.
issued by authorities to sign messages while also proving that their attributes satisfy
some policy. ABS schemes provide a
exible and privacy-preserving approach to authentication
since the signer's identity and attributes remain hidden within the anonymity set
of users sharing policy-conform attributes. Current ABS schemes exhibit some limitations
when it comes to the management and issue of attributes. In this paper we address the lack
of support for hierarchical attribute management, a property that is prevalent in traditional
PKIs where certiýcation authorities are organised into hierarchies and signatures are veriýed
along roots of trust.
Hierarchical Attribute-based Signatures (HABS) introduced in this work support delegation
of attributes along paths from the top-level authority down to the users while also ensuring
that signatures produced by these users do not leak their delegation paths, thus extending
the original privacy guarantees of ABS schemes. Our generic HABS construction also ensures
unforgeability of signatures in the presence of collusion attacks and contains an extended
traceability property allowing a dedicated tracing authority to identify the signer and reveal
its attribute delegation paths. We include a public veriýcation procedure for the accountability
of the tracing authority.
We anticipate that HABS will be useful for privacy-preserving authentication in applications
requiring hierarchical delegation of attribute-issuing rights and where knowledge of delegation
paths might leak information about signers and their attributes, e.g., in intelligent
transport systems where vehicles may require certain attributes to authenticate themselves
to the infrastructure but remain untrackable by the latter.