Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
7
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
belenios
belenios
Commits
097424e7
Commit
097424e7
authored
Nov 26, 2019
by
CORTIER Veronique
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Informal explanations of the two types of questions
parent
c94c6290
Changes
1
Hide whitespace changes
Inline
Sidebyside
Showing
1 changed file
with
33 additions
and
5 deletions
+33
5
doc/specification.tex
doc/specification.tex
+33
5
No files found.
doc/specification.tex
View file @
097424e7
...
...
@@ 50,6 +50,7 @@
\tableofcontents
\section
{
Introduction
}
{
\it
References.
}
This document is a specification of the voting protocol implemented in
Belenios
\version
.
A high level description of Belenios and some statistics about its
...
...
@@ 78,14 +79,36 @@ proved in~\cite{wpes2013,asiacrypt12}.
homomorphically or shuffled and randomized, using mixnets. The
mixnet algorithms are taken from the CHVote specification~
\cite
{
CHVote
}
.
\end{itemize}
% Veronique : c'est un cauchemar toutes ces refs... ;)
% has been conducted with EasyCrypt and shows
% More discussion, theoretical explanations and
% bibliographical references can be found in an article
% available online.\footnote{\url{https://hal.inria.fr/hal02066930/document}}
{
\it
Types of supported elections.
}
Belenios supports two main types of questions.
In the
\emph
{
homomorphic case
}
, voters can select between
$
k
_
1
$
and
$
k
_
2
$
candidates out of
$
k
$
candidates. This case is called
homomorphic because the result of the election for such questions is
the number of votes received for each candidate. No more information
is leaked.
In the
\emph
{
non homomorphic case
}
, voters can give a number to each
candidate. This can be used to rank candidates or grade them. Then the
(raw) result of the election is simply the list of votes, as emitted
by the voters, in
a random order, to preserve privacy.
Any couting method can be then applied
(e.g. Condorcet, STV, or majority judgement) although Belenios does
not offer support for this.
The non homomorphic case therefore offers much more flexibility, at
the cost of extra steps during the tally (in order to securely shuffle
the ballots).
Belenios supports both types of questions and an election can even
mix homomorphic and non homomorphic questions.
% and slightly less privacy
\medskip
{
\it
Group parameters
}
The cryptography involved in Belenios needs a cyclic group
$
\G
$
where
discrete logarithms are hard to compute. We will denote by
$
g
$
a
generator and
$
q
$
its order. We use a multiplicative notation for the
...
...
@@ 116,7 +139,7 @@ section~\ref{defaultgroup}.
\item
$
\mathcal
{
C
}$
: credential authority
\item
$
\mathcal
{
T
}_
1
,
\dots
,
\mathcal
{
T
}_
m
$
: trustees
\item
$
\mathcal
{
V
}_
1
,
\dots
,
\mathcal
{
V
}_
n
$
: voters
\item
$
\mathcal
{
M
}_
1
,
\dots
,
\mathcal
{
M
}_
p
$
: shufflers (if using nonhomomorphic questions)
%
\item $\mathcal{M}_1,\dots,\mathcal{M}_p$: shufflers (if using nonhomomorphic questions)
\item
$
\mathcal
{
S
}$
: voting server
\\
The voting server maintains the public data
$
D
$
that
consists of:
...
...
@@ 250,7 +273,9 @@ voters), credentials can be recovered:
encrypted tally (see
section~
\ref
{
shuffles
}
):
\[
\tilde\Pi
_
0
=
\textsf
{
nh
\_
ciphertexts
}
(
\Pi
_
0
)
\]
\item
for
$
z
\in
[
1
\dots
m
]
$
:
\item
if the election contains a non homomorphic part, that is, if
$
\tilde\Pi
_
0
\neq
[]
$
,
then for
$
z
\in
[
1
\dots
m
]
$
:
\begin{enumerate}
\item
$
\mathcal
{
A
}$
sends
$
\tilde\Pi
_{
z

1
}$
to
$
\mathcal
{
T
}_
z
$
\item
$
\mathcal
{
T
}_
z
$
runs the shuffle algorithm, producing a
...
...
@@ 328,7 +353,10 @@ The auditor retrieve the election data $D$ and in
\item
she checks that
$
B
$
corresponds to the board
monitored so far thus performs all
the checks described at step 2 of section~
\ref
{
sec:auditvoting
}
;
\item
she checks that the proofs of the result
$
r
$
are valid w.r.t.
$
B
$
.
\item
she checks that the proofs of the result
$
r
$
are valid
w.r.t.
$
B
$
.
She checks in particular the proofs of correct decryption and the
proofs of correct shuffling (when shufllers have been used).
\end{enumerate}
To ease verification of the trustees and the credential authorities,
it is possible to display the hash of their public data (e.g. the
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment