Provotum: A Decentralized Voting System (Multiple theses)

State: Open

The digitization of electronic voting systems is critically discussed around the globe [1]. Often, Remote Electronic Voting (REV) system architectures are centralized and intransparent for voters. In contrast, a DL-based REV system can offer a decentralized and auditable view for the public [1,2]. However, a decentralized system brings forth privacy and verifiability challenges that require in-depth research and analysis. The CSG@Ifi is actively developing Provotum, a decentralized voting system [3]. Therefore, the following topics are possible to be investigated in the scope of Provotum, or REV in general. 

Topic 1: "Mixnet Integration"
The Provotum system has a Mixnet module that is not yet fully integrated with the rest of the REV system. The focus of this thesis is (a) to integrate the Mixnet module into the REV system, and (b) investigate a secret sharing approach for Provotum with a threshold of k/n instead of currently n/n. Third (c) this thesis also investigates the current voting protocol's implementation based on Finite Field Cryptography with a suitable Elliptic Curve-based implementation. Finally, the system should be evaluated in a distributed setting, using Ansible and Terraform to deploy the system globally on cloud providers. 
Requirements: Knowledge on Rust, Distributed Systems and Applied Cryptography
Work Distribution: 10% Related Work, 30% Design, 30% Implementation, 30% Documentation
Dedicated Reference: [5,6]
Type: [BA, MA, IS]

Topic 2: "Risk Assessment and Threat Modeling of Provotum 3.0"
REV systems are deployed in an adversarial context, where anyone is a potential attacker. This thesis focuses on the in-depth risk assessment, analysis and classification of threats in the context of Provotum. This thesis first (a) reviews relevant related work on threat modeling and risk assessments and identifies the most suitable approach. It also reviews relevant related work (other REV systems) in looking for comparison benchmarks. Then (b) this thesis identifies relevant threat agents, threats and classifies them. Further (c) the threats should be classified and mitigations investigated (e.g., using a perfectly private audit trail (PPAT)[7]). E.g., this includes attacks on a pure voting protocol, or DL-consensus layer, as well as physical attacks on a deployed system. Finally, the thesis concludes (d) with a comparative 
Requirements: Prior Knowledge on Cybersecurity and risk assessment methodology
Work Distribution: 20% Related Work, 30% Risk Assessment 30% Threat Modeling 20% Documentation
Dedicated Reference: [7,8]
Type: [BA, MA, IS]

Topic 3: "Formal Verification and Coercion-Resistance"
This topic covers the formalization of the Provotum voting protocol, which has different extensions (Receipt-Freeness) and variations (Mixnet- and Homomorphic Encryption-based) as well as other specialties. The major goals of this thesis is (a) gaining insight into the state of formal verification of voting protocols and (b) to formalize the voting protocol of Provotum in a format that allows formal verification (in a software-based proof verification tool), and (c) document the process within the scope of this thesis. Finally, this thesis should investigate the current research directions of Coercion-Resistance in Voting Systems, as well as their formal definitions and trade-offs. 
Requirements: Basic knowledge of formal verification and the notion of security proofs
Work Distribution: 20% Related Work, 30% Design, 30% Implementation, 20% Documentation
Dedicated References: [9]
Type: [BA, MA, IS]

Topic 4: "Key Management Solution for a Decentralized Voting System"
Description: Secure key management is the Achilles heel of modern cryptography. HSMs, air gap solutions and secure enclaves all try to solve the issue and mitigate threats. Thus, this MAP topic focuses on the possibility of a secure key management approach for Provotum. The MAP should (a) review state-of-the-art related work in key management solutions for cryptographic keys, (b) as well as consider the specific requirements and requirements needed for integration with (i) the Provotum solution and (ii) deployment pipeline. Therefore, the major goal of this MAP is the integration of a suitable air gap solution (e.g., [10]), that allows the secure, cost-efficient and scalable management of cryptographic keys. 
Requirements: Web / Mobile Development Experience, Basic Understanding of Cryptography / Security Mechanisms
Work Distribution: 20% Related Work, 30% Design, 30% Implementation, 20% Documentation
Dedicated References: [10]
Type: [MAP]


[1] Christian Killer, Bruno Rodrigues, Eder Scheid, Muriel Franco, Burkhard Stiller. Practical Introduction to Blockchain-based Remote Electronic Voting. IEEE International Conference on Blockchain and Cryptocurrency (ICBC 20). 3-6 May. Toronto, Canada. https://github.com/christiankiller/icbc20-bcbev-tutorial

[2] Christian Killer, Bruno Rodrigues, Eder John Scheid, Muriel Franco, Moritz Eck, Nik Zaugg, Alex Schetlin, Burkhard. Stiller: Provotum: A Blockchain-Based and End-to-End Verifiable Remote Electronic Voting System; IEEE 45th Conference on Local Computer Networks (LCN), Sidney, Australia, November 2020, pp 1–12, Available at: https://www.researchgate.net/publication/345319094_Provotum_A_Blockchain-based_and_End-to-end_Verifiable_Remote_Electronic_Voting_System

[3] Provotum. Available at: https://github.com/provotum

[4] Christian Killer, Markus Knecht, Claude Müller, Bruno Rodrigues, Eder Scheid, Muriel Franco, Burkhard Stiller. Æternum: A Decentralized Voting System with Unconditional Privacy; IEEE International Conference on Blockchain and Cryptocurrency (ICBC 2021), Darlinghurst, Australia, May 2021, pp 1–8. To appear

[5] SafeCurves: choosing safe curves for elliptic-curve cryptography Available at: https://safecurves.cr.yp.to/

[6] Security Analysis of ElGamal Implementations, Available at: https://www.sop.inria.fr/everest/Tamara.Rezk/publication/SecryptElGamal.pdf

[7] Adam Shostack. 2014. Threat Modeling: Designing for Security (1st. ed.). Wiley Publishing.

[8] Cuvelier É., Pereira O., Peters T. (2013) Election Verifiability or Ballot Privacy: Do We Need to Choose?. In: Crampton J., Jajodia S., Mayes K. (eds) Computer Security – ESORICS 2013. ESORICS 2013. Lecture Notes in Computer Science, vol 8134. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40203-6_27

[9] Véronique Cortier: "Formal Verification of E-Voting: Solutions and Challenges. ACM SIGLOG News 2 (January 2015), 25–34. DOI:https://doi.org/10.1145/2728816.2728823

[10] Airgap.it, Available at: https://airgap.it/


Check individual topics
Check individual topics

Supervisors: Christian Killer

back to the main page