johnlcaron / egk-ec Goto Github PK
View Code? Open in Web Editor NEWElectionguard kotlin on elliptic curves
License: MIT License
Electionguard kotlin on elliptic curves
License: MIT License
Cases where contest and/or selection limit > 1 are not well understood or tested.
The Preencryption info in the EncryptedBallot serialization is our own.
The whole thing is not well tested.
if the trustees are not trusted, we could do other verification tests in keyCeremonyExchange.
// are the public keys valid?
// are the encrypted shares valid?
// are the unencrypted shares valid?
0 is success and non-zero is failure that will have some kind of log error message.
Do this for mixnet CLIs also.
To match the field name on EncryptedBallotJson.
The idea here is an attacker manages to insert a modified manifest into your encryptor, if you store the manifest as a plaintext file somewhere. You have to be able to verify that the plaintext file matches the ByteArray used when generating Hm, Hb and He. EGK just uses the He stored in electionInit to do encryption.
So what if manifest has been hacked, and attacker can feed bogus ballots to the encryptor? One could set contestLimit to > 1 and vote > 1. I think the encryption would validate.
Sent message to Josh Benaloh and Michael Naehrig:
I need some advice on how to implement these two functions in the egk-ec library, namely testing if an ElementModP is "in bounds" and testing if it is a "valid residual":
/**
* Normal computations should ensure that every [Element] is in the modular bounds defined by
* the group, but deserialization of hostile inputs or buggy code might not preserve this
* property, so it's valuable to have a way to check. This method allows anything in [0, N)
* where N is the group modulus.
*/
fun inBounds(): Boolean
/**
* Validates that this element is a quadratic residue, ie in Z_p^r.
* "Z_p^r is the set of r-th-residues in Z∗p", see spec 2.0 p.9
*/
fun isValidResidue(): Boolean
In the standard electionguard Integer group, they are implemented as
override fun inBounds() = element >= BigInteger.ZERO && element < groupContext.p
override fun isValidResidue(): Boolean {
val residue = this.element.modPow(groupContext.q, groupContext.p) == groupContext.ONE_MOD_P.element
return inBounds() && residue
}
Im trying to figure out what the equivalent implementation is for the Elliptic Curve P-256 group.
An EncryptedTally has accumulated encoded counts with no internal state to catch errors.
Ive added in EncryptedTally:
Anticipating the possibility of a tree of tallies that need to be added together
4. In TallyResult, a list of tally ids that were summed to get the EncryptedTally.
Noe of these are part of the EG specification. They may in some case compromise privacy. So they need to be thought about for a specific use cases.
From Brian Donavan:
I noticed that the part that determines the paths of the plaintext/encrypted/decrypted ballots just interpolates the id into the path without any sort of validation. since the id itself also has no validation beyond requiring that it not be empty, it could cause some unexpected behavior. for example, you could have a plaintext ballot file whose ballot_id doesn’t match the filename, resulting in an eballot- file that has no corresponding pballot- file. you could also have a ballot_id of something like /../../election_initialized which could cause the RunBatchEncryption CLI to overwrite some other config. I’m not sure whether anything silently nefarious could be achieved, but I thought it was worth bringing this to your attention since I don’t believe the system should be letting ballot_id in the input ballots determine things like the paths being written to ElectionRecordJsonPaths.kt:
fun plaintextBallotPath(ballotDir: String, ballotId: String): String {
val id = ballotId.replace(" ", "_")
return "$ballotDir/$PLAINTEXT_BALLOT_PREFIX$id$JSON_SUFFIX"
}
Hashing strings (5.1.4)
"When an input to the function H is a string s, it is encoded as a byte array b(s, len(s)) using UTF-8
encoding. Here, len(s) is the length of the UTF-8 encoding of the string s in bytes."
But we are just using String.encodeToByteArray().
Works as long as we are consistent, but will break vs conformant implementation.
Affects
ContestData.encryptContestData()
KeyCeremonyTrustee.shareEncryption()
AddEncryptedBallot.closeChain()
Or use GitHub publishing ?
Consider this feature incomplete. Not fully specified, will not agree with another implementation. Mostly matters for the Verifier, perhaps a flag to ignore is needed.
Could make contestData optional (by election or contest?). Likely not always needed.
data class Contest(
override val contestId: String, // matches ContestDescription.contestIdd
override val sequenceOrder: Int, // matches ContestDescription.sequenceOrder
val contestHash: UInt256, // eq 58
override val selections: List,
val proof: ChaumPedersenRangeProofKnownNonce,
override val contestData: HashedElGamalCiphertext, // TODO make optional?
val preEncryption: PreEncryption? = null, // pre-encrypted ballots only
) : EncryptedBallotIF.Contest {
Savings is
EC: 33 + messageSize + 32 + 4 = typically 133 bytes
IG: 512 + messageSize + 32 + 4 = typically 612 bytes
messageSize = (1 + contestLimit) * 32
An election will often have multiple election records. What extra processing needs to be done?
check duplicate confirmation codes (7.C)
what about checking for duplicate ballot ids? serial numbers?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.