Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

✨ Add ballot validation to verifier's Validation Steps in the specification. #243

Open
1 task done
JohnLCaron opened this issue Mar 11, 2022 · 1 comment
Open
1 task done

✨ Add ballot validation to verifier's Validation Steps in the specification. #243

JohnLCaron opened this issue Mar 11, 2022 · 1 comment
Labels
enhancement New feature or request question Further information is requested

Comments

@JohnLCaron
Copy link
Collaborator

Is there an existing issue for this?

  • I have searched the existing issues

Suggestion

The method CiphertextBallot.is_valid_encryption() should be called on each SubmittedBallot before tallying. This is done in CiphertextTally.batch_append(). However there is nothing in the spec that mentions the need for this, nor is it part of the "Validation steps" for an election verifier.

This check prevents the SubmittedBallot from being modified after encryption and before tallying, in a way that would affect the tallied results. Adding this test to the verifier would ensure that the verifier would catch any such problem.

__

Possible Implementation

For each selection in the ballot:
  selection.crypto_hash = H(object_id, description_hash, ciphertext.crypto_hash())

For each contest in the ballot:
  contest.crypto_hash = H(object_id, description_hash, List[selection.crypto_hash])

For each ballot:
  crypto_hash = H(object_id, manifest_hash, List[contest.crypto_hash])

Anything else?

The ballot chaining is necessary to prevent this vulnerability also.

3.3.4 Tracking codes (spec 1.0) has this sentence implying the hash chain is optional:

In addition, if the election definition file specifies a hash chain (the second option above) ...

If there is no hash chain, one would need to ensure that the SubmittedBallot.crypto_hash was not modified in some other way.
@JohnLCaron JohnLCaron added enhancement New feature or request triage Waiting to be triaged labels Mar 11, 2022
@JohnLCaron
Copy link
Collaborator Author

Currently, a verifier does not need to recompute the crypto_hash of Manifest, ContestDescription, or SelectionDescription. Nor are the ContestDescription, or SelectionDescription crypto_hash() included in the election record.

This suggestion would require either to include those in the election record, or for a verifier to recompute them. For a verifier not using the reference library, it currently has to reverse engineer the hash function.

Im not sure, but it seems useful for a verifier to have the ability to recompute the crypto_hash, as a check against possible manipulation. Will add as a possible enhancement.

@JohnLCaron JohnLCaron mentioned this issue Mar 18, 2022
Open
1 task
@keithrfung keithrfung added question Further information is requested and removed triage Waiting to be triaged labels May 13, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@JohnLCaron @keithrfung