The goal of this classes is to work in a large group in order to have a POC of a voting system. Along the way, we will learn about:
  • blockchain technologies i.e., smart contracts
  • TEE (Trusted Execution Environments) both for mobile platforms (IOS/Android) and server-side (Intel SGX)
  • introduction to memory hard functions (Konrad)
  • introduction to RUST (Adam)
  • introduction to smart contracts ()
  • introduction to evoting ()
  • introduction to Intel SGX ()
  • introduction to Android TEE ()
  • introduction to key management in mobile apps ()
  • mixnets and Verificatum
  • hardware security modules yubihsm2 ()
  • voting requirements paper ()
  • 1. Voters eligibility verification -- mapping: PESEL/email address/phone number to voters public keys. Mapping should be device independent.
  • 2. Ballot privacy -- election officials should not be able to decode votes by themself. Consider threshold decryption (some shares belong to election server [supported with HSM/SGX], some to election officials). Here you may assume that election officials are equipped with e.g., YubiKey/SoloKey.
  • 3. Availability -- system should be immune to DDOS attacks. Use blockchain technology to store ballots on a blockchain. Problem: every voter should be able to cast a ballot directly to the blockchain -- you need to give voters coins to pay for storing. But you do not want voters to spend coins on anything else but on casting a ballot. Design appropariate ICO/smart contract.
  • 4. Flexibility -- be prepared that the backend will not be run in your infrastructure. How can you make sure that the backend code performs its tasks? (SGX)