Goal
The goal of this classes is to work in a large group in order to have a POC of a voting system. Along the way, we will learn about:
- blockchain technologies i.e., smart contracts
- TEE (Trusted Execution Environments) both for mobile platforms (IOS/Android) and server-side (Intel SGX)
Topics
- introduction to memory hard functions (Konrad)
- introduction to RUST (Adam)
- introduction to smart contracts ()
- introduction to evoting ()
- introduction to Intel SGX ()
- introduction to Android TEE ()
- introduction to key management in mobile apps ()
- mixnets and Verificatum
- hardware security modules yubihsm2 ()
- voting requirements paper ()
Problems
- 1. Voters eligibility verification -- mapping: PESEL/email address/phone number to voters public keys. Mapping should be device independent.
- 2. Ballot privacy -- election officials should not be able to decode votes by themself. Consider threshold decryption (some shares belong to election server [supported with HSM/SGX], some to election officials). Here you may assume that election officials are equipped with e.g., YubiKey/SoloKey.
- 3. Availability -- system should be immune to DDOS attacks. Use blockchain technology to store ballots on a blockchain. Problem: every voter should be able to cast a ballot directly to the blockchain -- you need to give voters coins to pay for storing. But you do not want voters to spend coins on anything else but on casting a ballot. Design appropariate ICO/smart contract.
- 4. Flexibility -- be prepared that the backend will not be run in your infrastructure. How can you make sure that the backend code performs its tasks? (SGX)