Classes
Goal
The goal of this classes is to work in a large group in order to have a POC of a voting system. Along the way, we will learn about:
  • blockchain technologies i.e., smart contracts
  • TEE (Trusted Execution Environments) both for mobile platforms (IOS/Android) and server-side (Intel SGX)
Tools/requirements
  • Use project management software like: Jira, ClickUP, ...
  • Use collaboration tool like: Confluence, Slack, ...
  • Use version control system (Git)
  • Prepare Code Style Guide similar to that one
  • Use continous integeration system
  • UseOpenAPI/Swagger to specify your API and use auto-generated servers/clients as libraries in your project
  • Documentation: prepare protection profile
Topics
  • [15 X] introduction to e-voting I (Filip)
  • [22 X] introduction to blockchain and smart contracts (MikoĊ‚aj)
  • [22 X] introduction to anonymous communication (Jakub, Gabriel)
  • [22 X] introduction to evoting II (Filip)
  • [5 XI] zero knowledge proofs (???)
  • [12 XI] mixnets and Verificatum
  • [12 XI] voting requirements paper ()
  • introduction to memory hard functions ()
  • introduction to RUST ()
  • introduction to Intel SGX ()
  • introduction to Android TEE ()
  • introduction to key management in mobile apps ()
  • hardware security modules yubihsm2 ()
Problems
  • 1. Voters eligibility verification -- mapping: PESEL/email address/phone number to voters public keys. Mapping should be device independent.
  • 2. Ballot privacy -- election officials should not be able to decode votes by themself. Consider threshold decryption (some shares belong to election server [supported with HSM/SGX], some to election officials). Here you may assume that election officials are equipped with e.g., YubiKey/SoloKey.
  • 3. Availability -- system should be immune to DDOS attacks. Use blockchain technology to store ballots on a blockchain. Problem: every voter should be able to cast a ballot directly to the blockchain -- you need to give voters coins to pay for storing. But you do not want voters to spend coins on anything else but on casting a ballot. Design appropariate ICO/smart contract.
  • 4. Flexibility -- be prepared that the backend will not be run in your infrastructure. How can you make sure that the backend code performs its tasks? (SGX)