Logical Analysis and Verification of Cryptographic Protocols - Loria
Logical Analysis and Verification of Cryptographic Protocols - Loria
Logical Analysis and Verification of Cryptographic Protocols - Loria
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
194 CHAPTER 7. VOTER VERIFIABILITY FOR E-VOTING PROTOCOLS<br />
Figure 7.1 Postal ballot voting protocol<br />
The voting specification <strong>of</strong> our “postal ballot” voting protocol is defined as<br />
〈V, P, (), (skV ), (a)〉 for processes:<br />
V � a(skV ).bb〈sign(u, skV )〉<br />
P � a〈skV 〉 | bb〈P k(skV )〉<br />
The process � V P ({¯v1/u}, {¯v2/u}) is defined as:<br />
�V P ({¯v1/u}, {¯v2/u}) � ν a1, skV1 , kpc1, a2, skV2 , kpc2.<br />
(a1〈skV1 〉 | bb〈P k(skV1 )〉 | a2〈skV2 〉 | bb〈P k(skV1 )〉 |<br />
a1(skV ).bb〈senc(skV , kpc1)〉.bb〈sign(¯v1, skV )〉 |<br />
Figure 7.2 Fujioka et al. protocol verification artifacts<br />
a2(skV ).bb〈senc(skV , kpc1)〉.bb〈sign(¯v2, skV )〉)<br />
R IV = eq(P k(nth 2 1(sdec(x2, z3))), nth 2 1(x1)) ∧ eq(nth 3 2(x3), blind(commit(v, z1), z2))∧<br />
eq(checksign(x4, blind(commit(v, z1), z2), nth 2 2(x1)), true)∧<br />
eq(nth 2 1(x5), nth 3 2(x6)) ∧ eq(nth 2 1(x5), commit(v, z1)) ∧ eq(nth 2 2(x7), z1)<br />
R UV = � n<br />
i=1 eq(open(nth3 2(x6,i), nth 2 2(x7,i)), vi)<br />
σ = {(P k(skV1), P k(skA))/x ′ l1 , . . . , (P k(skVn), P k(skA))/x ′ ln ,<br />
senc((skV1, P k(skA)), Kpc1)/x ′ l n+1 , . . . , senc((skVn, P k(skA)), Kpcn)/x ′ l2n ,<br />
(P k(skV1), blind(b1, r ′ 1), sign(blind(b1, r ′ 1), skV1))/x ′ l 2n+1 , . . . , (P k(skVn), blind(bn, r ′ n), sign(blind(bn, r ′ n), skVn))/x ′ l3n ,<br />
sign(blind(b1, r ′ 1), skA)/x ′ l 3n+1 , . . . , sign(blind(bn, r ′ n), skA)/x ′ l4n , (b1, sign(b1, skA))/x ′ l 4n+1 , . . . , (bn, sign(bn, skA))/x ′ l5n ,<br />
(l1, b1, sign(b1, skA))/x ′ l 5n+1 , . . . , (ln, bn, sign(bn, skA))/x ′ l6n , (l1, r1)/x ′ l 6n+1 , . . . , (ln, rn)/x ′ l7n }<br />
where bi = commit(¯vi, ri)<br />
RIV Φ = eq(P k(nth 2 1(sdec(senc((skVi , P k(skA)), Kpci2 2 ), Kpcj))), P k(skVi ))∧<br />
1<br />
eq(blind(commit(¯vi3 , ri3 ), r′ i3 ), blind(commit(u, rj), r ′ j ))∧<br />
eq(checksign(sign(blind(commit(¯vi4 , ri4 ), r′ ), skA),<br />
i4<br />
blind(commit(u, rj), r ′ j ), P k(skA)), true)∧<br />
eq(commit(¯vi5 , ri5 ), commit(¯vi6 , ri6 ))∧<br />
eq(commit(¯vi5 , ri5 ), commit(u, rj)) ∧ eq(ri7 , rj).