Write
33
edits
Practical Quantum Electronic Voting: Difference between revisions
Practical Quantum Electronic Voting (edit)
Revision as of 19:07, 16 December 2021
, 16 December 2021Add protocol properties and minor edits
(Initial protocol page for Practical Quantum Electonic Voting) |
(Add protocol properties and minor edits) |
||
| Line 44: | Line 44: | ||
''Resources'': Classical communication, random numbers, N-qubit GHZ source, quantum channels | ''Resources'': Classical communication, random numbers, N-qubit GHZ source, quantum channels | ||
* Phase 1 [getting unique secret indices] | * Phase 1 [getting unique secret indices] | ||
** Agents perform | ** Agents perform '''UniqueIndex''' until each agent has a secret unique random index <math>\omega_k</math> | ||
* Phase 2 [casting votes] | * Phase 2 [casting votes] | ||
** For <math>l = 1</math> to <math>N</math> | ** For <math>l = 1</math> to <math>N</math> | ||
*** The voting agent is the agent <math>k</math> with <math>\omega_k = l</math> | *** The voting agent is the agent <math>k</math> with <math>\omega_k = l</math> | ||
*** Repeat until | *** Repeat until '''Voting''' is announced | ||
**** The source distributes to each of the N agents one qubit of the GHZ source | **** The source distributes to each of the N agents one qubit of the GHZ source | ||
**** All agents <math> j \in [N] </math> set rejections<math>_j = </math> trials<math>_j = 0</math> | **** All agents <math> j \in [N] </math> set rejections<math>_j = </math> trials<math>_j = 0</math> | ||
**** The voting agent tosses log<math>_2[\frac{16N\epsilon^2}{(\epsilon^2-4\delta)^2}</math>ln<math>(\frac{1}{\eta})]</math> <!--NEEDS FORMATTING CHANGES--> | **** The voting agent tosses log<math>_2[\frac{16N\epsilon^2}{(\epsilon^2-4\delta)^2}</math>ln<math>(\frac{1}{\eta})]</math> <!--NEEDS FORMATTING CHANGES--> | ||
**** The agents perform | **** The agents perform '''LogicalOR''', where output 1 indicates '''Verification''' and output 0 indicates '''Voting'''. Everyone except the voting agent inputs 0; if the coin toss is 'all heads' the voting agent also inputs 0, otherwise the voting agent inputs 1 | ||
**** If | **** If '''Verification''' is chosen, the agents perform '''RandomAgent''' and the voting agent anonymously picks an agent <math>j \in [N]</math> to be the verifier. Agent <math>j</math> updates trials<math>_j+ = 1</math> and if '''Verification''' outputs reject: rejections<math>_j+ = 1</math> | ||
*** If for any <math>j \in [N], \delta_j = \frac{rejections_j}{trials_j} > \delta </math>, the protocol ''Aborts'' | *** If for any <math>j \in [N], \delta_j = \frac{rejections_j}{trials_j} > \delta </math>, the protocol ''Aborts'' | ||
*** Perform | *** Perform '''Voting'''. The outcome is one row of the Bulletin Board '''B'''. The parity of the row gives one entry in the vote vector '''E'''. | ||
** Given the votes '''E''', the tally '''T''' can be computed. | ** Given the votes '''E''', the tally '''T''' can be computed. | ||
*Phase 3 [Verification of results]: | *Phase 3 [Verification of results]: | ||
** All agents perform | ** All agents perform '''LogicalOR''' with security parameter <math>S</math>, and input 1 if their vote is not the same as the entry in '''E''' for the round in which they voted, and 0 otherwise. | ||
** If | ** If '''LogicalOR''' outputs 1, ''Abort'' the protocol. Else output the candidate with the most votes according to the tally '''T'''. | ||
===Protocol 2 : LogicalOR=== | |||
===Protocol 2 : UniqueIndex=== | |||
''Input'': Security parameter <math>S</math> to be used in '''LogicalOR''',<math>N</math> random boolean variables <math>x_i</math>. | |||
''Output'': Each agent <math>k</math> has a secret unique index <math>\omega_k</math>. | |||
''Resources'': Classical communication and random numbers. | |||
# Beginning of round R = 1 | |||
# Agents perform '''LogicalOR''' with inputs <math>x_k = 0</math> if they already have an index and <math>x_k = 1</math> if they do not. | |||
# If <math>y = 0</math>, repeat from step 2 | |||
# If an agent <math>k</math> has a bit <math>x_k = 1</math> and <math>\omega_k = 0</math> they know they are the only one and has been assigned the secret index corresponding to the round <math>\omega_k = R</math>, otherwise there is a collision. | |||
# [notification] Everybody performs a '''LogicalOR''' with input 0, unless they received the index in this round, in which case they input 1. | |||
# If the output of '''LogicalOR''' is 0, no index was assigned and we repeat from step 2. | |||
# If the output of '''LogicalOR''' is 1, the index was assigned and we repeat from step 2 with R+ = 1. | |||
# Repeat from step 2 until all indices have been assigned. | |||
===Protocol 3 : Verification=== | |||
''Input'': A quantum state distributed and shared by <math>N</math> parties, security parameter <math>S</math> for '''RandomAgent'''. | |||
''Output'': If the state is a GHZ state <math> \rightarrow </math> YES. | |||
''Resources'': Classical communication, random numbers, quantum state source, quantum channels. | |||
# Everyone executes '''RandomAgent''' to choose uniformly at random one of the voters to be the verifier. | |||
# The verifier generates random angles <math>\theta_j \in [0, \pi)</math> for all agents including themselves, such that the sum is a multiple of <math>\pi</math>. The angles are then sent out to all the agents. | |||
# Agent <math>j</math> measures in the basis <math>[|+_\theta\rangle,|-_\theta\rangle] = [\frac{1}{\sqrt{2}}(|0\rangle + e^{i\theta_j}|1\rangle), \frac{1}{\sqrt{2}}(|0\rangle - e^{i\theta_j}|1\rangle)]</math> and publicly announces the result <math>Y_j = \{0,1\}</math> | |||
# The state passes the verification test when the following condition is satisfied: if the sum of the randomly chosen angles is an even multiple of <math>\pi</math>, there must be an even number of 1 outcomes for <math>Y_j</math> , and if the sum is an odd multiple of <math>\pi</math>, there must be an odd number of 1 outcomes for <math>Y_j : \bigoplus_j Y_j = \frac{1}{\pi}\sum_i\theta_i</math> | |||
===Protocol 4 : Voting=== | |||
''Input'': Voting agent preference <math>v_k</math>. | |||
''Output'': All agents get one row of the bulletin board. | |||
''Resources'': Classical communication, GHZ source, quantum channels. | |||
# Each agent measures the state they received in the Hadamard basis and records the outcome. | |||
# The outcomes of the measurement of each voter <math>k</math> is <math>d_k</math>. Then we know that <math>\sum_kd_k = 0</math> mod <math> 2</math> | |||
# The voting agent performs an XOR between the outcome <math>d_k</math> and their vote <math>v_k</math>: <math>d_k \leftarrow d_k \oplus v_k </math>. However, this alone will still appear as a random string. | |||
# Every agent publicly broadcasts <math>d_k</math> which gives one line <math>b_k</math> of the bulletin board '''B''' <math> = \{b_k\}</math> | |||
===Protocol 5 : LogicalOR=== | |||
''Inputs'': <math>N</math> agents, <math>N</math> boolean variables <math>x_i</math>, security parameter <math>S = (1 - 2^{-\Gamma})^\Sigma \in (0,1)</math> | ''Inputs'': <math>N</math> agents, <math>N</math> boolean variables <math>x_i</math>, security parameter <math>S = (1 - 2^{-\Gamma})^\Sigma \in (0,1)</math> | ||
| Line 80: | Line 122: | ||
===Protocol | ===Protocol 6 : RandomBit=== | ||
''Input'': Security parameter S to be used in | ''Input'': Security parameter S to be used in '''LogicalOR''', ''voting agent'': probability distribution D. | ||
''Output'': The voting agent anonymously announces a random bit according to D. | ''Output'': The voting agent anonymously announces a random bit according to D. | ||
| Line 87: | Line 129: | ||
''Resources'': Classical communication and random numbers. | ''Resources'': Classical communication and random numbers. | ||
*Perform | *Perform '''LogicalOR''' with security parameter S where the voting agent inputs a random bit according to D and the other agents input 0. | ||
===Protocol | ===Protocol 7 : RandomAgent=== | ||
''Input'': Security parameter S to be used in | ''Input'': Security parameter S to be used in '''RandomBit''', voting agent: probability distribution D. | ||
''Output'': The voting agent anonymously chooses a random agent according to D. | ''Output'': The voting agent anonymously chooses a random agent according to D. | ||
| Line 97: | Line 139: | ||
''Resources'': Classical communication and random numbers. | ''Resources'': Classical communication and random numbers. | ||
* Repeat | * Repeat '''RandomBit''' log2 N times. | ||
== | ==Properties== | ||
<!-- important information on the protocol: parameters (threshold values), security claim, success probability... --> | |||
* <math>(\sigma_H,\sigma_D,\gamma)</math>-''Correctness'': This notion of approximate correctness includes two properties: | |||
** <math>\sigma_H</math>-''Completeness'': If all agents are honest, the election is accepted with probability more than <math>\sigma_H</math> - Pr[election accepted] <math> \geq \sigma_H</math> | |||
'' | ** <math>(\sigma_D,\gamma)</math>-''Soundness'': the probability that the election result is accepted, given that the set of the votes '''E''' computed from the bulletin board '''B''' resulting from the election is more than <math>\gamma</math> away from the real votes '''V''', is smaller than <math>\sigma_D</math> - | ||
:: Pr[election accepted <math>| \frac{1}{N}||</math>'''V''' - '''E'''<math>||_1 \geq \gamma] \leq \sigma_D </math> | |||
'' | : This particular protocol is <math>([1-\epsilon(1-S)]^N, S^{N(1+\lambda)[\epsilon(1-\eta)+\eta]},(1+\lambda)[\epsilon(1-\eta)+\eta])</math>-correct, for a small constant <math>\lambda > 0</math> | ||
* <math>\zeta</math>-''Privacy'': The privacy of the election scheme implies that for any voter <math>k</math>, the probability that any subset of malicious parties <math>D</math> that deviates from the honest protocol can guess the vote <math>v_k</math> of the voter is at most <math>\zeta</math> more than in the case they just have access to the bulletin board and to their own votes - | |||
: <math>\forall k, </math> Pr<math>[v_k|D] -</math> Pr<math>[v_k|B,v_j \in </math> '''V'''<math>_D] \leq \zeta</math> | |||
: This particular protocol is <math>\zeta</math>-private with <math>\zeta = (1-\eta)^N\epsilon + (1 - (1-\eta)^N)</math> | |||
* ''Authentication'': This e-voting protocol does not provide authentication, which should be taken care of by the physical implementation of the protocol. | |||
'' | |||
'' | * ''Double voting'': Each voter can vote at most once. Since the number of voters is known in advance for this protocol, double voting is easily taken care of. | ||
'' | * ''Verifiability'': Each voter can verify that their vote has been counted correctly. In this protocol, the tally is performed by the voters themselves. The bulletin board produced as an output of the protocol is public and can always be checked by everyone, while still appearing random. | ||
* ''Receipt freeness'': In order to prevent vote-selling, voters should not be able to prove how they voted. As the unique indices stay secret, voters cannot produce a receipt of their vote. | |||
* ''Additional candidates'': The protocol described here only allows an election consisting of 2 candidates. This can be extended to more candidates by repeating the protocol multiple times in sequence. In particular, if there are K candidates, we can express each of them using log<math>_2</math>K bits and repeat the election as many times so that each vote set corresponds to one bit. This however does affect the correctness and privacy. | |||
==Further Information== | ==Further Information== | ||
<!-- theoretical and experimental papers including requirements, security proof (important), which protocol does it implement, benchmark values... --> | <!-- theoretical and experimental papers including requirements, security proof (important), which protocol does it implement, benchmark values... --> | ||
==References== | ==References== | ||