Thomas Zacharias

Jingxin Qiao, Myrto Arapinis, Thomas Zacharias

Coercion-resistance (CR) is a crucial security property in e-voting systems. It ensures that an attacker cannot compel a voter to vote in a specific way by using threats or rewards. The Loki e-voting protocol, proposed by Giustolisi \emph{et al.} at IEEE S\&P (2024), introduces a novel design that mitigates last-minute coercion through a re-voting mechanism. It also aims to address the usability issues of the seminal JCJ e-voting protocol, specifically: i) the requirement that voters can store and hide pre-agreed credentials, and ii) the ability of voters to convincingly lie while being coerced. In this work, we identify two vulnerabilities in Loki. The first is a brute-force attack that compromises the integrity of the evasion strategy. Specifically, this attack allows an adversary to cast a ballot on behalf of their victim in a way that the evasion strategy cannot defend against, rendering it ineffective. The second vulnerability is a forced abstention attack, which allows an adversary to detect when their victim has complied with their instruction not to vote. We generalise the integrity attack to reveal a fundamental dilemma: without pre-agreed secret credentials, it is not possible to prevent last-minute coercion. Finally, we show how reverting to pre-agreed secret credentials fixes the aforementioned vulnerabilities and discuss the trade-off between tallying efficiency and stronger trust assumptions.

Thomas Zacharias, Ashutosh Taklikar, Raja Giryes

Fictional languages have become increasingly popular over the recent years appearing in novels, movies, TV shows, comics, and video games. While some of these fictional languages have a complete vocabulary, most do not. We propose a deep learning solution to the problem. Using style transfer and machine translation tools, we generate new words for a given target fictional language, while maintaining the style of its creator, hence extending this language vocabulary.

Dimitris Karakostas, Aggelos Kiayias, Thomas Zacharias

We study Nash-dynamics in the context of blockchain protocols. We introduce a formal model, within which one can assess whether the Nash dynamics can lead utility-maximizing participants to defect from the "honest" protocol operation, towards variations that exhibit one or more undesirable infractions, such as abstaining from participation and producing conflicting protocol histories. Blockchain protocols that do not lead to such infraction states are said to be compliant. Armed with this model, we evaluate the compliance of various Proof-of-Work (PoW) and Proof-of-Stake (PoS) protocol families, with respect to different utility functions and reward schemes, leading to the following results: i) PoS ledgers under resource-proportional rewards can be compliant if costs are negligible, but non-compliant if costs are significant; ii) PoW and PoS under block-proportional rewards exhibit different compliance behavior, depending on the lossiness of the network; iii) PoS ledgers can be compliant w.r.t. one infraction, i.e., producing conflicting messages, but non-compliant (and non-equilibria) w.r.t. abstaining or an attack we call selfish signing; iv) taking externalities, such as exchange rate fluctuations, into account, we quantify the benefit of economic penalties, in the context of PoS protocols, in disincentivizing particular infractions.

Nikos Chondros, Bingsheng Zhang, Thomas Zacharias et al.

E-voting systems are a powerful technology for improving democracy. Unfortunately, prior voting systems have single points-of-failure, which may compromise availability, privacy, or integrity of the election results. We present the design, implementation, security analysis, and evaluation of the D-DEMOS suite of distributed, privacy-preserving, and end-to-end verifiable e-voting systems. We present two systems: one asynchronous and one with minimal timing assumptions but better performance. Our systems include a distributed vote collection subsystem that does not require cryptographic operations on behalf of the voter. We also include a distributed, replicated and fault-tolerant Bulletin Board component, that stores all necessary election-related information, and allows any party to read and verify the complete election process. Finally, we incorporate trustees, who control result production while guaranteeing privacy and end-to-end-verifiability as long as their strong majority is honest. Our suite of e-voting systems are the first whose voting operation is human verifiable, i.e., a voter can vote over the web, even when her web client stack is potentially unsafe, without sacrificing her privacy, and still be assured her vote was recorded as cast. Additionally, a voter can outsource election auditing to third parties, still without sacrificing privacy. We provide a model and security analysis of the systems, implement complete prototypes, measure their performance experimentally, and demonstrate their ability to handle large-scale elections. Finally, we demonstrate the performance trade-offs between the two versions of the system. A preliminary version of our system was used to conduct exit-polls at three voting sites for two national-level elections and is being adopted for use by the largest civil union of workers in Greece, consisting of over a half million members.

Nikos Chondros, Bingsheng Zhang, Thomas Zacharias et al.

E-voting systems have emerged as a powerful technology for improving democracy by reducing election cost, increasing voter participation, and even allowing voters to directly verify the entire election procedure. Prior internet voting systems have single points of failure, which may result in the compromise of availability, voter secrecy, or integrity of the election results. In this paper, we present the design, implementation, security analysis, and evaluation of D-DEMOS, a complete e-voting system that is distributed, privacy-preserving and end-to-end verifiable. Our system includes a fully asynchronous vote collection subsystem that provides immediate assurance to the voter her vote was recorded as cast, without requiring cryptographic operations on behalf of the voter. We also include a distributed, replicated and fault-tolerant Bulletin Board component, that stores all necessary election-related information, and allows any party to read and verify the complete election process. Finally, we also incorporate trustees, i.e., individuals who control election result production while guaranteeing privacy and end-to-end-verifiability as long as their strong majority is honest. Our system is the first e-voting system whose voting operation is human verifiable, i.e., a voter can vote over the web, even when her web client stack is potentially unsafe, without sacrificing her privacy, and still be assured her vote was recorded as cast. Additionally, a voter can outsource election auditing to third parties, still without sacrificing privacy. Finally, as the number of auditors increases, the probability of election fraud going undetected is diminished exponentially. We provide a model and security analysis of the system. We implement a prototype of the complete system, we measure its performance experimentally, and we demonstrate its ability to handle large-scale elections.