Accéder au contenu.
Menu Sympa

belenios-discuss - Re: [belenios-discuss] Complex trustee structures with web server

Objet : Discussion list for Belenios

Archives de la liste

Re: [belenios-discuss] Complex trustee structures with web server


Chronologique Discussions 
    < Chronologique >      < Discussions >
  • From: Roberto Blanco <roberto.blanco AT mpi-sp.org>
  • To: Stéphane Glondu <stephane.glondu AT inria.fr>
  • Cc: belenios-discuss AT inria.fr
  • Subject: Re: [belenios-discuss] Complex trustee structures with web server
  • Date: Mon, 25 Apr 2022 19:00:30 +0200
  • Authentication-results: mail3-smtp-sop.national.inria.fr; spf=None smtp.pra=roberto.blanco AT mpi-sp.org; spf=Pass smtp.mailfrom=roberto.blanco AT mpi-sp.org; spf=None smtp.helo=postmaster AT smtp.mpi-sp.org
  • Ironport-data: A9a23:ha7TWqx6RZkN4bBIXIx6t+chwCrEfRIJ4+MujC+fZmUNrF6WrkUPy WscC23Tb/uMa2ugKdByPtm09UwH7J6DmoJgSlQ6/lhgHilAwSbnLYTAfx2oZ0t+DeWaERk5t 51GAjXkBJppJpMJjk71atANlVEliefQAOCU5NfsYkidfyc9IMsaoU8lyrZRbrJA24DjWVvR4 46q+aUzBXf8s9JKGjJMg068gEg31BjCkGtwUosWOJinFHeH/5UkJMp3yZOZdxMUcaEIdgKOf Nsv+Znilo/vE7jBPfv++lrzWhVirrc/pmFigFIOM0SpqkAqSiDfTs/XOdJEAXq7hQllkPhtl dxmjpq6cj5zP5KRwP83WTtfKCthaPguFL/veRBTsOSIylHeNX70wrB1FAcxJ4JwFuRfWD0Xs 6FedG5LMkjra+GemNpXTsF2gc4uNtXseokbs3dryhncFfdjWoiFRL/FjTNd9G5q3ZAVQqiDD yYfQStPSw/cZkJ2AGlNGJUix/uCpSDbagQN/Tp5ooJtujOKl1wguFT3C/Lfd9iHQ8RShQOUp 3nN4n/iKgoLMcSWjzuD6HOlwOHV9Qv0XIUUGKCQ5P9vikeagG0VEhwfE1WhycRVkWalXs5Hb UkM+281te417kPDosTBswOQvCONlSUaUeFpSewFtVmW4KD25D2TGT1RJtJeU+AOuMgzTD0s8 1aGmdL1GDBi2IGopWKhGqS88GruZXlKRYMWTXBeFlZYizX2iNtr1nryosBf/LmdovCd9dvY6 TeBrDU771n4pZJXiPTqlbwrqxSrvITJBjQ15wPaG12o9R9hZIehZoXA1LQ2xe1FMJ7fS0GA+ WMc3c+E44ji7K1hdgTTGI3h/5nwup5p1QEwZ3Y0Q/HNEBz2phaekXh4um0WGauQGp9slcXVS EHSoxhNw5RYIWGna6R6C6roVZlykvSxRYu8CaCIBjarXnSXXFDelM2JTRHLt10BbGB2zvxX1 WqzIZ71VSpLV8yLMhLrGrpGjtfHORzSNUuJHMuilET2uVZvTHKYVKseO1uDdag367mfqwXI9 dlEMcaW2X1ivB7WPUHqHXooBQ5RdxATW8upw/G7g8bZf2KK7kl9UKKLqV7gEqQ595loehDgo y/tBxcEmAau7ZAFQC3TAk1ehHrUdc4XhRoG0eYEZD5EAlAvPtSi6rkxbZwyceV1/eBv16csH fwdeoCbGrJIUDueo2YRapz0rYpDchW3hFvTY3r7MGlkIsNtF17T59vpXgrz7y1SXCC5gs0z/ u+73QTBTJtfGglvVZ6EaP+mw16rk2IaneZ+AxnBLtVJIR2+9ZBrbjfpyPgtLJhUexnEwzKb0 SeQAAsZ/LSR89FloYKU2K3d9tWnCepzGEZeDlL317fuOHmI5HenzK9BTP2MIWLXWlTy9fjwf u5S1fz9bKAKkVsW4YpxF7FnkfA369f1/uII1QF4BDPOd1XuEasmJWOJhJEduqpIz75fmA23R kPWp4UKZ+XYY564HQ5DPhchY8SCyeoQxmvY48MzLRio/yRw5reGDRhfMkXekiBbN7cpYoopz f145ZwN7hCnzB8yM5OdlmZT7WvVdi4MVKAut5c7Bo73i1N2lgEcMc2HV3L7sMOVdtFBEkg2O TvI1qDMsLJRmxjZeH0pGHmRgOdQiPziYvyRIIPu+rhIpjbEuhPz9AZU7SxxSxxUiw5fleVpN QCH8qGzybqmp19VaAprBghA2D2twDWc4k200ENPk3fWJ6VtfnKYN3UzYI5h42hAm1+xvVFnE HWwzX7kFC3yOsbr0UPenKKjR+PLFbRMy+EJpCxr8wlp0XX3jfoJT5JCvVY1liY=
  • Ironport-hdrordr: A9a23:5pKet6+C1Fnfb1ruvoxuk+DbI+orL9Y04lQ7vn2ZhyYlF/Bw5P rOoB19726TtN9xYgBGpTnuAsS9qB/nhPxICMwqTNOftWrd1FdATrsJ0WKK+VSJcBEWtNQttp uIGJIRNDSfNzhHZIrBjzWFLw==
  • Ironport-phdr: A9a23:1N/mNB8KP6Fwfv9uWcy2ngc9DxPPW53KNwIYoqAql6hJOvz6uci4Z wqGvL401AKBHd2Cra4e0ayO6+GocFdDyK7JiGoFfp1IWk1NouQttCtkPvS4D1bmJuXhdS0wE ZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZrKeTpAI7SiNm82/yv95HJbAhEmjSwbalvI Bmrogndq9UajIt/Iao11hfFv2FEdutIyW92P16fgwrw6sKt95N/7ipcvO4s+dRdWqvgZaQ4S rJYDDUiM28r4cDgqAfOQwiS6HYCS2saihVHDRTL4xH8RZfxrzD1tvFh1ymAPM35Vq47VDK/5 Kp2UhDoiSMHNzkk8GHLj8F7kaxWrA69qxF53oXZe5+eOuZgcazBfNMaXWtBUdhXVyxdGYO3c o8DA/McMepEs4Xxol0Dpga8CwaxHuPi0jxGiHH50qI0zuovDw/G0gwiEN0Sv3rZt8n1OaQIX Oyp0KXFwzfOYvVL0jn98ojIdRUhrOmQU7J3asXe11MvFx/Cjl6NtIHlOyma1uIRvGic8uFtU vivi2k8pA5vuDiv2sAshpPSiYIR0F/E8zl2wIEuKN29UE57YMeoEIBIty2AMIt2WMwiTnhut S0nxbIIpYS1czIWyJQ72RHfcfqHfpCJ7x/nVOucPCt0in15db+9hBu/80mtxvP8W8S3zlpHs ClIn8fCu30RyxDe98qKRPVh8kmvxDqC1ADd5/xELE07k6fQNp0vwqYom5YOvknPAzX6lUXsg KKZd0go4Oel5/j/brn4upOQK5J4hwTxP6kshsCyBP83PwwSU2WU/Omx2rju8VPjT7pUj/A7l 7TWvZLaKMsHo6O0AxNZ3pg/5Bu6FDipzMoUkmIBIVlYYhyIlZLpNEvLIP3gDfewnVCskDBzy vDdO73hHo3NImLGkLf5fLZx8lVcyBIpwdBY/ZJUBakNIPP1WkDvqNzVFgI1PgOpz+r9CNhxz IwTVGOVDqKWLK/eqVqI6fguI+mIao8VojH9K/096v70in82gkESfbO13ZsQcny3BfBmLF+fY XXwhdcMCmIKvhI/TODzk12CSSRfZ3GoX6Iz/j07DpmpAp/ZRo+xmLyBwDu7HppOa2xYElyMC 2vnd52YW/cQbyKfOtRunSIAVbe/TY8h1BautBTjx7V6L+rU4TEXtY/41Nhu/ODTjhEz9TlsD 8uHyW2NTmd0nnkJRzAsxqx/r1Z9xk+Z0adkm/xYCcBT5/RRXwc1MZ7cyOp6BM3vWg/af9aJS VOmTc68AT4rVN4xwtkOY1x8G9q4lBzD0TCqUPcpkOmwGB0s8qva0k/eI8F7x2uOgLI9gkEmS 81Cc2Kigahz6iDSAZTImgOXjfD5W74b2Xv3822O13aJ9GtcWQh7Vu2RR3cVa1HKqpLz4krER LiGDKwmdxBZj8mYJf0ZOZXSkVxaSaK7a5zlaGWrljL1XE7QrlvtRI/jemFGmT7YFFBBiAcLu 3CPKQk5AC6l5WPYFj1nU1z1MAv36ecrjnS9Qwcvyh2SKVV73u+v/RQYn+CbDfkX17QPvw8ks zQxB0772MjZWJKbvwQ0RKxHepsm5Utfk2fQtghzJJulerpljFMEbwMxtUfn0R5wIoBYkI0xt DUt1gUhYbmA3gZncDWVlYv1JqWRKmT2+0W3bLXK31jFzNuM0rwK9Ox+rk3i+RqxUE04/B2Ly vFz1H2RrtXPBQsWCtfqV1ovsgN9v/fcazU84IXd0TttN7O1u3nMwYBhAuxt0Rumc9pFVcHMX AbvD80XAdSvI+02ihCoaBwDJuVb6K8zOYuvafKH3KehOOsokiihiCxL54V000TE8CQZKKaAx ZEPzuuE2U2NUz76h1CJt9j23JtcIzYIESv3yCTpApJQerwnZZwCWgLMa4W8wtRzgYKoWmYNr QL6QQ5AhJHvJULBCj61lRdd3kkWv3G9zC6xzjgv1iossrLaxyvWheLraBsAPGdPAmhkl1blZ 4au3LV4FAClaRYkkBy96AP03a9e8e5lKGPeW1tPOSLyJmdpVYO1rrvHeNYJ74kn+3YyMqz0c RWBR7jxrgFPmTnkFWZE2Dd9fTWjvJ7+txliiSeGNDB0tnWTKqQSjV/PodfbQ/BWxD8PQiJ13 CLWClaLNN6s5dyIlp3Hv4hSTkqZX4ZIOWnuxIKE726g4HFyRAa4h7a1k8HmFg4z1Wn60cNrX GPGtkS0bo7u3qW8eeVpGysgTEX74cdgBoY4mI85gpoX8X0Ch9CO5TwAi2i7PdhA2K34ZWYAX nZSn4eTvU65hgs/djqA3MrhW2+Yw9d9atXfACtewS87481QSe+V4LFCgSppsw+9pAPVb+J6m 2RVwv8v5XgGxuAR7VNxl2PAROxMWxUAbkmO31yS4tuzrbtafjOqeLm0jw9lmMy5SaqFukdaU Wr4fZErGWlx6N9+ORTCyi6WiMmsdd/OYNYUrhDRnQ3Hir0fMpU7m+AWgmxtPWv7tnoNzvY6y Ad2m5ags8LUTgcltLL8GRNeOjDvMokJ/Tvgl7pZ2MyS1oakGb1kAjROR4OuSuinWmF317yvJ 0OFFzsyrW2eELzUEFqE6UtomHnIFoiiK3CdIHRKhcUnXhSWI1ZTxRwFRDhv1IBsDRiknYayF SUxriBU/FPzrQFAj/5lJwWqGHmKvx+mM389AJ2PZBtOslMbux6TbIrCsKQvR0Q6ttWgtFLfc GXDPVZEUTFRCEXYXwK6bOvyvZHW+uycTIJSNtPoZrOD4axbXvaMnte015d+ui2LLoOJN2VjC Psy3gxCW2p4EoLXgWdHTStfjC/LY8OBwXX0siRqssCy9ujqUwPz9MOODbVVK9Bm5xGxh++KK eeRgC9zLTsQ2IkLwDfEz70W3VhajC8LFXHlCbMbqSvEV77dgIdMCgIDLSZrNY5T9+Q7xAYMc c/Xh9Xp16Jp2/44D1AWMD6p0sqtZMEMPyS8LAaeWB/NafLae3uXm5KSA+v0U7BbgeRKugflv D+aFxSmJTGfj3zyUAjpN+hQjSadNRgYuYencx8rB3KwKbCuIhC9LtJziiU7hLMugXaff3QbO zVmb0QLpLmZ6yhfqvBnGila9jxiN+bOyEP7p6HIb40bt/dmGHE+j+VB/HEz0KdY9glfQeBt3 i7Kr5t1uxehiObFmV8FGFJe7z1MgoyMp0BrP67Uo4JBVXjz9xUI9WyMCh4OqrON7/Xqo6EV0 cCJk7j8em8qGz38+NMdQtPMbsWdPyh4WfIIMCXREBNDSCaqcHrHwUtHn6PKnkA=
  • Ironport-sdr: 5JN0ItATXAYt91AQHN4rgoaD2dq9enXm1Zct8Am3AuqBlnFd6rRHDAy3cxuasqxl3LuOgoG+tA MJD/XvBOvtCMu4w2LpHY4iMI6dY/GT3v+Dcr4CfbC9MgAWDbwErqc+i0t+7h9zDJgdv6xpd2aG hU+Psrl6xTzHdws32W3E3wKv8gk+BNO6w8snZRP0kd9G1A5KkmYh37mMW5XiUhTJ9bBrlq/NPM axw14/t7TBVYTOEtTxUvD6hjFQgq4t8O3kgzcsgLCScLE5xOLwfqc3HC2+Xh9M19MnykeRrs1t zt2cvj9JFStRObdjCFG+1kbZ
Hi Stéphane,

On 25/04/2022 09:10, Stéphane Glondu wrote:
As I understand it, the web server lets an election administrator manage
trustees in one of two ways: either as a collection of Single trustees
(by default) or as a single Pedersen group (by going into "threshold
mode"). For the elections I have in mind, the natural setup would be one
Pedersen group and a small number of Single trustees, but the web server
does not seem to support this kind of configuration, or in general more
than one Pedersen group. Is this observation correct?

Yes. I thought about this use case in the design (and it is actually
used to enforce the presence of the server), but you are the first one
to raise it publicly.

Many thanks for the careful answers! Indeed, I thought about the
placement of the server while considering this problem, but figured it
would simply become a Single trustee on top of any other trustees
defined by the administrator.

For the record, the idea behind my proposed trustee structure is to
reflect the existence of several, independent groups of stakeholders,
each of which must be given trustee authority. The reason for using
Pedersen trustees to represent all or some of those independent groups
is so that each member of a group, including substitutes, manages their
keys independently, with thresholds set appropriately.

In the "worst case" I expect voting could be done through the web
interface, and setup and tally through belenios-tool. Do you foresee any
problems in doing so? This would at least be practical for voters but
cumbersome for trustees.

This might be possible, but is not obvious to me (see below).

Ideally, the trustees would at least be able to submit their election
keys and manage their decryption tasks through the web interface, as we
also need non-technical people to be able to play this role. Is there
any way to do this at the moment, or is belenios-tool the only solution?

I cannot think of a way of doing that not involving belenios-tool.


What I have in mind, using the current web UI is:
1. for each Pedersen group:
a. run the DKG (distributed key generation) protocol using
belenios-tool (see tests/tool/demo-threshold.sh)
b. compute the resulting public key of the group
c. in the web UI, add a (single, not threshold) trustee, using the
the result of b. above as public key
2. run the election as usual
3. for each Pedersen group:
a. compute a suitable number of partial decryptions
b. compute the resulting combined partial decryption for the group
c. in the web UI, submit the result of b. above as the group's
partial decryption

For 1.b., the necessary is not implemented in belenios-tool. Computing
the public key itself should be easy, but I'm not sure about the
zero-knowledge proof.

For 3.a., "belenios-tool threshold-decrypt" might do the job.

For 3.b., as for 1.b., the necessary is not implemented in
belenios-tool. Computing the decryption factors themselves should be
easy, but I'm not sure about the zero-knowledge proofs.

I believe building the ZKPs in 1.b. and 3.b. are open questions worth
investigating per se. As a side-effect, it would allow an elegant
implementation of arbitrary trees of trustees.

That makes sense. I see things are somewhat more involved than I
anticipated in the "worst case" but ultimately it comes as no big
surprise. And it does raise some interesting questions, indeed.

It seems to me using belenios-tool is the cleanest way of running an
election like the ones I describe at the moment. In order to involve
non-technical trustees, a reasonable workaround could involve doing away
with Pedersen groups altogether and arranging key sharing among certain
trustees out-of-band. This is probably what I will end up doing in the
immediate term.

Anyway, implementing the feature natively in the web UI, without the
proxy-via-single-trustees hack of above, should be possible, but is not
on top of our priority list.

Good to know! I had had a quick look at the code to get a feel for what
the web server may be able to do. It did not seem then like it would be
terribly complex, but coming up with a simple and above all usable
design may not be trivial. If you think it would be useful to keep track
of this closer to the repository, I could open an issue and write some
initial thoughts there.

Best,
Roberto

Archives gérées par MHonArc 2.6.19+.

Haut de le page