What is the Tor Project’s current scope and availability guarantees for voting systems?

JanisErdmanis · 2024-05-10T12:47:12.384Z

Hello, everyone

I have been working on an E2E verifiable voting system prototype for a while, inspired by work done by Spycher & Haenni on a verifiable exponentiation mix [1]. In contrast to the orthodox approach, where encrypted votes goes through a mix cascade and undergoes threshold decryption ceremony in the end, it relies on verifiable exponentiation of shuffled pseudonyms and a generator with a secret factor. The votes are signed in plain using the exponentiated generator with a digital signature algorithm (DSA) and delivered to the server over an anonymous channel.

I am currently writing a paper that extends the work with history trees [2], dropping a trusted bulletin board assumption where immutability is ensured by a few client devices that keeps consistent proof chains. Follow-up requests are made through an anonymous channel prevents a corrupt server from making a split view attack, and thus, a globally consistent view is assured.

As I have outlined, the system’s success heavily depends on the TOR network’s availability. I came across some estimates in a paper from 2019 [3], and I was surprised to find the estimated costs for a DoS attack to be relatively low. Have things improved in this aspect over the years, especially considering recent announcements with PoW integrations? Also, are there any strategies that larger organisations could adopt to ensure the availability of anonymisation services?

Another feature I am looking for is the ability to have an anonymous channel on a static website, retrieved from a third trusted party such as GitHub pages and etc. This would improve the user experience by allowing voters to verify their recently cast votes via tracking code through their web browser directly without disclosing their IP address to a potentially corrupt server. As I understand, this would entail having a WebSocket proxy, which seems to be supported [4]. Whereas the Arti project can be compiled into WebAssembly and used directly from the web browser. Is my reasoning here accurate?

[1]: Rolf Haenni and Oliver Spycher. Secure internet voting on limited devices with anonymized DSA public keys. 2011
[2]: Scott A. Crosby and Dan S. Wallach. Efficient data structures for tamper-evident logging. 2009
[3]: https://www.usenix.org/conference/usenixsecurity19/presentation/jansen
[4]: Hiding in plain sight: Introducing WebTunnel