Past student projects in 2021

Proposed projects page (archives): Spring-2021

Proposed projects page (archives): Fall-2021


Fall semester

D-Voting: e-Voting on Dela

Auguste Baum, Emilien Duc

Report, Presentation

Abstract

In a world with high-stakes elections and constant trust issues, blockchain  technology has a highpotential of easing voters’ minds thanks to its auditability and lack of central third party. With this in mind, DEDIS has been a pioneer in the e-voting field, and has initiated the D-Voting project,
an e-voting system based on the high-level blockchain components in the Dela project [4]. In this work, we bring substantial improvements to the previous iteration of the D-Voting system: more flexibility for the polling questions, increased security in the cryptographic protocols, more flexible test suite and increased robustness to failures, among others. Though we made no significant improvement to the performance of the system, we consider the project as fit to enter the last stage of its pre-launch development before it can be used in the EPFL faculty elections.

D-Voting: frontend

Ambroise Borbely

Report

Abstract

The DEDIS lab is currently developing solutions about e-voting, the project explained here is about the D-Voting project that aims to create an e-voting platform based on the DELA blockchain. In order to interact with the blockchain, a web application has been developed, and will communicate with the DELA blockchain trough an API that is on each node of the DELA
blockchain. This project is about creating a “V2” of the currently existing web application by adding new features. The main feature added to this application is the login with the tequila service. As authentication makes significant changes in the architecture of the app, all the other
features will come on top of this one to complete it.

This document explains how the application was at the beginning and it has been trans- formed during the semester with the new features. At the end, some ideas are given on possible next changes that could be made to the web application.

Swiss Post e-Voting

Ella Kummer

Report, Presentation

Introduction

E-voting in Switzerland is currently put in place with a collaboration between the Confederation and the cantons, established by the Swiss E-Government. At the beginning of 2019, e-voting was provided in ten cantons out of twenty-six. In some cases it was offered to all resident voters,
however in some cantons it was restricted to voters living abroad. The cantons had the possibility to select one of the two systems available. The two systems were the system offered by the canton of Geneva, and the system offered by Swiss Post. In June 2019, it was announced that the system offered by the canton of Geneva would no longer be offered. Not long after, on July 2019, it was Swiss Post’s turn to announce that their system would not be available anymore either. As a result, no e-voting system is currently available in Switzerland. However, Swiss Post is since developing a system with complete verifiability. Swiss Post has long been a strong proponent of E-Voting. Currently, it is developing an E-Voting system to be utilized in Swiss elections. As part of their commitment to transparency, Swiss Post releases their source code as well as documentation and conduct intrusion tests. During an intrusion test in 2019, researchers discovered an implementation issue that would have
allowed an attacker to change the outcome of an election. Since then, Swiss Post has rectified the issue, among others, and made available to the public the source code, specifications and additional documents. They launched in parallel a bug bounty program to continuously improve the security of the Swiss Post e-voting system.

The goal of my project was to take part in this bug bounty program and review the documentation as well as the source code. This covers implementation issues or vulnerabilities as well as possible attacks under different scenarios and threats models. These researches are explained in
more detail in the Methodology chapter 4.

This report first retraces the historical background of the Swiss post e-voting system in the background section 2 and states where it is now. After this, we give a description of the system and its properties in chapter 3 to be able to later explain the analysis provided in chapter 5.

LIVOS: a liquid voting system

Etienne Boisson, Guillaume Tabard

Report, Presentation

Abstract

LIVOS stands for Liquid Voting System, this is a research project based upon Liquid Democracy consisting in creating an e-voting system with the concepts of liquidity of vote and delegation. The main goal of the project is to show concrete numbers that comfort the fact that Liquid Democracy is more accurate in taking into account the voters’ opinions than any other non-liquid democratic system and also to provide an intractable system where simulations can be run. This is indeed a proof of concept based upon tangible experiments. Liquid Democracy is a subject that has already been deeply explored in theory, but hasn’t been compared to other systems to be used in our every-day life. In practice, the Liquid Democracy is quite different, we need to solve Liquid Democracy related problems (for example the circular delegation or the tyrant problems, that we explore and for which we offer a possible solution). Then it needs to be compared to an actual working democratic system such as Direct Democracy or Representative Democracy in order to show if Liquid Democracy is more accurate, represents more efficiently the voters’ opinion and thus may
influence our leaders into rethinking our actual political systems. We always have to keep in mind that Liquid Democracy is a complex structure that needs to be easily accessible, understandable and usable to be incorporated in our everyday life.

To explore the different paths of the Liquid Democracy, we implemented a web application and an environment where simulations can be run. That allowed us to work with collected data in order to show the relevance, the problems and the challenges of Liquid Democracy.

Anonymous Proof-of-Presence Groups for Messaging and Voting

Céline Camacho, Gabriel Fleischer, Ma¨élyss Gilliard, Robin Jaccard, Tuomas Juho Antero Pääkkönen, Arnaud Wei-Xin Shih, Kilian Schneiter, Mohamed Badr Taddist, Adrien Vauthey, Jiabao Wen

Report

Abstract

In an online system where people can interact with each other, there is always the question of whether we want a system where the users are anonymous, a system where we can make sure that each user is unique or a system with both properties. This poses a problem especially while implementing an e-voting system, because both properties are looked for, as we want each person to only have one vote, and to be free of outside pressure when voting. A solution to this problem is Proof-of-Personhood, where we physically give tokens to the users without asking for identities. As the tokens are physically given, we can be sure that every given token belongs to a person, and that no one has multiple tokens. We continued developing an application that ease the use of the Proof-of-Personhood concept. Our work was to solidify the exisiting codebase, to make sure that it is working correctly and to add both a consensus protocol and a social media feature on top of the already existing application.

 

Spring semester

Columbus IV – Implementation of an intuitive and insightful blockchain explorer

Pilar Marxer, Rosa José Sara

Report, Presentation

Abstract

Imagine your bank gives for free to everyone of its’ subscriber a book of transactions that everyone can check and write on, but nobody can delete lines or destroy it. This analogy completely illustrates the concept of blockchain. A blockchain is a type of data storage tool, that is starting to be used in a wide set of domains. It is used because of its transparency (decentralized) and its verifiability (every block is linked to the previous one). However in practice without a blockchain explorer, users have no adequate tool to verify their transactions. The main goal of this project is to offer different classes of users a way to visualize the Byzcoin blockchain for different purposes and understand it’s underlying concepts.

E-voting on DELA

Anas Ibrahim, Vincent Parodi

Report

Abstract

E-Voting is a very interesting, actual, fancy, and useful use case to demonstrate the utility of a distributed ledger technology. The aim of this project is to implement a new E- Voting system based in Dela, the latest blockchain-based distributed ledger from the DEDIS lab. We implement the back- end part of a complete e-voting system, from the creation of an election to the publishing of the results. We provide a rest API such that any front end can make use of the system.

E-voting on DELA (frontend)

Sarah Antille

Report

While more and more of our life happens online, one challenge that hasn’t quite be mastered yet in Switzerland is e-voting. While some cantons allowed voters to cast their vote online for a brief period before 2019 as part of a trial phase, it was ended in June 2019. The concept of e-voting might sound simple but its implementation is not. Indeed the main properties that are needed is the anonymity of the vote, a secure storage for the votes such that they can not be deleted or tampered with, and distributed trust such that a single node shouldn’t be able to prevent a user to cast a vote.

Those properties are not trivial to guarantee and that has made e-voting an on-going research topic. However one of the technologies that seems promising is the distributed ledger technology which is the one that is used in this project.

Constant-Time Big Numbers for Crypto

Lúcás Críostóir Meier

Report, Presentation

Abstract

Cryptography depends on large integer (“bignum”) arithmetic pervasively, but the standard bignum libraries for most languages cannot guarantee constant-time operation, rendering cryptographic uses of these libraries potentially vulnerable to timing attacks. This project will develop a clean cross-language API for constant-time big-number arithmetic for crypto, together with prototype libraries implementing that API. The target implementation languages will likely be some subset of Go, Rust, Java, Scala, and/or Swift. Implementations are likely to reuse but adapt existing non-constant-time big-number libraries already available for the expected languages, not to build new libraries from scratch..

Smart contracts on WASM: implement a new execution environment for Dela

Maxime Sierro

Report, Presentation

Abstract

A smart contract is a program that lives on a blockchain. As any program, it needs an execution environment to be run. A natural solution is to use the native environment available from the smart contract, which requires the smart contract to be pre-compiled for that environment. Another solution is to run the smart contract within a virtual machine, which offers more flexibility because it removes the need for smart contracts to be pre-compiled for a specific environment. This is what Euthereum uses, by providing their own Ethereum Virtual Machine (EVM).

The aim of this project is to implement a new smart contract execution environment that uses the WebAssembly virtual machine. This environment will be implemented in Dela, the latest blockchain-based distributed ledger from the DEDIS lab.

A particular aspect that a smart contract environment must fulfill is determinism. Indeed, in a distributed ledger, a group of nodes must use consensus to agree on each smart contract’s exact correct output for a given input. As such, once the new environment is implemented, a study on the determinism properties of this environment must be conducted. If the time allows, a series of measures will be proposed to guarantee it.

Anonymous Proof-of-Presence Groups for Messaging and Voting

Carlo Musso, Victor Carles, Johann Pluss, Filippo Salmina, Adalsteinn Jonsson, Karim Kabbani, Maxime Laval, François Michel, Luke Patel, Stefan Eric

Report

Abstract

Popular communication tools today use either require semi-strong but privacy-invasive identities such as phone numbers to achieve some level of accountability and Sybil attack protection (e.g., WhatsApp or Signal), while other tools use weak identities such as E-mail addresses or pseudonymous public keys (e.g., Bitcoin) but lose any fair, “person-centric” form of accountability or Sybil attack protection. The DEDIS lab is developing a new, human-centric “proof-of-personhood“ (PoP) solution to this problem leveraging physical presence at real-world events to provide privacy-preserving but accountable, Sybil-protected identities.

This project will build upon and extend a prototype built in a previous student project to provide a usable proof-of-presence group communication app for mobile devices. The app will enable anyone to organize an in-person event, and take a secure “roll-call” at that event to connect with attendees and give each a one-per-person digital membership token. With these tokens, attendees can text message each other privately within the ad-hoc group without needing any strong identities (phone numbers etc), but with the ability to block abusive or spamming members reliably to ensure accountability. In addition, attendees can call votes within the group, and obtain the assurance that only real people who were actually at the event will be able to vote, and that each real person will have exactly one vote.

Security analysis of Proof-of-Personhood: Encointer

Lucie Hoffmann

Report

Abstract

Proof-of-Personhood (PoP), unlike other consensus mechanisms like Proof-of-Work or Proof-of- Stake, is more egalitarian and aims to give any human being a unique and singular token, allowing them to stay anonymous while holding them accountable. Instead of getting a voting power proportional to one’s number of CPUs or dollars, PoP gives one vote per human. Encointer’s implementation of PoP is still in the development phase and in this report we present how an adversary could make profit from their system based on simplified simulations.

Security of Proof-of-Personhood: Idena

Jordi Subirà-Nieto

Report

Abstract

Proof-of-Personhood (PoP) can be considered the ideal form of consensus algorithm to be used in permissionless distributed ledgers. Any system which unequivocally maps users to real human identities could implement a truly democratic and equally distributed governance. Recently, several approaches, aiming to achieve PoP, have been proposed.

In this semester project, we analyze the Idena protocol. More concretely, we focus on assessing the Sybil resistance of the Idena protocol, under some assumptions, against different attackers. We create several models which we use to simulate various attacks against the Idena network. Finally, we discuss some experiment outcomes that show how the Idena protocol falls short of accomplishing Sybil resistance for some of the proposed attackers.