Ballot encryption on the front end.

ProExpertProg · ProExpertProg · commit b236cf031a8f · 2019-05-24T13:12:24.000-04:00
diff --git a/cryptovote/cryptovote/controllers/vote.py b/cryptovote/cryptovote/controllers/vote.py
@@ -1,5 +1,6 @@
 # -*- coding: utf-8 -*-
-from flask import Blueprint, render_template, redirect, url_for, session, request, flash
+from damgard_jurik import EncryptedNumber
+from flask import Blueprint, render_template, redirect, url_for, session, request, flash, json
 from random import shuffle
 from ..helpers import election_exists
 from ..models import Voter, Candidate, Authority
@@ -57,42 +58,52 @@ def vote(election):
         return redirect(url_for('election.election_home', election=election.name))
     candidates = election.candidates
     shuffle(candidates)
+
+    authority = Authority.query.filter_by(election=election).first()
+    if not authority:
+        flash("Election is missing authorities.")
+        return redirect(url_for('election.election_home', election=election.name))
+    public_key = authority.public_key
+    if not public_key:
+        flash("Authority missing public key.")
+        return redirect(url_for('election.election_home', election=election.name))
+
     if request.method == 'GET':
-        return render_template('vote/vote.html', election=election, candidates=candidates)
+        return render_template('vote/vote.html', election=election, candidates=candidates, public_key=public_key)
     else:
         ballot = request.form.get("ballot")
         if not ballot:
             flash("No ballot submitted.")
             return render_template('vote/vote.html', election=election, candidates=candidates)
-        authority = Authority.query.filter_by(election=election).first()
-        if not authority:
-            flash("Election is missing authorities.")
-            return redirect(url_for('election.election_home', election=election.name))
-        public_key = authority.public_key
-        if not public_key:
-            flash("Authority missing public key.")
-            return redirect(url_for('election.election_home', election=election.name))
-        candidates = []
-        for candidate in ballot.split(','):
+        ballot_dec = json.loads(ballot)
+
+        # here, candidates and preferences are strings
+        cand_prefs_raw = [(cand_pref['candidate'], cand_pref['preference']) for cand_pref in ballot_dec]
+
+        # here they are both ints
+        cand_prefs = []
+        for candidate, preference in cand_prefs_raw:
             c = Candidate.query.filter_by(election=election, name=candidate).first()
             if not c:
                 flash("Invalid ballot.")
                 return render_template('vote/vote.html', election=election, candidates=candidates)
-            candidates.append(c.id)
-        if len(election.candidates) != len(candidates):
+
+            pref = EncryptedNumber(int(preference), public_key)
+            cand_prefs.append((c.id, pref))
+
+        if len(election.candidates) != len(cand_prefs):
             flash("Invalid number of votes on ballot.")
             return render_template('vote/vote.html', election=election, candidates=candidates)
-        preferences = list(range(1, len(candidates)+1))
-        candidate_to_preference = {candidate: preference for candidate, preference in zip(candidates, preferences)}
-        candidates.sort()
-        preferences = [candidate_to_preference[candidate] for candidate in candidates]
+
         weight = public_key.encrypt(1)
-        enc_preferences = list(map(lambda p : public_key.encrypt(p), preferences))
+        candidates = [cand_pref[0] for cand_pref in cand_prefs]
+        enc_preferences = [cand_pref[1] for cand_pref in cand_prefs]
+
         voter.ballot = CandidateOrderBallot(candidates, enc_preferences, weight)
         election.bulletin += f"{voter.id}: "
         for preference in enc_preferences:
             election.bulletin += str(preference.value) + " "
         election.bulletin += "\n\n"
         db.session.commit()
         flash("Ballot cast successfully")
-        return redirect(url_for('election.election_home', election=election.name))
+        return redirect(url_for('election.election_home', election=election.name))
diff --git a/cryptovote/cryptovote/static/js/encrypt-ballot.js b/cryptovote/cryptovote/static/js/encrypt-ballot.js
@@ -3,15 +3,12 @@ class PublicKey {
      *
      * @param n BigInt
      * @param s BigInt
-     * @param m BigInt
      */
-    constructor(n, s, m) {
+    constructor(n, s) {
         this.s = s;
         this.n = n;
-        this.m = m;
         this.n_s = this.n ** this.s;  // n^s
         this.n_s_1 = this.n_s * this.n;  // n^(s+1)
-        this.n_s_m = this.n_s * this.m;  // n^s * m
     }
 
     /**
@@ -21,14 +18,14 @@ class PublicKey {
      */
     encrypt(m) {
         let r = PublicKey.get_random_below(this.n - 1n) + 1n;
-        return PublicKey.pow_mod(this.n + 1, m, this.n_s_1) * PublicKey.pow_mod(r, this.n_s, this.n_s_1) % this.n_s_1
+        return PublicKey.pow_mod(this.n + 1n, m, this.n_s_1) * PublicKey.pow_mod(r, this.n_s, this.n_s_1) % this.n_s_1
     }
 
     static get_random_below(n) {
-        let power = 1;
+        let power = 1n;
         let i = 0;
         for (; power < n; i++)
-            power *= 2;
+            power *= 2n;
         let len = Math.ceil(i / 8);
 
         // cryptographically secure random
@@ -41,7 +38,7 @@ class PublicKey {
             build += BigInt(rands[i]) * f;
             f *= byte;
         }
-        return build % n;
+        return build % BigInt(n);
     }
 
     /**
diff --git a/cryptovote/cryptovote/templates/vote/vote.html b/cryptovote/cryptovote/templates/vote/vote.html
@@ -11,7 +11,10 @@
         <div class="heading">
             <h1>Ballot</h1>
         </div>
-        <form action="{{ url_for('vote.vote', election=election.name) }}" method="post">
+        <form id="ballot-form" action="{{ url_for('vote.vote', election=election.name) }}" method="post" onsubmit="return submitForm()">
+            <input type="hidden" name="key_s" value="{{ public_key.s }}">
+            <input type="hidden" name="key_n" value="{{ public_key.n }}">
+
             <div class="form-group">
 
               <ul id="sortable_nav" class="sortable ui-sortable" >
@@ -26,7 +29,7 @@ <h1>Ballot</h1>
               </ul>
 
             </div>
-            <input type="hidden" id="ballot" name="ballot"></input>
+            <input type="hidden" id="ballot" name="ballot"/>
             <div class="form-group" style="margin-top: 50px;">
               <button type="submit" class="btn btn-primary btn-block btn-lg" style="background-color: #0084da;">Submit Ballot</button>
             </div>
@@ -37,6 +40,7 @@ <h1>Ballot</h1>
 
 {% block scripts %}
 <script src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js"></script>
+<script src="{{ url_for('static', filename='js/encrypt-ballot.js') }}"></script>
 <script type="text/javascript">
   $("#sortable_nav").sortable({
       placeholder: "ui-state-highlight",
