The New South Wales iVote System: Security Failures and Verification Flaws in a Live Online Election

In the world's largest-ever deployment of online voting, the iVote Internet voting system was trusted for the return of 280,000 ballots in the 2015 state election in New South Wales, Australia. During the election, we performed an independent security analysis of parts of the live iVote system and uncovered severe vulnerabilities that could be leveraged to manipulate votes, violate ballot privacy, and subvert the verification mechanism. These vulnerabilities do not seem to have been detected by the election authorities before we disclosed them, despite a pre-election security review and despite the system having run in a live state election for five days. One vulnerability, the result of including analytics software from an insecure external server, exposed some votes to complete compromise of privacy and integrity. At least one parliamentary seat was decided by a margin much smaller than the number of votes taken while the system was vulnerable. We also found protocol flaws, including vote verification that was itself susceptible to manipulation. This incident underscores the difficulty of conducting secure elections online and carries lessons for voters, election officials, and the e-voting research community

Applying Block Chain Technologies to Digital Voting Algorithms

Voting is a fundamental aspect to democracy. Many countries have advanced voting systems in place, but many of these systems have issues behind them such as not being anonymous or verifiable. Additionally, most voting systems currently have a central authority in charge of counting votes, which can be prone to corruption. We propose a voting system which mitigates many of these issues. Our voting system attempts to provide decentralization, pseudoanonymity, and verifiability. For our system, we have identified the requirements, implemented the backbone of the system, recognized some of its shortcomings, and proposed areas of future work on this voting system

An individually verifiable voting protocol with complete recorded-as-intended and counted-as-recorded guarantees

Democratic principles demand that every voter should be able to individually verify that their vote is recorded as intended and counted as recorded, without having to trust any authorities. However, most end-to-end (E2E) verifiable voting protocols that provide universal verifiability and voter secrecy implicitly require to trust some authorities or auditors for the correctness guarantees that they provide. In this paper, we explore the notion of individual verifiability. We evaluate the existing E2E voting protocols and propose a new protocol that guarantees such verifiability without any trust requirements. Our construction depends on a novel vote commitment scheme to capture voter intent that allows voters to obtain a direct zero-knowledge proof of their vote being recorded as intended. We also ensure protection against spurious vote injection or deletion post eligibility verification, and polling-booth level community profiling

Blockchain, consensus, and cryptography in electronic voting

Motivated by the recent trends to conduct electronic elections using blockchain technologies, we review the vast literature on cryptographic voting and assess the status of the field. We analyze the security requirements for voting systems and describe the major ideas behind the most influential cryptographic protocols for electronic voting. We focus on the great importance of consensus in the elimination of trusted third parties. Finally, we examine whether recent blockchain innovations can satisfy the strict requirements set for the security of electronic voting

Internet Voting Protocols: An Analysis of the Cryptographic Operations per Phase

Internet voting is a good option for Colombia thanks to the expansion of mobile technology throughout the country and the interest of the government to implement the e-voting. For this reason, we study the e-voting protocols to establish if any of them is suitable for Colombian elections. However some of them imply a great number of cryptographic operations and therefore a great computational cost for the devices, which sometimes exceed their capacity. In this paper, we determine the number of cryptographic operations per phase of four e-voting protocols: one based on blind signatures (Li, Hwang and Lai protocol), one based on mix nets (Meng protocol), one based on homomorphic encryption (EVIV protocol) and one used in real electoral processes (I-Voting for Estonian Elections). Then, we analyze the changes in the number of operations when the number of voters, number of votes, number of authorities and number of candidates increase for small, medium and large elections. Finally, we establish the protocol that imply a less number of cryptographic operations and is suitable for big electoral processes, such as congress elections in Colombia

Security Requirement Analysis of Blockchain-based E-Voting Systems

In democratic countries such as India, voting is a fundamental right given to citizens of their countries. Citizens need to physically present and cast their vote in ballot-paper-based voting systems. Most of the citizens fail to fulfill this constraint and have stayed away from their fundamental duty. Electronic-voting systems are often considered one efficient alternative in such situations. Blockchain Technology is an emerging technology that can provide a real solution as it is characterized by immutable, transparent, anonymous, and decentralized properties. This paper presents a security requirement analysis for e-voting systems and evaluates blockchain technology against these requirements