Universally Verifiable Poll-Site Voting Schemes Providing Everlasting Privacy

Computer based voting brings up huge challenges for technology. On the one hand an electronic voting system has to be transparent enough to allow verification of its correct functioning; on the other hand, it must ensure that these verification procedures do not allow an attacker to violate voter privacy. Both requirements can be addressed by providing cryptographically secured voting receipts. Each voter cast his or her vote in encoded form and receives a copy of the recorded ballot as receipt. The voters can use these receipts to verify that their vote is contained in the input of the tally. Furthermore, the encoded votes are publicly processed, which allows voters and observers to check that the election outcome has been determined correctly. However, to provide a private and free election, no voter should be able to prove to someone else for whom he or she voted. This must not only be prevented during the election, but also afterwards for an indefinite period of time. Especially with respect to everlasting privacy this is not ensured by most verifiable voting systems. If the receipt contains, for instance, the voting decision encrypted using some public key cryptography, an attacker can determine the candidates selected as soon as the underlying computational problem has been solved for the key length chosen. In this work we provide a summary of privacy weaknesses that may arise in verifiable electronic poll-site voting systems, and we identify and solve open issues. More precisely, we concentrate on the following three questions: (1) How can we show correct anonymization of votes in an efficient and privacy preserving manner using a generic approach? (2) How can we introduce everlasting privacy to mixing and homomorphic tallying based voting schemes? (3) How can we reduce the amount of trust voters have to put in authorities regarding privacy? In electronic voting so-called reencryption mix-nets are used to anonymize votes. These mix-nets shuffles votes in a universally verifiable manner, i.e., they publish some audit information allowing voters and observers to verify that the votes came out as they went in. In practice, mostly generic verification procedures are used to show correctness of this process. However, many of them do not provide an adequate level of privacy. To address (1), we investigate several proposals and introduce a new protocol that combines existing approaches but improves them with respect to privacy and efficiency. Another drawback of mixing based voting schemes is that all implementations provide computational privacy only. We address (2) by presenting a mix-net that uses a homomorphic and unconditionally hiding commitment scheme to encode the votes and audit data, implying everlasting privacy. The correctness of the anonymization process is guaranteed with overwhelming probability, even if all authorities collaborate. An implication of our result is that many current voting systems that use mix-nets can be upgraded to everlasting privacy. Subsequently, we show that this protocol can be applied to Prêt à Voter and Split-Ballot imposing only minor changes to current implementations. The same approach is used to introduce everlasting privacy to homomorphic tallying based schemes. The votes are encoded with an unconditionally hiding commitment scheme, they are homomorphically tallied in public, and the result is decoded afterwards. To show that our solution can be applied to poll-site voting, we describe how the Scratch & Vote voting system can be improved using our tallying protocol. Again only minor changes to the classical scheme are necessary. To address (3), the approach of non-personalized receipts is analyzed. If the receipts handed out to the voters do not contain a link to their vote cast, they do not have to put their trust in authorities keeping this association secret. We introduce an electronic ballot box that generates non-personalized receipts using a process that is similar to the anonymization procedure carried out by mix-nets. The correctness of the receipt generation is universally verifiable. Furthermore, our approach improves on existing solutions with respect to correctness and privacy. Finally, we compare all voting systems that are improved in this work, highlight their advantages and disadvantages, and conclude with key issues for future work

The Append-Only Web Bulletin Board

A large number of papers on verifiable electronic voting that have appeared in the literature in recent years have relied heavily on the availability of an append-only web bulletin board. Despite this widespread requirement, however, the notion of an append-only web bulletin board remains somewhat vague, and no method of constructing such a bulletin board has been proposed. This paper fills the gap. We identify the required properties of an append-only web bulletin board, and introduce the concept of certified publishing of messages to the board. We show how such a board can be constructed in order to satisfy the properties we have identified. Finally, we consider how to extend the scheme to make the web bulletin board robust and able to offer assurance to writers of the inclusion of their messages. Although the work presented here has been inspired and motivated by the requirements of electronic voting systems, the web bulletin board is sufficiently general to allow use in other contexts

Democracy Enhancing Technologies: Toward deployable and incoercible E2E elections

End-to-end verifiable election systems (E2E systems) provide a provably correct tally while maintaining the secrecy of each voter's ballot, even if the voter is complicit in demonstrating how they voted. Providing voter incoercibility is one of the main challenges of designing E2E systems, particularly in the case of internet voting. A second challenge is building deployable, human-voteable E2E systems that conform to election laws and conventions. This dissertation examines deployability, coercion-resistance, and their intersection in election systems. In the course of this study, we introduce three new election systems, (Scantegrity, Eperio, and Selections), report on two real-world elections using E2E systems (Punchscan and Scantegrity), and study incoercibility issues in one deployed system (Punchscan). In addition, we propose and study new practical primitives for random beacons, secret printing, and panic passwords. These are tools that can be used in an election to, respectively, generate publicly verifiable random numbers, distribute the printing of secrets between non-colluding printers, and to covertly signal duress during authentication. While developed to solve specific problems in deployable and incoercible E2E systems, these techniques may be of independent interest

Estudo e implementação de redes de comunicação anônima e aplicação ao sistema de votação digital OSTRACON

Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico. Programa de Pós-Graduação em Ciência da Computação.Em muitos casos de uso de sistemas em rede o anonimato da comunicação apresenta-se como um requisito desejado. Este trabalho tem como tema principal as técnicas para comunicação anônima. Para um melhor conhecimento do problema do anonimato foram pesquisadas formas de ataque ao anonimato, e mecanismos de defesa para tais ataques. As técnicas para comunicação anônima foram estudadas e avaliadas quanto a eficácia no combate aos ataques, e quanto ao provimento de comunicação anônima. Com base nas técnicas pesquisadas, foi proposta uma implementação de uma rede para comunicação anônima. Com a implementação realizada foi possível medir a performance da rede com ênfase nas operações criptográficas necessárias, e avaliar a aplicação prática da técnica escolhida no Sistema Ostracon, um sistema de votação digital desenvolvido no Laboratório de Segurança em Computação da Universidade Federal de Santa Catarina

Matters of Coercion-Resistance in Cryptographic Voting Schemes

This work addresses coercion-resistance in cryptographic voting schemes. It focuses on three particularly challenging cases: write-in candidates, internet elections and delegated voting. Furthermore, this work presents a taxonomy for analyzing and comparing a huge variety of voting schemes, and presents practical experiences with the voting scheme Bingo Voting

Desarrollo de una metodología para el análisis y la clasificación de los sistemas de voto electrónico

121 p.En la siguiente tesis se ha estudiado la documentación relacionada con los procesos y soluciones en el entorno de la votación electrónica que se han publicado hasta marzo de 2012; analizando las últimas soluciones que en el entorno académico se han propuesto para responder al problema de las auditorías en el ámbito de la votación electrónica presencial y, concretamente, con los denominados sistemas de votación auditables de extremo a extremo (End-to-end auditable voting systems). Después de comparar todas las soluciones propuestas desde diversos puntos de vista (con la dificultad añadida de que algunos de ellos no han sido utilizados en la práctica), el autor concluye que el uso de las TIC en el voto debe garantizar la fiabilidad del proceso electoral democrático y estar justificado por unas ventajas que pueden darse, por ejemplo, en las consultas en entidades pequeñas o a la hora de garantizar el recuento electoral en un tiempo prudencial como ocurre en países cuyas características orográficas o demográficas impidan o dificulten el cumplimiento de este requisit

Social media and GIScience: Collection, analysis, and visualization of user-generated spatial data

Over the last decade, social media platforms have eclipsed the height of popular culture and communication technology, which, in combination with widespread access to GIS-enabled hardware (i.e. mobile phones), has resulted in the continuous creation of massive amounts of user-generated spatial data. This thesis explores how social media data have been utilized in GIS research and provides a commentary on the impacts of this next iteration of technological change with respect to GIScience. First, the roots of GIS technology are traced to set the stage for the examination of social media as a technological catalyst for change in GIScience. Next, a scoping review is conducted to gather and synthesize a summary of methods used to collect, analyze, and visualize this data. Finally, a case study exploring the spatio-temporality of crowdfunding behaviours in Canada during the COVID-19 pandemic is presented to demonstrate the utility of social media data in spatial research

RFID Technology in Intelligent Tracking Systems in Construction Waste Logistics Using Optimisation Techniques

Construction waste disposal is an urgent issue for protecting our environment. This paper proposes a waste management system and illustrates the work process using plasterboard waste as an example, which creates a hazardous gas when land filled with household waste, and for which the recycling rate is less than 10% in the UK. The proposed system integrates RFID technology, Rule-Based Reasoning, Ant Colony optimization and knowledge technology for auditing and tracking plasterboard waste, guiding the operation staff, arranging vehicles, schedule planning, and also provides evidence to verify its disposal. It h relies on RFID equipment for collecting logistical data and uses digital imaging equipment to give further evidence; the reasoning core in the third layer is responsible for generating schedules and route plans and guidance, and the last layer delivers the result to inform users. The paper firstly introduces the current plasterboard disposal situation and addresses the logistical problem that is now the main barrier to a higher recycling rate, followed by discussion of the proposed system in terms of both system level structure and process structure. And finally, an example scenario will be given to illustrate the system’s utilization