A formal analysis of the Norwegian e-voting protocol

Norway has used e-voting in its last political election in September 2011, with more than 25 000 voters using the e-voting option. The underlying protocol is a new protocol designed by the ERGO group, involving several actors (a bulletin box but also a receipt generator, a decryption service, and an auditor). Of course, trusting the correctness and security of e-voting protocols is crucial in that context. Formal definitions of properties such as privacy, coercion-resistance or verifiability have been recently proposed, based on equivalence properties. In this paper, we propose a formal analysis of the protocol used in Norway, w.r.t. privacy, consid- ering several corruption scenarios. Part of this study has conducted using the ProVerif tool, on a simplified model.En Septembre 2011, la Norvège a mis en place le vote élec- tronique lors de ses élections politiques, avec plus de 25 000 votants qui ont effectivement utilisé cette option. Le protocole sous-jacent, créé par la com- pagnie ERGOgroup, met en jeu plusieurs acteurs (une urne mais également un générateur de reçu, un déchiffreur et un auditeur). Pouvoir faire confiance en l'exactitude et la sécurité des protocoles de votes électroniques est bien entendu crucial dans ce contexte. En se basant sur des propriétés d'équivalence, des définitions formelles de la confidentialité, de la résistance à la coercition ou de la vérifiabilité on été récemment proposées. Dans ce rapport, nous proposons une analyse formelle du protocole utilisé en Norvège dans le but de démontrer la propriété de confidentialité en considérant plusieurs scénarios de corruption. Une partie de cette étude a été menée avec l'utilisation de l'outil ProVerif, sur un modèle simplifié

Cast-as-Intended Mechanism with Return Codes Based on PETs

We propose a method providing cast-as-intended verifiability for remote electronic voting. The method is based on plaintext equivalence tests (PETs), used to match the cast ballots against the pre-generated encrypted code tables. Our solution provides an attractive balance of security and functional properties. It is based on well-known cryptographic building blocks and relies on standard cryptographic assumptions, which allows for relatively simple security analysis. Our scheme is designed with a built-in fine-grained distributed trust mechanism based on threshold decryption. It, finally, imposes only very little additional computational burden on the voting platform, which is especially important when voters use devices of restricted computational power such as mobile phones. At the same time, the computational cost on the server side is very reasonable and scales well with the increasing ballot size

Public Evidence from Secret Ballots

Elections seem simple---aren't they just counting? But they have a unique, challenging combination of security and privacy requirements. The stakes are high; the context is adversarial; the electorate needs to be convinced that the results are correct; and the secrecy of the ballot must be ensured. And they have practical constraints: time is of the essence, and voting systems need to be affordable and maintainable, and usable by voters, election officials, and pollworkers. It is thus not surprising that voting is a rich research area spanning theory, applied cryptography, practical systems analysis, usable security, and statistics. Election integrity involves two key concepts: convincing evidence that outcomes are correct and privacy, which amounts to convincing assurance that there is no evidence about how any given person voted. These are obviously in tension. We examine how current systems walk this tightrope.Comment: To appear in E-Vote-Id '1

Playing Three-Level Games in the Global Economy. Case Studies from the EU. College of Europe EU Diplomacy Paper 4/2008, May 2008

The case studies in this paper are a selection of essays that have been written in the framework of the compulsory first-semester course The EU in a Global Political Economy Context, taught by Professor Sieglinde Gstöhl, in the academic year 2007-2008 in the EU International Relations and Diplomacy Studies programme at the College of Europe. They all address recent cases of two- or three-level games played by the European Union in different policy fields of the global economy (reflecting the state of affairs at the end of 2007)

Power, Responsibility, and Accountability: Re-Thinking the Legitimacy of Institutions for Climate Finance

Offers lessons from current mechanisms to finance climate mitigation and adaptation and considerations for legitimacy in new ones: the capacity to determine outcomes, the exercise of power as intended, and standards and systems to ensure accountability

A Peered Bulletin Board for Robust Use in Verifiable Voting Systems

The Web Bulletin Board (WBB) is a key component of verifiable election systems. It is used in the context of election verification to publish evidence of voting and tallying that voters and officials can check, and where challenges can be launched in the event of malfeasance. In practice, the election authority has responsibility for implementing the web bulletin board correctly and reliably, and will wish to ensure that it behaves correctly even in the presence of failures and attacks. To ensure robustness, an implementation will typically use a number of peers to be able to provide a correct service even when some peers go down or behave dishonestly. In this paper we propose a new protocol to implement such a Web Bulletin Board, motivated by the needs of the vVote verifiable voting system. Using a distributed algorithm increases the complexity of the protocol and requires careful reasoning in order to establish correctness. Here we use the Event-B modelling and refinement approach to establish correctness of the peered design against an idealised specification of the bulletin board behaviour. In particular we show that for n peers, a threshold of t > 2n/3 peers behaving correctly is sufficient to ensure correct behaviour of the bulletin board distributed design. The algorithm also behaves correctly even if honest or dishonest peers temporarily drop out of the protocol and then return. The verification approach also establishes that the protocols used within the bulletin board do not interfere with each other. This is the first time a peered web bulletin board suite of protocols has been formally verified.Comment: 49 page

Ethnically Biased? Experimental Evidence from Kenya

Ethnicity has been shown to shape political, social, and economic behavior in Africa, but the underlying mechanisms remain contested. We utilize lab experiments to isolate one mechanism - an individual's bias in favor of coethnics and against non-coethnics - that has been central in both theory and in the conventional wisdom about the impact of ethnicity. We employ an unusually rich research design involving a large sample of 1300 participants from Nairobi, Kenya; the collection of multiple rounds of experimental data with varying proximity to national elections; within-lab priming conditions; both standard and novel experimental measures of coethnic bias; and an implicit association test (IAT). We find very little evidence of an ethnic bias in the behavioral games, which runs against the common presumption of extensive coethnic bias among ordinary Africans and suggests that mechanisms other than a coethnic bias in preferences must account for the associations we see in the region between ethnicity and political, social, and economic outcomes

Individual verifiability in electronic voting

This PhD Thesis is the fruit of the job of the author as a researcher at Scytl Secure Electronic Voting, as well as the collaboration with Paz Morillo, from the Department of Applied Mathematics at UPC and Alex Escala, PhD student. In her job at Scytl, the author has participated in several electronic voting projects for national-level binding elections in different countries. The participation of the author covered from the protocol design phase, to the implementation phase by providing support to the development teams. The thesis focuses on studying the mechanisms that can be provided to the voters, in order to examine and verify the processes executed in a remote electronic voting system. This work has been done as part of the tasks of the author at the electronic voting company Scytl. Although this thesis does not talk about system implementations, which are interesting by themselves, it is indeed focused on protocols which have had, or may have, an application in the real world. Therefore, it may surprise the reader by not using state of the art cryptography such as pairings or lattices, which still, although providing very interesting properties, cannot be efficiently implemented and used in a real system. Otherwise, the protocols presented in this thesis use standard and well-known cryptographic primitives, while providing new functionalities that can be applied in nowadays electronic voting systems. The thesis has the following contents: A survey on electronic voting systems which provide voter verification functionalities. Among these systems we can find the one used in the Municipal and Parliamentary Norwegian elections of 2011 and 2013, and the system used in the Australian State of New South Wales for the General State Elections in 2015, in which the author has had an active participation in the design of their electronic voting protocols. A syntax which can be used for modeling electronic voting systems providing voter verifiability. This syntax is focused on systems characterized by the voter confirming the casting of her vote, after verifying some evidences provided by the protocol. Along with this syntax, definitions for the security properties required for such schemes are provided. A description of the electronic voting protocol and system which has been used in 2014 and 2015 elections in the Swiss Canton of Neuchâtel, which has individual verification functionalities, is also provided in this thesis, together with a formal analysis of the security properties of the scheme and further extensions of the protocol. Finally, two new protocols which provide new functionalities respect to those from the state of the art are proposed: A new protocol providing individual verifiability which allows voters to defend against coertion by generating fake proofs, and a protocol which makes a twist to individual verifiability by ensuring that all the processes executed by the voting device and the remote server are correct, without requiring an active verification from the voter. A formal analysis of the security properties of both protocols is provided, together with examples of implementation in real systems.Aquesta tesi és fruit de la feina de l'autora com a personal de recerca a la empresa Scytl Secure Electtronic Voting, així com de la col·laboració amb la Paz Morillo, del departament de matemàtica aplicada a la UPC, i el Alex Escala, estudiant de doctorat. A la feina a Scytl, l'autora ha participat a varis projectes de vot electrònic per a eleccions vinculants a nivell nacional, que s'han efectuat a varis països. La participació de la autora ha cobert tant la fase de disseny del protocol, com la fase de implementació, on ha proveït suport als equips de desenvolupament. La tesi estudia els mecanismes que es poden proporcionar als votants per a poder examinar i verificar els processos que s'executen en sistemes de vot electrònic. Tot i que la tesi no parla de la implementació dels sistemes de vot electrònic, sí que s'enfoca en protocols que han tingut, o poden tenir, una aplicació pràctica actualment. La tesi té els continguts següents: Un estudi en sistemes de vot electrònic que proporcionen funcionalitats per a que els votants verifiquin els processos. Entre aquests sistemes, trobem el que es va utilitzar a les eleccions municipals i parlamentàries a Noruega als anys 2011 i 2013, així com el sistema utilitzat a l'estat Australià de New South Wales, per a les eleccions generals de 2015, sistemes en els que l'autora ha participat directament en el diseny dels seus protocols criptogràfics. La tesi també conté una sintaxi que es pot utilizar per modelar sistemes de vot electrònic que proporcionen verificabilitat individual (on verifica el votant). Aquesta sintaxi s'enfoca en sistemes caracteritzats pel fet de que el votant confirma la emissió del seu vot un cop ha verificat unes evidències sobre ell, proporcionades pel protocol. A més de la sintaxi, es proporcionen definicions de les propietats de seguretat d'aquestts sistemes. La tesi també conté una descripció del sistema i protocol de vot electrònic que s'utilitza al cantó Suís de Neuchâtel a partir del 2014, el qual té funcionalitats per a que els votants verifiquin certs processos del sistema. La tesi a més conté un anàlisi de la seguretat de l'esquema, així com possibles extensions del protocol. Finalment, la tesi inclou dos protocols nous que proporcionen noves característiques i funcionalitats respecte als existents a l'estat de l'art de la tècnica. El primer permet a un votant defendre's de un coaccionador generant proves falses, i el segon fa un canvi de paradigma de la verificabilitat individual, de forma que el votant no ha de verificar certs processos per a saber que s'han efectuant correctament. La tesi inclou un anàlisi formal de les propietats de seguretat dels dos protocols, així com exemples de com podrien ser implementats en un escenari real.Postprint (published version