Electronic voting: Methods and protocols

The act of casting a ballot during an election cycle has been plagued by a number of problems, both intrinsic and extraneous. The old-fashioned paper ballot solves a number of problems, but creates its own. The clear 21st Century solution is the use of an automated electronic system for collection and tallying of votes, but the attitude of the general populace towards these systems has been overwhelmingly negative, supported in some cases by fraud and abuse. The purpose of this thesis is to do a broad survey of systems available on the market now (both in industry and academia) and then compare and contrast these systems to an “ideal” system, which we attempt to define. To do this we survey academic and commercial literature from many sources and selected the most popular, current, or interesting of the designs—then compare the relative strengths and weaknesses of these designs. What we discovered is that devices presented by industry are not only closed-box (which makes them inherently untrustworthy), but also largely inept in security and/or redundancy. Conversely, systems presented by academia are relatively strong in security and redundancy, but lack in ease-of-use or miss helpful features found on industry devices. To combat these perceived weaknesses, we present a prototype of one system which has not previously been implemented, described in Wang [1]. This system brings together many ideas from academia to solve a significant number of the issues plaguing electronic voting machines. We present this solution in its entirety as open-source software for review by the cryptographic and computer science community. In addition to an electronic voting implementation this solution includes a graphical user interface, a re-encryption mix network, and several decryption methods including threshold decryption. All of these items are described in-depth by this thesis. However, as we discuss in the conclusion, this solution falls short in some areas as well. We earmark these problem areas for future research and discuss alternate paths forward

A Publicly-Veriable Mix-net with Everlasting Privacy Towards Observers

In this paper we present a novel, publicly verifiable mixing scheme which has everlasting privacy towards observers: all the information published on the bulletin board by the mixes (audit information etc) reveals no information about the identity of any of the messages published. The correctness of the mixing process is statistical: even if all authorities conspire, they cannot change the contents of any message without being detected with overwhelming probability. We accomplish this by encoding the messages submitted using so-called Pedersen commitments. Decoding (opening) these is possible because we create a parallel mix-net run by the same mixes to which the public has no access. This private mix-net uses the same permutations as the public one, but uses homomorphic encryption, which is used to send auxiliary information (messages, decommitment values) through the mix-net to allow decoding

An Elliptic Curve Based Homomorphic Remote Voting System

A remote voting system allows participants to cast their ballots through the Internet. Remote voting systems based on the use of homomorphic public key cryptography have proven to be a good option for carrying out simple elections with a reduced amount of candidates. In this paper, we present a new system that makes use of the additive homomorphic capabilities of the Elliptic Curve ElGamal (EC-ElGamal) cryptosystem. All the stages of the system are described together with an experimental analysis section which provides an assessment on the type of election our system would be suitable for.Research of the authors was supported in part by grants MTM2010-21580-C02-01 (Spanish Ministerio de Ciencia e Innovación), 2014SGR-1666 (Generalitat de Catalunya) and IPT-2012-0603-430000 (Spanish Ministerio de Economía y Competitividad)

Making Code Voting Secure against Insider Threats using Unconditionally Secure MIX Schemes and Human PSMT Protocols

Code voting was introduced by Chaum as a solution for using a possibly infected-by-malware device to cast a vote in an electronic voting application. Chaum's work on code voting assumed voting codes are physically delivered to voters using the mail system, implicitly requiring to trust the mail system. This is not necessarily a valid assumption to make - especially if the mail system cannot be trusted. When conspiring with the recipient of the cast ballots, privacy is broken. It is clear to the public that when it comes to privacy, computers and "secure" communication over the Internet cannot fully be trusted. This emphasizes the importance of using: (1) Unconditional security for secure network communication. (2) Reduce reliance on untrusted computers. In this paper we explore how to remove the mail system trust assumption in code voting. We use PSMT protocols (SCN 2012) where with the help of visual aids, humans can carry out $\mod 10$ addition correctly with a 99\% degree of accuracy. We introduce an unconditionally secure MIX based on the combinatorics of set systems. Given that end users of our proposed voting scheme construction are humans we \emph{cannot use} classical Secure Multi Party Computation protocols. Our solutions are for both single and multi-seat elections achieving: \begin{enumerate}[i)] \item An anonymous and perfectly secure communication network secure against a $t$-bounded passive adversary used to deliver voting, \item The end step of the protocol can be handled by a human to evade the threat of malware. \end{enumerate} We do not focus on active adversaries

Централізовані та децентралізовані системи електронного голосування

В сучасному світі, традиційні методи проведення голосувань стикаються з великою кількістю проблем, зокрема з доступністю та чесністю. Саме через це, різні держави починають впроваджувати системи для голосування через мережу інтернет. При цьому, більшість розроблених протоколів є централізованими за структурою і питання довіри до центральної точки збору та обробки інформації залишається невирішеним. Задля уникнення подібної вразливості системи, варто розглянути можливість побудови децентралізованого протоколу голосування на блокчейні.Traditional voting methods face a large number of problems, including accessibility and honesty. Because of this, various states are starting to implement systems for voting through the Internet. Since most developed protocols have a centralized structure, the issue of trust in the central point of information collection and processing remains unresolved. In order to avoid such a vulnerability of the system, it is worth considering the possibility of building a decentralized voting protocol based on blockchain

Dubious security practices in e-voting schemes Between tech and legal standards

Remote electronic voting has been around for a few decades now. However, some legal uncertainty regarding its uses remains. In this paper, we would like to highlight and discuss several techniques used in e-voting which may not be fully compliant with the law. We analyze several e-voting practices that rely on the addition of dummy ballots and show how they conflict with legal standards. Specifically, we focus on cases where dummy ballots are required for: better performance, testing, participation privacy, or preventing coercion. We argue that these practices may raise issues with the standards of authenticity and eligibility, as well as with the principle “one voter, one vote”. Our research aims to offer a better understanding of how legal principles can be interpreted to ensure the legality of technological proposals in e-voting

Efficiency Comparison of Various Approaches in E-Voting Protocols

In order to ensure the security of remote Internet voting, the systems that are currently proposed make use of complex cryptographic techniques. Since these techniques are often computationally extensive, efficiency becomes an issue. Identifying the most efficient Internet voting system is a non-trivial task -- in particular for someone who does not have a sufficient knowledge on the systems that currently exist, and on the cryptographic components that constitute those systems. Aside from these components, the efficiency of Internet voting also depends on various parameters, such as expected number of participating voters and ballot complexity. In this paper we propose a tool for evaluating the efficiency of different approaches for an input scenario, that could be of use to election organizers deciding how to implement the voting system

Coercion Mitigation for Voting Systems with Trackers: A Selene Case Study

An interesting approach to achieving verifiability in voting systems is to make use of tracking numbers. This gives voters a simple way of verifying that their ballot was counted: they can simply look up their ballot/tracker pair on a public bulletin board. It is crucial to understand how trackers affect other security properties, in particular privacy. However, existing privacy definitions are not designed to accommodate tracker-based voting systems. Furthermore, the addition of trackers increases the threat of coercion. There does however exist techniques to mitigate the coercion threat. While the term coercion mitigation has been used in the literature when describing voting systems such as Selene, no formal definition of coercion mitigation seems to exist. In this paper we formally define what coercion mitigation means for tracker-based voting systems. We model Selene in our framework and we prove that Selene provides coercion mitigation, in addition to privacy and verifiability

Receipt Freeness of Prêt à Voter Provably Secure

Prêt à Voter is an end-to-end verifiable voting scheme that is also receipt free. Formal method analysis was used to prove that Prêt à Voter is receipt free. In this paper we use one of the latest versions of Prêt à Voter[XCH+10] to prove receipt freeness of the scheme using computational methods. We use provable security game models for the first time to prove a paper based voting scheme receipt free. In this paper we propose a game model that defines receipt freeness. We show that in order to simulate the game we require IND-CCA2 encryption scheme to create the ballots. The usual schemes used in constructing Prêt à Voter are either exponential ElGamal or Paillier because of their homomorphic properties that are needed for tallying, however both are IND-CPA secure. We propose a new verifiable shuffle ``D-shuffle\u27\u27 to be used together with an IND-CPA encryption schemes that guarantees that the outputs of the shuffle are IND-CCA2 secure ciphertexts and they are used for constructing the ballots. The idea is based on Naor-Yung transformation[NY95]. We prove that if there exist an adversary that breaks receipt freeness then there exist an adversary that breaks the IND-CCA2 security of Naor-Yung encryption scheme. We further show that the ``D-Shuffle\u27\u27 provides us with the option of having multiple authorities creating the ballots such that no single authority can break voter\u27s privacy