Individual verifiability in electronic voting

This PhD Thesis is the fruit of the job of the author as a researcher at Scytl Secure Electronic Voting, as well as the collaboration with Paz Morillo, from the Department of Applied Mathematics at UPC and Alex Escala, PhD student. In her job at Scytl, the author has participated in several electronic voting projects for national-level binding elections in different countries. The participation of the author covered from the protocol design phase, to the implementation phase by providing support to the development teams. The thesis focuses on studying the mechanisms that can be provided to the voters, in order to examine and verify the processes executed in a remote electronic voting system. This work has been done as part of the tasks of the author at the electronic voting company Scytl. Although this thesis does not talk about system implementations, which are interesting by themselves, it is indeed focused on protocols which have had, or may have, an application in the real world. Therefore, it may surprise the reader by not using state of the art cryptography such as pairings or lattices, which still, although providing very interesting properties, cannot be efficiently implemented and used in a real system. Otherwise, the protocols presented in this thesis use standard and well-known cryptographic primitives, while providing new functionalities that can be applied in nowadays electronic voting systems. The thesis has the following contents: A survey on electronic voting systems which provide voter verification functionalities. Among these systems we can find the one used in the Municipal and Parliamentary Norwegian elections of 2011 and 2013, and the system used in the Australian State of New South Wales for the General State Elections in 2015, in which the author has had an active participation in the design of their electronic voting protocols. A syntax which can be used for modeling electronic voting systems providing voter verifiability. This syntax is focused on systems characterized by the voter confirming the casting of her vote, after verifying some evidences provided by the protocol. Along with this syntax, definitions for the security properties required for such schemes are provided. A description of the electronic voting protocol and system which has been used in 2014 and 2015 elections in the Swiss Canton of Neuchâtel, which has individual verification functionalities, is also provided in this thesis, together with a formal analysis of the security properties of the scheme and further extensions of the protocol. Finally, two new protocols which provide new functionalities respect to those from the state of the art are proposed: A new protocol providing individual verifiability which allows voters to defend against coertion by generating fake proofs, and a protocol which makes a twist to individual verifiability by ensuring that all the processes executed by the voting device and the remote server are correct, without requiring an active verification from the voter. A formal analysis of the security properties of both protocols is provided, together with examples of implementation in real systems.Aquesta tesi és fruit de la feina de l'autora com a personal de recerca a la empresa Scytl Secure Electtronic Voting, així com de la col·laboració amb la Paz Morillo, del departament de matemàtica aplicada a la UPC, i el Alex Escala, estudiant de doctorat. A la feina a Scytl, l'autora ha participat a varis projectes de vot electrònic per a eleccions vinculants a nivell nacional, que s'han efectuat a varis països. La participació de la autora ha cobert tant la fase de disseny del protocol, com la fase de implementació, on ha proveït suport als equips de desenvolupament. La tesi estudia els mecanismes que es poden proporcionar als votants per a poder examinar i verificar els processos que s'executen en sistemes de vot electrònic. Tot i que la tesi no parla de la implementació dels sistemes de vot electrònic, sí que s'enfoca en protocols que han tingut, o poden tenir, una aplicació pràctica actualment. La tesi té els continguts següents: Un estudi en sistemes de vot electrònic que proporcionen funcionalitats per a que els votants verifiquin els processos. Entre aquests sistemes, trobem el que es va utilitzar a les eleccions municipals i parlamentàries a Noruega als anys 2011 i 2013, així com el sistema utilitzat a l'estat Australià de New South Wales, per a les eleccions generals de 2015, sistemes en els que l'autora ha participat directament en el diseny dels seus protocols criptogràfics. La tesi també conté una sintaxi que es pot utilizar per modelar sistemes de vot electrònic que proporcionen verificabilitat individual (on verifica el votant). Aquesta sintaxi s'enfoca en sistemes caracteritzats pel fet de que el votant confirma la emissió del seu vot un cop ha verificat unes evidències sobre ell, proporcionades pel protocol. A més de la sintaxi, es proporcionen definicions de les propietats de seguretat d'aquestts sistemes. La tesi també conté una descripció del sistema i protocol de vot electrònic que s'utilitza al cantó Suís de Neuchâtel a partir del 2014, el qual té funcionalitats per a que els votants verifiquin certs processos del sistema. La tesi a més conté un anàlisi de la seguretat de l'esquema, així com possibles extensions del protocol. Finalment, la tesi inclou dos protocols nous que proporcionen noves característiques i funcionalitats respecte als existents a l'estat de l'art de la tècnica. El primer permet a un votant defendre's de un coaccionador generant proves falses, i el segon fa un canvi de paradigma de la verificabilitat individual, de forma que el votant no ha de verificar certs processos per a saber que s'han efectuant correctament. La tesi inclou un anàlisi formal de les propietats de seguretat dels dos protocols, així com exemples de com podrien ser implementats en un escenari real.Postprint (published version

Comparing "challenge-based" and "code-based" internet voting verification implementations

Internet-enabled voting introduces an element of invisibility and unfamiliarity into the voting process, which makes it very different from traditional voting. Voters might be concerned about their vote being recorded correctly and included in the final tally. To mitigate mistrust, many Internet-enabled voting systems build verifiability into their systems. This allows voters to verify that their votes have been cast as intended, stored as cast and tallied as stored at the conclusion of the voting period. Verification implementations have not been universally successful, mostly due to voter difficulties using them. Here, we evaluate two cast as intended verification approaches in a lab study: (1) "Challenge-Based" and (2) "Code-Based". We assessed cast-as-intended vote verification efficacy, and identified usability issues related to verifying and/or vote casting. We also explored acceptance issues post-verification, to see whether our participants were willing to engage with Internet voting in a real election. Our study revealed the superiority of the code-based approach, in terms of ability to verify effectively. In terms of real-life Internet voting acceptance, convenience encourages acceptance, while security concerns and complexity might lead to rejection

Usable Verifiable Secrecy-Preserving E-Voting

In this paper we propose the usage of QR-Codes to enable usable veriable e-voting schemes based on code voting. The idea { from a voter\u27s perspective { is to combine code voting proposed by Chaum with the cast-as-intended verication mechanism used e.g. in Switzerland (using a personal initialization code, return codes per option, a conrmation code and a nalisation code); while all codes to be entered into the e-voting system by voters are available as QR-Code (i.e. one personalised QR voting code per voting option and one personal conrmation QR-Code). We conduct a user study to evaluate the usability and user experience of such an approach: both the code sheets and the election webpage are based on usability research in this area but adopted for our idea. As our proposal performs good wrt. usability, we discuss how such usable front-ends enable more secure e-voting systems in respect to end-to-end veriability and vote secrecy

Towards improving the efficacy of code-based verification in internet voting

End-to-end verifiable Internet voting enables a high level of election integrity. Cast-as-intended verification, in particular, allows voters to verify that their vote has been correctly cast, even in the presence of malicious voting devices. One cast-as-intended verification approach is code-based verification, used since 2015 in legally-binding Swiss elections. We evaluated the Swiss paper-based polling sheet and voting interface, focusing on how well it supported voters in verifying their votes. We uncovered several potential issues related to manipulation detection. We improved the paper-based polling sheet and voting interface accordingly. Then, we carried out a between-subjects lab study with 128 participants to compare the original and improved sheet and interface wrt. usability and its effectiveness in supporting manipulation detection. Our improvements significantly enhanced detection. Our study delivered insights into participants’ somewhat ineffectual reactions to detected anomalies, i.e. starting over again and trying to cast the same vote again, or calling the telephone number provided by the interface. This problem is likely to manifest in any verifiable voting system and thus needs to be addressed as future work

„The impact of blockchain technology on the trustworthiness of online voting systems”-„elections and trust“

Online Voting evidently increases election turnouts. However, recent state-owned initiatives have failed due to security concerns and a lack of trust in the systems. Blockchain seems to be a very suitable technical solution to establish transparency in online voting and thus, create trust. We have built our own, blockchain-enabled voting platform and utilized it to run an A/B-testing experiment at a university election to investigate its effect. Our results show that students trusted the blockchain-based voting version less than the control version. However, literature and our focus group findings revealed that there is an interrelation between the distrust among the students and a low level of familiarity with blockchain technology. Hence, we conclude that people should be educated before being confronted with blockchain-enabled online voting to take advantage of the technology’s potential

Measuring the Consumption Value of Higher Education

This paper argues that the consumption value of education is an important motivation for the educational choice. While controlling for ability, we document that individuals are willing to forego substantial future wage returns in order to acquire a particular type of higher education. We document that the individuals who attended Teachers’ College in Norway during the 1960's had an ex ante willingness to pay for the consumption value of this educational type of at least 34% of the present value of expected potential lifetime income. The ex post price for this consumption value turned out to be 39% of their potential lifetime income.educational choice, type of education, non-pecuniary return, willingness to pay, consumption value of education