Breaking the encryption scheme of the Moscow Internet voting system

This work is a merger of arXiv:1908.09170 and arXiv:1908.05127.International audienceIn September 2019, voters for the election at the Parliament of the city of Moscow were allowed to use an Internet voting system. The source code of it had been made available for public testing. In this paper we show two successful attacks on the encryption scheme implemented in the voting system. Both attacks were sent to the developers of the system, and both issues had been fixed after that.The encryption used in this system is a variant of ElGamal over finite fields. In the first attack we show that the used key sizes are too small. We explain how to retrieve the private keys from the public keys in a matter of minutes with easily available resources.When this issue had been fixed and the new system had become available for testing, we discovered that the new implementation was not semantically secure. We demonstrate how this newly found security vulnerability can be used for counting the number of votes cast for a candidate

Practical I-Voting on Stellar Blockchain

In this paper, we propose a privacy-preserving i-voting system based on the public Stellar Blockchain network. We argue that the proposed system satisfies all requirements stated for a robust i-voting system including transparency, verifiability, and voter anonymity. The practical architecture of the system abstracts a voter from blockchain technology used underneath. To keep user privacy, we propose a privacy-first protocol that protects voter anonymity. Additionally, high throughput and low transaction fees allow handling large scale voting at low costs. As a result we built an open-source, cheap, and secure system for i-voting that uses public blockchain, where everyone can participate and verify the election process without the need to trust a central authority. The main contribution to the field is a method based on a blind signature used to construct reliable voting protocol. The proposed method fulfills all requirements defined for i-voting systems, which is challenging to achieve altogether.The work was supported partially by founds of Department of Computer Architecture, Faculty of Electronics, Telecommunications and Informatics, Gdańsk University of Technology, and Conselleria of Innovation, Universities, Science and Digital Society, of the Community of Valencia, Spain, under project AICO/2020/206. The development of the project has been also supported by the grant founded by Stellar Community Found

Security Analysis of ElGamal Implementations

International audienceThe ElGamal encryption scheme is not only the most extensively used alternative to RSA, but is also almost exclusively used in voting systems as an effective homomorphic encryption scheme. Being easily adaptable to a wide range of cryptographic groups, the ElGamal encryption scheme enjoys homomorphic properties while remaining semantically secure. This is subject to the upholding of the Decisional Diffie-Hellman (DDH) assumption on the chosen group. We analyze 26 libraries that implement the ElGamal encryption scheme and discover that 20 of them are semantically insecure as they do not respect the Decisional Diffie-Hellman (DDH) assumption. From the five libraries that do satisfy the DDH assumption, we identify and compare four different message encoding and decoding techniques

Russian Federal Remote E-voting Scheme of 2021 -- Protocol Description and Analysis

This paper presents the details of one of the two cryptographic remote e-voting protocols used in the Russian parliamentary elections of 2021. As the official full version of the scheme has never been published by the election organisers, our paper aims at putting together as complete picture as possible from various incomplete sources. As all the currently available sources are in Russian, our presentation also aims at serving the international community by making the description available in English for further studies. In the second part of the paper, we provide an initial analysis of the protocol, identifying the potential weaknesses under the assumptions of corruption of the relevant key components. As a result, we conclude that the biggest problems of the system stem from weak voter authentication. In addition, as it was possible to vote from any device with a browser and Internet access, the attack surface was relatively large in general

¿Es la tecnología blockchain el futuro del voto?

Trabajo de Fin de Grado en Ingeniería Informática, Facultad de Informática UCM, Departamento de Sistemas Informáticos y Computación, Curso 2021/2022.Is blockchain technology the future of voting systems? It has never been an easy task to come to an agreement. Dialogue and discussion have been always necessary to obtain support from others so societies can be arranged and developed. Nonetheless, it is when this dialogue and discussion diverts when society comes to a stop. As it could be seen in the last United States elections, political parties, and even civilians, are increasingly questioning the results from a democratic election and the conflict that emerges from it. This has to do with the current voting systems, like ballots boxes, and more importantly automated voting systems, as they are corruptible and have a lack of transparency and traceability, and in a moment where an untrusting society arises, this causes mayor instability. In parallel, in the recent years Blockchain technology and decentralized networks have been evolving unstoppably. Governance systems, financial entities, supply chains, IoT… Blockchain has awaken much interest in various sectors for the unique characteristics it offers, like the incorruptibility of data, traceability, and transparency. For these reasons, Blockchain technology presents as a good option for current voting system problems. However, is it currently a viable option? Or there are other challenges that must be addressed previously?¿Es la tecnología Blockchain el futuro del voto? Ponerse de acuerdo nunca ha sido tarea fácil. Desde siempre el diálogo y el debate de ideas han sido necesarios para ganar apoyos y de esta forma organizar y hacer prosperar una sociedad. No obstante, es cuando este debate se desvía cuando la situación se complica y se estanca. Se ha podido ver en las últimas elecciones en Estados Unidos cómo, cada vez más, los partidos políticos, e incluso los propios ciudadanos, ponen en cuestionamiento los resultados de unas elecciones y el conflicto que surge a raíz de ello. Esto se debe a que los sistemas actuales de votación, como las urnas, y más aún los sistemas automatizados de votación, son manipulables y carecen de transparencia y trazabilidad, y en un momento donde la población es cada vez más desconfiada, esto supone una mayor inestabilidad. En paralelo a todo esto, en los últimos años la tecnología Blockchain y las redes descentralizadas se han ido desarrollando continuamente. Sistemas de gobernanza, entidades financieras, cadenas de suministros, IoT… Esta tecnología ha suscitado mucho interés en multitud de sectores por las cualidades únicas que proporciona, entre las cuales destacan la incorruptibilidad de los datos, la trazabilidad y la transparencia. Es por ello que la tecnología Blockchain se presenta como una buena opción para los problemas actuales de los sistemas de votación. Sin embargo, ¿es viable actualmente? ¿O por el contrario hay otros retos que deben ser superados previamente?Depto. de Sistemas Informáticos y ComputaciónFac. de InformáticaTRUEunpu

Electronic Voting: 6th International Joint Conference, E-Vote-ID 2021, Virtual Event, October 5–8, 2021: proceedings

This volume contains the papers presented at E-Vote-ID 2021, the Sixth International Joint Conference on Electronic Voting, held during October 5–8, 2021. Due to the extraordinary situation brought about by the COVID-19, the conference was held online for the second consecutive edition, instead of in the traditional venue in Bregenz, Austria. The E-Vote-ID conference is the result of the merger of the EVOTE and Vote-ID conferences, with first EVOTE conference taking place 17 years ago in Austria. Since that conference in 2004, over 1000 experts have attended the venue, including scholars, practitioners, authorities, electoral managers, vendors, and PhD students. The conference focuses on the most relevant debates on the development of electronic voting, from aspects relating to security and usability through to practical experiences and applications of voting systems, also including legal, social, or political aspects, amongst others, and has turned out to be an important global referent in relation to this issue

Sixth International Joint Conference on Electronic Voting E-Vote-ID 2021. 5-8 October 2021

This volume contains papers presented at E-Vote-ID 2021, the Sixth International Joint Conference on Electronic Voting, held during October 5-8, 2021. Due to the extraordinary situation provoked by Covid-19 Pandemic, the conference is held online for second consecutive edition, instead of in the traditional venue in Bregenz, Austria. E-Vote-ID Conference resulted from the merging of EVOTE and Vote-ID and counting up to 17 years since the _rst E-Vote conference in Austria. Since that conference in 2004, over 1000 experts have attended the venue, including scholars, practitioners, authorities, electoral managers, vendors, and PhD Students. The conference collected the most relevant debates on the development of Electronic Voting, from aspects relating to security and usability through to practical experiences and applications of voting systems, also including legal, social or political aspects, amongst others; turning out to be an important global referent in relation to this issue. Also, this year, the conference consisted of: · Security, Usability and Technical Issues Track · Administrative, Legal, Political and Social Issues Track · Election and Practical Experiences Track · PhD Colloquium, Poster and Demo Session on the day before the conference E-VOTE-ID 2021 received 49 submissions, being, each of them, reviewed by 3 to 5 program committee members, using a double blind review process. As a result, 27 papers were accepted for its presentation in the conference. The selected papers cover a wide range of topics connected with electronic voting, including experiences and revisions of the real uses of E-voting systems and corresponding processes in elections. We would also like to thank the German Informatics Society (Gesellschaft für Informatik) with its ECOM working group and KASTEL for their partnership over many years. Further we would like to thank the Swiss Federal Chancellery and the Regional Government of Vorarlberg for their kind support. EVote- ID 2021 conference is kindly supported through European Union's Horizon 2020 projects ECEPS (grant agreement 857622) and mGov4EU (grant agreement 959072). Special thanks go to the members of the international program committee for their hard work in reviewing, discussing, and shepherding papers. They ensured the high quality of these proceedings with their knowledge and experience

Advances in Information Security and Privacy

With the recent pandemic emergency, many people are spending their days in smart working and have increased their use of digital resources for both work and entertainment. The result is that the amount of digital information handled online is dramatically increased, and we can observe a significant increase in the number of attacks, breaches, and hacks. This Special Issue aims to establish the state of the art in protecting information by mitigating information risks. This objective is reached by presenting both surveys on specific topics and original approaches and solutions to specific problems. In total, 16 papers have been published in this Special Issue