New approaches for electronic voting paradigms

La democràcia es el sistema de govern més utilitzat al món. No obstant, en un món cada vegada més globalitzat, la idea de mobilitzar la gent per votar en un col·legi electoral gestionat per persones resulta antiquada tot i ser la implementació més comú en l'actualitat. Millorar aquesta situació mitjançant l'ús de les tecnologies de la informació sembla una evolució òbvia i molt demanada però, malgrat l'existència d'algunes implementacions en entorns reals, encara no ha estat utilitzada excepte en comptades ocasions. Obrir la porta d'unes eleccions a les tecnologies de la informació implica l'obertura dels protocols de votació a un nou conjunt d'atacs contra aquests. Tenint en compte els requisits d'una elecció: privacitat del votant i integritat de l'elecció, les solucions actuals passen per implementar l'elecció seguint un dels tres paradigmes de vot segurs: barreja de vots, recompte homomòrfic o signatura cega. En aquesta tesi, es proposen nous protocols per als diferents paradigmes. La primera proposta consisteix en un sistema de vot que, basant-se en una informació redundant enviada pel votant, és capaç de realitzar una barreja de vots amb cost negligible incrementant lleugerament el cost del recompte. Per al paradigma de recompte homomòrfic, es proposa una prova de validesa del vot basada en les proves utilitzades per demostrar la correctesa en sistemes amb barreja de vots. Aquesta solució permet utilitzar les millores realitzades sobre el paradigma de barreja de vots per al seu ús en el paradigma de recompte homomòrfic. Finalment, es plantegen dues solucions per a eleccions del paradigma de signatura cega. La primera utilitza credencials generades amb signatura cega per permetre als votants vàlids enviar el seu vot sense que es conegui la seva identitat. La segona resol el problema del vot doble en aquest paradigma mitjan cant una construcció que utilitza un sistema de moneda electrònica off-line.La democracia es el sistema de gobierno más usado en el mundo. No obstante, en un mundo cada vez más globalizado, la idea de movilizar a la gente para votar en un colegio electoral gestionado por personas resulta anticuada a pesar de ser la implementación más común en la actualidad. Mejorar esta situación mediante el uso de las tecnologías de la información parece una evolución obvia y muy solicitada pero, a pesar de unas pocas adaptaciones, aún no ha sido usada salvo en escasas ocasiones. Abrir la puerta de unas elecciones a las tecnologías de la información lleva implícita la apertura de los protocolos de voto a un nuevo conjunto de ataques contra estos. Teniendo en cuenta los requisitos de una elección: privacidad del votante e integridad de la elección, las soluciones actuales pasan por implementar la elección siguiendo uno de los tres paradigmas de voto seguros: mezcla de votos, recuento homomórfico o firma ciega. En esta tesis, se proponen nuevos protocolos para los distintos paradigmas. La primera propuesta consiste en un sistema de voto bajo el paradigma de mezcla de votos que, basándose en una información redundante enviada por el votante, es capaz de realizar una mezcla de votos con un coste negligible incrementando ligeramente el coste del recuento. Para el paradigma de recuento homomórfico, se propone una prueba para verificar que el voto es válido basada en las pruebas de correctitud en sistemas con mezcla de votos. Esta solución permite usar las mejoras realizadas en el paradigma de mezcla de votos para su uso en el paradigma de recuento homomórfico. Finalmente, se proponen dos nuevos protocolos del paradigma de firma ciega. El primero utiliza credenciales generadas con firma ciega para permitir a votantes válidos enviar su voto sin que se conozca su identidad. El segundo resuelve el problema del voto doble en el paradigma de firma ciega mediante una construcción que utiliza un sistema de moneda electrónica off-line.Democracy is the most established government system in the world. However, in an increasingly globalized world, the idea of requiring people to move in order to cast their vote in the polling station seems outdated, even though it is, nowadays, the most common implementation. An obvious and widely demanded evolution is to improve the election framework by enabling the use of information technologies. Nevertheless, this solution has been implemented few times in real environment elections and the global success of these solutions have been called into question. The use of information technologies in voting protocols improves the quality of the election but, at the same time, it also opens up the voting protocols to new threats. Keeping this attacks in mind and given the election requirements: voter's privacy and election's integrity, the solutions proposed up to date are to implement one of the three secure voting paradigms: mixtype based, homomorphic tally, and blind signature. In this thesis, we present new protocols for the di erent paradigms. Our rst proposal, based on the mix-type paradigm, consists in a voting protocol which is able to perform the ballot mix with negligible cost but slightly increasing the tally cost. The proposed protocol makes use of a proper vote generation based on sending secret redundant information with the ballot when it is cast. For the homomorphic tally paradigm, we propose a zero knowledge proof of correctness of the ballot based on the proofs used to demonstrate the correctness of a shu e in the mix-type paradigm. This protocol makes possible to use the improvements on the shu e correctness proofs in the homomorphic tally paradigm. Finally, two di erent protocols are also proposed for the blind signature paradigm. The rst one uses credentials generated by means of a blind signature which allow eligible voters to cast their vote without leaking information about their identity. The second one is focused on solving the double voting problem in this paradigm. The protocol proposed uses o -line e-coin systems to provide anonymity disclosure in case of double voting

Electronic Voting: 6th International Joint Conference, E-Vote-ID 2021, Virtual Event, October 5–8, 2021: proceedings

This volume contains the papers presented at E-Vote-ID 2021, the Sixth International Joint Conference on Electronic Voting, held during October 5–8, 2021. Due to the extraordinary situation brought about by the COVID-19, the conference was held online for the second consecutive edition, instead of in the traditional venue in Bregenz, Austria. The E-Vote-ID conference is the result of the merger of the EVOTE and Vote-ID conferences, with first EVOTE conference taking place 17 years ago in Austria. Since that conference in 2004, over 1000 experts have attended the venue, including scholars, practitioners, authorities, electoral managers, vendors, and PhD students. The conference focuses on the most relevant debates on the development of electronic voting, from aspects relating to security and usability through to practical experiences and applications of voting systems, also including legal, social, or political aspects, amongst others, and has turned out to be an important global referent in relation to this issue

Sixth International Joint Conference on Electronic Voting E-Vote-ID 2021. 5-8 October 2021

This volume contains papers presented at E-Vote-ID 2021, the Sixth International Joint Conference on Electronic Voting, held during October 5-8, 2021. Due to the extraordinary situation provoked by Covid-19 Pandemic, the conference is held online for second consecutive edition, instead of in the traditional venue in Bregenz, Austria. E-Vote-ID Conference resulted from the merging of EVOTE and Vote-ID and counting up to 17 years since the _rst E-Vote conference in Austria. Since that conference in 2004, over 1000 experts have attended the venue, including scholars, practitioners, authorities, electoral managers, vendors, and PhD Students. The conference collected the most relevant debates on the development of Electronic Voting, from aspects relating to security and usability through to practical experiences and applications of voting systems, also including legal, social or political aspects, amongst others; turning out to be an important global referent in relation to this issue. Also, this year, the conference consisted of: · Security, Usability and Technical Issues Track · Administrative, Legal, Political and Social Issues Track · Election and Practical Experiences Track · PhD Colloquium, Poster and Demo Session on the day before the conference E-VOTE-ID 2021 received 49 submissions, being, each of them, reviewed by 3 to 5 program committee members, using a double blind review process. As a result, 27 papers were accepted for its presentation in the conference. The selected papers cover a wide range of topics connected with electronic voting, including experiences and revisions of the real uses of E-voting systems and corresponding processes in elections. We would also like to thank the German Informatics Society (Gesellschaft für Informatik) with its ECOM working group and KASTEL for their partnership over many years. Further we would like to thank the Swiss Federal Chancellery and the Regional Government of Vorarlberg for their kind support. EVote- ID 2021 conference is kindly supported through European Union's Horizon 2020 projects ECEPS (grant agreement 857622) and mGov4EU (grant agreement 959072). Special thanks go to the members of the international program committee for their hard work in reviewing, discussing, and shepherding papers. They ensured the high quality of these proceedings with their knowledge and experience

Formal Methods for Trustworthy Voting Systems : From Trusted Components to Reliable Software

Voting is prominently an important part of democratic societies, and its outcome may have a dramatic and broad impact on societal progress. Therefore, it is paramount that such a society has extensive trust in the electoral process, such that the system’s functioning is reliable and stable with respect to the expectations within society. Yet, with or without the use of modern technology, voting is full of algorithmic and security challenges, and the failure to address these challenges in a controlled manner may produce fundamental flaws in the voting system and potentially undermine critical societal aspects. In this thesis, we argue for a development process of voting systems that is rooted in and assisted by formal methods that produce transparently checkable evidence for the guarantees that the final system should provide so that it can be deemed trustworthy. The goal of this thesis is to advance the state of the art in formal methods that allow to systematically develop trustworthy voting systems that can be provenly verified. In the literature, voting systems are modeled in the following four comparatively separable and distinguishable layers: (1) the physical layer, (2) the computational layer, (3) the election layer, and (4) the human layer. Current research usually either mostly stays within one of those layers or lacks machine-checkable evidence, and consequently, trusted and understandable criteria often lack formally proven and checkable guarantees on software-level and vice versa. The contributions in this work are formal methods that fill in the trust gap between the principal election layer and the computational layer by a reliable translation of trusted and understandable criteria into trustworthy software. Thereby, we enable that executable procedures can be formally traced back and understood by election experts without the need for inspection on code level, and trust can be preserved to the trustworthy system. The works in this thesis all contribute to this end and consist in five distinct contributions, which are the following: (I) a method for the generation of secure card-based communication schemes, (II) a method for the synthesis of reliable tallying procedures, (III) a method for the efficient verification of reliable tallying procedures, (IV) a method for the computation of dependable election margins for reliable audits, (V) a case study about the security verification of the GI voter-anonymization software. These contributions span formal methods on illustrative examples for each of the three principal components, (1) voter-ballot box communication, (2) election method, and (3) election management, between the election layer and the computational layer. Within the first component, the voter-ballot box communication channel, we build a bridge from the communication channel to the cryptography scheme by automatically generating secure card-based schemes from a small formal model with a parameterization of the desired security requirements. For the second component, the election method, we build a bridge from the election method to the tallying procedure by (1) automatically synthesizing a runnable tallying procedure from the desired requirements given as properties that capture the desired intuitions or regulations of fairness considerations, (2) automatically generating either comprehensible arguments or bounded proofs to compare tallying procedures based on user-definable fairness properties, and (3) automatically computing concrete election margins for a given tallying procedure, the collected ballots, and the computed election result, that enable efficient election audits. Finally, for the third and final component, the election management system, we perform a case study and apply state-of-the-art verification technology to a real-world e-voting system that has been used for the annual elections of the German Informatics Society (GI – “Gesellschaft für Informatik”) in 2019. The case study consists in the formal implementation-level security verification that the voter identities are securely anonymized and the voters’ passwords cannot be leaked. The presented methods assist the systematic development and verification of provenly trustworthy voting systems across traditional layers, i.e., from the election layer to the computational layer. They all pursue the goal of making voting systems trustworthy by reliable and explainable formal requirements. We evaluate the devised methods on minimal card-based protocols that compute a secure AND function for two different decks of cards, a classical knock-out tournament and several Condorcet rules, various plurality, scoring, and Condorcet rules from the literature, the Danish national parliamentary elections in 2015, and a state-of-the-art electronic voting system that is used for the German Informatics Society’s annual elections in 2019 and following

Mobile-based auditing of the DẼMOS 2 e-voting system

DẼMOS 2 is a proposed e-voting system that is end-to-end verifiable, meaning that its results can be verified for correctness from end-to-end. This is clearly an important characteristic of any e-voting system that aspires to widespread adoption, but it requires that voters and third parties possess the means to perform such verifications. It is in this area that the current DẼMOS 2 implementation is lacking, and this project is an attempt to rectify this through the development of a mobile phone app. for Android devices. The design of such an app. is here presented, but the implementation remains incomplete. Despite this, an evaluation of the app. as it currently stands is presented, followed by a detailing of avenues of further development. Ultimately, however, the supposed benefits of e-voting are brought into question

PVPBC: Privacy and Verifiability Preserving E-Voting Based on Permissioned Blockchain

Privacy and verifiability are crucial security requirements in e-voting systems and combining them is considered to be a challenge given that they seem to be contradictory. On one hand, privacy means that cast votes cannot be traced to the corresponding voters. On the other hand, linkability of voters and their votes is a requirement of verifiability which has the consequence that a voter is able to check their vote in the election result. These two contradictory features can be addressed by adopting privacy-preserving cryptographic primitives, which at the same time as achieving privacy, achieve verifiability. Many end-to-end schemes that support verifiability and privacy have the need for some voter action. This makes ballot casting more complex for voters. We propose the PVPBC voting system, which is an e-voting system that preserves privacy and verifiability without affecting voter usability. The PVPBC voting system uses an effective and distributed method of authorization, which is based on revocable anonymity, by making use of a permissioned distributed ledger and smart contract. In addition, the underlying PVPBC voting system satisfies election verifiability using the Selene voting scheme. The Selene protocol is a verifiable e-voting protocol. It publishes votes in plaintext accompanied by tracking numbers. This enables voters to confirm that their votes have been captured correctly by the system. Numerical experiments support the claim that PVPBC scales well as a function of the number of voters and candidates. In particular, PVPBC’s authorization time increases linearly as a function of the population size. The average latency associated with accessing the system also increases linearly with the voter population size. The latency incurred when a valid authentication transaction is created and sent on the DLT network is 6.275 ms. Empirical results suggest that the cost in GBP for casting and storing an encrypted ballot alongside a tracker commitment is a linear function of the number of candidates, which is an attractive aspect of PVPBC

La volonté machinale: understanding the electronic voting controversy

Contains fulltext : 32048_voloma.pdf (publisher's version ) (Open Access)Radboud Universiteit Nijmegen, 21 januari 2008Promotor : Jacobs, B.P.F. Co-promotores : Poll, E., Becker, M.226 p

Remote electronic voting: studying and improving Helios

Dissertação de mestrado em Engenharia InformáticaA former North American President once said that the ballot is stronger than the bullet. In fact, the most civilized and organized way for a people express their opinion is by voting. However, there are people with bad intentions that affect voting and elections, being normal situations of coercion, collusion, fraud or forgery that disturb and cause alterations in the outcome of a vote. Thus, it becomes necessary to find ways to protect the voters, through vote secrecy and transparency, so that in end of a voting, democracy and justice prevail. Since the secret ballot papers until the electronic voting machines, passing through punched cards, technology in voting systems is evolving to ensure a greater security in elections, as well as greater efficiency, lower costs and other characteristics wanted in this type of systems. Nowadays, remote electronic voting is seen as the ultimate goal to achieve. The difficulty of developing such system is to ensure that it meets all the security requirements without infringing each other and without compromising the usability of the system itself. Thus, cryptography becomes an essential tool for obtaining security and integrity on electronic voting systems. This master thesis focuses on the world of electronic voting, in particular, the remote electronic voting. The objective is to find a system of this kind, with real world applications, to be studied and analyzed in a security point of view. Hence, we made a research on voting and, more deeply, a research on electronic voting schemes, in order to learn how to conceive it, which include the different stages that compose an election, types of voting and the entities involved, and what requirements to fulfill, both the security and functional. Because cryptography is used in most schemes, a detailed study was also performed on the primitives most common in protocols of electronic voting. However, there are not many schemes that pass from theory to practice. Fortunately, we found Helios, a well known scheme that implements various cryptographic techniques for everyone, under certain assumptions, be able to audit polls conducted with this system. A study was performed in order to explain how it was constructed and to identify its strengths and weaknesses. We also present some ongoing work by different people to improve Helios. Finally, we propose improvements on our own, to fight against coercion, to decrease the levels of assumptions and overcome corruption issues. Furthermore, we propose measures to protect the virtual voting booth and a mobile application to cast votes.Um antigo Presidente norte americano disse um dia que o voto é 'mais forte que a bala. De facto, a forma mais civilizada e organizada de um povo exprimir as suas opiniões é através de votações. Infelizmente, também este mundo é afectado por pessoas com más intenções, sendo normais as situações de coação, conluio, fraude ou falsificação que perturbam e causam alterações no resultado de urna votação. Assim, torna-se necessário arranjar formas de proteger os votantes, através de segredo de voto e transparência, de forma que, no final, a democracia e justiça de uma votação prevaleçam. Desde dos boletins de papel secreto até às máquinas de voto electrónico, passando pelas punched cards, a tecnologia em sistemas de votação vem evoluindo de modo a garantir uma maior segurança em eleições, assim como maior eficiência, menor custos e outras características que se querem neste tipo de sistemas. Nos dias de hoje, o voto electrónico remoto é visto como o grande objectivo a cumprir. A grande dificuldade de se desenvolver tal sistema é garantir que o sistema cumpra todos os requisitos de segurança sem que se violem entre si e sem que isso prejudique a usabilidade do sistema em si. Assim, a criptografia torna-se uma ferramenta essencial para se obter segurança e integridade em sistemas de voto electrónico. Esta tese de mestrado foca-se no mundo do voto electrónico, mais especificamente o voto electrónico remoto. O grande objectivo seria arranjar um sistema desse tipo, que tivesse aplicação real, para ser estudado e analisado do ponto de vista de segurança. Fez-se então uma pesquisa necessária sobre votações e, mais aprofundada, uma sobre esquemas de voto electrónico, de modo a aprender como se concebem, tanto as fases que a constituem como as entidades que normalmente fazem parte, e quais os requisitos a cumprir, tanto os funcionais como os de segurança. Como a criptografia entra em grande parte dos esquemas, também um estudo aprofundado foi realizado sobre as primitivas mais comuns em protocolos de voto electrónico. No entanto, não existem muitos esquemas que passem da teoria à prática. Felizmente, encontrou-se o Helios, um sistema que põe em prática diversas técnicas criptográficas para que qualquer pessoa, dentro de certas assumpções, possa auditar votações conduzidas por este sistema, ficando a privacidade nas mãos do Helios. Um estudo foi realizado de modo a explicar como foi construído e identificar os seus pontos fortes e fracos. Também são apresentados alguns trabalhos em curso sobre este sistema. Finalmente, propõem-se outros tipos de melhoramentos que visam: combater coação, diminuir o nível das assumpções e ultrapassar problemas de corrupção. Propõem-se ainda medidas para proteger a cabine virtual de votação e uma aplicação móvel