Cast-as-Intended Mechanism with Return Codes Based on PETs

We propose a method providing cast-as-intended verifiability for remote electronic voting. The method is based on plaintext equivalence tests (PETs), used to match the cast ballots against the pre-generated encrypted code tables. Our solution provides an attractive balance of security and functional properties. It is based on well-known cryptographic building blocks and relies on standard cryptographic assumptions, which allows for relatively simple security analysis. Our scheme is designed with a built-in fine-grained distributed trust mechanism based on threshold decryption. It, finally, imposes only very little additional computational burden on the voting platform, which is especially important when voters use devices of restricted computational power such as mobile phones. At the same time, the computational cost on the server side is very reasonable and scales well with the increasing ballot size

How not to VoteAgain: Pitfalls of Scalable Coercion-Resistant E-Voting

Secure electronic voting is a relatively trivial exercise if a single authority can be completely trusted. In contrast, the construction of efficient and usable schemes which provide strong security without strong trust assumptions is still an open problem, particularly in the remote setting. Coercion-resistance is one of, if not the hardest property to add to a verifiable e-voting system. Numerous secure e-voting systems have been designed to provide coercion-resistance. One of these systems is VoteAgain (Usenix Security 2020) whose security we revisit in this work. We discovered several pitfalls that break the security properties of VoteAgain in threat scenarios for which it was claimed secure. The most critical consequence of our findings is that there exists a voting authority in VoteAgain which needs to be trusted for all security properties. This means that VoteAgain is as (in)secure as a trivial voting system with a single and completely trusted voting authority. We argue that this problem is intrinsic to VoteAgain\u27s design and could thus only be resolved, if possible, by fundamental modifications. We hope that our work will ensure that VoteAgain is not employed for real elections in its current form. Further, we highlight subtle security pitfalls to avoid on the path towards more efficient, usable, and reasonably secure coercion-resistant e-voting. To this end, we conclude the paper by describing the open problems which need to be solved to make VoteAgain\u27s approach secure

Internet voting in Estonia 2005–2019: Evidence from eleven elections

Internet voting is a highly contested topic in electoral studies. This article examines Internet voting in Estonia over 15 years and 11 nation-wide elections. It focuses on the following questions: How is Internet voting organized and used in Estonia? How have the Estonian Internet voting system and its usage evolved over time? What are the preconditions and consequences of large-scale deployment of Internet voting? The results suggest that the rapid uptake and burgeoning usage rates reflect the system's embeddedness in a highly developed digital state and society. Through continuous technological and legal innovation and development, Estonia has built an advanced Internet voting system that complies with normative standards for democratic elections and is widely trusted and used by the voters. Internet voting has not boosted turnout in a setting where voting was already easily accessible. Neither has it created digital divides: Internet voting in Estonia has diffused to the extent that socio-demographic characteristics no longer predict usage. This, combined with massive uptake, reduces incentives for political parties to politicize the novel voting mode

Estonian Voting Verification Mechanism Revisited Again

Recently, Mus, Kiraz, Cenk and Sertkaya proposed an improvement over the present Estonian Internet voting vote verification. This paper points to the weaknesses and questionable design choices of the new scheme. We show that the scheme does not fix the vote privacy issue it claims to. It also introduces a way for a malicious voting application to manipulate the vote without being detected by the verification mechanism, hence breaking the cast-as-intended property. As a solution, we propose modifying the protocol of Mus et al. slightly and argue for improvement of the security guarantees. However, there is inherent drop in usability in the protocol as proposed by Mus et al., and this issue will also remain in our improved protocol

Security models for everlasting privacy

We propose security models for everlasting privacy, a property that protects the content of the votes cast in electronic elections against future and powerful adversaries. Initially everlasting privacy was treated synonymously with information theoretic privacy and did not take advantage of the information available to the adversary and his behavior during or after the election. More recent works provided variations of the concept, limiting the view of the future adversary to publicly available data. We consider an adversary that potentially has insider access to private election data as well. We formally express our adversarial model in game based definitions build on top of a generic voting scheme. This allows us to define a stronger version of everlasting privacy and contrast the two main proposals to achieve it, namely perfectly hiding commitment schemes and anonymous channels

Apollo - End-to-end Verifiable Internet Voting with Recovery from Vote Manipulation

We present security vulnerabilities in the remote voting system Helios. We propose Apollo, a modified version of Helios, which addresses these vulnerabilities and could improve the feasibility of internet voting. In particular, we note that Apollo does not possess Helios\u27 major known vulnerability, where a dishonest voting terminal can change the vote after it obtains the voter\u27s credential. With Apollo-lite, votes not authorized by the voter are detected by the public and prevented from being included in the tally. The full version of Apollo enables a voter to prove that her vote was changed. We also describe a very simple protocol for the voter to interact with any devices she employs to check on the voting system, to enable frequent and easy auditing of encryptions and checking of the bulletin board

Individual verifiability in electronic voting

This PhD Thesis is the fruit of the job of the author as a researcher at Scytl Secure Electronic Voting, as well as the collaboration with Paz Morillo, from the Department of Applied Mathematics at UPC and Alex Escala, PhD student. In her job at Scytl, the author has participated in several electronic voting projects for national-level binding elections in different countries. The participation of the author covered from the protocol design phase, to the implementation phase by providing support to the development teams. The thesis focuses on studying the mechanisms that can be provided to the voters, in order to examine and verify the processes executed in a remote electronic voting system. This work has been done as part of the tasks of the author at the electronic voting company Scytl. Although this thesis does not talk about system implementations, which are interesting by themselves, it is indeed focused on protocols which have had, or may have, an application in the real world. Therefore, it may surprise the reader by not using state of the art cryptography such as pairings or lattices, which still, although providing very interesting properties, cannot be efficiently implemented and used in a real system. Otherwise, the protocols presented in this thesis use standard and well-known cryptographic primitives, while providing new functionalities that can be applied in nowadays electronic voting systems. The thesis has the following contents: A survey on electronic voting systems which provide voter verification functionalities. Among these systems we can find the one used in the Municipal and Parliamentary Norwegian elections of 2011 and 2013, and the system used in the Australian State of New South Wales for the General State Elections in 2015, in which the author has had an active participation in the design of their electronic voting protocols. A syntax which can be used for modeling electronic voting systems providing voter verifiability. This syntax is focused on systems characterized by the voter confirming the casting of her vote, after verifying some evidences provided by the protocol. Along with this syntax, definitions for the security properties required for such schemes are provided. A description of the electronic voting protocol and system which has been used in 2014 and 2015 elections in the Swiss Canton of Neuchâtel, which has individual verification functionalities, is also provided in this thesis, together with a formal analysis of the security properties of the scheme and further extensions of the protocol. Finally, two new protocols which provide new functionalities respect to those from the state of the art are proposed: A new protocol providing individual verifiability which allows voters to defend against coertion by generating fake proofs, and a protocol which makes a twist to individual verifiability by ensuring that all the processes executed by the voting device and the remote server are correct, without requiring an active verification from the voter. A formal analysis of the security properties of both protocols is provided, together with examples of implementation in real systems.Aquesta tesi és fruit de la feina de l'autora com a personal de recerca a la empresa Scytl Secure Electtronic Voting, així com de la col·laboració amb la Paz Morillo, del departament de matemàtica aplicada a la UPC, i el Alex Escala, estudiant de doctorat. A la feina a Scytl, l'autora ha participat a varis projectes de vot electrònic per a eleccions vinculants a nivell nacional, que s'han efectuat a varis països. La participació de la autora ha cobert tant la fase de disseny del protocol, com la fase de implementació, on ha proveït suport als equips de desenvolupament. La tesi estudia els mecanismes que es poden proporcionar als votants per a poder examinar i verificar els processos que s'executen en sistemes de vot electrònic. Tot i que la tesi no parla de la implementació dels sistemes de vot electrònic, sí que s'enfoca en protocols que han tingut, o poden tenir, una aplicació pràctica actualment. La tesi té els continguts següents: Un estudi en sistemes de vot electrònic que proporcionen funcionalitats per a que els votants verifiquin els processos. Entre aquests sistemes, trobem el que es va utilitzar a les eleccions municipals i parlamentàries a Noruega als anys 2011 i 2013, així com el sistema utilitzat a l'estat Australià de New South Wales, per a les eleccions generals de 2015, sistemes en els que l'autora ha participat directament en el diseny dels seus protocols criptogràfics. La tesi també conté una sintaxi que es pot utilizar per modelar sistemes de vot electrònic que proporcionen verificabilitat individual (on verifica el votant). Aquesta sintaxi s'enfoca en sistemes caracteritzats pel fet de que el votant confirma la emissió del seu vot un cop ha verificat unes evidències sobre ell, proporcionades pel protocol. A més de la sintaxi, es proporcionen definicions de les propietats de seguretat d'aquestts sistemes. La tesi també conté una descripció del sistema i protocol de vot electrònic que s'utilitza al cantó Suís de Neuchâtel a partir del 2014, el qual té funcionalitats per a que els votants verifiquin certs processos del sistema. La tesi a més conté un anàlisi de la seguretat de l'esquema, així com possibles extensions del protocol. Finalment, la tesi inclou dos protocols nous que proporcionen noves característiques i funcionalitats respecte als existents a l'estat de l'art de la tècnica. El primer permet a un votant defendre's de un coaccionador generant proves falses, i el segon fa un canvi de paradigma de la verificabilitat individual, de forma que el votant no ha de verificar certs processos per a saber que s'han efectuant correctament. La tesi inclou un anàlisi formal de les propietats de seguretat dels dos protocols, així com exemples de com podrien ser implementats en un escenari real.Postprint (published version

Seventh International Joint Conference on Electronic Voting

This volume contains papers presented at E-Vote-ID 2022, the Seventh International JointConference on Electronic Voting, held during October 4–7, 2022. This was the first in-personconference following the COVID-19 pandemic, and, as such, it was a very special event forthe community since we returned to the traditional venue in Bregenz, Austria. The E-Vote-IDconference resulted from merging EVOTE and Vote-ID, and 18 years have now elapsed sincethe first EVOTE conference in Austria.Since that conference in 2004, over 1500 experts have attended the venue, including scholars,practitioners, authorities, electoral managers, vendors, and PhD students. E-Vote-ID collectsthe most relevant debates on the development of electronic voting, from aspects relating tosecurity and usability through to practical experiences and applications of voting systems, alsoincluding legal, social, or political aspects, amongst others, turning out to be an importantglobal referent on these issues