End-to-end verifiable elections in the standard model

We present the cryptographic implementation of “DEMOS”, a new e-voting system that is end-to-end verifiable in the standard model, i.e., without any additional “setup” assumption or access to a random oracle (RO). Previously known end-to-end verifiable e-voting systems required such additional assumptions (specifically, either the existence of a “randomness beacon” or were only shown secure in the RO model). In order to analyze our scheme, we also provide a modeling of end-to-end verifiability as well as privacy and receipt-freeness that encompasses previous definitions in the form of two concise attack games. Our scheme satisfies end-to-end verifiability information theoretically in the standard model and privacy/receipt-freeness under a computational assumption (subexponential Decisional Diffie Helman). In our construction, we utilize a number of techniques used for the first time in the context of e-voting schemes that include utilizing randomness from bit-fixing sources, zero-knowledge proofs with imperfect verifier randomness and complexity leveraging

The DEMOS family of e-voting systems: End-to-end verifiable elections in the standard model

Η παρούσα διδακτορική διατριβή εισάγει τα συστήματα ηλεκτρονικής ψηφοφορίας DEMOS-A και DEMOS-2 τα οποία επιτυγχάνουν άμεση επαληθευσιμότητα (end-to-end verifiability) για πρώτη φορά. Προγενέστερα της διατριβής, όλα τα κορυφαία συστήματα ηλεκτρονικής ψηφοφορίας (π.χ. SureVote, JCJ, Pret a Voter, Helios, Scantegrity, etc.) προϋπέθεταν το αδιάβλητο των συσκευών ψηφοφορίας, το μοντέλο τυχαίου μαντείου, ή την ύπαρξη μια έμπιστης πηγής τυχαιότητας για την επίτευξη άμεσης επαληθευσιμότητας. Στον πυρήνα των DEMOS-A και DEMOS-2 , βρίσκεται ένας νέος μηχανισμός εξαγωγής τυχαιότητας απαιτούμενης για την επαλήθευση από την εντροπία που παράγουν οι ψηφοφόροι κατά τη συμμετοχή τους στην ψηφοφορία. Η εν λόγω εντροπία είναι εσωτερική ως προς το εκλογικό περιβάλλον, επομένως απαλείφεται η ανάγκη για εμπιστοσύνη σε μία εξωτερική πηγή τυχαιότητας. Η ανάλυση ασφάλειας διεξάγεται υπό ένα νέο κρυπτογραφικό πλαίσιο το οποίο συνιστά επιπρόσθετη συνεισφορά της διατριβής. Τα θεωρήματα άμεσης επαλήθευσιμότητας των DEMOS-A και DEMOS-2 μαρτυρούν μία στενή συσχέτιση του επιπέδου ασφάλειας με την συμπεριφορά του εκλογικού σωμάτος κατά την επαλήθευση. Βάσει αυτού του ευρήματος και της εργασίας του Ellison το 2007, η παρούσα διατριβή επεκτείνει το πλαίσιο μοντελοποιώντας τα συστήματα ηλεκτρονικής ψηφοφορίας ως ceremonies. Ως υπόδειγμα μελέτης ενός ceremony ηλεκτρονικής ψηφοφορίας, η παρούσα διατριβή μελετά την ασφάλεια του καθιερωμένου συστήματος ηλεκτρονικής ψηφοφορίας Helios.This PhD thesis introduces the DEMOS-A and DEMOS-2 e-voting systems that achieve end-to-end verifiability in the standard model for the first time. Prior to this thesis, all top-tier e-voting systems (e.g. SureVote, JCJ, Pret a Voter, Helios, Scantegrity, etc.) assumed honesty of the voting clients, the random oracle model, or the existence a randomness beacon to achieve end-to-end verifiability. In the core of DEMOS-A and DEMOS-2, is a novel mechanism that extracts the randomness required for verification from the entropy generated by the voters, when they engage in the voting phase. This entropy is internal with respect to the election environment, therefore the need for trusting an outer source of randomness is removed. The security analysis is performed under a novel cryptographic framework that constitutes an additional contribution of this thesis. The end-to-end verifiability theorems for DEMOS-A and DEMOS-2 reveal that the security level is in high correlation with the auditing behaviour of the electorate. Motivated by this finding, this thesis extends the framework by modelling e-voting systems as ceremonies, inspired by the work of Ellison in 2007. As a case study of an e-voting ceremony, this thesis investigates the security of the well-known Helios e-voting system

Public Evidence from Secret Ballots

Elections seem simple---aren't they just counting? But they have a unique, challenging combination of security and privacy requirements. The stakes are high; the context is adversarial; the electorate needs to be convinced that the results are correct; and the secrecy of the ballot must be ensured. And they have practical constraints: time is of the essence, and voting systems need to be affordable and maintainable, and usable by voters, election officials, and pollworkers. It is thus not surprising that voting is a rich research area spanning theory, applied cryptography, practical systems analysis, usable security, and statistics. Election integrity involves two key concepts: convincing evidence that outcomes are correct and privacy, which amounts to convincing assurance that there is no evidence about how any given person voted. These are obviously in tension. We examine how current systems walk this tightrope.Comment: To appear in E-Vote-Id '1

Post-Election Audits: Restoring Trust in Elections

With the intention of assisting legislators, election officials and the public to make sense of recent literature on post-election audits and convert it into realistic audit practices, the Brennan Center and the Samuelson Law, Technology and Public Policy Clinic at Boalt Hall School of Law (University of California Berkeley) convened a blue ribbon panel (the "Audit Panel") of statisticians, voting experts, computer scientists and several of the nation's leading election officials. Following a review of the literature and extensive consultation with the Audit Panel, the Brennan Center and the Samuelson Clinic make several practical recommendations for improving post-election audits, regardless of the audit method that a jurisdiction ultimately decides to adopt

Applying Block Chain Technologies to Digital Voting Algorithms

Voting is a fundamental aspect to democracy. Many countries have advanced voting systems in place, but many of these systems have issues behind them such as not being anonymous or verifiable. Additionally, most voting systems currently have a central authority in charge of counting votes, which can be prone to corruption. We propose a voting system which mitigates many of these issues. Our voting system attempts to provide decentralization, pseudoanonymity, and verifiability. For our system, we have identified the requirements, implemented the backbone of the system, recognized some of its shortcomings, and proposed areas of future work on this voting system

Back to Paper: A Case Study

Documents the developments in California, Colorado, Florida, New Mexico, and Ohio, where electronic voting machines were introduced after the 2000 election but are now being replaced by paper ballots. Also discusses trends among other states