End-to-end verifiability

This pamphlet describes end-to-end election verifiability (E2E-V) for a nontechnical audience: election officials, public policymakers, and anyone else interested in secure, transparent, evidence-based electronic elections. This work is part of the Overseas Vote Foundation's End-to-End Verifiable Internet Voting: Specification and Feasibility Assessment Study (E2E VIV Project), funded by the Democracy Fund

End-to-end verifiability for optical scan voting systems

Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2008.Includes bibliographical references (p. 57-59).End-to-end verifiable voting systems allow voters to verify that their votes are cast as intended, collected as cast, and counted as collected. Essentially, end-to-end voting systems provide voters assurance that each step of the election worked correctly. At the same time, voting systems must protect voter privacy and prevent the possibility of improper voter influence and voter coercion. Several end-to-end voting systems have been proposed, varying in usability and practicality. In this thesis we describe and analyze Scantegrity II, a novel end-to-end verification mechanism for optical scan voting which uses confirmation codes printed on the ballot in invisible ink. The confirmation codes allow voters to create privacy-preserving receipts which voters can check against the bulletin board after the close of the election to ensure that their votes have been collected as cast. Anyone can check that votes have been counted as collected and that the tally is correct. We describe the Scantegrity II system and analyze the integrity and privacy properties it provides.by Emily Shen.S.M

End-to-end verifiable elections in the standard model

We present the cryptographic implementation of “DEMOS”, a new e-voting system that is end-to-end verifiable in the standard model, i.e., without any additional “setup” assumption or access to a random oracle (RO). Previously known end-to-end verifiable e-voting systems required such additional assumptions (specifically, either the existence of a “randomness beacon” or were only shown secure in the RO model). In order to analyze our scheme, we also provide a modeling of end-to-end verifiability as well as privacy and receipt-freeness that encompasses previous definitions in the form of two concise attack games. Our scheme satisfies end-to-end verifiability information theoretically in the standard model and privacy/receipt-freeness under a computational assumption (subexponential Decisional Diffie Helman). In our construction, we utilize a number of techniques used for the first time in the context of e-voting schemes that include utilizing randomness from bit-fixing sources, zero-knowledge proofs with imperfect verifier randomness and complexity leveraging

An Efficient E2E Verifiable E-voting System without Setup Assumptions

End-to-end (E2E) verifiability is critical if e-voting systems are to be adopted for use in real-world elections. A new E2E e-voting system doesn't require additional setup assumptions and uses conventional cryptographic building blocks

An individually verifiable voting protocol with complete recorded-as-intended and counted-as-recorded guarantees

Democratic principles demand that every voter should be able to individually verify that their vote is recorded as intended and counted as recorded, without having to trust any authorities. However, most end-to-end (E2E) verifiable voting protocols that provide universal verifiability and voter secrecy implicitly require to trust some authorities or auditors for the correctness guarantees that they provide. In this paper, we explore the notion of individual verifiability. We evaluate the existing E2E voting protocols and propose a new protocol that guarantees such verifiability without any trust requirements. Our construction depends on a novel vote commitment scheme to capture voter intent that allows voters to obtain a direct zero-knowledge proof of their vote being recorded as intended. We also ensure protection against spurious vote injection or deletion post eligibility verification, and polling-booth level community profiling

Improved Verifiability for BeleniosVS

The BeleniosVS electronic voting scheme offers an attractive mix of verifiability and privacy properties. Moreover, using the ProVerif protocol-verification tool, BeleniosVS has automatic machine-aided analysis of (end-to-end) verifiability in 96 different threat models with the machine-aided analysis finding proofs in 22 cases and finding attacks in the remaining 74 cases. The high number of threat models covered by ProVerif delivers a much richer security analysis than the norm. We revisit the BeleniosVS scheme and propose several refinements to the ProVerif security model and scheme which increase the number of threat models in which the scheme has verifiability from 22 to 28. Our new ProVerif security model also implies end-to-end verifiability but the requirements are easier to satisfy. Interestingly, in all six improvements, both the changes to the security model and one or more changes to the scheme are necessary to prove verifiability

A Protocol for Cast-as-Intended Verifiability with a Second Device

Numerous institutions, such as companies, universities, or non-governmental organizations, employ Internet voting for remote elections. Since the main purpose of an election is to determine the voters' will, it is fundamentally important to ensure that the final election result correctly reflects the voters' votes. To this end, modern secure Internet voting schemes aim for what is called end-to-end verifiability. This fundamental security property ensures that the correctness of the final result can be verified, even if some of the computers or parties involved are malfunctioning or corrupted. A standard component in this approach is so called cast-as-intended verifiability which enables individual voters to verify that the ballots cast on their behalf contain their intended choices. Numerous approaches for cast-as-intended verifiability have been proposed in the literature, some of which have also been employed in real-life Internet elections. One of the well established approaches for cast-as-intended verifiability is to employ a second device which can be used by voters to audit their submitted ballots. This approach offers several advantages - including support for flexible ballot/election types and intuitive user experience - and it has been used in real-life elections, for instance in Estonia. In this work, we improve the existing solutions for cast-as-intended verifiability based on the use of a second device. We propose a solution which, while preserving the advantageous practical properties sketched above, provides tighter security guarantees. Our method does not increase the risk of vote-selling when compared to the underlying voting protocol being augmented and, to achieve this, it requires only comparatively weak trust assumptions. It can be combined with various voting protocols, including commitment-based systems offering everlasting privacy

End-to-End Verifiable Elections in the Standard Model∗

We present the cryptographic implementation of DEMOS , a new e-voting system that is end-to-end verifiable in the standard model, i.e., without any additional setup assumption or access to a random oracle (RO). Previously known end-to-end verifiable e-voting systems required such additional assumptions (specifically, either the existence of a randomness beacon or were only shown secure in the RO model). In order to analyze our scheme, we also provide a modeling of end-to-end verifiability as well as privacy and receipt-freeness that encompasses previous definitions in the form of two concise attack games. Our scheme satisfies end-to-end verifiability information theoretically in the standard model and privacy/receipt-freeness under a computational assumption (subexponential Decisional Diffie Helman). In our construction, we utilize a number of techniques used for the first time in the context of e-voting schemes that include utilizing randomness from bit-fixing sources, zero-knowledge proofs with imperfect verifier randomness and complexity leveraging

Secure digital voting system based on blockchain technology

Electronic voting or e-voting has been used in varying forms since 1970s with fundamental benefits over paper based systems such as increased efficiency and reduced errors. However, there remain challenges to achieve wide spread adoption of such systems especially with respect to improving their resilience against potential faults. Blockchain is a disruptive technology of current era and promises to improve the overall resilience of e-voting systems. This paper presents an effort to leverage benefits of blockchain such as cryptographic foundations and transparency to achieve an effective scheme for e-voting. The proposed scheme conforms to the fundamental requirements for e-voting schemes and achieves end-to-end verifiability. The paper presents details of the proposed e-voting scheme along with its implementation using Multichain platform. The paper presents in-depth evaluation of the scheme which successfully demonstrates its effectiveness to achieve an end-to-end verifiable e-voting scheme