51 research outputs found

    Extending Helios Towards Private Eligibility Verifiability

    Get PDF
    We show how to extend the Helios voting system to provide eligibility verifiability without revealing who voted which we call private eligibility verifiability. The main idea is that real votes are hidden in a crowd of null votes that are cast by others but are indistinguishable from those of the eligible voter. This extended Helios scheme also improves Helios towards receipt-freeness

    A Proxy Voting Scheme Ensuring Participation Privacy and Receipt-Freeness

    Get PDF
    Proxy voting is a form of voting meant to support the voters who want to delegate their voting right to a trusted entity, the so-called proxy. Depending on the form of proxy voting, the proxy is either authorized to cast a ballot for the voting option that the voter chooses, or to vote according to her own wishes, if the voter is not sure how to vote and wants to delegate the decision making in the election. While the first form of proxy voting has been applied to traditional elections in order to support the voters who are unable to physically get to a polling station, the second form has been a topic of research in Internet voting. Recently, an Internet voting scheme has been proposed, that extends the well-known Helios scheme towards the functionality of proxy voting. This scheme, however, also has the drawbacks of Helios regarding participation privacy and receipt-freeness. As such, the information whether any voter participated in the election either by casting a direct vote or delegating their vote can be deduced from the published information. The scheme furthermore allows both the voters and the proxies to create receipts that prove casting a ballot for a specific candidate, as well as allows the voters to create receipts that prove delegating to a specific proxy. In this work we use the idea of dummy ballots, proposed in another extension of Helios to extend the proxy voting scheme towards participation privacy and receipt-freeness

    Security Proofs for Participation Privacy and Stronger Verifiability for Helios

    Get PDF
    The Helios voting scheme is well studied including formal proofs for verifiability and ballot privacy, but it does not provide participation privacy (i.e. it reveals who participated in the election). Kulyk, Teague and Volkamer proposed an extension to Helios that is claimed to provide ballot privacy as well as participation privacy while providing stronger verifiability than Helios. However, the authors did not prove their claims. Our contribution is to provide a formal definition for participation privacy and to prove that their claims hold

    A Framework for QKD-based Electronic Voting

    Get PDF
    This paper deals with the security aspect of electronic voting (e-voting) by introducing quantum key distribution (QKD) to the e-voting process. This can offer an extremely high level of security that can be very beneficial for some significant e-voting tasks. Moreover, a framework for the integration of the QKD with the e-voting system is proposed. The Helios voting system, which is considered as one of the open-source and major voting systems, has been chosen for this integration. Investigation of the main design aspects of building a QKD-based e-voting system has been done. Thus, the expected advantages and limitations of the proposal are discussed and analyzed

    Extending the Helios Internet Voting Scheme Towards New Election Settings

    Get PDF
    Internet voting has long been a topic both of public discussion and also of scientific research. While the introduction of Internet voting may bring many advantages, it is further important to ensure an adequate level of security of the systems and underlying schemes that are used for casting and tallying the votes in order to encourage faith and acceptance for this relatively new way of voting. A number of cryptographic schemes have been proposed, that enable secure Internet voting. One of the most established and well-researched solutions is the Helios scheme, which is also implemented as an open-source system. Both its implementation and the scheme behind it has been extensively studied in the literature, and the Helios system has been used for numerous elections in practice, such as the IACR elections. However, there are election settings for which Helios is currently not appropriate, either due to infrastructure demands, required functionality for the voters or assurance of the security requirements. These kinds of election settings could benefit from the advantages that secure Internet voting provides. In this thesis we identify the election settings not currently supported by Helios, propose our extensions for each one of these settings and evaluate their security. Hence, this work describes four Internet voting schemes that are build upon Helios, with each scheme developed towards a specific setting. The first scheme presented here enables elections within the so-called boardroom voting setting. This setting is characterized by its decentralization, whereby all the tasks within the election are distributively performed by the voters themselves, without the support of a centralized infrastructure. The election in the boardroom voting setting are further conducted in an ad-hoc manner, so that limited time is available for preparation beforehand. We propose an extension of Helios that distributes the tasks of the voting system components in Helios among the voters. For this, we use cryptographic primitives such as decentralized key exchange with short authentication strings, distributed secret sharing and distributed decryption and Byzantine agreement. The second scheme extends Helios with proxy voting functionality. Proxy voting, as a newly emerged form of voting, enables the voter to delegate her voting right in the election to a trusted third-party, the so-called proxy, who is authorized to vote on the voter's behalf. This extension facilitates such delegation while assuring the security for delegating voters and for the proxies and preserves the security guarantees provided by Helios for the voters who vote directly (instead of delegating). For ensuring the security of our extension, we introduce the so-called delegation credentials that are assigned to the voters and are used to compute anonymized delegation tokens sent to the proxies to enable delegation. We further use cryptographic primitives such as proofs of knowledge and signatures of knowledge. The third scheme combines the first two settings to extend Helios towards the proxy boardroom voting setting, namely, a setting in which the elections are performed in a decentralized way as in boardroom voting, yet the voters who cannot participate in the election themselves are allowed to delegate their voting right to a trusted proxy before the election. The security of our extension is assured with threshold secret sharing and Pedersen commitments. The fourth scheme extends Helios by improving its security. As such, it introduces participation privacy, meaning that the voting system does not reveal which voters have participated in the election, while supporting verification that only the eligible voters have cast their ballots in the election. The extension furthermore introduces receipt-freeness, ensuring that the voter cannot create a receipt that proves to a third party how she voted, thus preventing vote selling. To ensure the security of the extension, a new kind of entity is introduced, the posting trustee, and a new kind of ballot, the so-called dummy ballot that is indistinguishable from a normal ballot cast by the voter, but does not modify the election result. We furthermore use disjunctive zero-knowledge proofs and proofs of signature knowledge to prove, that a sender of a particular ballot knows the private signature key of an eligible voter, or that the ballot is a dummy ballot. For each one of the extensions, the security model is provided, which describes the security requirements and the assumptions that are necessary for ensuring the security requirements (i.e. vote privacy or vote integrity), is provided. For the first three extensions, the security model is used as a base for the informal security evaluation, in which an informal argument is used to show, that the security requirements hold under the described assumptions. Conducting a formal security evaluation for these extensions is considered an important part of the future work, in which new formal definitions have to be developed. For the fourth extension, we provide a formal security analysis that relies on the formal definitions for the security requirements of vote privacy, vote integrity and eligibility, available in the literature. We furthermore introduce new formal definitions for participation privacy, receipt-freeness and fairness, which we also use for the formal proofs of our extension

    Machine-checked proofs for electronic voting: privacy and verifiability for Belenios

    Get PDF
    International audienceWe present a machine-checked security analysis of Belenios-a deployed voting protocol used already in more than 200 elections. Belenios extends Helios with an explicit registration authority to obtain eligibility guarantees. We offer two main results. First, we build upon a recent framework for proving ballot privacy in EasyCrypt. Inspired by our application to Belenios, we adapt and extend the privacy security notions to account for protocols that include a registration phase. Our analysis identifies a trust assumption which is missing in the existing (pen and paper) analysis of Belenios: ballot privacy does not hold if the registrar misbehaves, even if the role of the registrar is seemingly to provide eligibility guarantees. Second, we develop a novel framework for proving strong verifiability in EasyCrypt and apply it to Belenios. In the process, we clarify several aspects of the pen-and-paper proof, such as how to deal with revote policies. Together, our results yield the first machine-checked analysis of both ballot privacy and verifiability properties for a deployed electronic voting protocol. Perhaps more importantly, we identify several issues regarding the applicability of existing definitions of privacy and verifiability to systems other than Helios. While we show how to adapt the definitions to the particular case of Belenios, our findings indicate the need for more general security notions for electronic voting protocols with registration authorities

    Voting: You Can’t Have Privacy without Individual Verifiability

    Get PDF
    International audienceElectronic voting typically aims at two main security goals: vote privacy and verifiability. These two goals are often seen as antagonistic and some national agencies even impose a hierarchy between them: first privacy, and then verifiability as an additional feature. Verifiability typically includes individual verifiability (a voter can check that her ballot is counted); universal verifiability (anyone can check that the result corresponds to the published ballots); and eligibility verifiability (only legitimate voters may vote). We show that actually, privacy implies individual verifiability. In other words, systems without individual verifiability cannot achieve privacy (under the same trust assumptions). To demonstrate the generality of our result, we show this implication in two different settings, namely cryptographic and symbolic models, for standard notions of privacy and individual verifiability. Our findings also highlight limitations in existing privacy definitions in cryptographic settings

    Seventh International Joint Conference on Electronic Voting

    Get PDF
    This volume contains papers presented at E-Vote-ID 2022, the Seventh International JointConference on Electronic Voting, held during October 4–7, 2022. This was the first in-personconference following the COVID-19 pandemic, and, as such, it was a very special event forthe community since we returned to the traditional venue in Bregenz, Austria. The E-Vote-IDconference resulted from merging EVOTE and Vote-ID, and 18 years have now elapsed sincethe first EVOTE conference in Austria.Since that conference in 2004, over 1500 experts have attended the venue, including scholars,practitioners, authorities, electoral managers, vendors, and PhD students. E-Vote-ID collectsthe most relevant debates on the development of electronic voting, from aspects relating tosecurity and usability through to practical experiences and applications of voting systems, alsoincluding legal, social, or political aspects, amongst others, turning out to be an importantglobal referent on these issues
    corecore