On Secure E-Voting over Blockchain

This article discusses secure methods to conduct e-voting over a blockchain in three different settings: decentralized voting, centralized remote voting, and centralized polling station voting. These settings cover almost all voting scenarios that occur in practice. A proof-of-concept implementation for decentralized voting over Ethereum's blockchain is presented. This work demonstrates the suitable use of a blockchain not just as a public bulletin board but, more importantly, as a trustworthy computing platform that enforces the correct execution of the voting protocol in a publicly verifiable manner. We also discuss scaling up a blockchain-based voting application for national elections. We show that for national-scale elections the major verifiability problems can be addressed without having to depend on any blockchain. However, a blockchain remains a viable option to realize a public bulletin board, which has the advantage of being a "preventive"measure to stop retrospective changes on previously published records as opposed to a "detective"measure like the use of mirror websites. CCS Concepts: • Security and privacy

Towards internet voting in the state of Qatar

Qatar is a small country in the Middle East which has used its oil wealth to invest in the country's infrastructure and education. The technology for Internet voting now exists or can be developed, but are the people of Qatar willing to take part in Internet voting for national elections?. This research identifies the willingness of government and citizens to introduce and participate in Internet voting (I-voting) in Qatar and the barriers that may be encountered when doing so. A secure I voting model for the Qatar government is then proposed that address issues of I-voting which might arise due to the introduction of such new technology. Recommendations are made for the Qatar government to assist in the introduction of I-voting. The research identifies the feasibility of I-voting and the government s readiness and willingness to introduce it. Multiple factors are examined: the voting experience, educational development, telecommunication development, the large number of Internet users, Qatar law which does not bar the use of I-voting and Qatar culture which supports I-voting introduction. It is shown that there is a willingness amongst both the people and the government to introduce I-voting, and there is appropriate accessibility, availability of IT infrastructure, availability of Internet law to protect online consumers and the existence of the e government project. However, many Qataris have concerns of security, privacy, usability, transparency and other issues that would need to be addressed before any voting system could be considered to be a quality system in the eyes of the voters. Also, the need to consider the security threat associated on client-side machines is identified where a lack of user awareness on information security is an important factor. The proposed model attempts to satisfy voting principles, introducing a secure platform for I-voting using best practices and solutions such as the smart card, Public Key Infrastructure (PKI) and digital certificates. The model was reviewed by a number of experts on Information Technology, and the Qatari culture and law who found that the system would, generally, satisfy voting principles, but pointed out the need to consider the scalability of the model, the possible cyber-attacks and the risks associated with voters computers. which could be reduced by enhancing user awareness on security and using secure operating systems or Internet browsers. From these findings, a set of recommendations were proposed to encourage the government to introduce I-voting which consider different aspects of I-voting, including the digital divide, e-literacy, I voting infrastructure, legal aspects, transparency, security and privacy. These recommendations were also reviewed by experts who found them to be both valuable and effective. Since literature on Internet voting in Qatar is sparse, empirical and non-empirical studies were carried out in a variety of surveys, interviews and experiments. The research successfully achieved its aim and objectives and is now being considered by the Qatari Government

Public Evidence from Secret Ballots

Elections seem simple---aren't they just counting? But they have a unique, challenging combination of security and privacy requirements. The stakes are high; the context is adversarial; the electorate needs to be convinced that the results are correct; and the secrecy of the ballot must be ensured. And they have practical constraints: time is of the essence, and voting systems need to be affordable and maintainable, and usable by voters, election officials, and pollworkers. It is thus not surprising that voting is a rich research area spanning theory, applied cryptography, practical systems analysis, usable security, and statistics. Election integrity involves two key concepts: convincing evidence that outcomes are correct and privacy, which amounts to convincing assurance that there is no evidence about how any given person voted. These are obviously in tension. We examine how current systems walk this tightrope.Comment: To appear in E-Vote-Id '1

Formal Verification of an Electronic Voting System

Electronic voting (e-voting) systems that are used in public elections need to fulfil a broad range of strong requirements concerning both safety and security. Among these requirements are reliability, robustness, privacy of votes, coercion resistance and universal verifiability. Bugs in or manipulations of an e-voting system may have considerable influence on the life of the humans living in a country where such a system is used. Hence, e-voting systems are an obvious target for software verification. In this paper, we report on an implementation of such a system in Java and the formal verification of functional properties thereof in the KeY verification system. Even though the actual components are clearly modularized, the challenge lies in the fact that we need to prove a highly nonlocal property: After all voters have cast their votes, the server calculates the correct votes for each candidate w.r.t. the original ballots. This kind of trace property is dificult to prove with static techniques like verification and typically yields a large specification overhead

State of Alaska Election Security Project Phase 2 Report

A laska’s election system is among the most secure in the country, and it has a number of safeguards other states are now adopting. But the technology Alaska uses to record and count votes could be improved— and the state’s huge size, limited road system, and scattered communities also create special challenges for insuring the integrity of the vote. In this second phase of an ongoing study of Alaska’s election security, we recommend ways of strengthening the system—not only the technology but also the election procedures. The lieutenant governor and the Division of Elections asked the University of Alaska Anchorage to do this evaluation, which began in September 2007.Lieutenant Governor Sean Parnell. State of Alaska Division of Elections.List of Appendices / Glossary / Study Team / Acknowledgments / Introduction / Summary of Recommendations / Part 1 Defense in Depth / Part 2 Fortification of Systems / Part 3 Confidence in Outcomes / Conclusions / Proposed Statement of Work for Phase 3: Implementation / Reference

What proof do we prefer? Variants of verifiability in voting

In this paper, we discuss one particular feature of Internet voting, verifiability, against the background of scientific literature and experiments in the Netherlands. In order to conceptually clarify what verifiability is about, we distinguish classical verifiability from constructive veriability in both individual and universal verification. In classical individual verifiability, a proof that a vote has been counted can be given without revealing the vote. In constructive individual verifiability, a proof is only accepted if the witness (i.e. the vote) can be reconstructed. Analogous concepts are de- fined for universal veriability of the tally. The RIES system used in the Netherlands establishes constructive individual verifiability and constructive universal verifiability, whereas many advanced cryptographic systems described in the scientific literature establish classical individual verifiability and classical universal verifiability. If systems with a particular kind of verifiability continue to be used successfully in practice, this may influence the way in which people are involved in elections, and their image of democracy. Thus, the choice for a particular kind of verifiability in an experiment may have political consequences. We recommend making a well-informed democratic choice for the way in which both individual and universal verifiability should be realised in Internet voting, in order to avoid these unconscious political side-effects of the technology used. The safest choice in this respect, which maintains most properties of current elections, is classical individual verifiability combined with constructive universal verifiability. We would like to encourage discussion about the feasibility of this direction in scientific research