Automated Anonymity Verification of the ThreeBallot Voting System

In recent years, a large number of secure voting protocols have been proposed in the literature. Often these protocols contain flaws, but because they are complex protocols, rigorous formal analysis has proven hard to come by. Rivest’s ThreeBallot voting system is important because it aims to provide security (voter anonymity and voter verifiability) without requiring cryptography. In this paper, we construct a CSP model of ThreeBallot, and use it to produce the first automated formal analysis of its anonymity property. Along the way, we discover that one of the crucial assumptions under which ThreeBallot (and many other voting systems) operates-the Short Ballot Assumption-is highly ambiguous in the literature.We give various plausible precise interpretations, and discover that in each case, the interpretation either is unrealistically strong, or else fails to ensure anonymity. Therefore, we give a version of the Short Ballot Assumption for ThreeBallot that is realistic but still provides a guarantee of anonymity

Origami voting: a non-cryptographic approach to transparent ballot verification

International audienceOver the past four decades, fear of election manipulation and hacking has spurred the security technology community to propose a variety of voting systems to implement verifiable voting. Most of these rely on hard to understand cryptographic protocols, which can affect whether users actually verify their selections. Three-Ballot and Vote/Anti-Vote/Vote, two related systems among the few non-cryptographic end-to-end verifiable voting systems, made improvements in security while eliminating complex protocols. They unfortunately suffered from usability issues, and although they did not require cryptographic primitives, they still relied on electronic devices. To address this, we introduce three folded-paper based systems that allow verifiable voting and resist common attacks despite not relying on any cryptography or electronic devices. The proposals are based on 1) semi-translucent ballots, 2) masking tape, or 3) folding and punching. These Origami voting methods help users understand the underlying mechanisms and give them a direct geometric approach to verification

Desarrollo de una metodología para el análisis y la clasificación de los sistemas de voto electrónico

121 p.En la siguiente tesis se ha estudiado la documentación relacionada con los procesos y soluciones en el entorno de la votación electrónica que se han publicado hasta marzo de 2012; analizando las últimas soluciones que en el entorno académico se han propuesto para responder al problema de las auditorías en el ámbito de la votación electrónica presencial y, concretamente, con los denominados sistemas de votación auditables de extremo a extremo (End-to-end auditable voting systems). Después de comparar todas las soluciones propuestas desde diversos puntos de vista (con la dificultad añadida de que algunos de ellos no han sido utilizados en la práctica), el autor concluye que el uso de las TIC en el voto debe garantizar la fiabilidad del proceso electoral democrático y estar justificado por unas ventajas que pueden darse, por ejemplo, en las consultas en entidades pequeñas o a la hora de garantizar el recuento electoral en un tiempo prudencial como ocurre en países cuyas características orográficas o demográficas impidan o dificulten el cumplimiento de este requisit

Democracy Enhancing Technologies: Toward deployable and incoercible E2E elections

End-to-end verifiable election systems (E2E systems) provide a provably correct tally while maintaining the secrecy of each voter's ballot, even if the voter is complicit in demonstrating how they voted. Providing voter incoercibility is one of the main challenges of designing E2E systems, particularly in the case of internet voting. A second challenge is building deployable, human-voteable E2E systems that conform to election laws and conventions. This dissertation examines deployability, coercion-resistance, and their intersection in election systems. In the course of this study, we introduce three new election systems, (Scantegrity, Eperio, and Selections), report on two real-world elections using E2E systems (Punchscan and Scantegrity), and study incoercibility issues in one deployed system (Punchscan). In addition, we propose and study new practical primitives for random beacons, secret printing, and panic passwords. These are tools that can be used in an election to, respectively, generate publicly verifiable random numbers, distribute the printing of secrets between non-colluding printers, and to covertly signal duress during authentication. While developed to solve specific problems in deployable and incoercible E2E systems, these techniques may be of independent interest