Public Evidence from Secret Ballots

Elections seem simple---aren't they just counting? But they have a unique, challenging combination of security and privacy requirements. The stakes are high; the context is adversarial; the electorate needs to be convinced that the results are correct; and the secrecy of the ballot must be ensured. And they have practical constraints: time is of the essence, and voting systems need to be affordable and maintainable, and usable by voters, election officials, and pollworkers. It is thus not surprising that voting is a rich research area spanning theory, applied cryptography, practical systems analysis, usable security, and statistics. Election integrity involves two key concepts: convincing evidence that outcomes are correct and privacy, which amounts to convincing assurance that there is no evidence about how any given person voted. These are obviously in tension. We examine how current systems walk this tightrope.Comment: To appear in E-Vote-Id '1

A Peered Bulletin Board for Robust Use in Verifiable Voting Systems

The Web Bulletin Board (WBB) is a key component of verifiable election systems. It is used in the context of election verification to publish evidence of voting and tallying that voters and officials can check, and where challenges can be launched in the event of malfeasance. In practice, the election authority has responsibility for implementing the web bulletin board correctly and reliably, and will wish to ensure that it behaves correctly even in the presence of failures and attacks. To ensure robustness, an implementation will typically use a number of peers to be able to provide a correct service even when some peers go down or behave dishonestly. In this paper we propose a new protocol to implement such a Web Bulletin Board, motivated by the needs of the vVote verifiable voting system. Using a distributed algorithm increases the complexity of the protocol and requires careful reasoning in order to establish correctness. Here we use the Event-B modelling and refinement approach to establish correctness of the peered design against an idealised specification of the bulletin board behaviour. In particular we show that for n peers, a threshold of t > 2n/3 peers behaving correctly is sufficient to ensure correct behaviour of the bulletin board distributed design. The algorithm also behaves correctly even if honest or dishonest peers temporarily drop out of the protocol and then return. The verification approach also establishes that the protocols used within the bulletin board do not interfere with each other. This is the first time a peered web bulletin board suite of protocols has been formally verified.Comment: 49 page

Secure and Verifiable Electronic Voting in Practice: the use of vVote in the Victorian State Election

The November 2014 Australian State of Victoria election was the first statutory political election worldwide at State level which deployed an end-to-end verifiable electronic voting system in polling places. This was the first time blind voters have been able to cast a fully secret ballot in a verifiable way, and the first time a verifiable voting system has been used to collect remote votes in a political election. The code is open source, and the output from the election is verifiable. The system took 1121 votes from these particular groups, an increase on 2010 and with fewer polling places

Coercion-Resistant Hybrid Voting Systems

Abstract: This paper proposes hybrid voting systems as a solution for the vote buying and voter coercion problem of electronic voting systems. The key idea is to allow voters to revoke and overrule their electronic votes at the polling station. We analyze the potential and pitfalls of such revocation procedures and give concrete recommendations on how to build a hybrid system offering coercion-resistance based on this feature. Our solution may be of interest to governments, which aim at integrating paper-based and electronic voting systems rather than replacing the former by the latter.

A Proxy Voting Scheme Ensuring Participation Privacy and Receipt-Freeness

Proxy voting is a form of voting meant to support the voters who want to delegate their voting right to a trusted entity, the so-called proxy. Depending on the form of proxy voting, the proxy is either authorized to cast a ballot for the voting option that the voter chooses, or to vote according to her own wishes, if the voter is not sure how to vote and wants to delegate the decision making in the election. While the first form of proxy voting has been applied to traditional elections in order to support the voters who are unable to physically get to a polling station, the second form has been a topic of research in Internet voting. Recently, an Internet voting scheme has been proposed, that extends the well-known Helios scheme towards the functionality of proxy voting. This scheme, however, also has the drawbacks of Helios regarding participation privacy and receipt-freeness. As such, the information whether any voter participated in the election either by casting a direct vote or delegating their vote can be deduced from the published information. The scheme furthermore allows both the voters and the proxies to create receipts that prove casting a ballot for a specific candidate, as well as allows the voters to create receipts that prove delegating to a specific proxy. In this work we use the idea of dummy ballots, proposed in another extension of Helios to extend the proxy voting scheme towards participation privacy and receipt-freeness

E-Voting in an ubicomp world: trust, privacy, and social implications

The advances made in technology have unchained the user from the desktop into interactions where access is anywhere, anytime. In addition, the introduction of ubiquitous computing (ubicomp) will see further changes in how we interact with technology and also socially. Ubicomp evokes a near future in which humans will be surrounded by “always-on,” unobtrusive, interconnected intelligent objects where information is exchanged seamlessly. This seamless exchange of information has vast social implications, in particular the protection and management of personal information. This research project investigates the concepts of trust and privacy issues specifically related to the exchange of e-voting information when using a ubicomp type system

A smart contract system for decentralized borda count voting

In this article, we propose the first self-tallying decentralized e-voting protocol for a ranked-choice voting system based on Borda count. Our protocol does not need any trusted setup or tallying authority to compute the tally. The voters interact through a publicly accessible bulletin board for executing the protocol in a way that is publicly verifiable. Our main protocol consists of two rounds. In the first round, the voters publish their public keys, and in the second round they publish their randomized ballots. All voters provide Non-interactive Zero-Knowledge (NIZK) proofs to show that they have been following the protocol specification honestly without revealing their secret votes. At the end of the election, anyone including a third-party observer will be able to compute the tally without needing any tallying authority. We provide security proofs to show that our protocol guarantees the maximum privacy for each voter. We have implemented our protocol using Ethereum's blockchain as a public bulletin board to record voting operations as publicly verifiable transactions. The experimental data obtained from our tests show the protocol's potential for the real-world deployment