18 research outputs found
Verifiability Analysis of CHVote
This document details analyses of verifiability properties of the CH-Vote v1.3 electronic voting protocol, as defined by the preprint publication [12]. Informally, these properties are:
• Individual verifiability: a voter is convinced that a ballot confirmed as coming from the voter contains his intended vote
• Ballot verifiability: all ballots that are confirmed contain correct votes
• Eligibility uniqueness: there are no two distinct entries in the list of confirmed ballots which correspond to the same voter
• Confirmed as intended: if a confirmed ballot is on the bulletin board for some voter, then that ballot records that voter’s voting intention
• Universal verifiability: any party can verify that the votes on this board were tallied correctly
The analyses employ the currently well-established approach used within the scientific community. Specifically, they rely on mathematical abstractions for the adversary and for the system under analysis, as well as mathematical formulations of the properties to be established.
Mathematical proofs are then used to establish that (under certain assumptions) the security properties hold. We provide two types of analysis (which differ in the level of abstraction at which they operate). Part I contains a pen-and-paper computational/cryptographic analysis. Part II describes an automated symbolic analysis.
Broadly speaking, both the symbolic and the computational analyses conclude that CH-Vote satisfy the desired security properties under several assumptions. The assumptions include, for example, computational assumptions (which mathematical problems are assumed to be hard), trust assumptions (which parties, if any, are assumed to behave honestly and what are parties assume to know before they interact with the system).
Besides the concrete mathematical statements the analyses led to a number of recommendations which aim to improve the security. Part III concludes with a number of recommendations which reflect assumptions made in the analyses and weaknesses that were identified. The recommendations also sum up the results of a (light) code review of the code available via GitHub 1 – commit 9b0e7c9fcd409, from April 2017
Cast-as-Intended Mechanism with Return Codes Based on PETs
We propose a method providing cast-as-intended verifiability for remote
electronic voting. The method is based on plaintext equivalence tests (PETs),
used to match the cast ballots against the pre-generated encrypted code tables.
Our solution provides an attractive balance of security and functional
properties. It is based on well-known cryptographic building blocks and relies
on standard cryptographic assumptions, which allows for relatively simple
security analysis. Our scheme is designed with a built-in fine-grained
distributed trust mechanism based on threshold decryption. It, finally, imposes
only very little additional computational burden on the voting platform, which
is especially important when voters use devices of restricted computational
power such as mobile phones. At the same time, the computational cost on the
server side is very reasonable and scales well with the increasing ballot size
Did you mix me? Formally Verifying Verifiable Mix Nets in Electronic Voting
Verifiable mix nets, and specifically proofs of (correct) shuffle, are a fundamental building block in numerous applications: these zero-knowledge proofs allow the prover to produce a public transcript which can be perused by the verifier to confirm the purported shuffle. They are particularly vital to verifiable electronic voting, where they underpin almost all voting schemes with non-trivial tallying methods. These complicated pieces of cryptography are a prime location for critical errors which might allow undetected modification of the outcome.
The best solution to preventing these errors is to machine-check the cryptographic properties of the design and implementation of the mix net. Particularly crucial for the integrity of the outcome is the soundness of the design and implementation of the verifier (software). Unfortunately, several different encryption schemes are used in many different slight variations which makes t infeasible to machine-check every single case individually. However, a particular optimized variant of the Terelius-Wikstrom mix net is, and has been, widely deployed in elections including national elections in Norway, Estonia and Switzerland, albeit with many slight variations and several different encryption schemes.
In this work, we develop the logical theory and formal methods tools to machine-check the design and implementation of all these variants of Terelius-Wikstrom mix nets, for all the different encryption schemes used; resulting in provably correct mix nets for all these different variations. We do this carefully to ensure that we can extract a formally verified implementation of the verifier (software) which is compatible with existing deployed implementations of the Terelius-Wikstrom mix net. This gives us provably correct implementations of the verifiers for more than half of the national elections which have used verifiable mix nets.
Our implementation of a proof of correct shuffle is the first to be machine-checked to be cryptographically correct and able to verify proof transcripts from national elections. We demonstrate the practicality of our implementation by verifying transcripts produced by the Verificatum mix net system and the CHVote evoting system from Switzerland
Seventh International Joint Conference on Electronic Voting
This volume contains papers presented at E-Vote-ID 2022, the Seventh International JointConference on Electronic Voting, held during October 4–7, 2022. This was the first in-personconference following the COVID-19 pandemic, and, as such, it was a very special event forthe community since we returned to the traditional venue in Bregenz, Austria. The E-Vote-IDconference resulted from merging EVOTE and Vote-ID, and 18 years have now elapsed sincethe first EVOTE conference in Austria.Since that conference in 2004, over 1500 experts have attended the venue, including scholars,practitioners, authorities, electoral managers, vendors, and PhD students. E-Vote-ID collectsthe most relevant debates on the development of electronic voting, from aspects relating tosecurity and usability through to practical experiences and applications of voting systems, alsoincluding legal, social, or political aspects, amongst others, turning out to be an importantglobal referent on these issues
Belenios: a simple private and verifiable electronic voting system
International audienceWe present the electronic voting protocol Belenios together with its associated voting platform. Belenios guarantees vote privacy and full verifiability, even against a compromised voting server. While the core of the voting protocol was already described and formally proved secure, we detail here the complete voting system from the setup to the tally and the recovery procedures. We comment on the use of Belenios in practice. In particular, we discuss the security choices made by election administrators w.r.t. the decryption key and the delegation of some setup tasks to the voting platform
BeleniosVS: Secrecy and Verifiability against a Corrupted Voting Device
Electronic voting systems aim at two conflicting properties, namely privacy and verifiability, while trying to minimise the trust assumptions on the various voting components. Most existing voting systems either assume trust in the voting device or in the voting server. We propose a novel remote voting scheme BeleniosVS that achieves both privacy and verifiability against a dishonest voting server as well as a dishonest voting device. In particular, a voter does not leak her vote to her voting device and she can check that her ballot on the bulletin board does correspond to her intended vote. More specifically, we assume two elections authorities: the voting server and a registrar that acts only during the setup. Then BeleniosVS guarantees both privacy and verifiability against a dishonest voting device, provided that not both election authorities are corrupted. Additionally, our scheme guarantees receipt-freeness against an external adversary. We provide a formal proof of privacy, receipt-freeness, and verifiability using the tool ProVerif, covering a hundred cases of threat scenarios. Proving verifiability required to develop a set of sufficient conditions, that can be handled by ProVerif. This contribution is of independent interest
A Protocol for Cast-as-Intended Verifiability with a Second Device
Numerous institutions, such as companies, universities, or non-governmental
organizations, employ Internet voting for remote elections. Since the main
purpose of an election is to determine the voters' will, it is fundamentally
important to ensure that the final election result correctly reflects the
voters' votes. To this end, modern secure Internet voting schemes aim for what
is called end-to-end verifiability. This fundamental security property ensures
that the correctness of the final result can be verified, even if some of the
computers or parties involved are malfunctioning or corrupted.
A standard component in this approach is so called cast-as-intended
verifiability which enables individual voters to verify that the ballots cast
on their behalf contain their intended choices. Numerous approaches for
cast-as-intended verifiability have been proposed in the literature, some of
which have also been employed in real-life Internet elections.
One of the well established approaches for cast-as-intended verifiability is
to employ a second device which can be used by voters to audit their submitted
ballots. This approach offers several advantages - including support for
flexible ballot/election types and intuitive user experience - and it has been
used in real-life elections, for instance in Estonia.
In this work, we improve the existing solutions for cast-as-intended
verifiability based on the use of a second device. We propose a solution which,
while preserving the advantageous practical properties sketched above, provides
tighter security guarantees. Our method does not increase the risk of
vote-selling when compared to the underlying voting protocol being augmented
and, to achieve this, it requires only comparatively weak trust assumptions. It
can be combined with various voting protocols, including commitment-based
systems offering everlasting privacy
A toolbox for verifiable tally-hiding e-voting systems
Cryptology ePrint Archive: Report 2021/491https://eprint.iacr.org/2021/491International audienceIn most verifiable electronic voting schemes, one key step is the tally phase, where the election result is computed from the encrypted ballots. A generic technique consists in first applying (verifiable) mixnets to the ballots and then revealing all the votes in the clear. This however discloses much more information than the result of the election itself (that is, the winners) and may offer the possibility to coerce voters. In this paper, we present a collection of building blocks for designing tally-hiding schemes based on multi-party computations. As an application, we propose the first tally-hiding schemes with no leakage for four important counting functions: D'Hondt, Condorcet, STV, and Majority Judgment. We also unveil unknown flaws or leakage in several previously proposed tally-hiding schemes