sVote with control components voting protocol: computational proof of complete verifiability and privacy

This document details the cryptographic analysis of the sVote v2.2.1 system - an e-voting solution developed by Scytl for the Switzerland context. We prove the complete verifiability and privacy under the Swiss legislation's informally stated goals. First, we derive the trust model for complete verifiability and voting secrecy from the Swiss Chancellery's requirements, supporting our interpretation by quotes from and references to relevant excerpts of the ordinance and the corresponding technical annex. Then, based on the derived model, we prove that sVote with Control Components provides complete verifiability and guarantees voting secrecy and the non-disclosure of early provisional results. We demonstrate that sVote fulfills the requirements of the Swiss federal chancellery for completely verifiable E-voting systems. In other words, we show that an adversary cannot break the complete verifiability and voting secrecy properties of sVote without being detected by either the voter or auditors.sVote with Control components is a cryptographic voting protocol that provides complete verifiability and guarantees voting secrecy and the non-disclosure of early provisional results. This report demonstrates that sVote fulfills the requirements of the Swiss federal chancellery for completely verifiable E-voting systems. We extract precise requirements from the ordinance and the corresponding technical annex and model the sVote cryptographic voting protocol based on its design documents. Based on this model, we show in a detailed security analysis that an adversary cannot break the complete verifiability and voting secrecy properties of sVote without being detected by either the voter or by auditorsThis work has received funding from the European Commission under the auspices of PROMETHEUS Project, Horizon 2020 Innovation Action (Grant Agreement No. 780701).Preprin

Dubious security practices in e-voting schemes Between tech and legal standards

Remote electronic voting has been around for a few decades now. However, some legal uncertainty regarding its uses remains. In this paper, we would like to highlight and discuss several techniques used in e-voting which may not be fully compliant with the law. We analyze several e-voting practices that rely on the addition of dummy ballots and show how they conflict with legal standards. Specifically, we focus on cases where dummy ballots are required for: better performance, testing, participation privacy, or preventing coercion. We argue that these practices may raise issues with the standards of authenticity and eligibility, as well as with the principle “one voter, one vote”. Our research aims to offer a better understanding of how legal principles can be interpreted to ensure the legality of technological proposals in e-voting

sVote with Control Components Voting Protocol. Computational Proof of Complete Verifiability and Privacy.

This document details the cryptographic analysis of the sVote v2.2.1 system - an e-voting solution developed by Scytl for the Switzerland context. We prove the complete verifiability and privacy under the Swiss legislation\u27s informally stated goals. First, we derive the trust model for complete verifiability and voting secrecy from the Swiss Chancellery\u27s requirements [1][2], supporting our interpretation by quotes from and references to relevant excerpts of the ordinance and the corresponding technical annex. Then, based on the derived model, we prove that sVote with Control Components provides complete verifiability and guarantees voting secrecy and the non-disclosure of early provisional results. We demonstrate that sVote fulfills the requirements of the Swiss federal chancellery for completely verifiable E-voting systems. In other words, we show that an adversary cannot break the complete verifiability and voting secrecy properties of sVote without being detected by either the voter or auditors. [1] Technical and administrative requirements for electronic vote casting v 2.0 https://www.bk.admin.ch/dam/bk/en/dokumente/pore/Annex_of_the_Federal_Chancellery_Ordinance_on_Electronic_Voting_V2.0_July_2018.pdf.download.pdf/Annex_of_the_Federal_Chancellery_Ordinance_on_Electronic_Voting_V2.0_July_2018.pdf [2] Federal Chancellery Ordinance on Electronic Voting https://www.fedlex.admin.ch/eli/cc/2013/859/e

How to avoid repetitions in lattice-based deniable zero-knowledge proofs

Interactive zero-knowledge systems are a very important cryptographic primitive, used in many applications, especially when deniability (also known as non-transferability) is desired. In the lattice-based setting, the currently most efficient interactive zero-knowledge systems employ the technique of rejection sampling, which implies that the interaction does not always finish correctly in the first execution; the whole interaction must be re-run until abort does not happen. While repetitions due to aborts are acceptable in theory, in some practical applications it is desirable to avoid re-runs for usability reasons. In this work we present a generic technique that departs from an interactive zero-knowledge system (that might require multiple re-runs to complete the protocol) and obtains a 3-moves zero-knowledge system (without re-runs). The transformation combines the well-known Fiat-Shamir technique with a couple of initially exchanged messages. The resulting 3-moves system enjoys honest-verifier zero-knowledge and can be easily turned into a fully deniable proof using standard techniques. We show some practical scenarios where our transformation can be beneficial and we also discuss the results of an implementation of our transformation.Preprin

On remote electronic voting with both coercion resistance and cast-as-intended verifiability

In this work, we study two essential but apparently contradictory properties of electronic voting systems: coercion resistance (CR) and cast-as-intended verifiability (CAI). Informally, the CR property ensures that a voter cannot prove to anybody else the vote content, which prevents vote selling and voting under duress. The CAI property ensures that a malicious voting device cannot cheat the voter and send to the ballot box an encryption of a voting option different from the one chosen by the voter. In this work, we formalize security definitions capturing both coercion resistance and cast-as-intended verification in settings without secure delivery channels between the election authority and voters. After that, we consider some previously proposed solutions aimed at providing these two properties. For some of them (that we call unsatisfactory solutions) we show why they fail to achieve some of the two properties. We then concentrate on one of the two generic solutions that we call satisfactory: we prove that it satisfies the two proposed definitions and we detail how it can be instantiated in both classical cryptographic (e.g., ElGamal ciphertexts) and quantum-resistant (e.g., using lattice-based cryptosystems) settings.This work has been supported by the Spanish Ministerio de Ciencia e Innovación (MICINN), under Project PID2019-109379RB-I00, and by Generalitat de Catalunya, under Project DI 2018-038.Postprint (published version

How (not) to achieve both coercion resistance and cast as intended verifiability in remote eVoting

The version of record is available online at:10.1007/978-3-030-92548-2_25We consider the problem of achieving, at the same time, cast-as-intended verifiability and coercion resistance, in remote electronic voting systems where there are no secure channels through which voters can receive secret information/credentials before the voting phase. We discuss why some simple solutions fail to achieve the two desired notions and we propose (a bit) more involved solutions that are satisfactory. Part of the discussion is closely related to the gap “full versus honest-verifier” when defining the zero-knowledge property of cryptographic zero-knowledge systems.Peer ReviewedPostprint (author's final draft