Nikos Chondros,Bingsheng Zhang,Thomas Zacharias,Panos Diamantopoulos,Stathis Maneas,Christos Patsonakis,Alex Delis,Aggelos Kiayias,Mema Roussopoulos

DOI: https://doi.org/10.1109/icdcs.2016.56

2015-01-01

Abstract:E-voting systems have emerged as a powerful technology for improving democracy by reducing election cost, increasing voter participation, and even allowing voters to directly verify the entire election procedure. Prior internet voting systems have single points of failure, which may result in the compromise of availability, voter secrecy, or integrity of the election results. In this paper, we present the design, implementation, security analysis, and evaluation of D-DEMOS, a complete e-voting system that is distributed, privacy-preserving and end-to-end verifiable. Our system includes a fully asynchronous vote collection subsystem that provides immediate assurance to the voter her vote was recorded as cast, without requiring cryptographic operations on behalf of the voter. We also include a distributed, replicated and fault-tolerant Bulletin Board component, that stores all necessary election-related information, and allows any party to read and verify the complete election process. Finally, we also incorporate trustees, i.e., individuals who control election result production while guaranteeing privacy and end-to-end-verifiability as long as their strong majority is honest. Our system is the first e-voting system whose voting operation is human verifiable, i.e., a voter can vote over the web, even when her web client stack is potentially unsafe, without sacrificing her privacy, and still be assured her vote was recorded as cast. Additionally, a voter can outsource election auditing to third parties, still without sacrificing privacy. Finally, as the number of auditors increases, the probability of election fraud going undetected is diminished exponentially. We provide a model and security analysis of the system. We implement a prototype of the complete system, we measure its performance experimentally, and we demonstrate its ability to handle large-scale elections.

Nikos Chondros,Bingsheng Zhang,Thomas Zacharias,Panos Diamantopoulos,Stathis Maneas,Christos Patsonakis,Alex Delis,Aggelos Kiayias,Mema Roussopoulos

DOI: https://doi.org/10.1016/j.cose.2019.03.001

IF: 5.105

2019-01-01

Computers & Security

Abstract:We present the D-DEMOS suite of distributed, privacy-preserving, and end-to-end verifiable e-voting systems; one completely asynchronous and one with minimal timing assumptions but better performance. Their distributed voting operation is human verifiable; a voter can vote over the web, using an unsafe web client stack, without sacrificing her privacy, and get recorded-as-cast assurance. Additionally, a voter can outsource election auditing to third parties, still without sacrificing privacy. We provide a model and security analysis of the systems, implement prototypes of the complete systems, measure their performance experimentally, demonstrate their ability to handle large-scale elections, and demonstrate the performance trade-offs between the two versions.

Eleanor McMurtry,Xavier Boyen,Chris Culnane,Kristian Gjøsteen,Thomas Haines,Vanessa Teague

DOI: https://doi.org/10.48550/arXiv.2111.04210

2021-11-09

Abstract:We propose a protocol for verifiable remote voting with paper assurance. It is intended to augment existing postal voting procedures, allowing a ballot to be electronically constructed, printed on paper, then returned in the post. It allows each voter to verify that their vote has been correctly cast, recorded and tallied by the Electoral Commission. The system is not end-to-end verifiable, but does allow voters to detect manipulation by an adversary who controls either the voting device, or (the postal service and electoral commission) but not both. The protocol is not receipt-free, but if the client honestly follows the protocol (including possibly remembering everything), they cannot subsequently prove how they voted. Our proposal is the first to combine plain paper assurance with cryptographic verification in a (passively) receipt-free manner.

Cryptography and Security

Robert Riemann,Stéphane Grumbach

DOI: https://doi.org/10.5220/0006228504990505

2017-05-12

Abstract:While online services emerge in all areas of life, the voting procedure in many democracies remains paper-based as the security of current online voting technology is highly disputed. We address the issue of trustworthy online voting protocols and recall therefore their security concepts with its trust assumptions. Inspired by the Bitcoin protocol, the prospects of distributed online voting protocols are analysed. No trusted authority is assumed to ensure ballot secrecy. Further, the integrity of the voting is enforced by all voters themselves and without a weakest link, the protocol becomes more robust. We introduce a taxonomy of notions of distribution in online voting protocols that we apply on selected online voting protocols. Accordingly, blockchain-based protocols seem to be promising for online voting due to their similarity with paper-based protocols.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Qinyuan Feng,Yan Lindsay Sun,Ling Liu,Yafei Yang,Yafei Dai

DOI: https://doi.org/10.1109/tkde.2009.214

IF: 9.235

2010-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:With the popularity of voting systems in cyberspace, there is growing evidence that current voting systems can be manipulated by fake votes. This problem has attracted many researchers working on guarding voting systems in two areas: relieving the effect of dishonest votes by evaluating the trust of voters, and limiting the resources that can be used by attackers, such as the number of voters and the number of votes. In this paper, we argue that powering voting systems with trust and limiting attack resources are not enough. We present a novel attack named as Reputation Trap (RepTrap). Our case study and experiments show that this new attack needs much less resources to manipulate the voting systems and has a much higher success rate compared with existing attacks. We further identify the reasons behind this attack and propose two defense schemes accordingly. In the first scheme, we hide correlation knowledge from attackers to reduce their chance to affect the honest voters. In the second scheme, we introduce robustness-of-evidence, a new metric, in trust calculation to reduce their effect on honest voters. We conduct extensive experiments to validate our approach. The results show that our defense schemes not only can reduce the success rate of attacks but also significantly increase the amount of resources an adversary needs to launch a successful attack.

Ke Yuan,Peng Sang,Suya Zhang,Xi Chen,Wei Yang,Chunfu Jia

DOI: https://doi.org/10.7717/peerj-cs.1649

2023-10-18

Abstract:Compared with paper-based voting, electronic voting not only has advantages in storage and transmission, but also can solve the security problems that exist in traditional voting. However, in practice, most electronic voting faces the risk of voting failure due to malicious voting by voters or ballot tampering by attackers. To solve this problem, this article proposes an electronic voting scheme based on homomorphic encryption and decentralization, which uses the Paillier homomorphic encryption method to ensure that the voting results are not leaked until the election is over. In addition, the scheme applies signatures and two layers of encryption to the ballots. First, the ballot is homomorphically encrypted using the homomorphic public key; then, the voter uses the private key to sign the ballot; and finally, the ballot is encrypted using the public key of the counting center. By signing the ballots and encrypting them in two layers, the security of the ballots in the transmission process and the establishment of the decentralized scheme are guaranteed. The security analysis shows that the proposed scheme can guarantee the completeness, verifiability, anonymity, and uniqueness of the electronic voting scheme. The performance analysis shows that the computational efficiency of the proposed scheme is improved by about 66.7% compared with the Fan et al. scheme (https://doi.org/10.1016/j.future.2019.10.016).

J. Alex Halderman,Vanessa Teague

DOI: https://doi.org/10.48550/arXiv.1504.05646

2015-06-06

Abstract:In the world's largest-ever deployment of online voting, the iVote Internet voting system was trusted for the return of 280,000 ballots in the 2015 state election in New South Wales, Australia. During the election, we performed an independent security analysis of parts of the live iVote system and uncovered severe vulnerabilities that could be leveraged to manipulate votes, violate ballot privacy, and subvert the verification mechanism. These vulnerabilities do not seem to have been detected by the election authorities before we disclosed them, despite a pre-election security review and despite the system having run in a live state election for five days. One vulnerability, the result of including analytics software from an insecure external server, exposed some votes to complete compromise of privacy and integrity. At least one parliamentary seat was decided by a margin much smaller than the number of votes taken while the system was vulnerable. We also found protocol flaws, including vote verification that was itself susceptible to manipulation. This incident underscores the difficulty of conducting secure elections online and carries lessons for voters, election officials, and the e-voting research community.

Cryptography and Security

Kamred Udham Singh

DOI: https://doi.org/10.17762/msea.v70i2.2319

2021-02-26

Mathematical Statistician and Engineering Applications

Abstract:Abstract The potential of electronic voting to improve the efficiency and effectiveness of the voting process is immense. However, its security and privacy are still a major concern. Traditional methods of securing such systems, such as digital signatures and public key cryptography, are not always ideal when it comes to safeguarding the confidentiality of ballots. In this paper, we introduce a novel method for securing electronic voting ballots that utilizes homomorphic encryption. This method allows for the computation of ballots without needing decryption. The proposed e-voting system is composed of three servers. The first one is an e-voting server that stores the voter's information before it is sent to the tallying or decryption server. The latter two are used to calculate the total vote count and decrypt it. To evaluate the performance of this proposed system, we performed a series of tests on its various components. These included its execution time, memory usage, CPU usage, and communication overhead. The results of the tests revealed that the proposed system is secure and can maintain acceptable performance levels. The proposed system's accuracy and robustness are comparable to that of conventional e-voting systems. Its ability to withstand attacks is greatly enhanced by implementing homomorphic encryption. The proposed e-voting system we presented exhibited the security and privacy benefits of homomorphic encryption. By enabling computations on encrypted data without needing decryption, it helps protect the ballot's confidentiality and provides reliable and accurate results.

Marie-Laure Zollinger,Verena Distler,Peter B. Roenne,Peter Y. A. Ryan,Carine Lallemand,Vincent Koenig

DOI: https://doi.org/10.48550/arXiv.2105.14901

2021-06-15

Abstract:This paper presents a mobile application for vote-casting and vote-verification based on the Selene e-voting protocol and explains how it was developed and implemented using the User Experience Design process. The resulting interface was tested with 38 participants, and user experience data was collected via questionnaires and semi-structured interviews on user experience and perceived security. Results concerning the impact of displaying security mechanisms on UX were presented in a complementary paper. Here we expand on this analysis by studying the mental models revealed during the interviews and compare them with theoretical security notions. Finally, we propose a list of improvements for designs of future voting protocols.

Human-Computer Interaction

Meiqi Li,Xinyi Luo,Wentuo Sun,Jian Li,Kaiping Xue

DOI: https://doi.org/10.1109/icc45855.2022.9838840

2022-01-01

Abstract:E-voting plays a vital role in modern social life. However, traditional e-voting systems usually rely on a trusted third party and therefore non-verifiable and prone to a single point of failure. In recent years, many researchers have tried to turn to blockchain to eliminate the vulnerabilities of e-voting systems. However, blockchain-based e-voting brings new problems in protecting voters’ privacy and ballots’ confidentiality, and causes a great performance degradation. In this paper, we propose AvecVoting, an anonymous and verifiable blockchain-based e-voting scheme, providing both strong security and high performance. Specifically, we utilize threshold encryption and one-time ring signature to protect voters’ privacy and ballots’ confidentiality. Furthermore, to improve the performance, we introduce the concept "counter" to count the ballots. Through the carefully designed RandomSortition and reputation-based PayOff algorithms based on smart contracts, AvecVoting can achieve correct counting even when some counters are untrustworthy. Our security and performance analyses show that AvecVoting provides strong security such as anonymity, non-repeatability, confidentiality, verifiability, etc., and meanwhile overcome the performance issues caused by blockchain and provides good efficiency in both voting and counting stages.

Yun-Xing Kho,Swee-Huay Heng,Ji-Jian Chin

DOI: https://doi.org/10.3390/sym14050858

2022-04-21

Symmetry

Abstract:A vast number of e-voting schemes including mix-net-based e-voting, homomorphic e-voting, blind signature-based e-voting, blockchain-based e-voting, post-quantum e-voting, and hybrid e-voting have been proposed in the literature for better security and practical implementation. In this paper, we review various e-voting approaches to date. We first compare the structures, advantages, and disadvantages of the different e-voting approaches. We then summarise the security properties of the e-voting approaches in terms of their functional requirements and security requirements. In addition, we provide a comprehensive review of various types of e-voting approaches in terms of their security properties, underlying tools, distinctive features, and weaknesses. We also discuss some practical considerations in the design of e-voting systems. Subsequently, some potential research directions are suggested based on our observations.

Ben Adida,John Caron,Arash Mirzaei,Vanessa Teague

2024-10-10

Abstract:Overseas military personnel often face significant challenges in participating in elections due to the slow pace of traditional mail systems, which can result in ballots missing crucial deadlines. While internet-based voting offers a faster alternative, it introduces serious risks to the integrity and privacy of the voting process. We introduce the MERGE protocol to address these issues by combining the speed of electronic ballot delivery with the reliability of paper returns. This protocol allows voters to submit an electronic record of their vote quickly while simultaneously mailing a paper ballot for verification. The electronic record can be used for preliminary results, but the paper ballot is used in a Risk Limiting Audit (RLA) if received in time, ensuring the integrity of the election. This approach extends the time window for ballot arrival without undermining the security and accuracy of the vote count.

Cryptography and Security

Olamide Olanubi,Opeyemi Joshua Adelowo,Emmanuel Ifeanyi Obeagu

DOI: https://doi.org/10.9734/ajrcos/2023/v16i4379

2023-10-13

Asian Journal of Research in Computer Science

Abstract:Background: The growing concern over phishing attacks on voting systems, particularly with the rise of online voting, has highlighted vulnerabilities in elections. The convenience of internet voting has led to security risks like clone phishing attacks. While online voting offers accessibility benefits, security, privacy, and usability issues have arisen. Multi-factor authentication (MFA) has been proposed to enhance security in mobile internet voting systems. Visual cryptography, dividing images into shares for decentralized data storage, is suggested to counter clone phishing. MFA's effectiveness in various sectors is established, and secure voting systems combining visual cryptography and blockchain have been proposed. This research sought to bolster the security of the voting system using visual cryptography and multi-factor authentication (MFA), with the goal of increasing voter trust and the reliability of the voting procedure, by designing a secure system and evaluating its performance, accuracy, and accessibility. Methodology: The researchers developed an improved voting system using visual cryptography and multi-factor authentication, assessed its performance against Eligo and Voxvote, utilized Java for programming, MYSQL via XAMPP for the database, HTML, CSS, JavaScript, and PHP (Laravel) for client-server sides. The Scrum agile methodology was followed, employing brief sprints for adaptive development. Evaluation was done through web tools and benchmarks. The system's architecture and flowchart were presented, featuring an interactive GUI, Java 2 platform, MySQL, PHP 7, and specific hardware/software requirements. System setup included database and server configuration, fingerprint scanner installation, and Java runtime setup. Deployment involved executing a built Java program, and system testing was conducted on Windows 10, utilizing the Apache server and initiating the "Electronic Voting" program for online multi-factor authentication. Results: Achieving a performance rate of 92%, the developed system surpassed its competitors Eligo and Voxvote, which achieved scores of 15% and 33% correspondingly, as indicated by the data. Eligo and Voxvote attained scores of 88% and 80% individually, whereas the newly designed system obtained a rating of 93% in terms of accessibility. Nonetheless, the research also highlighted specific downsides, encompassing intricacy, reluctance to embrace change, and technological barriers. To tackle these issues and enhance the adoption of such systems, these limitations underscore the necessity for further investigation and advancement. Conclusion: The study demonstrates that integrating multi-factor authentication and visual cryptography significantly enhances voting system security, reducing clone phishing risks. Visual cryptography secures decryption keys, preserving voting integrity, while multi-factor authentication adds defence against unauthorized access. The researcher's online voting system outperforms competitors in performance metrics and accessibility. The study underscores the importance of combining these techniques for improved voting system reliability and security.

Carmen A. Haseltine,Laura A. Albert

2024-10-16

Abstract:The scrutiny surrounding vote-by-mail (VBM) in the United States has increased in recent years, raising concerns about the integrity and security of absentee voting. This paper addresses these issues by introducing a dynamic mathematical modeling framework for performing a risk assessment of VBM processes. We introduce a discrete-time Markov chain (DTMC) to model the VBM process and assess election performance and risk with a novel layered network approach that considers the interplay between VBM processes, malicious and non-malicious threats, and security mitigations. The time-inhomogeneous DTMC framework captures dynamic risks and evaluates performance over time. The DTMC model accounts for a spectrum of outcomes, from unintended voter errors to sophisticated, targeted attacks, representing a significant advancement in the risk assessment of VBM planning and protection. A case study based on real-world data from Milwaukee County, Wisconsin, is used to evaluate the DTMC model. The analysis includes the development of attack scenarios to assess the system's resilience and the evaluation of security measures. The analysis suggests that ballot drop boxes and automatic ballot notification systems are crucial for ensuring secure and reliable operations.

Cryptography and Security,Probability

Tomasz Raducha,Jarosław Klamut,Roger Cremades,Paul Bouman,Mateusz Wiliński

2023-08-20

Abstract:The two most common types of electoral systems (ES) used in electing national legislatures are proportional representation and plurality voting. When they are evaluated, most often the arguments come from social choice theory and political sciences. The former overall uses an axiomatic approach including a list of mathematical criteria a system should fulfill. The latter predominantly focuses on the trade-off between proportionality of apportionment and governability. However, there is no consensus on the best ES, nor on the set of indexes and measures that would be the most important in such assessment. Moreover, the ongoing debate about the fairness of national elections neglects the study of their vulnerabilities. Here we address this research gap with a framework that can measure electoral systems' vulnerability to different means of influence. Using in silico analysis we show that plurality voting systems are less stable than proportional representation. They are also more susceptible to political agitators and media propaganda. A review of real-world ES reveals possible improvements in their design leading to lower susceptibility. Additionally, our simulation framework allows computation of popular indexes, as the Gallagher index or the effective number of parties, in different scenarios. Our work provides a new tool for dealing with modern threats to democracy that could destabilize voting processes. Furthermore, our results add an important argument in a long-standing discussion on evaluation of ES.

Physics and Society,Social and Information Networks

Aggelos Kiayias,Thomas Zacharias,Bingsheng Zhang

DOI: https://doi.org/10.1108/ics-07-2016-0056

2017-01-01

Information and Computer Security

Abstract:Purpose This paper aims to investigate the importance of auditing for election privacy via issues that appear in the state-of-the-art implementations of e-voting systems that apply threshold public key encryption (TPKE) in the client such as Helios and use a bulletin board (BB). Design/methodology/approach Argumentation builds upon a formal description of a typical TPKE-based e-voting system where the election authority (EA) is the central node in a star network topology. The paper points out the weaknesses of the said topology with respect to privacy and analyzes how these weaknesses affect the security of several instances of TPKE-based e-voting systems. Overall, it studies the importance of auditing from a privacy aspect. Findings The paper shows that without public key infrastructure (PKI) support or – more generally – authenticated BB “append” operations, TPKE-based e-voting systems are vulnerable to attacks where the malicious EA can act as a man-in-the-middle between the election trustees and the voters; hence, it can learn how the voters have voted. As a countermeasure for such attacks, this work suggests compulsory trustee auditing. Furthermore, it analyzes how lack of cryptographic proof verification affects the level of privacy that can be provably guaranteed in a typical TPKE e-voting system. Originality/value As opposed to the extensively studied importance of auditing to ensure election integrity, the necessity of auditing to protect privacy in an e-voting system has been mostly overlooked. This paper reveals design weaknesses present in noticeable TPKE-based e-voting systems that can lead to a total breach of voters’ privacy and shows how auditing can be applied for providing strong provable privacy guarantees.

Pierrick Gaudry,Alexander Golovnev

DOI: https://doi.org/10.48550/arXiv.1908.05127

2019-11-16

Abstract:In September 2019, voters for the election at the Parliament of the city of Moscow were allowed to use an Internet voting system. The source code of it had been made available for public testing. In this paper we show two successful attacks on the encryption scheme implemented in the voting system. Both attacks were sent to the developers of the system, and both issues had been fixed after <a class="link-external link-http" href="http://that.The" rel="external noopener nofollow">this http URL</a> encryption used in this system is a variant of ElGamal over finite fields. In the first attack we show that the used key sizes are too small. We explain how to retrieve the private keys from the public keys in a matter of minutes with easily available <a class="link-external link-http" href="http://resources.When" rel="external noopener nofollow">this http URL</a> this issue had been fixed and the new system had become available for testing, we discovered that the new implementation was not semantically secure. We demonstrate how this newly found security vulnerability can be used for counting the number of votes cast for a candidate.

Cryptography and Security

Tamir Tassa,Lihi Dery

2024-07-10

Abstract:Electronic voting systems are essential for holding virtual elections, and the need for such systems increases due to the COVID-19 pandemic and the social distancing that it mandates. One of the main challenges in e-voting systems is to secure the voting process: namely, to certify that the computed results are consistent with the cast ballots, and that the privacy of the voters is preserved. We propose herein a secure voting protocol for elections that are governed by order-based voting rules. Our protocol offers perfect ballot secrecy, in the sense that it issues only the required output, while no other information on the cast ballots is revealed. Such perfect secrecy, which is achieved by employing secure multiparty computation tools, may increase the voters' confidence and, consequently, encourage them to vote according to their true preferences. Evaluation of the protocol's computational costs establishes that it is lightweight and can be readily implemented in real-life electronic elections.

Cryptography and Security

Andrew W. Appel,Philip B. Stark

2024-11-19

Abstract:The recently published "MERGE" protocol is designed to be used in the prototype CAC-vote system. The voting kiosk and protocol transmit votes over the internet and then transmit voter-verifiable paper ballots through the mail. In the MERGE protocol, the votes transmitted over the internet are used to tabulate the results and determine the winners, but audits and recounts use the paper ballots that arrive in time. The enunciated motivation for the protocol is to allow (electronic) votes from overseas military voters to be included in preliminary results before a (paper) ballot is received from the voter. MERGE contains interesting ideas that are not inherently unsound; but to make the system trustworthy--to apply the MERGE protocol--would require major changes to the laws, practices, and technical and logistical abilities of U.S. election jurisdictions. The gap between theory and practice is large and unbridgeable for the foreseeable future. Promoters of this research project at DARPA, the agency that sponsored the research, should acknowledge that MERGE is internet voting (election results rely on votes transmitted over the internet except in the event of a full hand count) and refrain from claiming that it could be a component of trustworthy elections without sweeping changes to election law and election administration throughout the U.S.

Cryptography and Security,Computers and Society

Zikai Wang,Xinyi Luo,Meiqi Li,Wentuo Sun,Kaiping Xue

DOI: https://doi.org/10.1109/globecom48099.2022.10001590

2022-01-01

Abstract:E-voting plays a vital role in guaranteeing and promoting social fairness and democracy. However, traditional e-voting schemes rely on a centralized organization, leading to a crisis of trust in the vote-counting results. In response to this problem, researchers have introduced blockchain to realize decentralized e-voting, but the adoption of blockchain also brings new issues in terms of flexibility, anonymity, and usability. To this end, in this paper, we propose WeVoting, which provides weight-based flexibility with solid anonymity and enhances usability by designing a voter-independent on-chain counting mechanism. Specifically, we use distributed ElGamal homomorphic encryption and zero-knowledge proof to achieve voting anonymity with weight. Besides, WeVoting develops a counter-based counting mechanism to enhance usability compared with those self-tallying schemes. By critically designing an honesty-and-activity-based incentive algorithm, WeVoting can guarantee a correct counting result even in the presence of malicious counters. Our security and performance analyses elaborate that WeVoting achieves high anonymity in weighed voting under the premise of meeting the basic security requirements of e-voting. And meanwhile, its counting mechanism is sufficient for practical demands with reasonable overheads.