Mark Eldridge

DOI: https://doi.org/10.48550/arXiv.1805.02202

2018-05-06

Abstract:The existing system for determining election results in Australia is, for the most part, secure, accurate and understandable by the average voter. This thesis explores the design of electronic voting systems designed to achieve these same goals, while also improving on the existing system in the areas of counting speed, accuracy, tamper resistance and accessibility. Electronic voting systems have seen limited use within Australian elections, most prominently for State Elections in Victoria (2014), New South Wales (2015) and Western Australia (2017), along with trials of electronic voting systems in federal elections in 2007. This thesis presents an analysis of the iVote electronic voting system used for the 2017 Western Australian State Election (iVote WA), outlining a number of security risks introduced by the use of cloud-based distributed denial of service mitigation. In addition, this thesis presents the results of a cross-sectional survey of Australian voters regarding levels of trust for three voting systems: the existing paper-based system used for Australian federal elections, the iVote WA system, and the vVote system used for the 2014 Victorian State Election. The analysis of iVote, combined with the survey results, are used to inform a recommendation for future research and public policy regarding the use of electronic voting systems in Australian federal elections.

Cryptography and Security

J. Alex Halderman,Vanessa Teague

DOI: https://doi.org/10.48550/arXiv.1504.05646

2015-06-06

Abstract:In the world's largest-ever deployment of online voting, the iVote Internet voting system was trusted for the return of 280,000 ballots in the 2015 state election in New South Wales, Australia. During the election, we performed an independent security analysis of parts of the live iVote system and uncovered severe vulnerabilities that could be leveraged to manipulate votes, violate ballot privacy, and subvert the verification mechanism. These vulnerabilities do not seem to have been detected by the election authorities before we disclosed them, despite a pre-election security review and despite the system having run in a live state election for five days. One vulnerability, the result of including analytics software from an insecure external server, exposed some votes to complete compromise of privacy and integrity. At least one parliamentary seat was decided by a margin much smaller than the number of votes taken while the system was vulnerable. We also found protocol flaws, including vote verification that was itself susceptible to manipulation. This incident underscores the difficulty of conducting secure elections online and carries lessons for voters, election officials, and the e-voting research community.

Cryptography and Security

Panagiotis Grontas,Aris Pagourtzis,Alexandros Zacharakis,Bingsheng Zhang

2018-01-01

Abstract:In this work, we propose a first version of an e-voting scheme that achieves end-to-end verifiability, everlasting privacy and efficient coercion resistance in the JCJ setting. Everlasting privacy is achieved assuming an anonymous channel, without resorting to dedicated channels between the election authorities to exchange private data. In addition, the proposed scheme achieves coercion resistance under standard JCJ assumptions. As a core building block of our scheme, we also propose a new primitive called publicly auditable conditional blind signature (PACBS), where a client receives a token from the signing server after interaction; the token is a valid signature only if a certain condition holds and the validity of the signature can only be checked by a designated verifier. We utilize this primitive to blindly mark votes under coercion in an auditable manner.

Yun-Xing Kho,Swee-Huay Heng,Ji-Jian Chin

DOI: https://doi.org/10.3390/sym14050858

2022-04-21

Symmetry

Abstract:A vast number of e-voting schemes including mix-net-based e-voting, homomorphic e-voting, blind signature-based e-voting, blockchain-based e-voting, post-quantum e-voting, and hybrid e-voting have been proposed in the literature for better security and practical implementation. In this paper, we review various e-voting approaches to date. We first compare the structures, advantages, and disadvantages of the different e-voting approaches. We then summarise the security properties of the e-voting approaches in terms of their functional requirements and security requirements. In addition, we provide a comprehensive review of various types of e-voting approaches in terms of their security properties, underlying tools, distinctive features, and weaknesses. We also discuss some practical considerations in the design of e-voting systems. Subsequently, some potential research directions are suggested based on our observations.

Aggelos Kiayias,Thomas Zacharias,Bingsheng Zhang

DOI: https://doi.org/10.1108/ics-07-2016-0056

2017-01-01

Information and Computer Security

Abstract:Purpose This paper aims to investigate the importance of auditing for election privacy via issues that appear in the state-of-the-art implementations of e-voting systems that apply threshold public key encryption (TPKE) in the client such as Helios and use a bulletin board (BB). Design/methodology/approach Argumentation builds upon a formal description of a typical TPKE-based e-voting system where the election authority (EA) is the central node in a star network topology. The paper points out the weaknesses of the said topology with respect to privacy and analyzes how these weaknesses affect the security of several instances of TPKE-based e-voting systems. Overall, it studies the importance of auditing from a privacy aspect. Findings The paper shows that without public key infrastructure (PKI) support or – more generally – authenticated BB “append” operations, TPKE-based e-voting systems are vulnerable to attacks where the malicious EA can act as a man-in-the-middle between the election trustees and the voters; hence, it can learn how the voters have voted. As a countermeasure for such attacks, this work suggests compulsory trustee auditing. Furthermore, it analyzes how lack of cryptographic proof verification affects the level of privacy that can be provably guaranteed in a typical TPKE e-voting system. Originality/value As opposed to the extensively studied importance of auditing to ensure election integrity, the necessity of auditing to protect privacy in an e-voting system has been mostly overlooked. This paper reveals design weaknesses present in noticeable TPKE-based e-voting systems that can lead to a total breach of voters’ privacy and shows how auditing can be applied for providing strong provable privacy guarantees.

Bingsheng Zhang,Zengpeng Li,Jan Willemson

DOI: https://doi.org/10.48550/arXiv.2109.01994

2021-09-05

Abstract:Estonian Internet voting has been used in national-wide elections since 2005. However, the system was initially designed in a heuristic manner, with very few proven security guarantees. The Estonian Internet voting system has constantly been evolving throughout the years, with the latest version (code-named IVXV) implemented in 2018. Nevertheless, to date, no formal security analysis of the system has been given. In this work, for the first time, we provide a rigorous security modeling for the Estonian IVXV system as a ceremony, attempting to capture the effect of actual human behavior on election verifiability in the universal composability (UC) framework. Based on the voter behavior statistics collected from three actual election events in Estonia, we show that IVXV achieves end-to-end verifiability in practice despite the fact that only $4\%$ (on average) of the Estonian voters audit their ballots.

Cryptography and Security,Distributed, Parallel, and Cluster Computing,Formal Languages and Automata Theory

Michelle Blom,Philip B. Stark,Peter J. Stuckey,Vanessa Teague,Damjan Vukcevic

DOI: https://doi.org/10.48550/arXiv.2205.14634

2022-06-22

Abstract:This paper explains the main principles and some of the technical details for auditing the scanning and digitisation of the Australian Senate ballot papers. We give a short summary of the motivation for auditing paper ballots, explain the necessary supporting steps for a rigorous and transparent audit, and suggest some statistical methods that would be appropriate for the Australian Senate. 22 June 2022 Update: The update includes analysis of Senate preference data from the 2022 Australian election.

Applications,Computers and Society

Nikos Chondros,Alex Delis,Dina Gavatha,Aggelos Kiayias,Charalampos Koutalakis,Ilias Nicolacopoulos,Lampros Paschos,Mema Roussopoulos,Giorge Sotirelis,Panos Stathopoulos,Pavlos Vasilopoulos,Thomas Zacharias,Bingsheng Zhang,Fotis Zygoulis

DOI: https://doi.org/10.1007/978-3-319-11710-2_11

2013-01-01

Abstract:Electronic voting for local, regional and national elections and referenda is developing rapidly at a global scale as an efficient and low cost alternative to conventional methods of voting, with a positive impact on the quality of democratic representation. Still, despite the growing international experience, the harmonization of electronic voting systems with the legal and statutory frameworks poses a number of major legal, social and implementation challenges, subject to the national environment. This paper presents an overview of legal and social aspects of an electronic voting system focusing on the case of Greece.

Aggelos Kiayias,Thomas Zacharias,Bingsheng Zhang

DOI: https://doi.org/10.1145/2810103.2813727

2015-01-01

Abstract:Recently, Kiayias, Zacharias and Zhang proposed a new E2E verifiable e-voting system called 'DEMOS' that for the first time provides E2E verifiability without relying on external sources of randomness or the random oracle model; the main advantage of such system is in the fact that election auditors need only the election transcript and the feedback from the voters to pronounce the election process unequivocally valid. Unfortunately, DEMOS comes with a huge performance and storage penalty for the election authority (EA) compared to other e-voting systems such as Helios. The main reason is that due to the way the EA forms the proof of the tally result, it is required to precompute a number of cipher texts for each voter and each possible choice of the voter. This approach clearly does not scale to elections that have a complex ballot and voters have an exponential number of ways to vote in the number of candidates. The performance penalty on the EA appears to be intrinsic to the approach: voters cannot compute an enciphered ballot themselves because there seems to be no way for them to prove that it is a valid ciphertext.In contrast to the above, in this work, we construct a new e-voting system that retains the strong E2E characteristics of DEMOS (but against computational adversaries) while completely eliminating the performance and storage penalty of the EA. We achieve this via a new cryptographic construction that has the EA produce and prove, using voters' coins, the security of a common reference string (CRS) that voters subsequently can use to affix non-interactive zero knowledge (NIZK) proofs to their ciphertexts. The EA itself uses the CRS to prove via a NIZK the tally correctness at the end. Our construction has similar performance to Helios and is practical. The privacy of our construction relies on the SXDH assumption over bilinear groups via complexity leveraging.

Josh Benaloh,Mike Byrne,Philip Kortum,Neal McBurnett,Olivier Pereira,Philip B. Stark,Dan S. Wallach

DOI: https://doi.org/10.48550/arXiv.1211.1904

2012-11-08

Cryptography and Security

Abstract:In her 2011 EVT/WOTE keynote, Travis County, Texas County Clerk Dana DeBeauvoir described the qualities she wanted in her ideal election system to replace their existing DREs. In response, in April of 2012, the authors, working with DeBeauvoir and her staff, jointly architected STAR-Vote, a voting system with a DRE-style human interface and a "belt and suspenders" approach to verifiability. It provides both a paper trail and end-to-end cryptography using COTS hardware. It is designed to support both ballot-level risk-limiting audits, and auditing by individual voters and observers. The human interface and process flow is based on modern usability research. This paper describes the STAR-Vote architecture, which could well be the next-generation voting system for Travis County and perhaps elsewhere.

J. Karthi,K. Saravanan,S. Ravi,K. Kalaiselvi,Shalini M,T. Venkatesan

DOI: https://doi.org/10.1109/ISCS61804.2024.10581204

2024-05-03

Abstract:The abstract presents a concise overview of the methodology and key findings of the experimental evaluation conducted for a Blockchain Assisted Electronic Voting System (BAEVS) employing a Secured Authentication Scheme. This study focuses on the design, implementation, and assessment of the BAEVS, aiming to enhance the transparency, security, and reliability of electronic voting processes. The methodology encompasses three main stages: Prototype Development, Blockchain Platform Selection, and Smart Contract Implementation. The prototype is developed using modern web development frameworks to ensure usability and accessibility for diverse users. A suitable blockchain platform, such as Ethereum or Hyperledger Fabric, is chosen to implement the distributed ledger component, considering factors such as scalability and security. Smart contracts, developed in platform-specific languages, govern the voting process and undergo rigorous testing to ensure correctness and reliability. The experimental evaluation reveals promising results, demonstrating the effectiveness of the BAEVS in providing secure and transparent electronic voting. Overall, this study contributes to the advancement of electronic voting systems by offering insights into the design and implementation of blockchain-assisted solutions with secured authentication mechanisms.

Computer Science

Kamred Udham Singh

DOI: https://doi.org/10.17762/msea.v70i2.2319

2021-02-26

Mathematical Statistician and Engineering Applications

Abstract:Abstract The potential of electronic voting to improve the efficiency and effectiveness of the voting process is immense. However, its security and privacy are still a major concern. Traditional methods of securing such systems, such as digital signatures and public key cryptography, are not always ideal when it comes to safeguarding the confidentiality of ballots. In this paper, we introduce a novel method for securing electronic voting ballots that utilizes homomorphic encryption. This method allows for the computation of ballots without needing decryption. The proposed e-voting system is composed of three servers. The first one is an e-voting server that stores the voter's information before it is sent to the tallying or decryption server. The latter two are used to calculate the total vote count and decrypt it. To evaluate the performance of this proposed system, we performed a series of tests on its various components. These included its execution time, memory usage, CPU usage, and communication overhead. The results of the tests revealed that the proposed system is secure and can maintain acceptable performance levels. The proposed system's accuracy and robustness are comparable to that of conventional e-voting systems. Its ability to withstand attacks is greatly enhanced by implementing homomorphic encryption. The proposed e-voting system we presented exhibited the security and privacy benefits of homomorphic encryption. By enabling computations on encrypted data without needing decryption, it helps protect the ballot's confidentiality and provides reliable and accurate results.

Nikos Chondros,Bingsheng Zhang,Thomas Zacharias,Panos Diamantopoulos,Stathis Maneas,Christos Patsonakis,Alex Delis,Aggelos Kiayias,Mema Roussopoulos

DOI: https://doi.org/10.1109/icdcs.2016.56

2015-01-01

Abstract:E-voting systems have emerged as a powerful technology for improving democracy by reducing election cost, increasing voter participation, and even allowing voters to directly verify the entire election procedure. Prior internet voting systems have single points of failure, which may result in the compromise of availability, voter secrecy, or integrity of the election results. In this paper, we present the design, implementation, security analysis, and evaluation of D-DEMOS, a complete e-voting system that is distributed, privacy-preserving and end-to-end verifiable. Our system includes a fully asynchronous vote collection subsystem that provides immediate assurance to the voter her vote was recorded as cast, without requiring cryptographic operations on behalf of the voter. We also include a distributed, replicated and fault-tolerant Bulletin Board component, that stores all necessary election-related information, and allows any party to read and verify the complete election process. Finally, we also incorporate trustees, i.e., individuals who control election result production while guaranteeing privacy and end-to-end-verifiability as long as their strong majority is honest. Our system is the first e-voting system whose voting operation is human verifiable, i.e., a voter can vote over the web, even when her web client stack is potentially unsafe, without sacrificing her privacy, and still be assured her vote was recorded as cast. Additionally, a voter can outsource election auditing to third parties, still without sacrificing privacy. Finally, as the number of auditors increases, the probability of election fraud going undetected is diminished exponentially. We provide a model and security analysis of the system. We implement a prototype of the complete system, we measure its performance experimentally, and we demonstrate its ability to handle large-scale elections.

Tzer-Long Chen,Chia-Hui Liu,Ya-Hui Ou,Yao-Min Huang,Zhen-Yu Wu

DOI: https://doi.org/10.1007/s10207-024-00852-w

2024-05-08

International Journal of Information Security

Abstract:The integrity of electronic voting systems is critical in safeguarding the democratic process worldwide. This study addresses the twin challenges of bribery and coercion that undermine most existing electronic voting systems. Recognizing the limitations of current security measures, which fail to protect voter autonomy even after the disclosure of voting secrets, we propose an innovative level-five secure e-voting system. By integrating an additional setup phase, our system maintains voter volition, ensuring security even when key secrets are compromised. Utilizing cryptographic techniques, blind signatures, and subliminal channels in conjunction with smart card PIN mechanisms, our approach not only bolsters system security but also enhances its potential for widespread adoption. This work underscores the importance of advanced cryptographic methods in developing coercion-resistant electronic voting systems that prioritize voter privacy and choice.

computer science, information systems, theory & methods, software engineering

Eleanor McMurtry,Xavier Boyen,Chris Culnane,Kristian Gjøsteen,Thomas Haines,Vanessa Teague

DOI: https://doi.org/10.48550/arXiv.2111.04210

2021-11-09

Abstract:We propose a protocol for verifiable remote voting with paper assurance. It is intended to augment existing postal voting procedures, allowing a ballot to be electronically constructed, printed on paper, then returned in the post. It allows each voter to verify that their vote has been correctly cast, recorded and tallied by the Electoral Commission. The system is not end-to-end verifiable, but does allow voters to detect manipulation by an adversary who controls either the voting device, or (the postal service and electoral commission) but not both. The protocol is not receipt-free, but if the client honestly follows the protocol (including possibly remembering everything), they cannot subsequently prove how they voted. Our proposal is the first to combine plain paper assurance with cryptographic verification in a (passively) receipt-free manner.

Cryptography and Security

Xinyu Zhang,Bingsheng Zhang,Aggelos Kiayias,Thomas Zacharias,Kui Ren

DOI: https://doi.org/10.1109/tdsc.2021.3103336

2021-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Electronic voting (e-voting), compared with article voting, has advantages in several aspects. Among those benefits, the ability to audit the electoral process at every stage is one of the most desired features of an e-voting system. In Eurocrypt 2015, Kiayias, Zacharias, and Zhang proposed a new E2E verifiable e-voting system that for the first time provides E2E verifiability without relying on external sources of randomness or the random oracle model; the main advantage of such system is in the fact that election auditors need only the election transcript and the feedback from the voters to pronounce the election process unequivocally valid. Unfortunately, their system comes with a huge performance and storage penalty for the election authority (EA) compared to other e-voting systems such as Helios. The main reason is that due to the way the EA forms the proof of the tally result, it is required to precompute a number of ciphertexts for each voter and each possible choice of the voter. The performance penalty on the EA appears to be intrinsic to the approach: voters cannot compute an enciphered ballot themselves because there seems to be no way for them to prove that it is a valid ciphertext. In this work, we construct a new e-voting system that retains similar strong E2E characteristics (but against computational adversaries) while completely eliminating the performance and storage penalty of the EA. Our construction has similar performance to Helios and is practical. The privacy of our construction relies on the SXDH assumption over bilinear groups via complexity leveraging.

XIA Jingbo,ZHANG Silan,CHEN Jianhua

DOI: https://doi.org/10.3321/j.issn:1671-8836.2006.03.020

2006-01-01

Abstract:According to the basic demands and extended demands of electronic voting,one newly electronic voting scheme was proposed in this paper.This scheme was based on the knowledge of elliptic curve cryptography(ECC),elliptic curve digital signature algorithm(ECDSA),blind signature technique,and tamper-resist smart card.Analysis showed that this scheme achieved not only basic demands such as completeness,soundness,privacy,unreusability,but also extended demands such as receipt-freeness,universal verifiability and higher efficiency.This scheme assured the simultaneity of receipt-freeness and universal verifiability.

Sanil S. Gandhi,Arvind W. Kiwelekar,Laxman D. Netak,Hansraj S. Wankhede

DOI: https://doi.org/10.1007/978-981-19-1844-5_6

2022-08-02

Abstract:In democratic countries such as India, voting is a fundamental right given to citizens of their countries. Citizens need to physically present and cast their vote in ballot-paper-based voting systems. Most of the citizens fail to fulfill this constraint and have stayed away from their fundamental duty. Electronic-voting systems are often considered one efficient alternative in such situations. Blockchain Technology is an emerging technology that can provide a real solution as it is characterized by immutable, transparent, anonymous, and decentralized properties. This paper presents a security requirement analysis for e-voting systems and evaluates blockchain technology against these requirements.

Cryptography and Security

Aggelos Kiayias,Thomas Zacharias,Bingsheng Zhang

DOI: https://doi.org/10.1007/978-3-662-54388-7_11

2017-01-01

Abstract:State-of-the-art e-voting systems rely on voters to perform certain actions to ensure that the election authorities are not manipulating the election result. This so-called \"end-to-end E2E verifiability\" is the hallmark of current e-voting protocols; nevertheless, thorough analysis of current systems is still far from being complete. In this work, we initiate the study of e-voting protocols as ceremonies. A ceremony, as introduced by Ellison [23], is an extension of the notion of a protocol that includes human participants as separate nodes of the system that should be taken into account when performing the security analysis. that centers on the two properties of end-to-end verifiability and voter privacy and allows the consideration of arbitrary behavioural distributions for the human participants. We then analyse the Helios system as an e-voting ceremony. Security in the e-voting ceremony model requires the specification of a class of human behaviours with respect to which the security properties can be preserved. We show how end-to-end verifiability and voter privacy are sensitive to human behaviour in the protocol by characterizing the set of behaviours under which the security can be preserved and also showing explicit scenarios where it fails. We then provide experimental evaluation with human subjects from two different sources where people used Helios: the elections of the International Association for Cryptologic Research IACR and a poll of senior year computer science students. We report on the auditing behaviour of the participants as we measured it and we discuss the effects on the level of certainty that can be given by each of the two electorates. The outcome of our analysis is a negative one: the auditing behaviour of people including cryptographers is not sufficient to ensure the correctness of the tally with good probability in either case studied. The same holds true even for simulated data that capture the case of relatively well trained participants while, finally, the security of the ceremony can be shown but under the assumption of essentially ideally behaving human subjects. We note that while our results are stated for Helios, they automatically transfer to various other e-voting systems that, as Helios, rely on client-side encryption to encode the voter's choice.

Marcelo Ferreira Guimarães,Carlos Antônio Sell,Renato Parenti Turcato,Carlos Henrique Assuiti,Ricardo Custódio,Ricardo Antônio Pralon Santos

2024-08-21

Abstract:A new system, called SELA -- Auditing Electronic System, has been developed to be applied to the Brazilian Electronic Voting Machine. The SELA was designed to use open hardware and software, making it widely known by society. The security of the auditing process is guaranteed by the application of a Fingerprint Algorithm, a Hash Function. This system is robust and requires minimal modifications to the Electronic Voting Machine. In this paper, SELA is described, and its use during the election process is analyzed. A comparison between SELA and the use of thermal printers as a secondary voting record system is also presented. The authors recommend a pilot implementation of SELA for the 2002 Brazilian Elections.

Cryptography and Security