Ben Adida,John Caron,Arash Mirzaei,Vanessa Teague

2024-10-10

Abstract:Overseas military personnel often face significant challenges in participating in elections due to the slow pace of traditional mail systems, which can result in ballots missing crucial deadlines. While internet-based voting offers a faster alternative, it introduces serious risks to the integrity and privacy of the voting process. We introduce the MERGE protocol to address these issues by combining the speed of electronic ballot delivery with the reliability of paper returns. This protocol allows voters to submit an electronic record of their vote quickly while simultaneously mailing a paper ballot for verification. The electronic record can be used for preliminary results, but the paper ballot is used in a Risk Limiting Audit (RLA) if received in time, ensuring the integrity of the election. This approach extends the time window for ballot arrival without undermining the security and accuracy of the vote count.

Cryptography and Security

Nikos Chondros,Bingsheng Zhang,Thomas Zacharias,Panos Diamantopoulos,Stathis Maneas,Christos Patsonakis,Alex Delis,Aggelos Kiayias,Mema Roussopoulos

DOI: https://doi.org/10.1109/icdcs.2016.56

2015-01-01

Abstract:E-voting systems have emerged as a powerful technology for improving democracy by reducing election cost, increasing voter participation, and even allowing voters to directly verify the entire election procedure. Prior internet voting systems have single points of failure, which may result in the compromise of availability, voter secrecy, or integrity of the election results. In this paper, we present the design, implementation, security analysis, and evaluation of D-DEMOS, a complete e-voting system that is distributed, privacy-preserving and end-to-end verifiable. Our system includes a fully asynchronous vote collection subsystem that provides immediate assurance to the voter her vote was recorded as cast, without requiring cryptographic operations on behalf of the voter. We also include a distributed, replicated and fault-tolerant Bulletin Board component, that stores all necessary election-related information, and allows any party to read and verify the complete election process. Finally, we also incorporate trustees, i.e., individuals who control election result production while guaranteeing privacy and end-to-end-verifiability as long as their strong majority is honest. Our system is the first e-voting system whose voting operation is human verifiable, i.e., a voter can vote over the web, even when her web client stack is potentially unsafe, without sacrificing her privacy, and still be assured her vote was recorded as cast. Additionally, a voter can outsource election auditing to third parties, still without sacrificing privacy. Finally, as the number of auditors increases, the probability of election fraud going undetected is diminished exponentially. We provide a model and security analysis of the system. We implement a prototype of the complete system, we measure its performance experimentally, and we demonstrate its ability to handle large-scale elections.

J. Alex Halderman,Vanessa Teague

DOI: https://doi.org/10.48550/arXiv.1504.05646

2015-06-06

Abstract:In the world's largest-ever deployment of online voting, the iVote Internet voting system was trusted for the return of 280,000 ballots in the 2015 state election in New South Wales, Australia. During the election, we performed an independent security analysis of parts of the live iVote system and uncovered severe vulnerabilities that could be leveraged to manipulate votes, violate ballot privacy, and subvert the verification mechanism. These vulnerabilities do not seem to have been detected by the election authorities before we disclosed them, despite a pre-election security review and despite the system having run in a live state election for five days. One vulnerability, the result of including analytics software from an insecure external server, exposed some votes to complete compromise of privacy and integrity. At least one parliamentary seat was decided by a margin much smaller than the number of votes taken while the system was vulnerable. We also found protocol flaws, including vote verification that was itself susceptible to manipulation. This incident underscores the difficulty of conducting secure elections online and carries lessons for voters, election officials, and the e-voting research community.

Cryptography and Security

Louis-Henri Merino,Alaleh Azhir,Haoqian Zhang,Simone Colombo,Bernhard Tellenbach,Vero Estrada-Galiñanes,Bryan Ford

2024-04-18

Abstract:Online voting is attractive for convenience and accessibility, but is more susceptible to voter coercion and vote buying than in-person voting. One mitigation is to give voters fake voting credentials that they can yield to a coercer. Fake credentials appear identical to real ones, but cast votes that are silently omitted from the final tally. An important unanswered question is how ordinary voters perceive such a mitigation: whether they could understand and use fake credentials, and whether the coercion risks justify the costs of mitigation. We present the first systematic study of these questions, involving 150 diverse individuals in Boston, Massachusetts. All participants "registered" and "voted" in a mock election: 120 were exposed to coercion resistance via fake credentials, the rest forming a control group. Of the 120 participants exposed to fake credentials, 96% understood their use. 53% reported that they would create fake credentials in a real-world voting scenario, given the opportunity. 10% mistakenly voted with a fake credential, however. 22% reported either personal experience with or direct knowledge of coercion or vote-buying incidents. These latter participants rated the coercion-resistant system essentially as trustworthy as in-person voting via hand-marked paper ballots. Of the 150 total participants to use the system, 87% successfully created their credentials without assistance; 83% both successfully created and properly used their credentials. Participants give a System Usability Scale score of 70.4, which is slightly above the industry's average score of 68. Our findings appear to support the importance of the coercion problem in general, and the promise of fake credentials as a possible mitigation, but user error rates remain an important usability challenge for future work.

Human-Computer Interaction,Cryptography and Security

Nikos Chondros,Bingsheng Zhang,Thomas Zacharias,Panos Diamantopoulos,Stathis Maneas,Christos Patsonakis,Alex Delis,Aggelos Kiayias,Mema Roussopoulos

DOI: https://doi.org/10.1016/j.cose.2019.03.001

IF: 5.105

2019-01-01

Computers & Security

Abstract:We present the D-DEMOS suite of distributed, privacy-preserving, and end-to-end verifiable e-voting systems; one completely asynchronous and one with minimal timing assumptions but better performance. Their distributed voting operation is human verifiable; a voter can vote over the web, using an unsafe web client stack, without sacrificing her privacy, and get recorded-as-cast assurance. Additionally, a voter can outsource election auditing to third parties, still without sacrificing privacy. We provide a model and security analysis of the systems, implement prototypes of the complete systems, measure their performance experimentally, demonstrate their ability to handle large-scale elections, and demonstrate the performance trade-offs between the two versions.

Olamide Olanubi,Opeyemi Joshua Adelowo,Emmanuel Ifeanyi Obeagu

DOI: https://doi.org/10.9734/ajrcos/2023/v16i4379

2023-10-13

Asian Journal of Research in Computer Science

Abstract:Background: The growing concern over phishing attacks on voting systems, particularly with the rise of online voting, has highlighted vulnerabilities in elections. The convenience of internet voting has led to security risks like clone phishing attacks. While online voting offers accessibility benefits, security, privacy, and usability issues have arisen. Multi-factor authentication (MFA) has been proposed to enhance security in mobile internet voting systems. Visual cryptography, dividing images into shares for decentralized data storage, is suggested to counter clone phishing. MFA's effectiveness in various sectors is established, and secure voting systems combining visual cryptography and blockchain have been proposed. This research sought to bolster the security of the voting system using visual cryptography and multi-factor authentication (MFA), with the goal of increasing voter trust and the reliability of the voting procedure, by designing a secure system and evaluating its performance, accuracy, and accessibility. Methodology: The researchers developed an improved voting system using visual cryptography and multi-factor authentication, assessed its performance against Eligo and Voxvote, utilized Java for programming, MYSQL via XAMPP for the database, HTML, CSS, JavaScript, and PHP (Laravel) for client-server sides. The Scrum agile methodology was followed, employing brief sprints for adaptive development. Evaluation was done through web tools and benchmarks. The system's architecture and flowchart were presented, featuring an interactive GUI, Java 2 platform, MySQL, PHP 7, and specific hardware/software requirements. System setup included database and server configuration, fingerprint scanner installation, and Java runtime setup. Deployment involved executing a built Java program, and system testing was conducted on Windows 10, utilizing the Apache server and initiating the "Electronic Voting" program for online multi-factor authentication. Results: Achieving a performance rate of 92%, the developed system surpassed its competitors Eligo and Voxvote, which achieved scores of 15% and 33% correspondingly, as indicated by the data. Eligo and Voxvote attained scores of 88% and 80% individually, whereas the newly designed system obtained a rating of 93% in terms of accessibility. Nonetheless, the research also highlighted specific downsides, encompassing intricacy, reluctance to embrace change, and technological barriers. To tackle these issues and enhance the adoption of such systems, these limitations underscore the necessity for further investigation and advancement. Conclusion: The study demonstrates that integrating multi-factor authentication and visual cryptography significantly enhances voting system security, reducing clone phishing risks. Visual cryptography secures decryption keys, preserving voting integrity, while multi-factor authentication adds defence against unauthorized access. The researcher's online voting system outperforms competitors in performance metrics and accessibility. The study underscores the importance of combining these techniques for improved voting system reliability and security.

Qinyuan Feng,Yan Lindsay Sun,Ling Liu,Yafei Yang,Yafei Dai

DOI: https://doi.org/10.1109/tkde.2009.214

IF: 9.235

2010-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:With the popularity of voting systems in cyberspace, there is growing evidence that current voting systems can be manipulated by fake votes. This problem has attracted many researchers working on guarding voting systems in two areas: relieving the effect of dishonest votes by evaluating the trust of voters, and limiting the resources that can be used by attackers, such as the number of voters and the number of votes. In this paper, we argue that powering voting systems with trust and limiting attack resources are not enough. We present a novel attack named as Reputation Trap (RepTrap). Our case study and experiments show that this new attack needs much less resources to manipulate the voting systems and has a much higher success rate compared with existing attacks. We further identify the reasons behind this attack and propose two defense schemes accordingly. In the first scheme, we hide correlation knowledge from attackers to reduce their chance to affect the honest voters. In the second scheme, we introduce robustness-of-evidence, a new metric, in trust calculation to reduce their effect on honest voters. We conduct extensive experiments to validate our approach. The results show that our defense schemes not only can reduce the success rate of attacks but also significantly increase the amount of resources an adversary needs to launch a successful attack.

Adam Dorian Wong

2024-09-14

Abstract:Faith in the US electoral system is at risk. This issue stems from trust or lack thereof. Poor leaders ranted and attempted to sew discord in the democratic process and even tried to influence election results. Historically, the US has relied on paper ballots to cast private votes. Votes are watered down by the Electoral College. Elections are contested due to voter IDs and proof of citizenship. Methods of voting are nonsensically complex. In the technology age, this can be solved with a Smartcard National ID backed by Public-Key Infrastructure (PKI). This could be a method to restore hope in democracy and move the country back towards elections under a Popular Vote. Numbers are empirical and immutable and can solve the issue of Election Security in a bipartisan way. NATO allies like Estonia have already broken ground in using technology for eDemocracy or (Internet-based) iVoting. Acknowledging cyber attacks will happen, this is an opportunity for DHS and DOD (CYBERCOM) to collaborate on domestic operations and protect critical election infrastructure. This idea will not fix malicious information operations or civil stupidity. However, this is the way forward to securing elections now and forever. The views expressed by this whitepaper are those of the author and do not reflect the official policy or position of Dakota State University, the N.H. Army National Guard, the U.S. Army, the Department of Defense, or the U.S. Government. Cleared for release by DOPSR on 13 SEP 2024.

Cryptography and Security,Computers and Society

Vitaly Zuevsky

DOI: https://doi.org/10.48550/arXiv.2207.07446

2022-06-30

Abstract:Electronic voting consistently fails to supplant conventional paper ballot due to a plethora of security shortcomings. Not only are traditional voting methods mediocre in terms of convenience and interface, they also encompass principal-agent problem, where the state may have vested interest in the outcome of the ballot. Electronic voting protocol using cryptography to deliver in zero trust environments is long overdue. Here I propose using Proof of Work algorithm at user devices in combination with other well-known security primitives to build a zero-trust voting system. The state would only issue single-use voting authorizations to its citizens, while zero trust design would allow conducting elections by an open-source platform with enhanced observability. It is also hypothesized that the heighten availability of plebiscite by means of the proposed design may ultimately change the way our society participates in the policy making.

Cryptography and Security

Raban Nghidinwa,Joshua A. Abolarinwa

DOI: https://doi.org/10.53375/ijecer.2024.380

2024-03-15

International Journal of Electrical and Computer Engineering Research

Abstract:The Internet of Voting system presented in this paper represents a modern solution to the challenges faced by the traditional electoral processes. In an era characterized by technological advancements, this system harnesses digital innovation to enhance the efficiency, security, and accessibility of elections. Evolving from a rich history of voting systems, this digital platform integrates several influential works and leverages cutting-edge technology to create a user-friendly interface with robust security measures. The system addresses critical issues that have plagued traditional paper and electronic ballots, such as voter confusion and fraud, by implementing stringent encryption techniques, password renewal mechanisms, and real-time prevention of duplicated votes. It enables the elimination of multiple registrations, streamlining the voter registration process. Online voting systems have gained prominence as a means of conducting elections efficiently, reducing logistical challenges, and increasing voter accessibility. The system offers three distinct categories for voting: Regional Elections, Local Elections, and Presidential Elections, each with its own set of independent candidates.

Ke Yuan,Peng Sang,Suya Zhang,Xi Chen,Wei Yang,Chunfu Jia

DOI: https://doi.org/10.7717/peerj-cs.1649

2023-10-18

Abstract:Compared with paper-based voting, electronic voting not only has advantages in storage and transmission, but also can solve the security problems that exist in traditional voting. However, in practice, most electronic voting faces the risk of voting failure due to malicious voting by voters or ballot tampering by attackers. To solve this problem, this article proposes an electronic voting scheme based on homomorphic encryption and decentralization, which uses the Paillier homomorphic encryption method to ensure that the voting results are not leaked until the election is over. In addition, the scheme applies signatures and two layers of encryption to the ballots. First, the ballot is homomorphically encrypted using the homomorphic public key; then, the voter uses the private key to sign the ballot; and finally, the ballot is encrypted using the public key of the counting center. By signing the ballots and encrypting them in two layers, the security of the ballots in the transmission process and the establishment of the decentralized scheme are guaranteed. The security analysis shows that the proposed scheme can guarantee the completeness, verifiability, anonymity, and uniqueness of the electronic voting scheme. The performance analysis shows that the computational efficiency of the proposed scheme is improved by about 66.7% compared with the Fan et al. scheme (https://doi.org/10.1016/j.future.2019.10.016).

Yun-Xing Kho,Swee-Huay Heng,Ji-Jian Chin

DOI: https://doi.org/10.3390/sym14050858

2022-04-21

Symmetry

Abstract:A vast number of e-voting schemes including mix-net-based e-voting, homomorphic e-voting, blind signature-based e-voting, blockchain-based e-voting, post-quantum e-voting, and hybrid e-voting have been proposed in the literature for better security and practical implementation. In this paper, we review various e-voting approaches to date. We first compare the structures, advantages, and disadvantages of the different e-voting approaches. We then summarise the security properties of the e-voting approaches in terms of their functional requirements and security requirements. In addition, we provide a comprehensive review of various types of e-voting approaches in terms of their security properties, underlying tools, distinctive features, and weaknesses. We also discuss some practical considerations in the design of e-voting systems. Subsequently, some potential research directions are suggested based on our observations.

M. E. Haroutunian,A. S. Margaryan,K. A. Mastoyan

DOI: https://doi.org/10.1134/s0361768824700427

2024-11-03

Programming and Computer Software

Abstract:Distrust in voting is not a rare phenomenon even in developed countries. Electronic voting (e-voting), however, appeared as an alternative, but is still not practiced on a large scale. This is due to the fact that despite the huge number of articles it is not yet possible to completely ensure security, privacy and verifiability. It is hard to create a system or a protocol fulfilling all requirements, especially unconditionally.

computer science, software engineering

Panagiotis Grontas,Aris Pagourtzis,Alexandros Zacharakis,Bingsheng Zhang

2018-01-01

Abstract:In this work, we propose a first version of an e-voting scheme that achieves end-to-end verifiability, everlasting privacy and efficient coercion resistance in the JCJ setting. Everlasting privacy is achieved assuming an anonymous channel, without resorting to dedicated channels between the election authorities to exchange private data. In addition, the proposed scheme achieves coercion resistance under standard JCJ assumptions. As a core building block of our scheme, we also propose a new primitive called publicly auditable conditional blind signature (PACBS), where a client receives a token from the signing server after interaction; the token is a valid signature only if a certain condition holds and the validity of the signature can only be checked by a designated verifier. We utilize this primitive to blindly mark votes under coercion in an auditable manner.

Hossain Faruk, Md Jobair

DOI: https://doi.org/10.1007/s10586-023-04261-x

2024-04-20

Cluster Computing

Abstract:As a cornerstone of democratic governance, elections hold unparalleled significance, shaping a nation's trajectory. However, the prevailing ballot-paper based voting systems continue to face trust issues among significant populations. As a result, e-Voting has emerged as an appealing alternative, with numerous countries opting for its implementation globally. While e-Voting systems offer several advantages, they also come with their own set of challenges. Even a minor vulnerability can lead to massive manipulations in voting results. In recent years, there have been efforts to revolutionize the e-Voting paradigm by harnessing the potential of emerging technologies such as biometrics and blockchain. This paper proposes a Internet-based voting that adopts blockchain technology and biometric identification techniques. We use biometric modalities, such as fingerprint and facial recognition, for voter authentication while leveraging Hyperledger Fabric framework as blockchain network and ensuring a secure, transparent, and tamper-evident voting record. We demonstrate the proposed system with 100 participants in a preset environment where we collect the biometrics data. The results indicate that 87% of participants successfully registered with biometrics, while 88% cast their votes with a combination of either voter ID and fingerprint or voter ID with facial recognition. Our findings suggest that the proposed system allows voters to access the system seamlessly and automate identity verification procedures while ensuring a secure, decentralized, and distributed database network that maintains transparency. Future research shall be carried out in collaboration with election officials and voters to improve the system in real-world scenarios.

computer science, information systems, theory & methods

Aggelos Kiayias,Thomas Zacharias,Bingsheng Zhang

DOI: https://doi.org/10.1145/2810103.2813727

2015-01-01

Abstract:Recently, Kiayias, Zacharias and Zhang proposed a new E2E verifiable e-voting system called 'DEMOS' that for the first time provides E2E verifiability without relying on external sources of randomness or the random oracle model; the main advantage of such system is in the fact that election auditors need only the election transcript and the feedback from the voters to pronounce the election process unequivocally valid. Unfortunately, DEMOS comes with a huge performance and storage penalty for the election authority (EA) compared to other e-voting systems such as Helios. The main reason is that due to the way the EA forms the proof of the tally result, it is required to precompute a number of cipher texts for each voter and each possible choice of the voter. This approach clearly does not scale to elections that have a complex ballot and voters have an exponential number of ways to vote in the number of candidates. The performance penalty on the EA appears to be intrinsic to the approach: voters cannot compute an enciphered ballot themselves because there seems to be no way for them to prove that it is a valid ciphertext.In contrast to the above, in this work, we construct a new e-voting system that retains the strong E2E characteristics of DEMOS (but against computational adversaries) while completely eliminating the performance and storage penalty of the EA. We achieve this via a new cryptographic construction that has the EA produce and prove, using voters' coins, the security of a common reference string (CRS) that voters subsequently can use to affix non-interactive zero knowledge (NIZK) proofs to their ciphertexts. The EA itself uses the CRS to prove via a NIZK the tally correctness at the end. Our construction has similar performance to Helios and is practical. The privacy of our construction relies on the SXDH assumption over bilinear groups via complexity leveraging.

Eleanor McMurtry,Xavier Boyen,Chris Culnane,Kristian Gjøsteen,Thomas Haines,Vanessa Teague

DOI: https://doi.org/10.48550/arXiv.2111.04210

2021-11-09

Abstract:We propose a protocol for verifiable remote voting with paper assurance. It is intended to augment existing postal voting procedures, allowing a ballot to be electronically constructed, printed on paper, then returned in the post. It allows each voter to verify that their vote has been correctly cast, recorded and tallied by the Electoral Commission. The system is not end-to-end verifiable, but does allow voters to detect manipulation by an adversary who controls either the voting device, or (the postal service and electoral commission) but not both. The protocol is not receipt-free, but if the client honestly follows the protocol (including possibly remembering everything), they cannot subsequently prove how they voted. Our proposal is the first to combine plain paper assurance with cryptographic verification in a (passively) receipt-free manner.

Cryptography and Security

Aggelos Kiayias,Thomas Zacharias,Bingsheng Zhang

DOI: https://doi.org/10.1007/978-3-662-54388-7_11

2017-01-01

Abstract:State-of-the-art e-voting systems rely on voters to perform certain actions to ensure that the election authorities are not manipulating the election result. This so-called \"end-to-end E2E verifiability\" is the hallmark of current e-voting protocols; nevertheless, thorough analysis of current systems is still far from being complete. In this work, we initiate the study of e-voting protocols as ceremonies. A ceremony, as introduced by Ellison [23], is an extension of the notion of a protocol that includes human participants as separate nodes of the system that should be taken into account when performing the security analysis. that centers on the two properties of end-to-end verifiability and voter privacy and allows the consideration of arbitrary behavioural distributions for the human participants. We then analyse the Helios system as an e-voting ceremony. Security in the e-voting ceremony model requires the specification of a class of human behaviours with respect to which the security properties can be preserved. We show how end-to-end verifiability and voter privacy are sensitive to human behaviour in the protocol by characterizing the set of behaviours under which the security can be preserved and also showing explicit scenarios where it fails. We then provide experimental evaluation with human subjects from two different sources where people used Helios: the elections of the International Association for Cryptologic Research IACR and a poll of senior year computer science students. We report on the auditing behaviour of the participants as we measured it and we discuss the effects on the level of certainty that can be given by each of the two electorates. The outcome of our analysis is a negative one: the auditing behaviour of people including cryptographers is not sufficient to ensure the correctness of the tally with good probability in either case studied. The same holds true even for simulated data that capture the case of relatively well trained participants while, finally, the security of the ceremony can be shown but under the assumption of essentially ideally behaving human subjects. We note that while our results are stated for Helios, they automatically transfer to various other e-voting systems that, as Helios, rely on client-side encryption to encode the voter's choice.

Bingsheng Zhang,Hong-Sheng Zhou

DOI: https://doi.org/10.1145/3087801.3087868

2017-01-01

Abstract:The existing (election) voting systems, e.g., representative democracy, have many limitations and often fail to serve the best interest of the people in collective decision making. To address this issue, the concept of liquid democracy has been emerging as an alternative decision-making model to make better use of \"the wisdom of crowds\". Very recently, a few liquid democracy implementations, e.g. Google Votes and Decentralized Autonomous Organization (DAO), are released; however, those systems only focus on the functionality aspect, as no privacy/anonymity is considered. In this work, we, for the first time, provide a rigorous study of liquid democracy under the Universal Composability (UC) frame- work. In the literature, liquid democracy was achieved via two separate stages -- delegation and voting. We propose an efficient liquid democracy e-voting scheme that uni es these two stages. At the core of our design is a new voting concept called statement voting, which can be viewed as a natural extension of the conventional voting approaches. We remark that our statement voting can be extended to enable more complex voting and generic ledger-based non-interactive multi-party computation. We believe that the statement voting concept opens a door for constructing a new class of e-voting schemes.

Peichen Xie,Zihan Zheng,Xian Zhang,Shuo Chen

DOI: https://doi.org/10.48550/arXiv.2202.09122

2022-02-18

Abstract:As computer vision is prevalently used for mail-in ballot processing and counting, it becomes a point of centralized trust in postal voting. We propose DVote, a prototype system of postal voting that provides decentralized trust in computer vision. With blockchain and layer-2 technologies, DVote decentralizes the computation and model training of computer vision to a group of scrutineers that hold the AnyTrust assumption, i.e., at least one member is honest. Consequently, the computational integrity is anchored to the trustworthiness of a large public blockchain such as Ethereum.

Cryptography and Security