- KonferenzbeitragCoercion-freeness in e-voting via multi-party designated verifier schemes(5th International Conference on Electronic Voting 2012 (EVOTE2012), 2012) Dossogne, Jérôme; Lafitte, Frédéric; Markowitch, Olivier; Kripp, Manuel J.; Volkamer, Melanie; Grimm, RüdigerIn this paper we present how multi-party designated verifier signatures can be used as generic solution to provide coercion-freeness in electronic voting schemes. We illustrate the concept of multi-party designated verifier signatures with an enhanced version of Ghodosi and Pieprzyk [GP06]'s threshold signature scheme. The proposed scheme is efficient, secure, allows distributed computations of the signature on the ballot receipt, and can be parameterized to set a threshold on the number of required signers. The security of the designated verifier property is evaluated using the simulation paradigm [Gol00] based on the security analysis of [GHKR08]. Unlike previously provable schemes, ours is ideal, i.e. the bit-length of each secret key share is bounded by the bit-length of the RSA modulus.
- KonferenzbeitragInternet voting and individual verifiability: the norwegian return codes(5th International Conference on Electronic Voting 2012 (EVOTE2012), 2012) Barrat, Jordi; Chevalier, Michel; Goldsmith, Ben; Jandura, David; Turner, John; Sharma, Rakesh; Kripp, Manuel J.; Volkamer, Melanie; Grimm, RüdigerThe Norwegian return codes, used within an Internet voting project piloted in September 2011, intend to simultaneously achieve both receipt-freeness and individual verifiability. They are delivered as text messages with a code representing the value of a voter's cast ballot, but, according to the Norwegian Government, they would not breach the principle of secrecy, and they are not voting receipts, since the voter could always cancel the vote. However, some international electoral standards, like the Recommendations on E-voting from the Council of Europe, clearly forbid an Internet voting system that enables a “voter to be in possession of proof of the content of the vote cast.” This paper analyzes the extent to which the Norwegian system complies with this standard and it concludes that there is no contradiction in using a teleological approach.
- KonferenzbeitragRandom block verification: improving the norwegian electoral mix-net(5th International Conference on Electronic Voting 2012 (EVOTE2012), 2012) Demirel, Denise; Jonker, Hugo; Volkamer, Melanie; Kripp, Manuel J.; Volkamer, Melanie; Grimm, RüdigerThe VALG project is introducing e-voting to municipal and county elections to Norway. Part of the e-voting system is a mix-net along the lines of Puiggalí et al. - a mix-net which can be efficiently verified by combining the benefits of optimistic mixing and randomized partial checking. This paper investigates their mix-net and proposes a verification method which improves both efficiency and privacy compared to Puiggalí et al.
- KonferenzbeitragA supervised verifiable voting protocol for the victorian electoral commission(5th International Conference on Electronic Voting 2012 (EVOTE2012), 2012) Burton, Craig; Culane, Chris; Heather, James; Peacock, Thea; Ryan, Peter Y. A.; Schneider, Steve; Srinivasan, Sriramkrishnan; Teague, Vanessa; Wen, Roland; Xia, Zhe; Kripp, Manuel J.; Volkamer, Melanie; Grimm, RüdigerThis paper describes the design of a supervised, verifiable voting protocol suitable for use for elections in the state of Victoria, Australia. We provide a brief overview of the style and nature of the elections held in Victoria and associated challenges. Our protocol, based on Prêt à Voter, presents a new ballot overprinting front-end design, which assists the voter in completing the potentially complex ballot. We also present and analyze a series of modifications to the backend that will enable it to handle the large number of candidates, 35 +, with ranking single transferable vote (STV), which some Victorian elections require. We conclude with a threat analysis of the scheme and a discussion on the impact of the modifications on the integrity and privacy assumptions of Prêt à Voter.
- KonferenzbeitragCast-as-intended verification in Norway(5th International Conference on Electronic Voting 2012 (EVOTE2012), 2012) Puigallí Allepuz, Jordi; Guasch Castelló, Sandra; Kripp, Manuel J.; Volkamer, Melanie; Grimm, RüdigerThe Norwegian Ministry started an initiative to implement Internetvoting trials during the municipal elections in 2011. One of the security requirements of the chosen e-voting system to not to put any trust in the voting client: a malicious application controlling the voting client should not be able to modify the voting options selected by the voter without being detected. This paper describes the voter verification return-code scheme that was implemented for this project. Furthermore, this paper explains the implementation details of the final solution and the workflow of the system during the different election phases. The aim of this paper is to provide a general overview of the cast-as-intended scheme implemented in eValg2011.
- KonferenzbeitragPartial verifiability in POLYAS for the GI elections(5th International Conference on Electronic Voting 2012 (EVOTE2012), 2012) Olembo, M. Maina; Kahlert, Anna; Neumann, Stephan; Volkamer, Melanie; Kripp, Manuel J.; Volkamer, Melanie; Grimm, RüdigerWe discuss the use of POLYAS, an Internet voting system, in GI (German Society for Computer Scientists (Gesellschaft für Informatik e.V.)) elections before 2010, in 2010 and 2011, as well as in the future. We briefly describe how the system was extended in 2010 to provide partial verifiability and how the integrity of the GI election result was verified in the 2010 and 2011 elections. Information necessary for partial verifiability has so far only been made available to a small group of researchers. In the future it would be ideal to make such information available to the general public, or to GI members, in order to increase the level of verifiability. We highlight legal considerations accompanying these possibilities, including publishing more details about the election results, the requirement for secret elections, avoiding vote buying, and how to handle complaints. Motivated by legal constraints, we propose further improvements to the POLYAS system. Finally, we generalize our findings for any partially-verifiable Internet voting system.
- KonferenzbeitragAchieving meaningful efficiency in coercion-resistant, verifiable Internet voting(5th International Conference on Electronic Voting 2012 (EVOTE2012), 2012) Spycher, Oliver; Koenig, Reto; Haenni, Rolf; Schläpfer, Michael; Kripp, Manuel J.; Volkamer, Melanie; Grimm, RüdigerIn traditional voting schemes with paper, pens, and ballot-boxes, appropriate procedures are put in place to reassure voters that the result of the tally is correct. Considering that in Internet voting errors or fraud will generally scale over a much greater fraction of votes, the demand to get strong reassurances as well, seems more than justified. With the ambition of offering a maximum degree of transparency, so-called verifiable schemes have been proposed. By publishing the relevant information, each voter may verify that her vote is included in the final tally and that accepted votes have been cast using proper voting material. Remarkably, this can be done while guaranteeing the secrecy of the ballot at the same time. On the negative side, high transparency will generally make it easier for voters to reveal how they voted, e.g., to a coercer. In this paper we propose an Internet voting protocol that is verifiable and simultateously makes it practically impossible for vote buyers or coercers to elicit the voters' behaviour. We compare its efficiency with existing work under equal degrees of coercion-resistance using an appropriate measure (δ). The contribution of our scheme lies in its efficiency during the most critical phases of the voting procedure, i.e., vote casting and tallying. Moreover, during these phases, efficiency is insensitive to the desired degree of coercion-resistance.
- KonferenzbeitragElectronic voting and null votes: an ongoing debate(5th International Conference on Electronic Voting 2012 (EVOTE2012), 2012) Viayana, Marc Teixidor; Kripp, Manuel J.; Volkamer, Melanie; Grimm, RüdigerThe debate over the implementation of e-voting systems still needs to respond to the question of the presence of null votes. Null votes, whose invalidity is due to a contravention of electoral norms, have become a new way through which the electors show their political discontent. The political dimension of null votes requires that e-voting systems ensure and guarantee the presence of null votes as an electoral option. Finally, it is necessary to broach the oft disputed topic of null votes attributed to technology, that is to say, the loss of valid votes due to technical malfunctions of the e-voting system and how to legally address this issue. Estonia, Australia and Norway provide useful examples when looking at technical null votes.
- KonferenzbeitragSmart cards in electronic voting: lessons learned from applications in legally-binding elections and approaches proposed in scientific papers(5th International Conference on Electronic Voting 2012 (EVOTE2012), 2012) Budurushi, Jurlind; Neumann, Stephan; Volkamer, Melanie; Kripp, Manuel J.; Volkamer, Melanie; Grimm, RüdigerRecently, the interest in electronic voting has increased as more and more states have started to implement such systems. At the same time, classical national ID cards are often being replaced by national electronic ID cards which enable citizens to securely identify and authenticate themselves over the Internet. Despite their popularity, the possibility of using eID cards for e-voting has not been adequately studied. This work surveys e-voting systems in which smart cards were used or were proposed to be used to support the voting process. We consider all types of smart cards, including those only for use in e-voting as well as existing and future national eID cards. In a two-step process, we will analyze the most interesting, real-world applications and proposals from a security, usability, and cost perspective, allowing us to derive our lessons learned. Upon these lessons, we show that the restricted-ID mechanism as implemented in the German eID card serves as an interesting basis for the integration of eID cards in e-voting. We outline that the risk of a “forced-abstention” attack can be mitigated by using the restricted-ID.
- KonferenzbeitragInterpreting babel: classifying electronic voting systems(5th International Conference on Electronic Voting 2012 (EVOTE2012), 2012) Franklin, Joshua; Myers, Jessica; Kripp, Manuel J.; Volkamer, Melanie; Grimm, RüdigerIn an effort to promote a greater understanding of the voting systems that sit in the middle of the election technology spectrum - somewhere between hand-counted paper ballots and Internet voting - this work presents a classification of the electronic voting technologies currently used in the United States. A classification structure is presented, and characteristics of current and future technologies are discussed. Finally, the paper concludes with a discussion on practically using the structure and future expansion to include other voting technologies.