[en] We revisit the e-voting protocol IVXV that is used for legally-binding political elections in Estonia from a privacy perspective. We demonstrate that IVXV is vulnerable to attacks against vote privacy in those threat scenarios that were considered for IVXV originally. We explain how to improve IVXV so that it protects against the privacy issues we discovered.
Disciplines :
Sciences informatiques
Auteur, co-auteur :
MUELLER, Johannes ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > APSIA
Co-auteurs externes :
no
Langue du document :
Anglais
Titre :
Breaking and Fixing Vote Privacy of the Estonian E-Voting Protocol IVXV
Date de publication/diffusion :
2022
Nom de la manifestation :
7th Workshop on Advances in Secure Electronic Voting
Date de la manifestation :
18-02-2022
Titre de l'ouvrage principal :
Workshop on Advances in Secure Electronic Voting 2022
Peer reviewed :
Peer reviewed
Focus Area :
Security, Reliability and Trust
Projet FnR :
FNR14698166 - Future-proofing Privacy In Secure Electronic Voting, 2020 (01/01/2021-31/12/2023) - Johannes Mueller
Adida, B.: Helios: web-based open-audit voting. In: Proceedings of the 17th USENIX Security Symposium, 2008, pp. 335–348. USENIX Association (2008)
El Gamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Advances in Cryptology, Proceedings of CRYPTO ’84, pp. 10–18 (1984)
Gennaro, R.: Achieving independence efficiently and securely. In: Anderson, J.H. (ed.), Proceedings of the Fourteenth Annual ACM Symposium on Principles of Distributed Computing, Ottawa, Ontario, Canada, 20–23 August 1995, pp. 130– 136. ACM (1995)
Heiberg, S., Martens, T., Vinkel, P., Willemson, J.: Improving the verifiability of the Estonian internet voting scheme. In: Krimmer, R., et al. (eds.) E-Vote-ID 2016. LNCS, vol. 10141, pp. 92–107. Springer, Cham (2017). https://doi.org/10. 1007/978-3-319-52240-1 6
Hirschi, L., Schmid, L., Basin, D.: Fixing the achilles heel of e-voting: the bulletin board. In: 34th IEEE Computer Security Foundations Symposium, CSF 2021, Dubrovnik, Croatia, 21–25 June 2021, pp. 1–17. IEEE (2021)
Pereira, O.: Individual verifiability and Revoting in the Estonian internet voting system. IACR Cryptology ePrint Archive, p. 1098 (2021)
Pfitzmann, B.: Breaking an efficient anonymous channel. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 332–340. Springer, Heidelberg (1995). https://doi.org/10.1007/BFb0053448
Pfitzmann, B., Pfitzmann, A.: How to break the direct RSA-implementation of mixes. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 373–381. Springer, Heidelberg (1990). https://doi.org/10.1007/3-540-46885-4 37
Schnorr, C.P.: Efficient identification and signatures for smart cards. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 688–689. Springer, Heidelberg (1990). https://doi.org/10.1007/3-540-46885-4 68
Springall, D., et al.: Security analysis of the Estonian internet voting system. In: Ahn, G.-J., Yung, M., Li, N. (eds.), Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, 3–7 November 2014, pp. 703–715. ACM (2014)
Valimised. https://rk2019.valimised.ee/en/voting-result/voting-result-main.html. Accessed 23 Aug 2021
Valimised. https://www.valimised.ee/en/internet-voting/documents-about-intern et-voting. Accessed 23 Aug 2021
Verificatum Mix Net (VMN). https://www.verificatum.org/html/product vmn. html
