Scalable Coercion-Resistant E-Voting under Weaker Trust Assumptions

Haines, Thomas; MUELLER, Johannes; Querejeta-Azurmendi, Inigo

doi:10.1145/3555776.3578730

Download

Paper published in a journal (Scientific congresses, symposiums and conference proceedings)

Scalable Coercion-Resistant E-Voting under Weaker Trust Assumptions

Haines, Thomas; MUELLER, Johannes; Querejeta-Azurmendi, Inigo

2023 • In Proceedings of ACM SAC Conference (SAC'23)

Peer reviewed

Permalink
https://hdl.handle.net/10993/54382

DOI
10.1145/3555776.3578730

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

main.pdf

Author postprint (515.9 kB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

Electronic Voting; Verifiability; Privacy; Coercion-resistance

Abstract :

[en] Electronic voting (e-voting) is regularly used in many countries and organizations for legally binding elections. In order to conduct such elections securely, numerous e-voting systems have been proposed over the last few decades. Notably, some of these systems were designed to provide coercion-resistance. This property protects against potential adversaries trying to swing an election by coercing voters. Despite the multitude of existing coercion-resistant e-voting systems, to date, only few of them can handle large-scale Internet elections efficiently. One of these systems, VoteAgain (USENIX Security 2020), was originally claimed secure under similar trust assumptions to state-of-the-art e-voting systems without coercion-resistance. In this work, we review VoteAgain's security properties. We discover that, unlike originally claimed, VoteAgain is no more secure than a trivial voting system with a completely trusted election authority. In order to mitigate this issue, we propose a variant of VoteAgain which effectively mitigates trust on the election authorities and, at the same time, preserves VoteAgain's usability and efficiency. Altogether, our findings bring the state of science one step closer to the goal of scalable coercion-resistant e-voting being secure under reasonable trust assumptions.

Research center :

- Interdisciplinary Centre for Security, Reliability and Trust (SnT) > APSIA - Applied Security and Information Assurance

Disciplines :

Computer science

Author, co-author :

Haines, Thomas

MUELLER, Johannes ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > APSIA

Querejeta-Azurmendi, Inigo

External co-authors :

yes

Language :

English

Title :

Scalable Coercion-Resistant E-Voting under Weaker Trust Assumptions

Publication date :

2023

Event name :

ACM SAC Conference

Event date :

from 27-03-2023 to 02-04-2023

Journal title :

Proceedings of ACM SAC Conference (SAC'23)

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

FnR Project :

FNR14698166 - Future-proofing Privacy In Secure Electronic Voting, 2020 (01/01/2021-31/12/2023) - Johannes Mueller

Funders :

FNR - Fonds National de la Recherche

Available on ORBilu :

since 12 February 2023

Statistics

Number of views

75 (5 by Unilu)

Number of downloads

343 (12 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenAlex citations

Bibliography

Roberto Araujo, Amira Barki, Solenn Brunet, and Jacques Traoré. 2016. Remote Electronic Voting Can Be Efficient, Verifiable and Coercion-Resistant. In Financial Cryptography and Data Security-FC 2016 International Workshops, BITCOIN, VOTING, and WAHC, Revised Selected Papers (Lecture Notes in Computer Science), Vol. 9604. Springer, 224-232. https://doi.org/10.1007/978-3-662-53357-4-15
Michael Backes, Martin Gagné, and Malte Skoruppa. 2013. Using mobile device communication to strengthen e-Voting protocols. In Proceedings of the 12th annual ACM Workshop on Privacy in the Electronic Society, WPES 2013. ACM, 237-242. https://doi.org/10.1145/2517840.2517863
Stephanie Bayer and Jens Groth. 2012. Efficient Zero-Knowledge Argument for Correctness of a Shuffle. In Advances in Cryptology-EUROCRYPT 2012 (Lecture Notes in Computer Science), Vol. 7237. Springer, 263-280.
David Bernhard, Véronique Cortier, David Galindo, Olivier Pereira, and Bogdan Warinschi. 2015. SoK: A Comprehensive Analysis of Game-Based Ballot Privacy Definitions. In 2015 IEEE Symposium on Security and Privacy, SP 2015. 499-516.
Pyrros Chaidos, Véronique Cortier, Georg Fuchsbauer, and David Galindo. 2016. BeleniosRF: A Non-interactive Receipt-Free Electronic Voting Scheme. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. 1614-1625.
Jeremy Clark and Urs Hengartner. 2011. Selections: Internet Voting with Overthe-Shoulder Coercion-Resistance. In Financial Cryptography and Data Security-15th International Conference, FC 2011, Revised Selected Papers (Lecture Notes in Computer Science), Vol. 7035. Springer, 47-61. https://doi.org/10.1007/ 978-3-642-27576-0-4
Michael R. Clarkson, Stephen Chong, and Andrew C. Myers. 2008. Civitas: Toward a Secure Voting System. In 2008 IEEE Symposium on Security and Privacy (S&P 2008). IEEE Computer Society, 354-368. https://doi.org/10.1109/SP.2008.32
Véronique Cortier, David Galindo, Ralf Küsters, Johannes Müller, and Tomasz Truderung. 2016. SoK: Verifiability Notions for E-Voting Protocols. In IEEE Symposium on Security and Privacy, SP 2016. 779-798.
Véronique Cortier, Pierrick Gaudry, and Stéphane Glondu. 2019. Belenios: A Simple Private and Verifiable Electronic Voting System. In Foundations of Security, Protocols, and Equational Reasoning-Essays Dedicated to Catherine A. Meadows (Lecture Notes in Computer Science), Vol. 11565. Springer, 214-238. https://doi. org/10.1007/978-3-030-19052-1-14
Véronique Cortier and Joseph Lallemand. [n. d.]. Voting: You Can't Have Privacy without Individual Verifiability. In ACM Conference on Computer and Communications Security 2018. ACM, 53-66.
Chris Culnane and Steve A. Schneider. 2014. A Peered Bulletin Board for Robust Use in Verifiable Voting Systems. In IEEE 27th Computer Security Foundations Symposium, CSF, 2014. 169-183.
Aleksander Essex, Jeremy Clark, and Urs Hengartner. 2012. Cobra: Toward Concurrent Ballot Authorization for Internet Voting. In 2012 Electronic Voting Technology Workshop / Workshop on Trustworthy Elections, EVT/WOTE '12, 2012. USENIX Association. https://www.usenix.org/conference/evtwote12/workshop-program/ presentation/essex
Taher El Gamal. 1984. A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. In Advances in Cryptology, Proceedings of CRYPTO '84. 10-18.
Gurchetan S. Grewal, Mark Dermot Ryan, Sergiu Bursuc, and Peter Y. A. Ryan. 2013. Caveat Coercitor: Coercion-Evidence in Electronic Voting. In 2013 IEEE Symposium on Security and Privacy, SP 2013. IEEE Computer Society, 367-381. https://doi.org/10.1109/SP.2013.32
Thomas Haines, Sarah Jamie Lewis, Olivier Pereira, and Vanessa Teague. 2020. How Not to Prove Your Election Outcome. In 2020 IEEE Symposium on Security and Privacy, SP 2020. IEEE, 644-660. https://doi.org/10.1109/SP40000.2020.00048
Thomas Haines and Johannes Müller. 2020. How not to VoteAgain: Pitfalls of Scalable Coercion-Resistant E-Voting. IACR Cryptol. ePrint Arch. (2020), 1406. https://eprint.iacr.org/2020/1406
Sven Heiberg, Tarvi Martens, Priit Vinkel, and Jan Willemson. 2016. Improving the Verifiability of the Estonian Internet Voting Scheme. In Electronic Voting-First International Joint Conference, E-Vote-ID 2016, Proceedings (Lecture Notes in Computer Science), Vol. 10141. Springer, 92-107. https://doi.org/10.1007/ 978-3-319-52240-1-6
Lucca Hirschi, Lara Schmid, and David A. Basin. 2021. Fixing the Achilles Heel of E-Voting: The Bulletin Board. In 34th IEEE Computer Security Foundations Symposium, CSF 2021. IEEE, 1-17. https://doi.org/10.1109/CSF51468.2021.00016
Aggelos Kiayias, Annabell Kuldmaa, Helger Lipmaa, Janno Siim, and Thomas Zacharias. 2018. On the Security Properties of e-Voting Bulletin Boards. In Security and Cryptography for Networks-11th International Conference, SCN 2018, Proceedings. 505-523.
Aggelos Kiayias, Thomas Zacharias, and Bingsheng Zhang. 2015. End-to-End Verifiable Elections in the Standard Model. In Advances in Cryptology-EUROCRYPT 2015, Proceedings, Part II (Lecture Notes in Computer Science), Vol. 9057. Springer, 468-498. https://doi.org/10.1007/978-3-662-46803-6-16
Oksana Kulyk and Stephan Neumann. 2020. Human Factors in Coercion Resistant Internet Voting-A Review of Existing Solutions and Open Challenges. In Electronic Voting-5th International Joint Conference, E-Vote-ID 2020.
Oksana Kulyk, Vanessa Teague, and Melanie Volkamer. 2015. Extending Helios Towards Private Eligibility Verifiability. In E-Voting and Identity-5th International Conference, VoteID 2015, Proceedings (Lecture Notes in Computer Science), Vol. 9269. Springer, 57-73. https://doi.org/10.1007/978-3-319-22270-7-4
Ralf Küsters and Johannes Müller. 2017. Cryptographic Security Analysis of E-voting Systems: Achievements, Misconceptions, and Limitations. In Electronic Voting-Second International Joint Conference, E-Vote-ID 2017, Proceedings (Lecture Notes in Computer Science), Vol. 10615. Springer, 21-41. https://doi.org/10.1007/ 978-3-319-68687-5-2
Ralf Küsters, Tomasz Truderung, and Andreas Vogt. 2011. Verifiability, Privacy, and Coercion-Resistance: New Insights from a Case Study. In 32nd IEEE Symposium on Security and Privacy, S&P 2011. 538-553.
Wouter Lueks, Iñigo Querejeta-Azurmendi, and Carmela Troncoso. 2020. VoteAgain: A Scalable Coercion-Resistant Voting System. In 29th USENIX Security Symposium, USENIX Security 2020. USENIX Association, 1553-1570. https: //www.usenix.org/conference/usenixsecurity20/presentation/lueks
André Silva Neto, Matheus Leite, Roberto Araujo, Marcelle Pereira Mota, Nelson Cruz Sampaio Neto, and Jacques Traoré. 2018. Usability Considerations For Coercion-Resistant Election Systems. In Proceedings of the 17th Brazilian Symposium on Human Factors in Computing Systems, IHC 2018. ACM, 40:1-40:10. https://doi.org/10.1145/3274192.3274232
UN Committee on Human Rights. 1996. General Comment 25 of the Human Rights Committee. (1996). https://www.ohchr.org/en/elections
Kim Ramchen, Chris Culnane, Olivier Pereira, and Vanessa Teague. 2019. Universally Verifiable MPC and IRV Ballot Counting. In Financial Cryptography and Data Security-23rd International Conference, FC 2019, Revised Selected Papers (Lecture Notes in Computer Science), Vol. 11598. Springer, 301-319. https: //doi.org/10.1007/978-3-030-32101-7-19
Peter Y. A. Ryan, Peter B. Rønne, and Vincenzo Iovino. 2016. Selene: Voting with Transparent Verifiability and Coercion-Mitigation. In Financial Cryptography and Data Security-FC 2016 International Workshops, BITCOIN, VOTING, and WAHC, Revised Selected Papers (Lecture Notes in Computer Science), Vol. 9604. Springer, 176-192. https://doi.org/10.1007/978-3-662-53357-4-12
Michael A. Specter and J. Alex Halderman. 2021. Security Analysis of the Democracy Live Online Voting System. In 30th USENIX Security Symposium, USENIX Security 2021. USENIX Association.
Michael A. Specter, James Koppel, and Daniel J. Weitzner. 2020. The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections. In 29th USENIX Security Symposium, USENIX Security 2020. USENIX Association, 1535-1553. https://www.usenix.org/conference/usenixsecurity20/presentation/specter
Roland Wen and Richard Buckland. 2009. Masked Ballot Voting for Receipt-Free Online Elections. In E-Voting and Identity, Second International Conference, VoteID 2009, Proceedings (Lecture Notes in Computer Science), Vol. 5767. Springer, 18-36.