Election Verifiability in Receipt-Free Voting Protocols

electronic-voting,-verifiability,-verification; Electronic voting; Electronic-voting,-verifiability,-verification; Receipt-free; Receipt-freeness; Security protocols; Verifiability; Voting protocols

Abstract :

[en] Electronic voting is a prominent example of conflicting requirements in security protocols, as the triad of privacy, verifiability and usability is essential for their deployment in practice. Receipt-freeness is a particularly strong notion of privacy, stating that it should be preserved even if voters cooperate with the adversary. While there are impossibility results showing we cannot have receipt-freeness and verifiability at the same time, there are several protocols that aim to achieve both, based on carefully devised trust assumptions. To evaluate their security, we propose a general symbolic definition of election verifiability, extending the state of the art to capture the more complex structure of receipt-free protocols. We apply this definition to analyse, using ProVerif, recent protocols with promising practical features: BeleniosRF and several variants of Selene. Against BeleniosRF, we find several attacks showing that verifiability in Belenios does indeed suffer from the attempt to introduce receipt-freeness. On the other hand, Selene satisfies a weaker notion of receipt-freeness, but we show that it satisfies verifiability in stronger corruption scenarios. We introduce a general frame-work to compare the verifiability of these protocols in various corruption scenarios and conclude with an analysis of SeleneRF, an attempt to get the best of both that we formalise in this paper. In addition to extending the symbolic model, our results point to foundational gaps in current cryptographic models for election verifiability, as they fail to uncover attacks that we do.

Disciplines :

Computer science

Author, co-author :

BALOGLU, Sevdenur ; University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS)

BURSUC, Sergiu ; University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS)

MAUW, Sjouke ; University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS)

PANG, Jun ; University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS)

External co-authors :

yes

Language :

English

Title :

Election Verifiability in Receipt-Free Voting Protocols

Publication date :

2023

Event name :

2023 IEEE 36th Computer Security Foundations Symposium (CSF)

Event place :

Haifa, Israel

Event date :

09-07-2023 => 13-07-2023

Audience :

International

Main work title :

Proceedings of the 36th Computer Security Foundations Symposium (CSF 2023)

Publisher :

IEEE Computer Society

ISBN/EAN :

9798350321920

Pages :

59-74

Peer reviewed :

Peer reviewed

Additional URL :

http://xplorestaging.ieee.org/ielx7/10221891/10221870/10221876.pdf?arnumber=10221876

FnR Project :

FNR11747298 - Secure, Usable And Robust Cryptographic Voting Systems, 2017 (01/08/2018-31/07/2022) - Peter Y. A. Ryan

Funding text :

This work was supported by the Luxembourg National Research Fund (FNR) and the Research Council of Norway for the joint INTER project SURCVS, ref. 11747298.

Available on ORBilu :

since 02 February 2024

Statistics

Number of views

117 (5 by Unilu)

Number of downloads

89 (1 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

OpenAlex citations

WoS citations^™

Bibliography

Additional material: specifications in ProVerif. https://github.com/ sbaloglu/proverif-codes.
Belenios - Verifiable online voting system. https://belenios.org/.
Helios - Verifiable online elections. https://heliosvoting.org/.
Ben Adida. Helios: Web-based open-audit voting. In 17th USENIX Security Symposium, July 28-August 1, 2008, San Jose, CA, USA, pages 335-348, 2008.
Michael Backes, Ctlin Hrit,cu, and Matteo Maffei. Automated verification of remote electronic voting protocols in the applied pi-calculus. In Proceedings of the 21st IEEE Computer Security Foundations Symposium, Pittsburgh, Pennsylvania, USA, 23-25 June 2008, pages 195-209. IEEE Computer Society, 2008.
Sevdenur Baloglu, Sergiu Bursuc, Sjouke Mauw, and Jun Pang. Election verifiability revisited: Automated security proofs and attacks on Helios and Belenios. In 34th IEEE Computer Security Foundations Symposium, CSF 2021, Dubrovnik, Croatia, June 21-25, 2021, pages 1-15. IEEE, 2021.
Josh Benaloh. Simple verifiable elections. In Dan S. Wallach and Ronald L. Rivest, editors, 2006 USENIX/ACCURATE Electronic Voting Technology Workshop, EVT'06, Vancouver, BC, Canada, August 1, 2006. USENIX Association, 2006.
David Bernhard, Véronique Cortier, David Galindo, Olivier Pereira, and Bogdan Warinschi. SoK: A comprehensive analysis of game-based ballot privacy definitions. In 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, May 17-21, 2015, pages 499-516. IEEE Computer Society, 2015.
Bruno Blanchet. Modeling and verifying security protocols with the applied pi calculus and ProVerif. Foundations and Trends in Privacy and Security, 1(1-2):1-135, 2016.
Olivier Blazy, Georg Fuchsbauer, David Pointcheval, and Damien Vergnaud. Signatures on randomizable ciphertexts. In Dario Catalano, Nelly Fazio, Rosario Gennaro, and Antonio Nicolosi, editors, Public Key Cryptography - PKC 2011 - 14th International Conference on Practice and Theory in Public Key Cryptography, Taormina, Italy, March 6-9, 2011. Proceedings, volume 6571 of Lecture Notes in Computer Science, pages 403-422. Springer, 2011.
Alessandro Bruni, Eva Drewsen, and Carsten Schürmann. Towards a mechanized proof of Selene receipt-freeness and vote-privacy. In Robert Krimmer, Melanie Volkamer, Nadja Braun Binder, Norbert Kersting, Olivier Pereira, and Carsten Schürmann, editors, Electronic Voting - Second International Joint Conference, E-Vote-ID 2017, Bregenz, Austria, October 24-27, 2017, Proceedings, volume 10615 of Lecture Notes in Computer Science, pages 110-126. Springer, 2017.
Pyrros Chaidos, Véronique Cortier, Georg Fuchsbauer, and David Galindo. BeleniosRF: A non-interactive receipt-free electronic voting scheme. In 23rd ACM Conference on Computer and Communications Security (CCS'16), pages 1614-1625, Vienna, Austria, October 2016. ACM.
David L. Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM, 24(2):84-90, feb 1981.
Benoît Chevallier-Mames, Pierre-Alain Fouque, David Pointcheval, Julien Stern, and Jacques Traoré. On some incompatible properties of voting schemes. In David Chaum, Markus Jakobsson, Ronald L. Rivest, Peter Y. A. Ryan, Josh Benaloh, Miroslaw Kutylowski, and Ben Adida, editors, Towards Trustworthy Elections, New Directions in Electronic Voting, volume 6000 of Lecture Notes in Computer Science, pages 191- 199. Springer, 2010.
Michael R. Clarkson, Stephen Chong, and Andrew C. Myers. Civitas: Toward a secure voting system. In 2008 IEEE Symposium on Security and Privacy (S&P 2008), 18-21 May 2008, Oakland, California, USA, pages 354-368, 2008.
Véronique Cortier, Constantin C t lin Dr gan, Francois Dupressoir, Benedikt Schmidt, Pierre-Yves Strub, and Bogdan Warinschi. Machinechecked proofs of privacy for electronic voting protocols. In IEEE Symposium on Security and Privacy, pages 993-1008, 2017.
Véronique Cortier, Constantin C t lin Dr gan, Francois Dupressoir, and Bogdan Warinschi. Machine-checked proofs for electronic voting: Privacy and verifiability for Belenios. In 31st IEEE Computer Security Foundations Symposium, Oxford, United Kingdom, July 9-12, 2018, pages 298-312. IEEE Computer Society, 2018.
Véronique Cortier, Alicia Filipiak, and Joseph Lallemand. BeleniosVS: Secrecy and verifiability against a corrupted voting device. In 32nd IEEE Computer Security Foundations Symposium, Hoboken, NJ, USA, June 25-28, 2019, pages 367-381, 2019.
Véronique Cortier, David Galindo, Stéphane Glondu, and Malika Izabachene. Election verifiability for Helios under weaker trust assumptions. In ESORICS - European Symposium on Research in Computer Security, pages 327-344. Springer International Publishing, 2014.
Véronique Cortier, David Galindo, Ralf Küsters, Johannes Müller, and Tomasz Truderung. SoK: Verifiability notions for e-voting protocols. In IEEE Symposium on Security and Privacy, SP 2016, San Jose, CA, USA, May 22-26, 2016, pages 779-798. IEEE Computer Society, 2016.
Véronique Cortier, Pierrick Gaudry, and Stéphane Glondu. Belenios: A simple private and verifiable electronic voting system. In Joshua D. Guttman, Carl E. Landwehr, José Meseguer, and Dusko Pavlovic, editors, Foundations of Security, Protocols, and Equational Reasoning - Essays Dedicated to Catherine A. Meadows, volume 11565 of Lecture Notes in Computer Science, pages 214-238. Springer, 2019.
Véronique Cortier, Niklas Grimm, Joseph Lallemand, and Matteo Maffei. A type system for privacy properties. In Bhavani M. Thuraisingham, David Evans, Tal Malkin, and Dongyan Xu, editors, Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, October 30 - November 03, 2017, pages 409-423. ACM, 2017.
Véronique Cortier, Joseph Lallemand, and Bogdan Warinschi. Fifty shades of ballot privacy: Privacy against a malicious board. In 33rd IEEE Computer Security Foundations Symposium, CSF 2020, Boston, MA, USA, June 22-26, 2020, pages 17-32. IEEE, 2020.
Véronique Cortier and Ben Smyth. Attacking and fixing Helios: An analysis of ballot secrecy. In Proceedings of the 24th IEEE Computer Security Foundations Symposium, CSF 2011, Cernay-la-Ville, France, 27-29 June, 2011, pages 297-311. IEEE Computer Society, 2011.
Stéphanie Delaune, Steve Kremer, and Mark Ryan. Verifying privacytype properties of electronic voting protocols. J. Comput. Secur., 17(4):435-487, 2009.
Jens Groth and Amit Sahai. Efficient non-interactive proof systems for bilinear groups. In Nigel P. Smart, editor, Advances in Cryptology - EUROCRYPT 2008, 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Istanbul, Turkey, April 13-17, 2008. Proceedings, volume 4965 of Lecture Notes in Computer Science, pages 415-432. Springer, 2008.
Ari Juels, Dario Catalano, and Markus Jakobsson. Coercion-resistant electronic elections. In Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society, WPES 2005, Alexandria, VA, USA, November 7, 2005, pages 61-70, 2005.
Steve Kremer, Mark Ryan, and Ben Smyth. Election verifiability in electronic voting protocols. In Dimitris Gritzalis, Bart Preneel, and Marianthi Theoharidou, editors, Computer Security - ESORICS 2010, 15th European Symposium on Research in Computer Security, Athens, Greece, September 20-22, 2010. Proceedings, volume 6345 of Lecture Notes in Computer Science, pages 389-404. Springer, 2010.
Ralf Küsters, Tomasz Truderung, and Andreas Vogt. Verifiability, privacy, and coercion-resistance: New insights from a case study. In 32nd IEEE Symposium on Security and Privacy, S&P 2011, 22-25 May 2011, Berkeley, California, USA, pages 538-553. IEEE Computer Society, 2011.
Ralf Küsters, Tomasz Truderung, and Andreas Vogt. Clash attacks on the verifiability of e-voting systems. In Proceedings of the 33rd IEEE Symposium on Security and Privacy, 21-23 May 2012, San Francisco, California, USA, pages 395-409. IEEE Computer Society, 2012.
Karola Marky, Oksana Kulyk, Karen Renaud, and Melanie Volkamer. What did I really vote for? On the usability of verifiable e-voting schemes, page 1-13. Association for Computing Machinery, New York, NY, USA, 2018.
C. Andrew Neff. A verifiable secret shuffle and its application to evoting. In CCS 2001, ACM Conference on Computer and Communications Security, pages 116-125, 2001.
Olivier Pereira and Dan S. Wallach. Clash attacks and the STAR-Vote system. In Robert Krimmer, Melanie Volkamer, Nadja Braun Binder, Norbert Kersting, Olivier Pereira, and Carsten Schürmann, editors, Electronic Voting - Second International Joint Conference, E-Vote-ID 2017, Bregenz, Austria, October 24-27, 2017, Proceedings, volume 10615 of Lecture Notes in Computer Science, pages 228-247. Springer, 2017.
Peter Y. A. Ryan, Peter B. Roenne, and Simon Rastikian. Hyperion: An enhanced version of the Selene end-to-end verifiable voting scheme. In Sixth International Joint Conference on Electronic Voting E-Vote-ID. University of Tartu Press, 2021.
Peter Y. A. Ryan, Peter B. Ronne, and Vincenzo Iovino. Selene: Voting with transparent verifiability and coercion-mitigation. In Financial Cryptography and Data Security - FC 2016 International Workshops, BITCOIN, VOTING, and WAHC, Christ Church, Barbados, February 26, 2016, Revised Selected Papers, volume 9604 of Lecture Notes in Computer Science, pages 176-192. Springer, 2016.