Protocols for e-Voting Systems

Vienna.
The next speaker at EDEM 2009 is Lucie Langer, who presents a new protocol for secure online elections that emerged from the German Voteremote project (for non-parliamentary, non-political voting). Key requirements in this context are security, democracy, accuracy, fairness, and verifiability (for individual voters and at a universal level), of course; in addition, the system must be free of receipts which can be used by the voter to document how they voted (and thus could be used by them to sell their vote), and resistant to voter coercion. Further, of course, the system needs to be scalable, robust, and easy to use.

This creates a difficult balancing act between security and usability: secure systems involve complex mechanisms for ensuring that security, while easy-to-use systems tend to be much more insecure. Voteremote aimed to meet the basic security requirements, but wanted to use only standard priitives to enable an efficient implementation of the security protocol; it also needed to avoid standard unattainable assumptions like 'untappable channels' which ensure that no information is leaked anywhere at all - this is simply not achievable in everyday use.

The election scenario assumed in this project here was a non-political, low-coercion environment in which there were only reasonable adversaries to the integrity of the voting process (i.e. no omnipotent adversaries able to control the entire communications environment). The system assumed secure communication using TLS/SSL, and the use of trusted public key infrastructure (PKI), with blind signatures (i.e. a signature which does not allow the signer to see what they are signing and which does not imprint the voter signature on the actual vote itself); it also used a mixer functionality which shuffled the order of incoming votes and a bulletin board for coordination.

Actors in this system, then, are the voters the trusted validator, the trusted or verifiable mixer, the trusted bulletin board, and the verifiable tallier - through the bulletin board, the electoral rolls are made available, the voter completes the ballot, blind-signs it, and passes this on to the validator who checks the voter against the electoral roll, and then also blind-signs the ballot; the ballot is then passed back to the voter who can check the validator's authority as well. This is then encrypted and returned to the bulletin board; from here, votes are passed to the mixer for shuffling, and finally passed on to the tallier for counting.

This protocol satisfies the requirements of secrecy, democracy, accuracy, and fairness; there is universal verifiability if a verifiable mixer is used, and users can check that their vote has been included in the tally, so individual verifiability is assured as well. Receipt-freeness is given if the voter is not privy to the random seed numbers used in the probabilistic encryption process, and if a reliable signature scheme is used. Coercion-resistance remains outside of this project.

In terms of signatures, if probabilistic signatures are used, individual verifiability is achieved, but receipt-freeness is not; if deterministic signatures are used, receipt-freeness is achieved, but individual verifiability is not. This presents a choice of what is a more important aim in the specific election scenario. So, the project meets the basic security requirements, even while using only basic primitives; more complex primitives would be needed to reconcile recept-freeness and individual verifiability as well as achieve coercion-resistance.

Technorati : EDEM 2009, e-voting, elections, encryption, security, systems
Del.icio.us : EDEM 2009, e-voting, elections, encryption, security, systems