E-Voting and Identify

Preventing the corruption of the voting platform is a major issue for any e-voting scheme. To address this, a number of recent protocols enable voters to validate the operation of their platform by utilizing a platform independent feedback: the voting system reaches out to the voter to convince her that the vote was cast as intended. This poses two major problems: first, the system should not learn the actual vote; second, the voter should be able to validate the system’s response without performing a mathematically complex protocol (we call this property “human verifiability”). Current solutions with convincing privacy guarantees suffer from trust scalability problems: either a small coalition of servers can entirely break privacy or the platform has a secret key which prevents the privacy from being breached. In this work we demonstrate how it is possible to provide better trust distribution without platform side secrets by increasing the number of feedback messages back to the voter. The main challenge of our approach is to maintain human verifiability: to solve this we provide new techniques that are based on either simple mathematical calculations or a novel visual cryptography technique that we call visual sharing of shape descriptions, which may be of independent interest.

In this work, the ballot counting process for one of the most complex electoral schemes used in the world, Proportional Representation by Single Transferable Vote (PR-STV), is mechanically formally modeled. The purpose of such a formalization is to generate, using an algorithm of our design, a complete set of non-isomorphic test cases per electoral scheme, once and for all. Using such a system test suite, any digital election technology (proprietary or open source) can be rigorously evaluated for correctness. Doing so will vastly improve the confidence experts have—and can only improve the level of trust citizens have—in these digital elections systems.

Mixnets are one of the main approaches to deploy secret and verifiable electronic elections. General-purpose verifiable mixnets however suffer from the drawback that the amount of data to be verified by observers increases linearly with the number of involved mix nodes, the number of decryptors, and the number of voters. Chase et al. proposed a verifiable mixnet at Eurocrypt 2012 based on so-called malleable proofs - proofs that do not increase with the number of mix nodes. In work published at PKC 2013, the same authors adapted malleable proofs to verifiable distributed decryption, resulting in a cryptographic voting scheme. As a result, the amount of data to be verified only increases linearly with the number of voters. However, their scheme leaves several questions open which we address in this paper: As a first contribution, we adapt a multi-party computation protocol to build a distributed key generation protocol for the encryption scheme underlying their voting scheme. As a second contribution, we decompress their abstract scheme description, identify elementary operations, and count the number of such operations required for mixing and verification. Based on timings for elementary operations, we extrapolate the running times of the mixing and verification processes, allowing us to assess the feasibility of their scheme. For the German case, we conclude that the replacement of postal voting by cryptographic voting based on malleable proofs is feasible on an electoral district level.