Abstract
The Prêt à Voter cryptographic voting system was designed to be flexible and to offer voters a familiar and easy voting experience. In this article, we present our development of the Prêt à Voter design to a practical implementation used in a real state election in November 2014, called vVote. As well as solving practical engineering challenges, we have also had to tailor the system to the idiosyncrasies of elections in the Australian state of Victoria and the requirements of the Victorian Electoral Commission. This article includes general background, user experience, and details of the cryptographic protocols and human processes. We explain the problems, present solutions, then analyze their security properties and explain how they tie in to other design decisions.
- Susan Bell, Josh Benaloh, Michael D. Byrne, Dana DeBeauvoir, Bryce Eakin, Gail Fisher, Philip Kortum, Neal McBurnett, Julian Montoya, Michelle Parker, Olivier Pereira, Philip B. Stark, Dan S. Wallach, and Michael Winn. 2013. STAR-Vote: A secure, transparent, auditable, and reliable voting star-vote: A secure, transparent, auditable, and reliable voting system. USENIX Journal of Election Technology and Systems (JETS) 1, 1 (August 2013).Google Scholar
- Jonathan Ben-Nun, Niko Fahri, Morgan Llewellyn, Ben Riva, Alon Rosen, Amnon Ta-Shma, and Douglas Wikström. 2012. A new implementation of a dual (paper and cryptographic) voting system. In Proceedings of the 5th International Conference on Electronic Voting (EVOTE’12).Google Scholar
- Josh Benaloh. 2006. Simple verifiable elections. In Proceedings of the 1st USENIXAccurate Electronic Voting Technology Workshop. Google ScholarDigital Library
- Josh Benaloh and Eric Lazarus. 2011. The Trash Attack: An Attack on Verifiable Voting Systems and a Simple Mitigation. Technical Report MSR-TR-2011-115. Microsoft.Google Scholar
- Josh Benaloh, Tal Moran, Lee Naish, Kim Ramchen, and Vanessa Teague. 2009. Shuffle-sum: Coercion-resistant verifiable tallying for STV voting. IEEE Transactions on Information Forensics and Security 4, 4 (2009), 685--698. Google ScholarDigital Library
- Craig Burton, Chris Culnane, James Heather, Thea Peacock, Peter Y. A. Ryan, Steve Schneider, Sriramkrishnan Srinivasan, Vanessa Teague, Roland Wen, and Zhe Xia. 2012b. Using Prêt à Voter in Victorian State elections. In Proceedings of the Electronic Voting Technology Workshop/Workshop on Trustworthy Elections. Google ScholarDigital Library
- Craig Burton, Chris Culnane, James Heather, Thea Peacock, Peter Y. A. Ryan, Steve Schneider, Sriramkrishnan Srinivasan, and Zhe Xia. 2012a. A supervised verifiable voting protocol for the Victorian Electoral Commission. In Proceedings of the 5th International Conference on Electronic Voting.Google Scholar
- Richard Carback, David Chaum, Jeremy Clark, John Conway, Aleksander Essex, Paul S. Herrnson, Travis Mayberry, Stefan Popoveniuc, Ronald L. Rivest, Emily Shen, Alan T. Sherman, and Poorvi L. Vora. 2010. Scantegrity II municipal election at Takoma Park: The first E2E binding governmental election with ballot privacy. In Proceedings of USENIX Security. Google ScholarDigital Library
- David Chaum, Benjamin Hosp, Stefan Popoveniuc, and Poorvi L. Vora. 2009. Accessible voter-verifiability. Cryptologia 33, 3 (2009), 283--291. Google ScholarDigital Library
- Chris Culnane, James Heather, Rui Joaquim, Peter Y. A. Ryan, Steve Schneider, and Vanessa Teague. 2013. Faster print on demand for Prêt à Voter. USENIX Journal of Election Technology and Systems 2, 1 (2013).Google Scholar
- Chris Culnane and Steve Schneider. 2014. A peered bulletin board for robust use in verifiable voting systems. In Proceedings of the IEEE Computer Security Foundations Symposium. Google ScholarDigital Library
- Chris Culnane, Steve Schneider, Peter Y. A. Ryan, and Vanessa Teague. 2014. vVote: A verifiable voting system. ArXiV eprint: arXiv:1404.6822.Google Scholar
- Roberto Di Cosmo. 2007. On Privacy and Anonymity in Electronic and Non Electronic Voting: The Ballot-as-Signature Attack. Retrieved from http://hal.archives-ouvertes.fr/hal-00142440/en/.Google Scholar
- Jun Furukawa and Kazue Sako. 2001. An efficient scheme for proving a shuffle. In Proceedings of CRYPTO 2001. Springer, 368--387. Google ScholarDigital Library
- Marcin Gogolewski, Marek Klonowski, Przemyslaw Kubiak, Miroslaw Kutylowski, Anna Lauks, and Filip Zagórski. 2006. Kleptographic attacks on e-voting schemes. In Proceedigns of the International Conference on Emerging Trends in Information and Communication Security. 494--508. Google ScholarDigital Library
- James Heather. 2007. Implementing STV securely in Prêt à Voter. In Proceedings of the IEEE Computer Security Foundations Symposium. 157--169. Google ScholarDigital Library
- Markus Jakobsson, Ari Juels, and Ronald Rivest. 2002. Making mix nets robust for electronic voting by randomized partial checking. In Proceedings of the USENIX Security Symposium. 339--353. Google ScholarDigital Library
- John Kelsey, Andrew Regenscheid, Tal Moran, and David Chaum. 2010. Attacking paper-based E2E voting systems. In Towards Trustworthy Elections. Springer Berlin Heidelberg, 370--387. Google ScholarDigital Library
- Shahram Khazaei and Douglas Wikström. 2013. Randomized partial checking revisited. In Topics in Cryptology, CT-RSA 2013. Springer, 115--128. Google ScholarDigital Library
- R. Küsters, T. Truderung, and A. Vogt. 2012. Clash attacks on the verifiability of e-voting systems. In Proceedings of the IEEE Symposium on Security and Privacy (S&P 2012). IEEE Computer Society, 395--409. Google ScholarDigital Library
- Thomas R. Magrino, Ronald L. Rivest, Emily Shen, and David Wagner. 2011. Computing the margin of victory in IRV elections. In Proceedings of the USENIX Accurate Electronic Voting Technology Workshop on Trustworthy Elections. Google ScholarDigital Library
- C. Andrew Neff. 2001. A verifiable secret shuffle and its application to e-voting. In Proceedings of the Conference on Computer and Communications Security. ACM, 116--125. Google ScholarDigital Library
- Ronald L. Rivest. 2008. On the notion of “software independence” in voting systems. Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences 366, 1881 (2008), 3759--3767.Google ScholarCross Ref
- Peter Y. A. Ryan, David Bismark, James Heather, Steve Schneider, and Zhe Xia. 2009. Prêt à Voter: A voter-verifiable voting system. IEEE Transactions on Information Forensics and Security 4, 4 (2009), 662--673. Google ScholarDigital Library
- Daniel R. Sandler, Kyle Derr, and Dan S. Wallach. 2008. VoteBox: A tamper-evident, verifiable electronic voting system. In Proceedings of the 17th USENIX. Google ScholarDigital Library
- Victorian Electoral Commission. 2007. Report to Parliament on the 2006 Victorian State Election. Retrieved from https://www.vec.vic.gov.au/files/ER-2006-TheVictorianStateelectionataglance.pdf.Google Scholar
- Douglas Wikström. 2012. Verificatum. Retrieved from http://www.verificatum.org/verificatum/.Google Scholar
- Adam L. Young and Moti Yung. 2004. Malicious Cryptography - Exposing Cryptovirology. Wiley. Google ScholarDigital Library
Index Terms
- vVote: A Verifiable Voting System
Recommendations
The complexity of losing voters
AAMAS '13: Proceedings of the 2013 international conference on Autonomous agents and multi-agent systemsWe consider the scenario of a parliament that is going to vote on a specific important issue. The voters are grouped in parties, and all voters of a party vote in the same way. The expected winner decision is known, because parties declare their ...
Distributed ElGamal à la Pedersen: Application to Helios
WPES '13: Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic societyReal-world elections often require threshold cryptosystems so that any t out of l trustees can proceed to tallying. This is needed to protect the confidentiality of the voters' votes against curious authorities (at least t+1 trustees must collude to ...
Election Verifiability for Helios under Weaker Trust Assumptions
Computer Security - ESORICS 2014AbstractMost electronic voting schemes aim at providing verifiability: voters should trust the result without having to rely on some authorities. Actually, even a prominent voting system like Helios cannot fully achieve verifiability since a dishonest ...
Comments