Abstract
Cast-as-intended verification seeks to prove to a voter that their vote was cast according to their intent. In case ballot casting is made remotely through a voting client, one of the most important dangers a designer faces are malicious voting clients (e.g. infected by a malware), which may change the voter’s selections. A previous approach for achieving cast-as-intended verification in this setting uses the so-called Return Codes. These allow a voter to check whether their voting options were correctly received by the ballot server, while keeping these choices private. An essential ingredient of this approach is a mechanism that allows a voter to discard a vote that does not represent their intent. This is usually solved using multiple voting, namely, if the return codes received by the voter do not match their choices, they cast a new vote. However, what happens if voters are not allowed to cast more than one ballot (aka single vote casting)? In this paper we propose a simple ballot casting protocol, using return codes, for allowing a voter to verify votes in a single vote casting election. We do so without significantly impacting the number of operations in the client side. This voting protocol has been implemented in a binding election in the Swiss canton of Neuchâtel in March 2015, and will be the canton’s new voting platform.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
For example, the risk of voter coercion or vote selling in Switzerland is assumed to be affordable given the fact that many voters already use the postal channel.
- 2.
As usual, the terms “scheme” and “protocol” can be read interchangeably without much loss of precision.
- 3.
How this key is provided to the voting device in the Neuchâtel protocol is explained in Sect. 6.1.
- 4.
Note that \(sk_{c}\) is not considered to be divided in shares in this protocol. This is due to the fact that the secrets for computing the return codes (\(sk_{c}\) and \(sk_{\mathtt {id}}\)) belong to two different entities that are assumed not to collude for providing vote secrecy. However, distributing \(sk_{c}\) might be considered to weaken the trust assumptions.
- 5.
Notice that this is formally an encryption key pair, but it is being used here differently.
- 6.
As explained in Sect. 2, return codes have to be computed between two entities which are assumed not to collude, in order to ensure vote secrecy. In this implementation, the voting device computes a partial computation in the \(\mathsf {Vote}\) algorithm, while the voting server computes the final values in the \(\mathsf {ProcessBallot}\) algorithm.
- 7.
Since the voting device has only one chance to show the values to the voter, a brute force attack succeeds with probability at most \(10^{-4t}\) in changing the value of t voting choices without detection.
- 8.
The SHA-256 hash and the AES-128 symmetric encryption algorithms are used in the implementation made in Neuchâtel.
References
Crytographic key length recommendation (2015). http://www.keylength.com
Adida, B.: Helios: web-based open-audit voting. In: van Oorschot, P.C. (ed.) USENIX Security Symposium, pp. 335–348. USENIX Association, Berkeley (2008)
Adida, B., de Marneffe, O., Pereira, O.: Helios voting system. http://heliosvoting.org
Adida, B., de Marneffe, O., Pereira, O., Quisquater, J.J.: Electing a university president using open-audit voting: analysis of real-world use of Helios. In: Proceedings of the 2009 Conference on Electronic Voting Technology/Workshop on Trustworthy Elections (2009)
Adida, B., Neff, C.A.: Ballot casting assurance. In: Wallach, D.S., Rivest, R.L. (eds.) 2006 USENIX/ACCURATE Electronic Voting Technology Workshop, EVT 2006, Vancouver, BC, Canada, 1 August 2006. USENIX Association (2006)
Allepuz, J.P., Castelló, S.G.: Internet voting system with cast as intended verification. In: Kiayias, A., Lipmaa, H. (eds.) VoteID 2011. LNCS, vol. 7187, pp. 36–52. Springer, Heidelberg (2012)
Bellare, M.: New proofs for NMAC and HMAC: security without collision-resistance. Cryptology ePrint Archive, Report 2006/043 (2006)
Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of the 1st ACM Conference on Computer and Communications Security. CCS 1993, pp. 62–73. . ACM, New York (1993)
Benaloh, J.: Simple verifiable elections. In: Proceedings of the USENIX/Accurate Electronic Voting Technology Workshop 2006. EVT 2006, p. 5. USENIX Association, Berkeley (2006)
Bernhard, D., Pereira, O., Warinschi, B.: On necessary and sufficient conditions for private ballot submission. Cryptology ePrint Archive, Report 2012/236 (2012)
Chancellery, S.F.: Explications relatives à l’ordonnance de la chancellerie fédérale sur le vote électronique (OVotE) (2013). http://www.bk.admin.ch/themen/pore/evoting/07979
Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993)
El Gamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985)
Gerlach, J., Gasser, U.: Three case studies from Switzerland: E-voting (2009)
Gjøsteen, K.: Analysis of an internet voting protocol. Cryptology ePrint Archive, Report 2010/380 (2010)
Gjosteen, K.: The Norwegian internet voting protocol. Cryptology ePrint Archive, Report 2013/473 (2013)
Kripp, M.J., Volkamer, M., Grimm, R. (eds.): 5th International Conference on Electronic Voting 2012, (EVOTE 2012), Co-organized by the Council of Europe, Gesellschaft für Informatik and E-Voting.CC, 11–14 July 2012, Castle Hofen, Bregenz, Austria, LNI, vol. 205. GI (2012)
Lipmaa, H.: Two simple code-verification voting protocols. Cryptology ePrint Archive, Report 2011/317 (2011)
Malkhi, D., Margo, O.: E-voting without ‘Cryptography’. In: Blaze, Matt (ed.) FC 2002. LNCS, vol. 2357. Springer, Heidelberg (2003)
Neuchatel: Guichet unique citizen portal. https://www.guichetunique.ch/
Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)
Pinault, T., Courtade, P.: E-voting at expatriates’ MPs elections in France. In: Kripp et al. [17], pp. 189–195
Puigalli, J., Guasch, S.: Cast-as-intended verification in Norway. In: Kripp et al. [17], pp. 49–63
Rosen, A., Ta-shma, A., Riva, B., Ben-Nun, J.: Wombat voting. http://www.wombat-voting.com/
Sandler, D., Derr, K., Wallach, D.S.: Votebox: a tamper-evident, verifiable electronic voting system. In: van Oorschot, P.C. (ed.) USENIX Security Symposium, pp. 349–364. USENIX Association, Berkeley (2008)
Schnorr, C.: Efficient signature generation by smart cards. J. Cryptology 4(3), 161–174 (1991)
Acknowledgements
We are thankful to the comments and suggestions made by the anonymous reviewers.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Galindo, D., Guasch, S., Puiggalí, J. (2015). 2015 Neuchâtel’s Cast-as-Intended Verification Mechanism. In: Haenni, R., Koenig, R., Wikström, D. (eds) E-Voting and Identity. Vote-ID 2015. Lecture Notes in Computer Science(), vol 9269. Springer, Cham. https://doi.org/10.1007/978-3-319-22270-7_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-22270-7_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-22269-1
Online ISBN: 978-3-319-22270-7
eBook Packages: Computer ScienceComputer Science (R0)