2015 Neuchâtel’s Cast-as-Intended Verification Mechanism

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9269)


Cast-as-intended verification seeks to prove to a voter that their vote was cast according to their intent. In case ballot casting is made remotely through a voting client, one of the most important dangers a designer faces are malicious voting clients (e.g. infected by a malware), which may change the voter’s selections. A previous approach for achieving cast-as-intended verification in this setting uses the so-called Return Codes. These allow a voter to check whether their voting options were correctly received by the ballot server, while keeping these choices private. An essential ingredient of this approach is a mechanism that allows a voter to discard a vote that does not represent their intent. This is usually solved using multiple voting, namely, if the return codes received by the voter do not match their choices, they cast a new vote. However, what happens if voters are not allowed to cast more than one ballot (aka single vote casting)? In this paper we propose a simple ballot casting protocol, using return codes, for allowing a voter to verify votes in a single vote casting election. We do so without significantly impacting the number of operations in the client side. This voting protocol has been implemented in a binding election in the Swiss canton of Neuchâtel in March 2015, and will be the canton’s new voting platform.


Electronic voting protocols Binding election Cast-as-intended verifiability Malicious voting client Return codes 



We are thankful to the comments and suggestions made by the anonymous reviewers.


  1. 1.
    Crytographic key length recommendation (2015). http://www.keylength.com
  2. 2.
    Adida, B.: Helios: web-based open-audit voting. In: van Oorschot, P.C. (ed.) USENIX Security Symposium, pp. 335–348. USENIX Association, Berkeley (2008)Google Scholar
  3. 3.
    Adida, B., de Marneffe, O., Pereira, O.: Helios voting system. http://heliosvoting.org
  4. 4.
    Adida, B., de Marneffe, O., Pereira, O., Quisquater, J.J.: Electing a university president using open-audit voting: analysis of real-world use of Helios. In: Proceedings of the 2009 Conference on Electronic Voting Technology/Workshop on Trustworthy Elections (2009)Google Scholar
  5. 5.
    Adida, B., Neff, C.A.: Ballot casting assurance. In: Wallach, D.S., Rivest, R.L. (eds.) 2006 USENIX/ACCURATE Electronic Voting Technology Workshop, EVT 2006, Vancouver, BC, Canada, 1 August 2006. USENIX Association (2006)Google Scholar
  6. 6.
    Allepuz, J.P., Castelló, S.G.: Internet voting system with cast as intended verification. In: Kiayias, A., Lipmaa, H. (eds.) VoteID 2011. LNCS, vol. 7187, pp. 36–52. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  7. 7.
    Bellare, M.: New proofs for NMAC and HMAC: security without collision-resistance. Cryptology ePrint Archive, Report 2006/043 (2006)Google Scholar
  8. 8.
    Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of the 1st ACM Conference on Computer and Communications Security. CCS 1993, pp. 62–73. . ACM, New York (1993)Google Scholar
  9. 9.
    Benaloh, J.: Simple verifiable elections. In: Proceedings of the USENIX/Accurate Electronic Voting Technology Workshop 2006. EVT 2006, p. 5. USENIX Association, Berkeley (2006)Google Scholar
  10. 10.
    Bernhard, D., Pereira, O., Warinschi, B.: On necessary and sufficient conditions for private ballot submission. Cryptology ePrint Archive, Report 2012/236 (2012)Google Scholar
  11. 11.
    Chancellery, S.F.: Explications relatives à l’ordonnance de la chancellerie fédérale sur le vote électronique (OVotE) (2013). http://www.bk.admin.ch/themen/pore/evoting/07979
  12. 12.
    Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993) Google Scholar
  13. 13.
    El Gamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985) CrossRefGoogle Scholar
  14. 14.
    Gerlach, J., Gasser, U.: Three case studies from Switzerland: E-voting (2009)Google Scholar
  15. 15.
    Gjøsteen, K.: Analysis of an internet voting protocol. Cryptology ePrint Archive, Report 2010/380 (2010)Google Scholar
  16. 16.
    Gjosteen, K.: The Norwegian internet voting protocol. Cryptology ePrint Archive, Report 2013/473 (2013)Google Scholar
  17. 17.
    Kripp, M.J., Volkamer, M., Grimm, R. (eds.): 5th International Conference on Electronic Voting 2012, (EVOTE 2012), Co-organized by the Council of Europe, Gesellschaft für Informatik and E-Voting.CC, 11–14 July 2012, Castle Hofen, Bregenz, Austria, LNI, vol. 205. GI (2012)Google Scholar
  18. 18.
    Lipmaa, H.: Two simple code-verification voting protocols. Cryptology ePrint Archive, Report 2011/317 (2011)Google Scholar
  19. 19.
    Malkhi, D., Margo, O.: E-voting without ‘Cryptography’. In: Blaze, Matt (ed.) FC 2002. LNCS, vol. 2357. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  20. 20.
    Neuchatel: Guichet unique citizen portal. https://www.guichetunique.ch/
  21. 21.
    Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992) Google Scholar
  22. 22.
    Pinault, T., Courtade, P.: E-voting at expatriates’ MPs elections in France. In: Kripp et al. [17], pp. 189–195Google Scholar
  23. 23.
    Puigalli, J., Guasch, S.: Cast-as-intended verification in Norway. In: Kripp et al. [17], pp. 49–63Google Scholar
  24. 24.
    Rosen, A., Ta-shma, A., Riva, B., Ben-Nun, J.: Wombat voting. http://www.wombat-voting.com/
  25. 25.
    Sandler, D., Derr, K., Wallach, D.S.: Votebox: a tamper-evident, verifiable electronic voting system. In: van Oorschot, P.C. (ed.) USENIX Security Symposium, pp. 349–364. USENIX Association, Berkeley (2008)Google Scholar
  26. 26.
    Schnorr, C.: Efficient signature generation by smart cards. J. Cryptology 4(3), 161–174 (1991)MATHMathSciNetCrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Scytl Secure Electronic VotingBarcelonaSpain

Personalised recommendations