Advertisement

Estonian Voting Verification Mechanism Revisited Again

  • Ivo Kubjas
  • Tiit Pikma
  • Jan WillemsonEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10615)

Abstract

Recently, Muş, Kiraz, Cenk and Sertkaya proposed an improvement over the present Estonian Internet voting vote verification scheme [6]. This paper points to the weaknesses and questionable design choices of the new scheme. We show that the scheme does not fix the vote privacy issue it claims to. It also introduces a way for a malicious voting application to manipulate the vote without being detected by the verification mechanism, hence breaking the cast-as-intended property. As a solution, we propose modifying the protocol of Muş et al. slightly and argue for improvement of the security guarantees. However, there is inherent drop in usability in the protocol as proposed by Muş et al., and this issue will also remain in our improved protocol.

Notes

Acknowledgements

The research leading to these results has received funding from the European Regional Development Fund through Estonian Centre of Excellence in ICT Research (EXCITE) and the Estonian Research Council under Institutional Research Grant IUT27-1. The authors are also grateful to Arnis Paršovs for pointing out a flaw in an earlier version of the improved protocol.

References

  1. 1.
    Heiberg, S., Laud, P., Willemson, J.: The application of I-voting for estonian parliamentary elections of 2011. In: Kiayias, A., Lipmaa, H. (eds.) Vote-ID 2011. LNCS, vol. 7187, pp. 208–223. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-32747-6_13 CrossRefGoogle Scholar
  2. 2.
    Heiberg, S., Martens, T., Vinkel, P., Willemson, J.: Improving the verifiability of the Estonian internet voting scheme. In: Krimmer, R., Volkamer, M., Barrat, J., Benaloh, J., Goodman, N., Ryan, P.Y.A., Teague, V. (eds.) E-Vote-ID 2016. LNCS, vol. 10141, pp. 92–107. Springer, Cham (2017). doi: 10.1007/978-3-319-52240-1_6 CrossRefGoogle Scholar
  3. 3.
    Heiberg, S., Parsovs, A., Willemson, J.: Log analysis of Estonian internet voting 2013–2014. In: Haenni, R., Koenig, R.E., Wikström, D. (eds.) VOTELID 2015. LNCS, vol. 9269, pp. 19–34. Springer, Cham (2015). doi: 10.1007/978-3-319-22270-7_2 CrossRefGoogle Scholar
  4. 4.
    Heiberg, S., Parsovs, A., Willemson, J.: Log analysis of estonian internet voting 2013–2015. Cryptology ePrint Archive, Report 2015/1211 (2015). http://eprint.iacr.org/2015/1211
  5. 5.
    Heiberg, S., Willemson, J.: Verifiable internet voting in Estonia. In: 2014 6th International Conference on Electronic Voting: Verifying the Vote (EVOTE), pp. 1–8. IEEE (2014)Google Scholar
  6. 6.
    Muş, K., Kiraz, M.S., Cenk, M., Sertkaya, I.: Estonian voting verification mechanism revisited. Cryptology ePrint Archive, Report 2016/1125 (2016). http://eprint.iacr.org/2016/1125
  7. 7.
    Vinkel, P., Krimmer, R.: The how and why to internet voting an attempt to explain E-Stonia. In: Krimmer, R., Volkamer, M., Barrat, J., Benaloh, J., Goodman, N., Ryan, P.Y.A., Teague, V. (eds.) E-Vote-ID 2016. LNCS, vol. 10141, pp. 178–191. Springer, Cham (2017). doi: 10.1007/978-3-319-52240-1_11 CrossRefGoogle Scholar
  8. 8.
    Wagenaar, W.A.: Generation of random sequences by human subjects: a critical survey of literature. Psychol. Bullet. 77(1), 65 (1972)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Smartmatic-Cybernetica Centre of Excellence for Internet VotingTartuEstonia
  2. 2.Cybernetica ASTartuEstonia
  3. 3.Software Technology and Applications Competence CenterTartuEstonia

Personalised recommendations