An Overview of End-to-End Verifiable Voting Systems

Advances in E2E verifiable voting have the potential to fundamentally restore trust in elections and democratic processes in society. In this chapter, we provide a comprehensive introduction to the field. We trace the evolution of privacy and verifiability properties in the research literature and describe the operations of current state-of-the-art E2E voting systems. We also discuss outstanding challenges to the deployment of E2E voting systems, including technical, legal, and usability constraints. Our intention, in writing this chapter, has been to make the innovations in this domain accessible to a wider audience. We have therefore eschewed description of complex cryptographic mechanisms and instead attempt to communicate the fundamental intuition behind the design of E2E voting systems. We hope our work serves as a useful resource and assists in the future development of E2E voting.

[1]  Alec Yasinsac Independent Computations for Safe Remote Electronic Voting , 2013, Security Protocols Workshop.

[2]  Kevin J. Henry,et al.  The Effectiveness of Receipt-Based Attacks on ThreeBallot , 2009, IEEE Transactions on Information Forensics and Security.

[3]  Epp Maaten,et al.  Towards Remote E-Voting: Estonian case , 2004, Electronic Voting in Europe.

[4]  Jos Dumortier,et al.  Online voting: a legal perspective , 2004 .

[5]  Valtteri Niemi,et al.  How to Prevent Buying of Votes in Computer Elections , 1994, ASIACRYPT.

[6]  David Lundin,et al.  A Simple Technique for Safely Using Punchscan and Prêt à Voter in Mail-In Elections , 2007, VOTE-ID.

[7]  David A. Wagner,et al.  Prerendered User Interfaces for Higher-Assurance Electronic Voting , 2006, EVT.

[8]  Rolf Haenni,et al.  Preventing Board Flooding Attacks in Coercion-Resistant Electronic Voting Schemes , 2011, SEC.

[9]  Jeremy Clark,et al.  Selections: Internet Voting with Over-the-Shoulder Coercion-Resistance , 2011, Financial Cryptography.

[10]  Eric Wustrow,et al.  Security analysis of India's electronic voting machines , 2010, CCS '10.

[11]  Poorvi L. Vora,et al.  Remote ballot casting with Captchas , 2008 .

[12]  Jeremy Clark,et al.  Scantegrity: End-to-End Voter-Verifiable Optical- Scan Voting , 2008, IEEE Security & Privacy.

[13]  Peter Y. A. Ryan,et al.  Virtually Perfect Democracy , 2010, Security Protocols Workshop.

[14]  David Chaum,et al.  Scantegrity III: Automatic Trustworthy Receipts, Highlighting Over/Under Votes, and Full Voter Verifiability , 2011, EVT/WOTE.

[15]  John Stewart A Banana Republic? The Investigation into Electoral Fraud by the Birmingham Election Court , 2006 .

[16]  Peter Y. A. Ryan,et al.  Prêt à Voter with Confirmation Codes , 2011, EVT/WOTE.

[17]  Carlos Ribeiro,et al.  An Efficient and Highly Sound Voter Verification Technique and Its Implementation , 2011, VoteID.

[18]  James Heather,et al.  Implementing STV securely in Pret a Voter , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[19]  P. Jensen,et al.  Poverty and Vote Buying: Survey-Based Evidence from Africa , 2014 .

[20]  Kazue Sako,et al.  Receipt-Free Mix-Type Voting Scheme - A Practical Solution to the Implementation of a Voting Booth , 1995, EUROCRYPT.

[21]  Alan T. Sherman,et al.  Punchscan: Introduction and System Definition of a High-Integrity Election System , 2006 .

[22]  Mark Ryan,et al.  Trivitas: Voters Directly Verifying Votes , 2011, VoteID.

[23]  Wolter Pieters,et al.  Ethics of e-voting: an essay on requirements and values in Internet elections , 2005 .

[24]  Aggelos Kiayias,et al.  Self-tallying Elections and Perfect Ballot Secrecy , 2002, Public Key Cryptography.

[25]  Dan S. Wallach,et al.  The Case for Networked Remote Voting Precincts , 2008, EVT.

[26]  Zhe Xia,et al.  PrÊt À Voter: a Voter-Verifiable Voting System , 2009, IEEE Transactions on Information Forensics and Security.

[27]  Melanie Volkamer,et al.  Civitas and the Real World: Problems and Solutions from a Practical Point of View , 2012, 2012 Seventh International Conference on Availability, Reliability and Security.

[28]  Warren D. Smith Three Voting Protocols: ThreeBallot, VAV, and Twin , 2007, EVT.

[29]  StarkPhilip,et al.  A Gentle Introduction to Risk-Limiting Audits , 2012, S&P 2012.

[30]  Melanie Volkamer,et al.  Voter, What Message Will Motivate You to Verify Your Vote? , 2014 .

[31]  David Chaum,et al.  A Practical Voter-Verifiable Election Scheme , 2005, ESORICS.

[32]  Session,et al.  Resolution Adopted By The General Assembly , 1984, International Legal Materials.

[33]  Jérôme Dossogne,et al.  Blinded additively homomorphic encryption schemes for self-tallying voting , 2013, SIN.

[34]  Rolf Haenni,et al.  A generic approach to prevent board flooding attacks in coercion-resistant electronic voting schemes , 2013, Comput. Secur..

[35]  Peter Y. A. Ryan,et al.  Faster Print on Demand for Prêt à Voter , 2013, EVT/WOTE.

[36]  C. Andrew Ne,et al.  Practical high certainty intent verification for encrypted votes , 2004 .

[37]  Carlisle M. Adams,et al.  Eperio: Mitigating Technical Complexity in Cryptographic Election Verification , 2010, EVT/WOTE.

[38]  Zhe Xia,et al.  Experiences Gained from the first Prêt à Voter Implementation , 2009, 2009 First International Workshop on Requirements Engineering for e-Voting Systems.

[39]  Zhe Xia,et al.  Focus group views on Prêt à Voter 1.0 , 2011, 2011 International Workshop on Requirements Engineering for Electronic Voting Systems.

[40]  Aggelos Kiayias,et al.  Pressing the button for European elections: verifiable e-voting and public attitudes toward internet voting in Greece , 2014, 2014 6th International Conference on Electronic Voting: Verifying the Vote (EVOTE).

[41]  Thad Dunning,et al.  Brokers, Voters, and Clientelism: What Killed Vote Buying in Britain and the United States? , 2013 .

[42]  Philip B. Stark,et al.  STAR-Vote: A Secure, Transparent, Auditable, and Reliable Voting System , 2012, EVT/WOTE.

[43]  Jörn Müller-Quade,et al.  Enhancing Electronic Voting Machines on the Example of Bingo Voting , 2009, IEEE Transactions on Information Forensics and Security.

[44]  Josh Benaloh,et al.  Receipt-Free Secret-Ballot Elections , 1994, STOC 1994.

[45]  Brent Waters,et al.  Cryptographic Methods for Storing Ballots on a Voting Machine , 2007, NDSS.

[46]  Jörg Schwenk,et al.  The Bug That Made Me President a Browser- and Web-Security Case Study on Helios Voting , 2011, VoteID.

[47]  Panayiotis Tsanakas,et al.  Zeus: Bringing Internet Voting to Greece , 2013, e-Democracy.

[48]  Melanie Volkamer,et al.  Pretty Understandable Democracy - A Secure and Understandable Internet Voting Scheme , 2013, 2013 International Conference on Availability, Reliability and Security.

[49]  Ronald L. Rivest,et al.  A Modular Voting Architecture ("Frog Voting") , 2010, Towards Trustworthy Elections.

[50]  Moti Yung,et al.  Distributing the power of a government to enhance the privacy of voters , 1986, PODC '86.

[51]  Rasool Jalili,et al.  An efficient and provably-secure coercion-resistant e-voting protocol , 2013, 2013 Eleventh Annual Conference on Privacy, Security and Trust.

[52]  Ben Adida,et al.  Helios: Web-based Open-Audit Voting , 2008, USENIX Security Symposium.

[53]  Peter Y. A. Ryan,et al.  Pretty Good Democracy for More Expressive Voting Schemes , 2010, ESORICS.

[54]  Alan T. Sherman,et al.  TPM Meets DRE: Reducing the Trust Base for Electronic Voting Using Trusted Platform Modules , 2009, IEEE Transactions on Information Forensics and Security.

[55]  Melanie Volkamer,et al.  User study of the improved Helios voting system interfaces , 2011, 2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST).

[56]  Anne-Marie Oostveen,et al.  Internet Voting Technologies and Civic Participation: The Users’ Perspective , 2004 .

[57]  David Chaum,et al.  Elections with Unconditionally-Secret Ballots and Disruption Equivalent to Breaking RSA , 1988, EUROCRYPT.

[58]  Eric Puybaret,et al.  Universal Declaration of Human Rights , 2006 .

[59]  Stefan Popoveniuc SpeakUp: remote unsupervised voting , 2010 .

[60]  Jeremy Clark,et al.  Aperio: High Integrity Elections for Developing Countries , 2010, Towards Trustworthy Elections.

[61]  Dan S. Wallach,et al.  VoteBox Nano: A Smaller, Stronger FPGA-based Voting Machine , 2009, EVT/WOTE.

[63]  Yvo Desmedt,et al.  Exploiting the Client Vulnerabilities in Internet E-voting Systems: Hacking Helios 2.0 as an Example , 2010, EVT/WOTE.

[64]  Mark Ryan,et al.  Coercion-resistance and receipt-freeness in electronic voting , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[65]  Urs Hengartner,et al.  Hover: Trustworthy Elections with Hash-Only Verification , 2012, IEEE Security & Privacy.

[66]  Dan S. Wallach,et al.  Analysis of an electronic voting system , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[67]  Jeremy Clark,et al.  Scantegrity II Municipal Election at Takoma Park: The First E2E Binding Governmental Election with Ballot Privacy , 2010, USENIX Security Symposium.

[68]  Aggelos Kiayias,et al.  An Internet Voting System Supporting User Privacy , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[69]  Peter Y. A. Ryan,et al.  vVote: A Verifiable Voting System , 2014, TSEC.

[70]  Miroslaw Kutylowski,et al.  Short Ballot Assumption and Threeballot Voting Protocol , 2008, SOFSEM.

[71]  Yining Liu,et al.  An Improved Electronic Voting Scheme without a Trusted Random Number Generator , 2011, Inscrypt.

[72]  Josh Benaloh,et al.  Receipt-free secret-ballot elections (extended abstract) , 1994, STOC '94.

[73]  David Chaum,et al.  Attacking Paper-Based E2E Voting Systems , 2010, Towards Trustworthy Elections.

[74]  Nathanael Paul,et al.  Authentication for Remote Voting , 2003 .

[75]  J. Alex Halderman,et al.  Security Analysis of the Estonian Internet Voting System , 2014, CCS.

[76]  Peter Y. A. Ryan,et al.  Caveat Coercitor: Coercion-Evidence in Electronic Voting , 2013, 2013 IEEE Symposium on Security and Privacy.

[77]  C. Andrew Neff,et al.  Ballot Casting Assurance , 2006, EVT.

[78]  Josh Benaloh Verifiable secret-ballot elections , 1987 .

[79]  Michael R. Clarkson,et al.  Civitas: Toward a Secure Voting System , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[80]  Ronald L Rivest,et al.  On the notion of ‘software independence’ in voting systems , 2008, Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences.

[81]  Brian Randell,et al.  Voting Technologies and Trust , 2006, IEEE Security & Privacy.

[82]  Zhe Xia,et al.  Using Prêt à Voter in Victoria State Elections , 2012, EVT/WOTE.

[83]  Carlos Ribeiro,et al.  EVIV: An end-to-end verifiable Internet voting system , 2013, Comput. Secur..

[84]  David A. Wagner,et al.  Tamper-evident, history-independent, subliminal-free data structures on PROM storage -or- how to store ballots on a voting machine , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[85]  Jeremy Epstein,et al.  Electronic Voting , 2007, Computer.

[86]  R. Michael Alvarez,et al.  Electronic elections - the perils and promises of digital democracy , 2008 .

[87]  Taisya Krivoruchko Robust Coercion-Resistant Registration for Remote E-voting ( Extended Abstract ) , 2007 .

[88]  Jörn Müller-Quade,et al.  Bingo Voting: Secure and Coercion-Free Voting Using a Trusted Random Number Generator , 2007, VOTE-ID.

[89]  Andrew S. Tanenbaum,et al.  Trustworthy Voting: From Machine to System , 2009, Computer.

[90]  Feng Hao,et al.  Every Vote Counts: Ensuring Integrity in Large-Scale Electronic Voting , 2014, EVT/WOTE.

[91]  Jeremy Clark,et al.  Diffusion of Voter Responsibility: Potential Failings In E2E Voter Receipt Checking , 2014 .

[92]  Michael J. Fischer,et al.  A robust and verifiable cryptographically secure election scheme , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[93]  Kazue Sako,et al.  Efficient Receipt-Free Voting Based on Homomorphic Encryption , 2000, EUROCRYPT.

[94]  Jeroen van de Graaf,et al.  Improving Helios with Everlasting Privacy Towards the Public , 2012, EVT/WOTE.

[95]  Jeroen van de Graaf,et al.  Ieee Transactions on Information Forensics and Security: Special Issue on Electronic Voting 1 Voting with Unconditional Privacy by Merging Prêt-` A-voter and Punchscan , 2022 .

[96]  Douglas Wikstr,et al.  User Manual for the Verificatum Mix-Net Version 1.4.0 , 2015 .

[97]  Markus Jakobsson,et al.  Coercion-resistant electronic elections , 2005, WPES '05.

[98]  James Heather,et al.  The Append-Only Web Bulletin Board , 2008, Formal Aspects in Security and Trust.

[99]  C. Vega Organization for Security and Cooperation in Europe(OSCE) , 2013 .

[100]  Jens Groth,et al.  Efficient Maximal Privacy in Boardroom Voting and Anonymous Broadcast , 2004, Financial Cryptography.

[101]  Jun Pang,et al.  Privacy and verifiability in voting systems: Methods, developments and trends , 2013, Comput. Sci. Rev..

[102]  Jeremy Clark,et al.  Remotegrity: Design and Use of an End-to-End Verifiable Remote Voting System , 2013, ACNS.

[103]  Ralf Küsters,et al.  Clash Attacks on the Verifiability of E-Voting Systems , 2012, 2012 IEEE Symposium on Security and Privacy.

[104]  Melanie Volkamer,et al.  Mental Models of Verifiability in Voting , 2013, VoteID.

[105]  David A. Wagner,et al.  Cryptographic Voting Protocols: A Systems Perspective , 2005, USENIX Security Symposium.

[106]  Olivier Pereira,et al.  Running Mixnet-Based Elections with Helios , 2011, EVT/WOTE.

[107]  Lorrie Faith Cranor,et al.  Sensus: a security-conscious electronic polling system for the Internet , 1997, Proceedings of the Thirtieth Hawaii International Conference on System Sciences.

[108]  Christian Henrich Improving and Analysing Bingo Voting , 2012 .

[109]  Janna-Lynn Weber,et al.  Usability Study of the Open Audit Voting System Helios , 2009 .

[110]  David Chaum,et al.  Secret Ballot Elections with Unconditional Integrity , 2007, IACR Cryptol. ePrint Arch..

[111]  Peter Y. A. Ryan Pretty Good Democracy , 2009, Security Protocols Workshop.

[112]  Carlos Ribeiro,et al.  VeryVote: A Voter Verifiable Code Voting System , 2009, VoteID.

[113]  J. Morsink,et al.  The Universal Declaration of Human Rights: Origins, Drafting, and Intent , 1999 .

[114]  Goncalo Pereira Scroll, Match & Vote: An E2E Coercion Resistant Mobile Voting System , 2014 .

[115]  Feng Hao,et al.  Self-enforcing Electronic Voting , 2012, Security Protocols Workshop.

[116]  John Kelsey,et al.  Performance Requirements for End-to-End Verifiable Elections , 2010, EVT/WOTE.

[117]  Mridul Nandi,et al.  Stamp-It: A Method for Enhancing the Universal Verifiability of E2E Voting Systems , 2010, ICISS.

[118]  Ezequiel Gonzalez-Ocantos,et al.  Vote Buying and Social Desirability Bias: Experimental Evidence from Nicaragua , 2012 .

[119]  Ben Riva,et al.  A New Implementation of a Dual (Paper and Cryptographic) Voting System , 2012, Electronic Voting.

[120]  Jeremy Clark,et al.  Punchscan in Practice: An E2E Election Case Study , 2007 .

[121]  Josh Benaloh,et al.  Administrative and Public Verifiability: Can We Have Both? , 2008, EVT.

[122]  Dan S. Wallach,et al.  Casting Votes in the Auditorium , 2007, EVT.

[123]  Ariel J. Feldman,et al.  Security Analysis of the Diebold AccuVote-TS Voting Machine , 2007, EVT.

[124]  Ben Smyth,et al.  Attacking and Fixing Helios: An Analysis of Ballot Secrecy , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[125]  Josh Benaloh,et al.  Simple Verifiable Elections , 2006, EVT.

[126]  Dan S. Wallach,et al.  Usability of Voter Verifiable, End-to-end Voting Systems: Baseline Data for Helios, Prêt à Voter, and Scantegrity II , 2014, EVT/WOTE.

[127]  Jean-Jacques Quisquater,et al.  Electing a University President Using Open-Audit Voting: Analysis of Real-World Use of Helios , 2009, EVT/WOTE.

[128]  Kjell Jørgen Hole,et al.  Toward Risk Assessment of Large-Impact and Rare Events , 2010, IEEE Security & Privacy.

[129]  Markus Jakobsson,et al.  Making Mix Nets Robust for Electronic Voting by Randomized Partial Checking , 2002, USENIX Security Symposium.

[130]  Tatsuaki Okamoto,et al.  Receipt-Free Electronic Voting Schemes for Large Scale Elections , 1997, Security Protocols Workshop.

[131]  Peter Y. A. Ryan,et al.  Pretty Good Democracy , 2009, Security Protocols Workshop.

[132]  Ronald L. Rivest,et al.  Scratch & vote: self-contained paper-based cryptographic voting , 2006, WPES '06.

[133]  Melanie Volkamer,et al.  Analysis of Security and Cryptographic Approaches to Provide Secret and Verifiable Electronic Voting , 2014 .

[134]  Peter Y. A. Ryan,et al.  Human Readable Paper Verification of Prêt à Voter , 2008, ESORICS.

[135]  Josh Benaloh,et al.  Ballot Casting Assurance via Voter-Initiated Poll Station Auditing , 2007, EVT.

[136]  Instructor,et al.  ThreeBallot in the Field , 2006 .

[137]  Mark A. Herschberg,et al.  Secure electronic voting over the World Wide Web , 1997 .

[138]  Bogdan Warinschi,et al.  How Not to Prove Yourself: Pitfalls of the Fiat-Shamir Heuristic and Applications to Helios , 2012, ASIACRYPT.

[139]  Zhe Xia,et al.  Versatile Prêt à Voter: Handling Multiple Election Methods with a Unified Interface , 2010, INDOCRYPT.

[140]  Rolf Haenni,et al.  A New Approach towards Coercion-Resistant Remote E-Voting in Linear Time , 2011, Financial Cryptography.

[141]  Dan S. Wallach,et al.  VoteBox: A Tamper-evident, Verifiable Electronic Voting System , 2008, USENIX Security Symposium.

[142]  Jacques Traoré,et al.  A Practical and Secure Coercion-Resistant Scheme for Internet Voting , 2010, Towards Trustworthy Elections.

[143]  Torben P. Pedersen A Threshold Cryptosystem without a Trusted Party (Extended Abstract) , 1991, EUROCRYPT.

[144]  Ben Smyth,et al.  Adapting Helios for Provable Ballot Privacy , 2011, ESORICS.

[145]  Matt Smart,et al.  True Trustworthy Elections: Remote Electronic Voting Using Trusted Computing , 2011, ATC.

[146]  Steve A. Schneider,et al.  A Peered Bulletin Board for Robust Use in Verifiable Voting Systems , 2014, 2014 IEEE 27th Computer Security Foundations Symposium.

[147]  Douglas W. Jones,et al.  Secure Data Export and Auditing Using Data Diodes , 2006, EVT.

[148]  David Chaum,et al.  Secret-ballot receipts: True voter-verifiable elections , 2004, IEEE Security & Privacy Magazine.

[149]  Feng Hao,et al.  Verifiable Classroom Voting: Where Cryptography Meets Pedagogy , 2013, Security Protocols Workshop.

[150]  Jeremy Clark,et al.  Scantegrity Mock Election at Takoma Park , 2010, Electronic Voting.

[151]  Tatsuaki Okamoto,et al.  An electronic voting scheme , 1996, IFIP World Conference on IT Tools.

[152]  Miroslaw Kutylowski,et al.  Scratch, Click & Vote: E2E Voting over the Internet , 2010, Towards Trustworthy Elections.

[153]  Feng Hao,et al.  Anonymous voting by two-round public discussion , 2010, IET Inf. Secur..

[154]  S. Laskowski,et al.  Improving the Usability and Accessibility of Voting Systems and Products | NIST , 2004 .

[155]  Melanie Volkamer,et al.  Towards A Practical JCJ / Civitas Implementation , 2013, GI-Jahrestagung.

[156]  Philip B. Stark,et al.  A Gentle Introduction to Risk-Limiting Audits , 2012, IEEE Security & Privacy.

[157]  Melanie Volkamer,et al.  Usability Analysis of Helios - An Open Source Verifiable Remote Electronic Voting System , 2011, EVT/WOTE.

[158]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[159]  Moni Naor,et al.  Visual Cryptography , 1994, Encyclopedia of Multimedia.