2015 Neuchâtel's Cast-as-Intended Verification Mechanism

Cast-as-intended verification seeks to prove to a voter that their vote was cast according to their intent. In case ballot casting is made remotely through a voting client, one of the most important dangers a designer faces are malicious voting clients e.g. infected by a malware, which may change the voter's selections. A previous approach for achieving cast-as-intended verification in this setting uses the so-called Return Codes. These allow a voter to check whether their voting options were correctly received by the ballot server, while keeping these choices private. An essential ingredient of this approach is a mechanism that allows a voter to discard a vote that does not represent their intent. This is usually solved using multiple voting, namely, if the return codes received by the voter do not match their choices, they cast a new vote. However, what happens if voters are not allowed to cast more than one ballot aka single vote casting? In this paper we propose a simple ballot casting protocol, using return codes, for allowing a voter to verify votes in a single vote casting election. We do so without significantly impacting the number of operations in the client side. This voting protocol has been implemented in a binding election in the Swiss canton of Neuchâtel in March 2015, and will be the canton's new voting platform.

[1]  Bogdan Warinschi,et al.  On Necessary and Sufficient Conditions for Private Ballot Submission , 2012, IACR Cryptol. ePrint Arch..

[2]  Jean-Jacques Quisquater,et al.  Electing a University President Using Open-Audit Voting: Analysis of Real-World Use of Helios , 2009, EVT/WOTE.

[3]  Dan S. Wallach,et al.  VoteBox: A Tamper-evident, Verifiable Electronic Voting System , 2008, USENIX Security Symposium.

[4]  Kristian Gjøsteen,et al.  The Norwegian Internet Voting Protocol , 2011, VoteID.

[5]  Urs Gasser,et al.  Three Case Studies from Switzerland : E-Voting , 2009 .

[6]  Helger Lipmaa Two Simple Code-Verification Voting Protocols , 2011, IACR Cryptol. ePrint Arch..

[7]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[8]  Kristian Gjøsteen,et al.  Analysis of an internet voting protocol , 2010, IACR Cryptol. ePrint Arch..

[9]  Dahlia Malkhi,et al.  E-Voting Without 'Cryptography' , 2002, Financial Cryptography.

[10]  C. Andrew Neff,et al.  Ballot Casting Assurance , 2006, EVT.

[11]  Tiphaine Pinault,et al.  E-voting at Expatriates' MPs Elections in France , 2012, Electronic Voting.

[12]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[13]  Jordi Puiggalí Allepuz,et al.  Internet voting system with cast as intended verification , 2011 .

[14]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[15]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[16]  Josh Benaloh,et al.  Simple Verifiable Elections , 2006, EVT.

[17]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[18]  Sandra Guasch,et al.  Cast-as-Intended Verification in Norway , 2012, Electronic Voting.

[19]  Ben Adida,et al.  Helios: Web-based Open-Audit Voting , 2008, USENIX Security Symposium.

[20]  Mihir Bellare,et al.  New Proofs for NMAC and HMAC: Security without Collision Resistance , 2006, Journal of Cryptology.