D-DEMOS: A Distributed, End-to-End Verifiable, Internet Voting System

E-voting systems have emerged as a powerful technology for improving democracy by reducing election cost, increasing voter participation, and even allowing voters to directly verify the entire election procedure. Prior internet voting systems have single points of failure, which may result in the compromise of availability, voter secrecy, or integrity of the election results. In this paper, we present the design, implementation, security analysis, and evaluation of D-DEMOS, a complete e-voting system that is distributed, privacy-preserving and end-to-end verifiable. Our system includes a fully asynchronous vote collection subsystem that provides immediate assurance to the voter her vote was recorded as cast, without requiring cryptographic operations on behalf of the voter. We also include a distributed, replicated and fault-tolerant Bulletin Board component, that stores all necessary election-related information, and allows any party to read and verify the complete election process. Finally, we also incorporate trustees, i.e., individuals who control election result production while guaranteeing privacy and end-to-end-verifiability as long as their strong majority is honest. Our system is the first e-voting system whose voting operation is human verifiable, i.e., a voter can vote over the web, even when her web client stack is potentially unsafe, without sacrificing her privacy, and still be assured her vote was recorded as cast. Additionally, a voter can outsource election auditing to third parties, still without sacrificing privacy. Finally, as the number of auditors increases, the probability of election fraud going undetected is diminished exponentially. We provide a model and security analysis of the system. We implement a prototype of the complete system, we measure its performance experimentally, and we demonstrate its ability to handle large-scale elections.

[1]  Ashish Tiwari,et al.  A Synthesized Algorithm for Interactive Consistency , 2014, NASA Formal Methods.

[2]  David Chaum,et al.  A Practical Voter-Verifiable Election Scheme , 2005, ESORICS.

[3]  Leslie Lamport,et al.  Reaching Agreement in the Presence of Faults , 1980, JACM.

[4]  André Schiper,et al.  Muteness detectors for consensus with Byzantine processes , 1998, PODC '98.

[5]  Steve A. Schneider,et al.  A Peered Bulletin Board for Robust Use in Verifiable Voting Systems , 2014, 2014 IEEE 27th Computer Security Foundations Symposium.

[6]  Ran El-Yaniv,et al.  Resilient-optimal interactive consistency in constant time , 2003, Distributed Computing.

[7]  David Chaum,et al.  Secret-ballot receipts: True voter-verifiable elections , 2004, IEEE Security & Privacy Magazine.

[8]  Thijs Krol,et al.  Interactive consistency in quasi-asynchronous systems , 1996, Proceedings of ICECCS '96: 2nd IEEE International Conference on Engineering of Complex Computer Systems (held jointly with 6th CSESAW and 4th IEEE RTAW).

[9]  Marcos K. Aguilera,et al.  Using the Heartbeat Failure Detector for Quiescent Reliable Communication and Consensus in Partitionable Networks , 1999, Theor. Comput. Sci..

[10]  Seif Haridi,et al.  Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[11]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[12]  Alan T. Sherman,et al.  Punchscan: Introduction and System Definition of a High-Integrity Election System , 2006 .

[13]  Philip M. Thambidurai,et al.  Interactive consistency with multiple failure modes , 1988, Proceedings [1988] Seventh Symposium on Reliable Distributed Systems.

[14]  Miroslaw Kutylowski,et al.  Scratch, Click & Vote: E2E Voting over the Internet , 2010, Towards Trustworthy Elections.

[15]  Miguel Correia,et al.  From Consensus to Atomic Broadcast: Time-Free Byzantine-Resistant Protocols without Signatures , 2006, Comput. J..

[16]  Michael Dahlin,et al.  Making Byzantine Fault Tolerant Systems Tolerate Byzantine Faults , 2009, NSDI.

[17]  Sangmin Lee,et al.  Upright cluster services , 2009, SOSP '09.

[18]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[19]  Jeremy Clark,et al.  Remotegrity: Design and Use of an End-to-End Verifiable Remote Voting System , 2013, ACNS.

[20]  Ben Adida,et al.  Helios: Web-based Open-Audit Voting , 2008, USENIX Security Symposium.

[21]  S. Hemminger Network Emulation with NetEm , 2022 .

[22]  Michael R. Clarkson,et al.  Civitas: Toward a Secure Voting System , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[23]  Ivan Damgård,et al.  Efficient Zero-Knowledge Proofs of Knowledge Without Intractability Assumptions , 2000, Public Key Cryptography.

[24]  J. Rushby,et al.  Formal verification of an interactive consistency algorithm for the Draper FTP architecture under a hybrid fault model , 1994, Proceedings of COMPASS'94 - 1994 IEEE 9th Annual Conference on Computer Assurance.

[25]  Philip B. Stark,et al.  STAR-Vote: A Secure, Transparent, Auditable, and Reliable Voting System , 2012, EVT/WOTE.

[26]  Gabriel Bracha,et al.  Asynchronous Byzantine Agreement Protocols , 1987, Inf. Comput..

[27]  Sam Toueg,et al.  Resilient consensus protocols , 1983, PODC '83.

[28]  Vivien Quéma,et al.  RBFT: Redundant Byzantine Fault Tolerance , 2013, 2013 IEEE 33rd International Conference on Distributed Computing Systems.

[29]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[30]  C. D. Mote,et al.  Report of the national workshop on internet voting: issues and research agenda , 2000, DG.O.

[31]  Achour Mostéfaoui,et al.  A Hierarchy of Conditions for Asynchronous Interactive Consistency , 2003, PaCT.

[32]  Liuba Shrira,et al.  HQ replication: a hybrid quorum protocol for byzantine fault tolerance , 2006, OSDI '06.

[33]  Ramakrishna Kotla,et al.  Zyzzyva , 2007, SOSP.

[34]  Achour Mostéfaoui,et al.  Computing Global Functions in Asynchronous Distributed Systems with Perfect Failure Detectors , 2000, IEEE Trans. Parallel Distributed Syst..

[35]  André Schiper,et al.  Unifying Byzantine Consensus Algorithms with Weak Interactive Consistency , 2009, OPODIS.

[36]  Kristian Gjøsteen,et al.  The Norwegian Internet Voting Protocol , 2011, VoteID.

[37]  John J. Bartholdi,et al.  Single transferable vote resists strategic voting , 2015 .

[38]  Gianluca Dini,et al.  A secure and available electronic voting service for a large-scale distributed system , 2003, Future Gener. Comput. Syst..

[39]  C. Andrew Ne,et al.  Practical high certainty intent verification for encrypted votes , 2004 .

[40]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .

[41]  Aggelos Kiayias,et al.  End-to-End Verifiable Elections in the Standard Model , 2015, EUROCRYPT.

[42]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[43]  Nancy A. Lynch,et al.  Impossibility of distributed consensus with one faulty process , 1985, JACM.

[44]  Sam Toueg,et al.  Unreliable failure detectors for reliable distributed systems , 1996, JACM.

[45]  Mihir Bellare,et al.  On Defining Proofs of Knowledge , 1992, CRYPTO.

[46]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[47]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[48]  Peter Y. A. Ryan,et al.  vVote: a Verifiable Voting System (DRAFT) , 2014, ArXiv.

[49]  Rachid Guerraoui,et al.  On the Weakest Failure Detector for Non-Blocking Atomic Commit , 2002, IFIP TCS.

[50]  Jeremy Clark,et al.  Scantegrity: End-to-End Voter-Verifiable Optical- Scan Voting , 2008, IEEE Security & Privacy.

[51]  Nancy A. Lynch,et al.  Impossibility of distributed consensus with one faulty process , 1983, PODS '83.

[52]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[53]  Michael Ben-Or,et al.  Another advantage of free choice (Extended Abstract): Completely asynchronous agreement protocols , 1983, PODC '83.

[54]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[55]  Ronald Cramer,et al.  A Secure and Optimally Efficient Multi-Authority Election Scheme ( 1 ) , 2000 .

[56]  Michael K. Reiter,et al.  Secure agreement protocols: reliable and atomic group multicast in rampart , 1994, CCS '94.