Remotegrity: Design and Use of an End-to-End Verifiable Remote Voting System

We propose and implement a cryptographically end-to-end verifiable (E2E) remote voting system for absentee voters and report on its deployment in a binding municipal election in Takoma Park, Maryland. Remotegrity is a hybrid mail/internet extension to the Scantegrity in-person voting system, enabling secure, electronic return of vote-by-mail ballots. It provides voters with the ability to detect unauthorized modifications to their cast ballots made by either malicious client software, or a corrupt election authority--two threats not previously studied in combination. Not only can the voter detect such changes, they can prove it to a third party without giving up ballot secrecy.

[1]  Stefan Popoveniuc SpeakUp: remote unsupervised voting , 2010 .

[2]  Jörg Schwenk,et al.  Code Voting with Linkable Group Signatures , 2008, Electronic Voting.

[3]  Miroslaw Kutylowski,et al.  Scratch, Click & Vote: E2E Voting over the Internet , 2010, Towards Trustworthy Elections.

[4]  Yvo Desmedt,et al.  Exploiting the Client Vulnerabilities in Internet E-voting Systems: Hacking Helios 2.0 as an Example , 2010, EVT/WOTE.

[5]  Jean-Jacques Quisquater,et al.  Electing a University President Using Open-Audit Voting: Analysis of Real-World Use of Helios , 2009, EVT/WOTE.

[6]  Jeremy Clark,et al.  Scantegrity II Municipal Election at Takoma Park: The First E2E Binding Governmental Election with Ballot Privacy , 2010, USENIX Security Symposium.

[7]  David Chaum,et al.  A Practical Voter-Verifiable Election Scheme , 2005, ESORICS.

[8]  Jeremy Clark,et al.  Scantegrity: End-to-End Voter-Verifiable Optical- Scan Voting , 2008, IEEE Security & Privacy.

[9]  Jeremy Clark,et al.  Selections: Internet Voting with Over-the-Shoulder Coercion-Resistance , 2011, Financial Cryptography.

[10]  Ben Adida,et al.  Helios: Web-based Open-Audit Voting , 2008, USENIX Security Symposium.

[11]  Jeremy Clark,et al.  Scantegrity II: End-to-End Verifiability for Optical Scan Election Systems using Invisible Ink Confirmation Codes , 2008, EVT.

[12]  Peter Y. A. Ryan,et al.  Pretty Good Democracy , 2009, Security Protocols Workshop.

[13]  Zhe Xia,et al.  Using Prêt à Voter in Victoria State Elections , 2012, EVT/WOTE.

[14]  Eric Wustrow,et al.  Attacking the Washington, D.C. Internet Voting System , 2012, Financial Cryptography.

[15]  Jeremy Clark,et al.  On the Use of Financial Data as a Random Beacon , 2010, EVT/WOTE.

[16]  Aggelos Kiayias,et al.  Self-tallying Elections and Perfect Ballot Secrecy , 2002, Public Key Cryptography.

[17]  Rolf Oppliger,et al.  CAPTCHA-based Code Voting , 2008, Electronic Voting.

[18]  Jeremy Clark,et al.  2013 IEEE Symposium on Security and Privacy SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements , 2022 .

[19]  Rolf Haenni,et al.  A New Approach towards Coercion-Resistant Remote E-Voting in Linear Time , 2011, Financial Cryptography.

[20]  Ralf Küsters,et al.  Accountability: definition and relationship to verifiability , 2010, CCS '10.

[21]  Carlisle M. Adams,et al.  Eperio: Mitigating Technical Complexity in Cryptographic Election Verification , 2010, EVT/WOTE.

[22]  Jörg Schwenk,et al.  Secure Internet Voting with Code Sheets , 2007, VOTE-ID.

[23]  Markus Jakobsson,et al.  Coercion-resistant electronic elections , 2005, WPES '05.

[24]  Carlos Ribeiro,et al.  VeryVote: A Voter Verifiable Code Voting System , 2009, VoteID.

[25]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[26]  Sven Heiberg,et al.  On E-Vote Integrity in the Case of Malicious Voter Computers , 2010, ESORICS.

[27]  Carlos Ribeiro,et al.  CodeVoting Protection Against Automatic Vote Manipulation in an Uncontrolled Environment , 2007, VOTE-ID.