Cryptographic vote-stealing attacks against a partially homomorphic e-voting architecture

Electronic voting plays an increasingly important role in the democratic process in the US and other countries. As technology continues to advance, the security and privacy requirements of contemporary voting platforms become even more strict, and several voting protocols have been proposed. At the same time, homomorphic encryption offers powerful primitives that allow provable guarantees of security. In this paper, we analyze the security of a partially homomorphic electronic voting architecture and describe a vote-stealing attack by exploiting a length-extension vulnerability in the message authentication component of the system. Our attack scales with the public key parameters of the homomorphic encryption scheme and does not require any exhaustive search for secret keys or initialization vectors.

[1]  Ben Adida,et al.  Helios: Web-based Open-Audit Voting , 2008, USENIX Security Symposium.

[2]  Hovav Shacham,et al.  Can DREs Provide Long-Lasting Security? The Case of Return-Oriented Programming and the AVC Advantage , 2009, EVT/WOTE.

[3]  Jacques Stern,et al.  Practical multi-candidate election system , 2001, PODC '01.

[4]  Ivan Damgård,et al.  The Theory and Implementation of an Electronic Voting System , 2003, Secure Electronic Voting.

[5]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[6]  Moni Naor,et al.  Receipt-Free Universally-Verifiable Voting with Everlasting Privacy , 2006, CRYPTO.

[7]  Morris J. Dworkin,et al.  SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions , 2015 .

[8]  Douglas W. Jones On Optical Mark-Sense Scanning , 2010, Towards Trustworthy Elections.

[9]  J. Alex Halderman,et al.  Security Analysis of the Estonian Internet Voting System , 2014, CCS.

[10]  Jeremy Clark,et al.  Remotegrity: Design and Use of an End-to-End Verifiable Remote Voting System , 2013, ACNS.

[11]  Oleg Mazonka,et al.  Cryptoleq: A Heterogeneous Abstract Machine for Encrypted and Unencrypted Computation , 2016, IEEE Transactions on Information Forensics and Security.

[12]  Dimitris Gritzali,et al.  Principles and requirements for a secure e-voting system , 2002, Comput. Secur..

[13]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[14]  Warren D. Smith Three Voting Protocols: ThreeBallot, VAV, and Twin , 2007, EVT.

[15]  Ronald Cramer,et al.  A Secure and Optimally Efficient Multi-Authority Election Scheme ( 1 ) , 2000 .

[16]  Jeremy Clark,et al.  Scantegrity II: End-to-End Verifiability by Voters of Optical Scan Elections Through Confirmation Codes , 2009, IEEE Transactions on Information Forensics and Security.

[17]  Nektarios Georgios Tsoutsos,et al.  Extending residue-based fault tolerance to encrypted computation , 2015, 2015 IEEE International Test Conference (ITC).

[18]  Dan S. Wallach,et al.  Analysis of an electronic voting system , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[19]  Costas Lambrinoudakis,et al.  Secure Electronic Voting: the Current Landscape , 2003 .

[20]  Kazue Sako,et al.  Efficient Receipt-Free Voting Based on Homomorphic Encryption , 2000, EUROCRYPT.

[21]  Roy G. Saltman The history and politics of voting technology : in quest of integrity and public confidence , 2006 .

[22]  Aggelos Kiayias,et al.  DEMOS-2: Scalable E2E Verifiable Elections without Random Oracles , 2015, CCS.

[23]  Ronald L. Rivest,et al.  Scratch & vote: self-contained paper-based cryptographic voting , 2006, WPES '06.

[24]  Vanessa Teague,et al.  A review of E-voting: the past, present and future , 2016, Ann. des Télécommunications.