Election Verifiability in Electronic Voting Protocols

We present a formal, symbolic definition of election verifiability for electronic voting protocols in the context of the applied pi calculus. Our definition is given in terms of boolean tests which can be performed on the data produced by an election. The definition distinguishes three aspects of verifiability: individual, universal and eligibility verifiability. It also allows us to determine precisely which aspects of the system's hardware and software must be trusted for the purpose of election verifiability. In contrast with earlier work our definition is compatible with a large class of electronic voting schemes, including those based on blind signatures, homomorphic encryption and mixnets. We demonstrate the applicability of our formalism by analysing three protocols: FOO, Helios 2.0, and Civitas (the latter two have been deployed).

[1]  Ross J. Anderson,et al.  Programming Satan's Computer , 1995, Computer Science Today.

[2]  Mark Ryan,et al.  Applied pi calculus , 2011, Formal Models and Techniques for Analyzing Security Protocols.

[3]  David Pointcheval,et al.  On Some Incompatible Properties of Voting Schemes , 2010, Towards Trustworthy Elections.

[4]  Markus Jakobsson,et al.  Coercion-resistant electronic elections , 2005, WPES '05.

[5]  Ben Adida,et al.  Helios: Web-based Open-Audit Voting , 2008, USENIX Security Symposium.

[6]  Summary August 2007 Key issues and conclusions May 2007 electoral pilot schemes , .

[7]  David Chaum,et al.  A Practical Voter-Verifiable Election Scheme , 2005, ESORICS.

[8]  Michael Backes,et al.  Automated Verification of Remote Electronic Voting Protocols in the Applied Pi-Calculus , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[9]  Jan van Leeuwen,et al.  Computer Science Today , 1995, Lecture Notes in Computer Science.

[10]  Ben Adida,et al.  Advances in cryptographic voting systems , 2006 .

[11]  Tatsuaki Okamoto,et al.  Advances in Cryptology — ASIACRYPT 2000 , 2000, Lecture Notes in Computer Science.

[12]  Mark Ryan,et al.  Verifying privacy-type properties of electronic voting protocols , 2009, J. Comput. Secur..

[13]  Mark Ryan,et al.  Election verifiability in electronic voting protocols ? (Preliminary version ?? ) , 2009 .

[14]  Ramaswamy Ramanujam,et al.  Knowledge-based modelling of voting protocols , 2007, TARK '07.

[15]  Mark Ryan,et al.  Towards Automatic Analysis of Election Verifiability Properties , 2010, ARSPA-WITS.

[16]  Mohamed Mejri,et al.  Specification of Electronic Voting Protocol Properties Using ADM Logic: FOO Case Study , 2008, ICICS.

[17]  Gerhard Goos,et al.  Computer Science Today: Recent Trends and Developments , 1995 .

[18]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[19]  Markus Jakobsson,et al.  Mix and Match: Secure Function Evaluation via Ciphertexts , 2000, ASIACRYPT.

[20]  Michael R. Clarkson,et al.  Civitas: Toward a Secure Voting System , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[21]  Jean-Jacques Quisquater,et al.  Electing a University President Using Open-Audit Voting: Analysis of Real-World Use of Helios , 2009, EVT/WOTE.

[22]  Atsushi Fujioka,et al.  A Practical Secret Voting Scheme for Large Scale Elections , 1992, AUSCRYPT.

[23]  Dieter Gollmann,et al.  Computer Security - ESORICS 2005, 10th European Symposium on Research in Computer Security, Milan, Italy, September 12-14, 2005, Proceedings , 2005, ESORICS.