Reto E. Koenig

A new approach towards coercion-resistant remote e-voting in linear time

Remote electronic voting has attracted increasing attention in cryptographic research. A promising protocol presented by Juels et al. is currently widely discussed. Although it offers a remarkably high degree of coercion-resistance under reasonable assumptions, it can not be employed in practice due to its poor efficiency. The improvements that have been proposed either require stronger trust assumptions or turned out to be insecure. In this paper, we present an enhancement of the protocol, which runs in linear time without changing the underlying trust assumptions.

Strengths and weaknesses of software architectures for the rapid creation of tangible and multimodal interfaces

This paper reviews the challenges associated with the development of tangible and multimodal interfaces and exposes our experiences with the development of three different software architectures to rapidly prototype such interfaces. The article first reviews the state of the art, and further compares existing systems with our approaches. Finally, the article stresses the major issues associated with the development of toolkits allowing the creation of multimodal and tangible interfaces, and presents our future objectives.

Transparency and technical measures to establish trust in norwegian internet voting

The short history of e-voting has shown that projects are doomed to fail in the absence of trust among the electorate. The first binding Norwegian Internet elections are scheduled for fall 2011. Notably, transparency is taken as a guideline in the project. This article discusses transparency and other measures the Norwegians apply that are suited to establish profound trust, i.e. trust that grounds on the systems technical features, rather than mere assertions. We show whether at all, how and to which degree these measures are implemented and point out room for enhancements. We also address general challenges of projects which try to reach a high level of transparency for others as lessons learned.

Efficient vote authorization in coercion-resistant internet voting

Some years ago, Juels et al. introduced the first coercion-resistant Internet voting protocol. Its basic concept is still the most viable approach to address voter coercion and vote selling in Internet voting. However, one of the main open issues is its unrealistic computational requirements of the quadratic-time tallying procedure. In this paper, we examine the cause of this issue, namely the authorization of votes, and summarize the most recent proposals to perform this step in linear time. We explain the key underlying concepts of these proposals and introduce a new protocol based on anonymity sets. The size of these anonymity sets serves as an adjustable security parameter, which determines the degree of coercion-resistance. The main advantage of the new protocol is to move computational complexity introduced in recent works from the voter side to the tallying authority side.

A generic approach to prevent board flooding attacks in coercion-resistant electronic voting schemes

This paper presents a generic approach to prevent board flooding attacks in remote electronic voting schemes providing coercion-resistance. A key property of these schemes is the possibility of casting invalid votes to the public bulletin board, which are indistinguishable from proper votes. Exactly this possibility is crucial for making these schemes coercion-resistant, but it also opens doors for flooding the bulletin board with an enormous amount of invalid votes, eventually spoiling the efficiency of the tallying process. To prevent such attacks, we present a generic enhancement for these schemes, in which we restrict the total amount of votes accepted by the public bulletin board. For this, voters receive a certain amount of posting tickets, each of which allowing its owner to post a single vote to the bulletin board. The list of all posting tickets is published along with the electoral register. Votes with no valid posting ticket are immediately rejected by the bulletin board. The maximum amount of postings accepted by the bulletin board is thus bounded by the total number of issued posting tickets. This prevents a massive board flooding attack with a very large number of invalid votes and thus guarantees the efficiency of the tallying phase. Except with respect to forced vote abstention, our enhancement preserves all properties of the existing scheme in use. Although coercion by forced vote abstention cannot be ruled out entirely, such attacks are at least not scalable to a considerable portion of the electorate.

Attacking the verification code mechanism in the norwegian internet voting system

The security of the Norwegian Internet voting system depends strongly on the implemented verification code mechanism, which allows voters to verify if their vote has been cast and recorded as intended. For this to work properly, a secure and independent auxiliary channel for transmitting the verification codes to the voters is required. The Norwegian system assumes that SMS satisfies the necessary requirements for such a channel. This paper demonstrates that this is no longer the case today. If voters use smartphones or tablet computers for receiving SMS messages, a number of new attack scenarios appear. We show how an adversary may exploit these scenarios in systems providing vote updating and point out the consequences for the vote integrity in the Norwegian system. We also give a list of possible counter-measures and system enhancements to prevent and detect such attacks.

Coercion-Resistant Internet Voting with Everlasting Privacy

The cryptographic voting protocol presented in this paper offers public verifiability, everlasting privacy, and coercion-resistance simultaneously. Voters are authenticated anonymously based on perfectly hiding commitments and zero-knowledge proofs. Their vote and participation secrecy is therefore protected independently of computational intractability assumptions or trusted authorities. Coercion-resistance is achieved based on a new mechanism for deniable vote updating. To evade coercion by submitting a final secret vote update, the voter needs not to remember the history of all precedent votes. The protocol uses two types of mix networks to guarantee that vote updating cannot be detected by the coercer. The input sizes and running times of the mix networks are quadratic with respect to the number of submitted ballots.

Cast-as-Intended Verification in Electronic Elections Based on Oblivious Transfer

In this paper, we propose a new method for cast-as-intended verification in remote electronic voting. We consider a setting, in which voters receive personalized verification code sheets from the authorities over a secure channel. If the codes displayed after submitting a ballot correspond to the codes printed on the code sheet, a correct ballot must have been submitted with high probability. Our approach for generating such codes and transferring them to the voter is based on an existing oblivious transfer protocol. Compared to existing cast-as-intended verification methods, less cryptographic keys are involved and weaker trust and infrastructure assumptions are required. This reduces the complexity of the process and improves the performance of certain tasks. By looking at cast-as-intended verification from the perspective of an oblivious transfer, our approach also contributes to a better understanding of the problem and relates it to a well-studied cryptographic area of research.

Pseudo-Code Algorithms for Verifiable Re-encryption Mix-Nets

Implementing the shuffle proof of a verifiable mix-net is one of the most challenging tasks in the implementation of an electronic voting system. For non-specialists, even if they are experienced software developers, this task is nearly impossible to fulfill without spending an enormous amount of resources into studying the necessary cryptographic theory. In this paper, we present one of the existing shuffle proofs in a condensed form and explain all the necessary technical details in corresponding pseudo-code algorithms. The goal of presenting the shuffle proof in this form is to make it accessible to a broader audience and to facilitate its implementation by non-specialists.

E-Voting and Identity

Cast-as-intended verification seeks to prove to a voter that their vote was cast according to their intent. In case ballot casting is made remotely through a voting client, one of the most important dangers a designer faces are malicious voting clients (e.g. infected by a malware), which may change the voter’s selections. A previous approach for achieving cast-as-intended verification in this setting uses the so-called Return Codes. These allow a voter to check whether their voting options were correctly received by the ballot server, while keeping these choices private. An essential ingredient of this approach is a mechanism that allows a voter to discard a vote that does not represent their intent. This is usually solved using multiple voting, namely, if the return codes received by the voter do not match their choices, they cast a new vote. However, what happens if voters are not allowed to cast more than one ballot (aka single vote casting)? In this paper we propose a simple ballot casting protocol, using return codes, for allowing a voter to verify votes in a single vote casting election. We do so without significantly impacting the number of operations in the client side. This voting protocol has been implemented in a binding election in the Swiss canton of Neuchâtel in March 2015, and will be the canton’s new voting platform.