Election Eligibility with OpenID: Turning Authentication into Transferable Proof of Eligibility
Election Eligibility with OpenID: Turning Authentication into Transferable Proof of Eligibility. Véronique Cortier, Alexandre Debant, Anselme Goestchmann, and Lucca Hirschi. In 33rd USENIX Security Symposium (Usenix'24), 2024.
Download
Abstract
Eligibility checks are often abstracted away or omitted in voting protocols, leading to situations where the voting server can easily stuff the ballot box. One reason for this is the difficulty of bootstraping the authentication material for voters without relying on trusting the voting server.
In this paper, we propose a new protocol that solves this problem by building on OpenID, a widely deployed authentication protocol. Instead of using it as a standard authentication means, we turn it into a mechanism that delivers transferable proofs of eligibility. Using zk-SNARK proofs, we show that this can be done without revealing any compromising information, in particular, protecting everlasting privacy. Our approach remains efficient and can easily be integrated into existing protocols, as we have done for the Belenios voting protocol. We provide a full-fledged proof of concept along with benchmarks showing our protocol could be realistically used in large-scale elections.
BibTeX
@InProceedings{OpenIDvoting-Usenix24,
author = {V\'eronique Cortier and Alexandre Debant and Anselme Goestchmann and Lucca Hirschi},
title = {Election Eligibility with OpenID:
Turning Authentication into Transferable Proof of Eligibility},
booktitle = {33rd USENIX Security Symposium (Usenix'24)},
year = {2024},
abstract = {Eligibility checks are often abstracted away or omitted in voting protocols, leading to situations where the voting server can easily stuff the ballot box. One reason for this is the difficulty of bootstraping the authentication material for voters without relying on trusting the voting server.
\par
In this paper, we propose a new protocol that solves this problem by building on OpenID, a widely deployed authentication protocol. Instead of using it as a standard authentication means, we turn it into a mechanism that delivers transferable proofs of eligibility. Using zk-SNARK proofs, we show that this can be done without revealing any compromising information, in particular, protecting everlasting privacy. Our approach remains efficient and can easily be integrated into existing protocols, as we have done for the Belenios voting protocol. We provide a full-fledged proof of concept along with benchmarks showing our protocol could be realistically used in large-scale elections.},
}