Breaking verifiability and vote privacy in CHVote
Breaking verifiability and vote privacy in CHVote. Véronique Cortier, Alexandre Debant, and Pierrick Gaudry. In Esorics 2025 - 30th European Symposium on Research in Computer Security, Toulouse, France, 2025.
Download
Abstract
CHVote is one of the two main electronic voting systems developed in the context of political elections in Switzerland, where the regulation requires a specific setting and specific trust assumptions. We show that actually, CHVote fails to achieve vote secrecy and individual verifiability (here, recorded-as-intended), as soon as one of the online components is dishonest, contradicting the security claims of CHVote. In total, we found 9 attacks or variants against CHVote, 2 of them being based on a bug in the reference implementation. We confirmed our findings through a proof-of-concept implementation of our attacks.
BibTeX
@inproceedings{breakingCHVote-Esorics25,
author = {V\'eronique Cortier and Alexandre Debant and Pierrick Gaudry},
title = {Breaking verifiability and vote privacy in {CHVote}},
booktitle = {Esorics 2025 - 30th European Symposium on Research in Computer Security},
year = {2025},
abstract = {CHVote is one of the two main electronic voting systems developed in
the context of political elections in Switzerland, where the regulation
requires a specific setting and specific trust
assumptions.
We show that actually, CHVote fails to achieve vote secrecy and
individual verifiability (here, recorded-as-intended), as soon as one of
the online components is dishonest, contradicting the security claims
of CHVote. In total, we found 9 attacks or variants against CHVote,
2 of them being based on a bug in the reference implementation.
We confirmed our findings through a proof-of-concept implementation of
our attacks.},
address = {Toulouse, France},
}