BeleniosVS: Secrecy and Verifiability against a Corrupted Voting Device
Véronique Cortier, Alicia Filipiak, and Joseph Lallemand. BeleniosVS: Secrecy and Verifiability against a Corrupted Voting Device. In 32nd IEEE Computer Security Foundations Symposium (CSF'19), pp. 367–381, IEEE Computer Society Press, Hoboken, June 2019.
Download
Abstract
Electronic voting systems aim at two conflicting properties, namely privacy and verifiability, while trying to minimise the trust assumptions on the various voting components. Most existing voting systems either assume trust in the voting device or in the voting server. We propose a novel remote voting scheme BeleniosVS that achieves both privacy and verifiability against a dishonest voting server as well as a dishonest voting device. In particular, a voter does not leak her vote to her voting device and she can check that her ballot on the bulletin board does correspond to her intended vote. More specifically, we assume two elections authorities: the voting server and a registrar that acts only during the setup. Then BeleniosVS guarantees both privacy and verifiability against a dishonest voting device, provided that not both election authorities are corrupted. Additionally, our scheme guarantees receipt-freeness against an external adversary. We provide a formal proof of privacy, receipt-freeness, and verifiability using the tool ProVerif, covering a hundred cases of threat scenarios. Proving verifiability required to develop a set of sufficient conditions, that can be handled by ProVerif. This contribution is of independent interest.
BibTeX
@InProceedings{beleniosVS-CSF19, author = {V\'eronique Cortier and Alicia Filipiak and Joseph Lallemand}, title = {BeleniosVS: Secrecy and Verifiability against a Corrupted Voting Device}, booktitle = {32nd IEEE Computer Security Foundations Symposium (CSF'19)}, abstract = {Electronic voting systems aim at two conflicting properties, namely privacy and verifiability, while trying to minimise the trust assumptions on the various voting components. Most existing voting systems either assume trust in the voting device or in the voting server. We propose a novel remote voting scheme BeleniosVS that achieves both privacy and verifiability against a dishonest voting server as well as a dishonest voting device. In particular, a voter does not leak her vote to her voting device and she can check that her ballot on the bulletin board does correspond to her intended vote. More specifically, we assume two elections authorities: the voting server and a registrar that acts only during the setup. Then BeleniosVS guarantees both privacy and verifiability against a dishonest voting device, provided that not both election authorities are corrupted. Additionally, our scheme guarantees receipt-freeness against an external adversary. We provide a formal proof of privacy, receipt-freeness, and verifiability using the tool ProVerif, covering a hundred cases of threat scenarios. Proving verifiability required to develop a set of sufficient conditions, that can be handled by ProVerif. This contribution is of independent interest.}, year = 2019, pages = {367--381}, month = {June}, address = {Hoboken}, publisher = {{IEEE} Computer Society Press}, year = 2019, acronym = {{CSF}'18}, nmonth = 6, ={https://members.loria.fr/VCortier/files/Papers/csf19-report.pdf}, }