Verifiable Remote Postal Voting

State: Open

In Remote Electronic Voting (REV) literature, the definitions of privacy and verifiability are well established; please refer to [1] and [2].

As analyzed in [3], the current Swiss Remote Postal Voting (RPV) system does not provide any verifiability. The system mainly relies on the trusted authorities during the whole voting setup and process. Also, there are already digital systems in place that are used within the Swiss RPV context, e.g., E-Counting, or to transmit intermediate results [3]. Recent examples have shown these systems to be outdated, vulnerable, and not secure [4].  

Further, recent attacks on the Swiss RPV were documented in [5], and a different attack vector was outlined in [6]. These security issues are not surprising since REV and RPV show many open challenges [6]. 

Previous work performed at CSG also proposed a generic framework to tackle these challenges by decentralizing the processes digitally [7]. The application of cryptographic voting schemes allows the deployment of a verifiable postal voting scheme. In theory, there are cryptographic schemes (based on homomorphic encryption) proposed in [9] that can provide Ballot Tracking (just for the logistics). It is based on the Tracker system proposed in [10]. The key focus of this MAP is (i) analyzing the Swiss RPV, then (ii) proposing and (iii) developing a suitable voting protocol for the Swiss RPV. Within that context, it should be investigated how verifiability properties can be enhanced in order to enable a fully end-to-end verifiable voting scheme. The MAP’s output is a fully working Proof-of-Concept (PoC), which sees multiple components envisioned: Frontend applications allow (a) voters to register their ballot and then track it, as well as (b) frontend applications for the election authorities to administer the ballots (as well as transmit the tally). Backend components which (i) might be used for state management of the frontends and as an interface to a Distributed Ledger or Blockchain. How and in which context information should be available on a Public Bulletin Board (PBB) (check [8]) should be carefully investigated and assessed from a security perspective. Any publication of data on a PBB can bear long-term privacy issues. Commitment Consistent Encryption could be an option here [11] to be closely investigated. The prototype should be evaluated in terms of practically relevant properties (performance and scalability), security properties (Risk Assessment), and dedicated REV properties (e.g., Ballot Secrecy, End-to-End Verifiability and Accountability). The MAP will require dedicated research into cryptographic building blocks of REV and RPV, as well as RFID elements to see this prototype working.

[1] Jonker, H., Mauw,. S., Pang, J.: Privacy and Verifiability in Voting Systems“, Available at: https://orbilu.uni.lu/bitstream/10993/12976/1/csr13.pdf

[2] Bernhard, D., Warinschi, B.: „Cryptographic Voting - A Gentle Introduction“, Available at: https://eprint.iacr.org/2016/765.pdf

[3] Killer, C., Stiller, B.: „The Swiss Postal Voting Process and Its System and Security Analysis“ In: 4th International Joint Conference on Electronic Voting (E-Vote-ID 2019), Bregenz, Austria, October 1–4, 2019, Available at: ttps://www.researchgate.net/publication/335997715_The_Swiss_Postal_Voting_Process_and_Its_System_and_Security_Analysis

[4] Fichter A.: „Passwort: Wahlen“, 25.09.202, Republik, Available at: https://www.republik.ch/2020/09/25/passwort-wahlen and more at https://www.republik.ch/2020/09/25/passwort-wahlen-der-technische-hinter-grund-und-das-glossar-zur-recherche

[5] Dölf, B.: "Moutier-Abstimmung: Folgt das nächste Desaster?“, Der Bund, 27.03.2021, Available at: https://www.derbund.ch/brisantes-papier-weckt-unbehagen-677279356631

[6] Benaloh, J., et al., “Public Evidence from Secret Ballots,” Computing Research Repository Vol. 1707.0, 2017, Available at: https://arxiv.org/abs/1707.08619

[7] Killer, C., Thorbecke, L., Rodrigues, B., Scheid, E., Franco., M, Stiller, B.: Proverum: A Hybrid Public Verifiability and Decentralized Identity Management“, Computing Research Repository Vol .2008.09841, 2020, Available at: https://arxiv.org/abs/2008.09841

[8] Killer, C. Rodrigues, B., Scheid,. J. E., Franco, M., Eck, M., Zaugg, N., Scheitlin, A., Stiller, B.:“Provotum: A Blockchain-based and End-to-End Verifiable Remote Electronic Voting System, In: 45th IEEE Conference on Local Computer Networks (LCN), Virtual Conference, 2020, Available at: https://www.researchgate.net/publication/345319094_Provotum_A_Blockchain-based_and_End-to-end_Verifiable_Remote_Electronic_Voting_System

[9] Gjosteen, K., Gritti, C., Moran, N.: „Ballot Logistics: Tracking Paper-based Ballots Using Cryptography“ In: Fifth International Conference on Electronic Voting (E-Vote ID 2020), Bregenz, Austria, Available at: https://www.researchgate.net/profile/David-Duenas-Cid/publication/344471755_Fifth_International_Joint_Conference_on_Electronic_Voting_-_E-Vote-ID_2020_-_Taltech_Press_Proceedings/links/5f7ae77b458515b7cf67a30f/Fifth-International-Joint-Conference-on-Electronic-Voting-E-Vote-ID-2020-Taltech-Press-Proceedings.pdf#page=280

[10] Erik-Oliver Blass, Kaoutar Elkhiyaoui, Refik Molva, and Eurecom Sophia Antipolis. Tracker: Security and privacy for RFID-based supply chains. In In NDSS’11, 18th Annual Network and Distributed System Security Symposium, 6-9 February 2011. Citeseer, 2011.

[11] Cuvelier, É., Pereira, O., Peters, T.,: "Election Verifiability or Ballot Privacy: Do We Need to Choose?" Availble at: http://eprint.iacr.org/2013/216.pdf

Supervisors: Christian Killer

back to the main page