The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
We present a new, comprehensive framework to qualitatively improve election outcome trustworthiness, where voting is modeled as an information transfer process. Although voting is deterministic (all ballots are counted), information is treated stochastically using Information Theory. Error considerations, including faults, attacks, and threats by adversaries, are explicitly included. The influence...
We introduce a model for electronic election schemes that involves a more powerful adversary than previous work. In particular, we allow the adversary to demand of coerced voters that they vote in a particular manner, abstain from voting, or even disclose their secret keys. We define a scheme to be coercion-resistant if it is infeasible for the adversary to determine whether a coerced voter complies...
We present a K-out-of-L voting scheme, i.e., a voting scheme that allows every voter to vote for (up to) K candidates from a set of L candidates. The scheme is receipt-free, which means that even a malicious voter cannot prove to anybody how he voted. Furthermore, the scheme can be based on any semantically secure homomorphic encryption scheme, in particular also on the modified ElGamal encryption...
Electronic voting has the potential to be the most reliable, secure and trustworthy form of voting implemented. Digital technology, complete with error correction, robust storage and cryptographic security offers the possibility to record, transmit, store and tabulate votes far more reliably than paper. While current implementations of electronic voting have been susceptible to various failures, electronic...
This paper presents a new framework–a reference architecture–for voting that we feel has many attractive features. It is not a machine design, but rather a framework that will stimulate innovation and design. It is potentially the standard architecture for all future voting equipment. The ideas expressed here are subject to improvement and further research. An early version of this paper appeared...
In this chapter, we will show how to achieve unconditional or information-theoretic security in electronic voting with the following property: 1 Even all voters and tallying authorities have unbounded computing power, the distorted integrity of the voting results can be detected and proved incorrect by every honest voter, 1 If at least one tallying authority is honest, then the privacy of the...
This article aims to share some major lessons learned from the pioneering experience in Brazil with the world’s first full national implementation of universal electronic voting. Differing notions of security, and their “collateral entanglements”, appear to play a key role and are contrasted in Brazil’s pioneering electronic voting saga. After an introduction, we puzzle through what election security...
We discuss an implementation of a network voting scheme based on mix-net technology. We employed the scheme presented at Financial Cryptography 2002, but replaced the numeric computations with those on a elliptic curve. As a result, we obtained three times speed up and data length shortening to one third. The system has been employed in a private organization with roughly 20,000 voters since 2004.
Looking at current cryptographic-based e-voting protocols, one can distinguish three basic design paradigms (or approaches): (a) Mix-Networks based, (b) Homomorphic Encryption based, and (c) Blind Signatures based. Each of the three possesses different advantages and disadvantages w.r.t. the basic properties of (i) efficient tallying, (ii) universal verifiability, and (iii) allowing write-in ballot...
Optical mark-sense scanning has lead to a resurgence in the use of paper ballots in the United States, despite a century of strong competition from paperless direct-recording voting systems. By the time mark-sense technology emerged, procedural measures had been developed to counter most of the vulnerabilities of paper ballots. Automatic counting of paper ballots poses technical and legal problems,...
In this paper, we study the problem of simultaneously achieving several security properties, for voting schemes, without non-standard assumptions. More specifically, we focus on the universal verifiability of the computation of the tally, on the unconditional privacy/anonymity of the votes, and on the receipt-freeness properties, for the most classical election processes. Under usual assumptions and...
It is widely recognised that the security of even the best-designed technical systems can be undermined by socio-technical weaknesses that stem from implementation flaws, environmental factors that violate (often implicit) assumptions and human fallibility. This is especially true of cryptographic voting systems, which typically have a large user base and are used infrequently. In the spirit...
According to international law, anonymity of the voter is a fundamental precondition for democratic elections. In electronic voting, several aspects of voter anonymity have been identified. In this paper, we re-examine anonymity with respect to voting, and generalise existing notions of anonymity in e-voting. First, we identify and categorise the types of attack that can be a threat to anonymity of...
All voting protocols proposed so far, with the exception of a few, have the property that the privacy of the ballot is only computational. In this paper we outline a new and conceptually simple approach allowing us to construct a protocol in which the privacy of the ballot is unconditional. Our basic idea is to modify the protocol of Fujioka, Okamoto and Ohta[1], which uses blind signatures so that...
PunchScan is a precinct-read optical-scan balloting system that allows voters to take their ballot with them after scanning. This does not violate the secret ballot principle because the ballots cannot be read without secret information held by the distributed authority in charge of the election. In fact, this election authority will publish the ballots for everyone to see, allowing voters whose ballots...
An electronic voting system may be said to be composed of a number of components, each of which has a number of properties. One of the most attractive effects of this way of thinking is that each component may have an attached in-depth threat analysis and verification strategy. Furthermore, the need to include the full system when making changes to a component is minimised and a model at this level...
Farnel is a voting system proposed in 2001 in which each voter signs a ballot. It uses two ballot boxes to avoid the association between a voter and a vote. In this paper we first point out a flaw in the ThreeBallot system proposed by Rivest that seems to have gone unnoticed so far: it reveals statistical information about who is winning the election. Then, trying to resolve this and other flaws,...
While electronic elections promise the possibility of convenient, efficient and secure facilities for recording and tallying votes, recent studies have highlighted inadequacies in implemented systems. These inadequacies provide additional motivation for applying formal methods to the validation of electronic voting protocols. In this paper we report on some of our recent efforts in using the...
One of the major problems that prevents the spread of elections with the possibility of remote voting over electronic networks, also called Internet Voting, is the use of unreliable client platforms, such as the voter’s computer and the Internet infrastructure connecting it to the election server. A computer connected to the Internet is exposed to viruses, worms, Trojans, spyware, malware and other...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.