5. Legal requirements for remote e-voting
• The secrecy of the ballot can not be compromised!
• Secrecy is retained by implementing the following:
– Allowing unlimited re-voting
– Votes cast in a controlled environment always supersede those
cast uncontrolled (paper votes may supersede electronic votes)
– An e-voting system that does not reveal or retain any
connection between voter and vote
– A good authentication mechanism
– E-voting only in the advance voting period
– Remote voting only as a supplement to paper voting
6. A quick overview of the solution
- Log on
- Submit vote
E-voting system
Receipt code
Polling card
8. Authentiwhat?
• When you turn up at the polling station, you
are required to identify yourself.
• Only since 2007 have you been required to
produce an ID-card.
• This is analogous to the process of
authentication to a computer system, for
instance using an eID.
9. Important properties of a good eID
• It must be obvious to the user that this is an
identity document.
• A voter should not be tempted to sell his voting
credentials.
– It must have other uses than just e-voting.
– These other uses must be familiar and of value to the
voter
10.
11. The Challenges of Remote e-
voting
• Auditability / transparency to the lay
person
• The buying and selling of votes
• Coercion / family voting
• Home computer security
• Anonymity of the vote
• Attacks scale
12.
13. The Challenges of Remote e-
voting
• Auditability / transparency to the
lay person
• The buying and selling of votes
• Coercion / family voting
• Home computer security
• Anonymity of the vote
14. Transparent e-voting?
• Complete openness and transparecy in
all aspects of the project
• Available source code
– Unfourtunately cryptography is really,
really hard.
• Cryptographic proofs of correctness
– Even the voter gets one
– The good thing about crypto is that it’s all
just maths
• Logging of all system events
15. Transparent e-voting?
• Obviously open source won’t make
the system understandable to
”everyone”
• …and extensive use of esoteric
cryptography makes things worse…
• ..but at least the lay person can
choose which expert to trust.
• Besides, paper voting really isn’t
that easy to understand either!
16. Communicating the crypto
protocol
• The cryptographer behind it is working on a
conceptual description which should be
understandable for anyone with high school
maths
• Amongst other things, we will try to integrate the
protocol into maths education in high school.
17. The Challenges of Remote e-
voting
• Auditability / transparency to the
lay person
• The buying and selling of votes
• Coercion / family voting
• Home computer security
• Anonymity of the vote
18. Buying and selling of votes
• In practice this doesn’t scale
• The seller can re-vote
– Receipt for all cast votes, not only the final
• Votes submitted from a polling station will
supersede any vote cast remotely
• Buyer would have to control seller’s eID
– Would require the voter to give up a lot more
than his vote
19. The Challenges of Remote e-
voting
• Auditability / transparency to the
lay person
• The buying and selling of votes
• Coercion / family voting
• Home computer security
• Anonymity of the vote
20. Coercion/family voting
• The coerced can re-vote
– Receipt for all cast votes, not only the final
• Votes submitted from a polling station will
supersede any vote cast remotely
• The system will never divulge that a previous
vote has allready been recorded
• If you accept that bastards are evenly distributed
across the political spectrum, this doesn’t scale
either.
21. The Challenges of Remote e-
voting
• Auditability / transparency to the
lay person
• The buying and selling of votes
• Coercion / family voting
• Home computer security
• Anonymity of the vote
23. Conceptual model
Distribution of secrets
Vote
Voting Internet Administrative
Voter Collection system
client Server
Return Code Air gap
Vote verification Generator
Mix and
count
M of N key shares
from parties with
competing interests
24. ”Cleansing service”
Counting e-votes
Parti A 2
Parti B 1
Decryption service
Mixing service