BeleniosVS: Secrecy and Verifiability against a Corrupted Voting Device
Véronique Cortier, Alicia Filipiak, and Joseph Lallemand. BeleniosVS: Secrecy and Verifiability against a Corrupted Voting Device. In 32nd IEEE Computer Security Foundations Symposium (CSF'19), pp. 367–381, IEEE Computer Society Press, Hoboken, June 2019.
Download
Abstract
Electronic voting systems aim at two conflicting properties, namely privacy and verifiability, while trying to minimise the trust assumptions on the various voting components. Most existing voting systems either assume trust in the voting device or in the voting server. We propose a novel remote voting scheme BeleniosVS that achieves both privacy and verifiability against a dishonest voting server as well as a dishonest voting device. In particular, a voter does not leak her vote to her voting device and she can check that her ballot on the bulletin board does correspond to her intended vote. More specifically, we assume two elections authorities: the voting server and a registrar that acts only during the setup. Then BeleniosVS guarantees both privacy and verifiability against a dishonest voting device, provided that not both election authorities are corrupted. Additionally, our scheme guarantees receipt-freeness against an external adversary. We provide a formal proof of privacy, receipt-freeness, and verifiability using the tool ProVerif, covering a hundred cases of threat scenarios. Proving verifiability required to develop a set of sufficient conditions, that can be handled by ProVerif. This contribution is of independent interest.
BibTeX
@InProceedings{beleniosVS-CSF19,
author = {V\'eronique Cortier and Alicia Filipiak and Joseph
Lallemand},
title = {BeleniosVS: Secrecy and Verifiability against a
Corrupted Voting Device},
booktitle = {32nd IEEE Computer Security Foundations Symposium
(CSF'19)},
abstract = {Electronic voting systems aim at two conflicting
properties, namely privacy and verifiability, while
trying to minimise the trust assumptions on the
various voting components. Most existing voting
systems either assume trust in the voting device or
in the voting server. We propose a novel remote
voting scheme BeleniosVS that achieves both privacy
and verifiability against a dishonest voting server
as well as a dishonest voting device. In particular,
a voter does not leak her vote to her voting device
and she can check that her ballot on the bulletin
board does correspond to her intended vote. More
specifically, we assume two elections authorities:
the voting server and a registrar that acts only
during the setup. Then BeleniosVS guarantees both
privacy and verifiability against a dishonest voting
device, provided that not both election authorities
are corrupted. Additionally, our scheme guarantees
receipt-freeness against an external adversary. We
provide a formal proof of privacy, receipt-freeness,
and verifiability using the tool ProVerif, covering
a hundred cases of threat scenarios. Proving
verifiability required to develop a set of
sufficient conditions, that can be handled by
ProVerif. This contribution is of independent
interest.},
year = 2019,
pages = {367--381},
month = {June},
address = {Hoboken},
publisher = {{IEEE} Computer Society Press},
year = 2019,
acronym = {{CSF}'18},
nmonth = 6,
={https://members.loria.fr/VCortier/files/Papers/csf19-report.pdf},
}