###### tags: `Reading sessions` [toc] # 2023 <https://e-vote-id.org/e-vote-id-2023/> ## [**Faster Coercion-Resistant E-Voting by Encrypted Sorting**](https://eprint.iacr.org/2023/837.pdf) * By Diego F. Aranha, Michele Battagliola, and Lawrence Roy. * **[LH]** The paper proposes a new variant of the Juels Catalano Jakobsson (JCJ) protocol for coercion resistant voting. JCJ is not very scalable due to its quadratic complexity. The paper improves the complexity to log-linear by encorporating a comparison-based sort as part of the tallying process. The main idea is to store registration data in binary form for each voter, and create a sort using circuits over encrypted bits. * The authors note their protocol could be improved further by possibly adopting a bucket sort, but this might be prone to a bucket overflow attack. Dimension of the credentials is also a problem as these are stored as encryptions of bits rather than whole strings. # 2022 <https://e-vote-id.org/programme-2022/> ## [**VoteXX : A Solution to Improper Influence in Voter-Verifiable Elections**](https://eprint.iacr.org/2022/1212) * By David Chaum, Richard T Carback, Jeremy Clark, Chao Liu, Mahdi Nejadgholi, Bart Preneel, Alan T Sherman, Mario Yaksetig, Filip Zagórski, and Bingsheng Zhang. * **[LH]** The paper aims to solve the problem of vote coercion and vote buying for online elections. The general idea is to introduce a set of trusted parties (called *hedgehogs* in the paper) that can *nullify* a vote. It assumes an untappable channel between the voter and the hedgehogs. * The voter has two public/private key pairs (for a yes/no vote respectively). If the voter has been coerced, they share their secret key for their true vote with the hedgehogs. The hedgehogs have a list of public keys, and construct another list containing $1$ if they know the secret key for the corresponding public key (pairwise), and $0$ otherwise. * The hedgehogs must prove they know the secret key for the voter among all public keys using a disjunctive ZKP. The constructed lists for each hedgehog are summed by the Election Authority (EA), who then subtracts them from the yes/no tallies to produce the final tallies. * Nullification can be performed in three ways: *cancel*, *cancel-toggle* or *flip*. *Cancel* nullifies a vote iff at least $t \geq 1$ entries chose to nullify it. *Cancel-toggle* nullifies a vote iff odd $t$ entries chose to nullify it. *Flip* nullifies a vote $x$ by computing $(x + y) \mod k$ where $y$ hedgehogs chose to nullify the vote and $k$ is the number of candidates (this is essentially randomization of the vote). * For the multi-candidate case, the voter may register $k$ key pairs. * Performance of the protocol appears to be quite good; nullification is the most work at $\Theta(HVT)$ given $H$ hedgehogs, $V$ voters and $T$ trustees. * The limitations of the paper are a (1) lack of security analysis and (2) a lack of a method for selecting trusted hedgehogs. The paper acknowledges (1) for future work and (2) is indirectly acknowledged by a future user study. It would be interesting to see the result of the user study and whether any problems with choosing hedgehogs arise in practice. The paper does also make a large number of assumptions, and whether these assumptions hold true in practice would be nice to see. ###### tags: ``e-voting`` --- ## [The Diffusion of Electronic Voting for Participatory Budgeting Projects: Evidence from Ukraine](http://dspace.ut.ee/bitstream/handle/10062/84324/13.pdf?sequence=1&isAllowed=y) * Dmytro Khutkyy * A study on the e-voting usage statistics among Ukrainian communities for participatory budgeting. * Some statistics data presented, but not very conclusive * The percentage of e-voting usage varies from 1% to 100%. * "The one definitely confirmed pattern of participatory budgeting e-voting diffusion in Ukrainian communities is that longer duration of participatory budgeting is associated with higher e-voting rates." ###### tags: `` `` ## [Time, Privacy, Robustness, Accuracy: Trade-Offs for the Open Vote Network Protocol](https://eprint.iacr.org/2021/1065.pdf) * Fatima-Ezzahra El Orche, Gergei Bana, Remi Géraud-Stewart, David Naccache, Peter Rønne, Peter Y A Ryan, Marco Biroli, Megi Dervishi and Hugo Waltsburger * It aims to address the robustness issue of OV-net by running the protocol in parallel * As the tallying is done on a smaller size, there is possible privacy leakage, but the authors show the leakage is controllable. * Other trade-offs are: an increae in comptuation and a statistical loss of accuracy. ###### tags: `` `` ## [Review Your Choices: When Confirmation Pages Break Ballot Secrecy in Online Elections](https://dl.acm.org/doi/10.1007/978-3-031-15911-4_3) * By James Brunet, Athanasios Demetri Pananos, and Aleksander Essex. * [LH] The paper looks at ballot secrecy from the network perspective. Namely, whether one could determine the candidate in an encrypted ballot from the TLS record length of the confirmation page. * The authors considered SimplyVoting, a Montreal-based online voting vendor and created their own server to mimic SimplyVoting's confirmation page, sending thousands of requests for analysis (one ballot per HTTP request between a client and a server). * 2000 ballots were cast across four candidates (including an "Abstain" candidate). A Multinomial Naive Bayes Model is used to predict the candidate given a requests byte length. The overall result is an 83% predication accuracy over all candidates. The highest accuracy is 100% (for "Abstain"), whilst the lowest is 58%. * A relaxed definition of privacy is also considered by the authors for subsets of candidate combinations. The authors show that, up to 12 combinations, all ballots were associated with at most 11 possible ones. This means we could figure out at least one combination of candidates not chosen by a voter. * Multiple mitigations are proposed. * One is to generate the confirmation page client-side using Javascript (trivially avoiding the side-channel attack). This is done by Swiss Post. * Another is to pad the response. This could be either padding the response to be of fixed-length, or adding a randomised amount of padding. For uniformly randomised padding, the authors note that some ballots could still be clearly identifiable (e.g. ones that vote for a candidate with a long name that receive the maximum amount of padding). The authors briefly consider padding with a Gaussian distribution to try and minimise these clearly identifiable ballots, leaving the exploration for future work. ###### tags: `` `` ## [**An Analysis of the Security and Privacy Issues of the Neovote Online Voting System**](https://link.springer.com/chapter/10.1007/978-3-031-15911-4_1) * By Enka Blanchard, Antoine Gallais, Emmanuel Leblond, Djohar Sidhoum-Rahal and Juliette Walter * [LH] The paper looks at the security of the Neovote online voting system. Neovote was used for 3/5 of the primary elections in the French Presidential election in 2022. * Many aspects of the system were found to be insecure. There is no end-to-end aspect to check the integrity of ballots or the tally. The vote verification step appeared to disappear or was removed entirely. * The ballot box and receipt are not digitally signed, enabling a few attacks. One could spread a fake ballot box or create a fake receipt that has arbitrary hashes in it. If an adversary has access to all receipts, they could deanonymise a constant proportion of the ballots for each candidate. ###### tags: `` `` ---