Suchergebnisse

Internet voting has long been a topic both of public discussion and also of scientific research. While the introduction of Internet voting may bring many advantages, it is further important to ensure an adequate level of security of the systems and underlying schemes that are used for casting and tallying the votes in order to encourage faith and acceptance for this relatively new way of voting. A number of cryptographic schemes have been proposed, that enable secure Internet voting. One of the most established and well-researched solutions is the Helios scheme, which is also implemented as an open-source system. Both its implementation and the scheme behind it has been extensively studied in the literature, and the Helios system has been used for numerous elections in practice, such as the IACR elections. However, there are election settings for which Helios is currently not appropriate, either due to infrastructure demands, required functionality for the voters or assurance of the security requirements. These kinds of election settings could benefit from the advantages that secure Internet voting provides. In this thesis we identify the election settings not currently supported by Helios, propose our extensions for each one of these settings and evaluate their security. Hence, this work describes four Internet voting schemes that are build upon Helios, with each scheme developed towards a specific setting. The first scheme presented here enables elections within the so-called boardroom voting setting. This setting is characterized by its decentralization, whereby all the tasks within the election are distributively performed by the voters themselves, without the support of a centralized infrastructure. The election in the boardroom voting setting are further conducted in an ad-hoc manner, so that limited time is available for preparation beforehand. We propose an extension of Helios that distributes the tasks of the voting system components in Helios among the voters. For this, we use cryptographic primitives such as decentralized key exchange with short authentication strings, distributed secret sharing and distributed decryption and Byzantine agreement. The second scheme extends Helios with proxy voting functionality. Proxy voting, as a newly emerged form of voting, enables the voter to delegate her voting right in the election to a trusted third-party, the so-called proxy, who is authorized to vote on the voter's behalf. This extension facilitates such delegation while assuring the security for delegating voters and for the proxies and preserves the security guarantees provided by Helios for the voters who vote directly (instead of delegating). For ensuring the security of our extension, we introduce the so-called delegation credentials that are assigned to the voters and are used to compute anonymized delegation tokens sent to the proxies to enable delegation. We further use cryptographic primitives such as proofs of knowledge and signatures of knowledge. The third scheme combines the first two settings to extend Helios towards the proxy boardroom voting setting, namely, a setting in which the elections are performed in a decentralized way as in boardroom voting, yet the voters who cannot participate in the election themselves are allowed to delegate their voting right to a trusted proxy before the election. The security of our extension is assured with threshold secret sharing and Pedersen commitments. The fourth scheme extends Helios by improving its security. As such, it introduces participation privacy, meaning that the voting system does not reveal which voters have participated in the election, while supporting verification that only the eligible voters have cast their ballots in the election. The extension furthermore introduces receipt-freeness, ensuring that the voter cannot create a receipt that proves to a third party how she voted, thus preventing vote selling. To ensure the security of the extension, a new kind of entity is introduced, the posting trustee, and a new kind of ballot, the so-called dummy ballot that is indistinguishable from a normal ballot cast by the voter, but does not modify the election result. We furthermore use disjunctive zero-knowledge proofs and proofs of signature knowledge to prove, that a sender of a particular ballot knows the private signature key of an eligible voter, or that the ballot is a dummy ballot. For each one of the extensions, the security model is provided, which describes the security requirements and the assumptions that are necessary for ensuring the security requirements (i.e. vote privacy or vote integrity), is provided. For the first three extensions, the security model is used as a base for the informal security evaluation, in which an informal argument is used to show, that the security requirements hold under the described assumptions. Conducting a formal security evaluation for these extensions is considered an important part of the future work, in which new formal definitions have to be developed. For the fourth extension, we provide a formal security analysis that relies on the formal definitions for the security requirements of vote privacy, vote integrity and eligibility, available in the literature. We furthermore introduce new formal definitions for participation privacy, receipt-freeness and fairness, which we also use for the formal proofs of our extension.

Proxy voting is a form of voting meant to support the voters who want to delegate their voting right to a trusted entity, the so-called proxy. Depending on the form of proxy voting, the proxy is either authorized to cast a ballot for the voting option that the voter chooses, or to vote according to her own wishes, if the voter is not sure how to vote and wants to delegate the decision making in the election. While the first form of proxy voting has been applied to traditional elections in order to support the voters who are unable to physically get to a polling station, the second form has been a topic of research in Internet voting. Recently, an Internet voting scheme has been proposed, that extends the well-known Helios scheme towards the functionality of proxy voting. This scheme, however, also has the drawbacks of Helios regarding participation privacy and receipt-freeness. As such, the information whether any voter participated in the election either by casting a direct vote or delegating their vote can be deduced from the published information. The scheme furthermore allows both the voters and the proxies to create receipts that prove casting a ballot for a specific candidate, as well as allows the voters to create receipts that prove delegating to a specific proxy. In this work we use the idea of dummy ballots, proposed in another extension of Helios to extend the proxy voting scheme towards participation privacy and receipt-freeness.

Proxy voting is a form of voting, where the voters can either vote on an issue directly, or delegate their voting right to a proxy. This proxy might for instance be a trusted expert on the particular issue. In this work, we extend the widely studied end-to-end verifiable Helios Internet voting system towards the proxy voting approach. Therefore, we introduce a new type of credentials, so-called delegation credentials. The main purpose of these credentials is to ensure that the proxy has been authorised by an eligible voter to cast a delegated vote. If voters, after delegating, change their mind and want to vote directly, cancelling a delegation is possible throughout the entire voting phase. We show that the proposed extension preserves the security requirements of the original Helios system for the votes that are cast directly, as well as security requirements tailored toward proxy voting.

Intro -- Preface -- Organization -- Contents -- Provably Improving Election Verifiability in Belenios -- 1 Introduction -- 2 Preliminaries -- 2.1 Introduction to Belenios -- 2.2 Election Verifiability and Attacks on Belenios -- 3 Towards Improved Election Verifiability -- 3.1 Protection Against Ballot Reordering -- 3.2 Protection Against a Corrupted Registrar -- 3.3 Putting the Labels Together -- 4 Specification and Verification -- 4.1 Specifying Protocols in Tamarin -- 4.2 Specification and Verification of Belenios+ -- 5 Conclusion and Future Work -- References -- Improving the Accuracy of Ballot Scanners Using Supervised Learning -- 1 Introduction -- 2 Related Work -- 3 Methods -- 3.1 Data -- 3.2 Baseline Model -- 3.3 CNN Model -- 3.4 Differences for Pueblo Dataset -- 4 Evaluation and Results -- 4.1 Baseline Model Performance -- 4.2 CNN Model Performance -- 4.3 Computational Costs -- 4.4 Hybrid Models -- 4.5 Optimized Baseline Model -- 4.6 Pueblo Test Results -- 5 Discussion -- 5.1 Future Work -- 6 Conclusion -- References -- STROBE-Voting: Send Two, Receive One Ballot Encoding -- 1 Introduction -- 2 Sample Methodology -- 3 Undervotes -- 4 A Detailed Example -- 5 Single-Ballot Variations -- 6 Usability -- 7 Hybrid Voting Systems -- 8 Attacks -- 9 Conclusions -- References -- Assertion-Based Approaches to Auditing Complex Elections, with Application to Party-List Proportional Elections -- 1 Introduction -- 1.1 Assertion-Based Auditing: Properties and Challenges -- 1.2 Assorters -- 1.3 Risk-Limiting Audits Using SHANGRLA: Pulling It All Together -- 1.4 Party-List Proportional Representation Contests -- 1.5 Related Work and Our Contribution -- 2 Preliminaries -- 2.1 Nomenclature and Notation for Assertion-Based Election Audits -- 2.2 Assertion-Based Auditing: Definitions -- 2.3 Example Assertions and Assorters.

Intro -- Preface -- Organization -- Contents -- Shifting the Balance-of-Power in STV Elections -- 1 Introduction -- 2 Preliminaries -- 3 Finding n-Seat Senate Manipulations -- 3.1 Finding Manipulations with Local Search -- 3.2 Choosing a Best Combination of Manipulations -- 4 Case Studies -- 5 Conclusion -- References -- Random Errors Are Not Necessarily Politically Neutral -- 1 Introduction -- 2 Background on STV Counting -- 2.1 The Single Transferable Vote (STV) Counting Algorithm -- 2.2 Australian Vote Digitisation in Practice -- 3 Experimental Design -- 3.1 Analysis Code -- 3.2 Error Models -- 4 What Is a Realistic Error Rate? -- 4.1 Using Data from the Australian Electoral Commission -- 4.2 Informal Experiment -- 4.3 What Is the State of the Art in Digit Recognition Error Rate? -- 4.4 Analysing the Election Data (NOT Simulations) to Infer the Error rate -- 5 Results -- 5.1 Results from Truncation and Digit Error Models -- 5.2 Pairwise Digit Error Model -- 5.3 Sharp Transitions -- 5.4 Why Random Errors Affect Different Candidates Differently (Tasmania 2016) -- 5.5 Varying the Formality Requirements -- 5.6 Truncation of Preferences -- 6 Concluding Remarks -- References -- Tripped at the Finishing Line: The Åland Islands Internet Voting Project -- 1 Introduction: Three Contextual Questions -- 1.1 What Are the Åland Islands and How Does Their Electoral System Operate? -- 1.2 Why Were the Åland Islands Attempting to Use Internet Voting? -- 1.3 Why Are We Writing This Paper? -- 2 Stakeholders and Models of Failure -- 3 Methodology -- 4 Data Analysis -- 5 Discussion and Conclusions -- References -- Revisiting Practical and Usable Coercion-Resistant Remote E-Voting -- 1 Introduction -- 2 Analysis of NV12: Attacks and Problems -- 2.1 The Scheme: -- 2.2 Attacks -- 2.3 Security Problems -- 3 Protocol Description -- 3.1 Paillier Instantiation.

This volume contains the papers presented at E-Vote-ID 2021, the Sixth International Joint Conference on Electronic Voting, held during October 5–8, 2021. Due to the extraordinary situation brought about by the COVID-19, the conference was held online for the second consecutive edition, instead of in the traditional venue in Bregenz, Austria. The E-Vote-ID conference is the result of the merger of the EVOTE and Vote-ID conferences, with first EVOTE conference taking place 17 years ago in Austria. Since that conference in 2004, over 1000 experts have attended the venue, including scholars, practitioners, authorities, electoral managers, vendors, and PhD students. The conference focuses on the most relevant debates on the development of electronic voting, from aspects relating to security and usability through to practical experiences and applications of voting systems, also including legal, social, or political aspects, amongst others, and has turned out to be an important global referent in relation to this ...

This open access book constitutes the proceedings of the 8th International Joint Conference on Electronic Voting held in Luxemburg in October 2023. The conference collected the most relevant debates on the development of Electronic Voting, from aspects relating to security and usability through to practical experiences and applications of voting systems, also including legal, social, or political aspects, amongst others. The 9 full papers presented were carefully reviewed and selected from 38 submissions. The selected papers cover a wide range of topics connected with electronic voting, including experiences and revisions of the actual uses of E-voting systems and corresponding processes in elections.

Seit Beginn der Pandemie stehen viele Institutionen (inkl. Vereinen, Unternehmen und Behörden) vor der Frage, wie sie ihre Wahlen und geheimen Abstimmungen organisieren sollen – ohne die Gesundheit der Wähler*innen und Wahlhelfer*innen zu gefährden. Einige Wahlverantwortliche haben sich für die Durchführung von Online-Wahlen bzw. digitalen Abstimmungen entschieden. Erfahrungen anderer Wahlverantwortlicher, die bereits vor der Pandemie online gewählt haben, ab es in Deutschland kaum. Vor der Pandemie wurde das Thema Online-Wahlen in Deutschland – bedingt durch das sogenannte Wahlgeräte-Urteil des Bundesverfassungsgerichts (2009) – kaum diskutiert. Nach über einem Jahr Pandemie sieht die Lage anders aus: Inzwischen fanden einige Wahlen und Abstimmungen online statt. Allerdings entsprechen die dazu eingesetzten Systeme häufig nicht dem Stand der Forschung. Für zukünftige Nutzungen von Online-Wahlen und digitalen Abstimmungen (insbesondere auch nach der Pandemie) ist es daher wichtig, dass Wahlverantwortliche, Kandidat*innen und Wähler*innen verstehen, welches Risiko die bisher eingesetzten Systeme mit sich bringen und wie einzelne Entwicklungen im Kontext von Online-Wahlen und digitalen Abstimmungen einzuordnen sind. Nur so können informierte Entscheidungen im Hinblick auf die einzusetzenden Ansätze getroffen und die Demokratie auch in Zukunft geschützt ...

This volume contains papers presented at E-Vote-ID 2021, the Sixth International Joint Conference on Electronic Voting, held during October 5-8, 2021. Due to the extraordinary situation provoked by Covid-19 Pandemic, the conference is held online for second consecutive edition, instead of in the traditional venue in Bregenz, Austria. E-Vote-ID Conference resulted from the merging of EVOTE and Vote-ID and counting up to 17 years since the _rst E-Vote conference in Austria. Since that conference in 2004, over 1000 experts have attended the venue, including scholars, practitioners, authorities, electoral managers, vendors, and PhD Students. The conference collected the most relevant debates on the development of Electronic Voting, from aspects relating to security and usability through to practical experiences and applications of voting systems, also including legal, social or political aspects, amongst others; turning out to be an important global referent in relation to this issue. Also, this year, the conference consisted of: · Security, Usability and Technical Issues Track · Administrative, Legal, Political and Social Issues Track · Election and Practical Experiences Track · PhD Colloquium, Poster and Demo Session on the day before the conference E-VOTE-ID 2021 received 49 submissions, being, each of them, reviewed by 3 to 5 program committee members, using a double blind review process. As a result, 27 papers were accepted for its presentation in the conference. The selected papers cover a wide range of topics connected with electronic voting, including experiences and revisions of the real uses of E-voting systems and corresponding processes in elections. We would also like to thank the German Informatics Society (Gesellschaft für Informatik) with its ECOM working group and KASTEL for their partnership over many years. Further we would like to thank the Swiss Federal Chancellery and the Regional Government of Vorarlberg for their kind support. EVote- ID 2021 conference is kindly supported through European Union's Horizon 2020 projects ECEPS (grant agreement 857622) and mGov4EU (grant agreement 959072). Special thanks go to the members of the international program committee for their hard work in reviewing, discussing, and shepherding papers. They ensured the high quality of these proceedings with their knowledge and experience.