Volume 2, Number 3

Authors of accepted papers for Volume 2, Number 3, presented their work August 18–19, 2014, at EVT/WOTE '14, which was co-located with the 23rd USENIX Security Symposium (USENIX Security '14). As part of our commitment to open access, this issue of the USENIX Journal of Election Technology and Systems (JETS), and the individual papers presented at the workshop, are free and openly accessible for download below.

Download JETS Volume 2, Number 3 (complete PDF)

July 2014

Every Vote Counts: Ensuring Integrity in Large-Scale Electronic Voting

5:15 pm

Feng Hao, Newcastle University; Matthew N. Kreeger, Thales E-Security; Brian Randell, Dylan Clarke, Siamak F. Shahandashti, and Peter Hyun-Jeen Lee, Newcastle University

This paper presents a new End-to-End (E2E) verifiable e-voting protocol for large-scale elections, called Direct Recording Electronic with Integrity (DRE-i). In contrast to all other E2E verifiable voting schemes, ours does not involve any Tallying Authorities (TAs). The design of DRE-i is based on the hypothesis that existing E2E voting protocols’ universal dependence on TAs is a key obstacle to their practical deployment. In DRE-i, the need for TAs is removed by applying novel encryption techniques such that after the election multiplying the ciphertexts together will cancel out random factors and permit anyone to verify the tally. We describe how to apply the DRE-i protocol to enforce the tallying integrity of a DRE-based election held at a set of supervised polling stations. Each DRE machine directly records votes just as the existing practice in the real-world DRE deployment. But unlike the ordinary DRE machines, in DRE-i the machine must publish additional audit data to allow public verification of the tally. If the machine attempts to cheat by altering either votes or audit data, then the public verification of the tallying integrity will fail. To improve system reliability, we further present a fail-safe mechanism to allow graceful recovery from the effect of missing or corrupted ballots in a publicly verifiable and privacy-preserving manner. Finally, we compare DRE-i with previous related voting schemes and show several improvements in security, efficiency and usability. This highlights the promising potential of a new category of voting systems that are E2E verifiable and TA-free. We call this new category “self-enforcing electronic voting”.

Available Media

Usability of Voter Verifiable, End-to-end Voting Systems: Baseline Data for Helios, Prêt à Voter, and Scantegrity II

3:45 pm

 Claudia Z. Acemyan, Philip Kortum, Michael D. Byrne, and Dan S. Wallach, Rice University

In response to voting security concerns, security researchers have developed tamper-resistant, voter verifiable voting methods. These end-to-end voting systems are unique because they give voters the option to both verify the system is working properly and to check that their votes have been recorded after leaving the polling place. While these methods solve many of the security problems surrounding voting with traditional methods, the systems’ added complexity might adversely impact their usability. This paper presents an experiment assessing the usability of Helios, Prêt à Voter, and Scantegrity II. Overall, the tested systems were exceptionally difficult to use. Data revealed that success rates of voters casting ballots on these systems were extraordinarily low. Specifically, only 58% of ballots were successfully cast across all three systems. There were reliable differences in voting completion times across the three methods, and these times were much slower than previously tested voting technologies. Subjective usability ratings differed across the systems, with satisfaction being generally low, but highest for Helios. Vote verification completion rates were even lower than those for vote casting. There were no reliable differences in ballot verification times across the three methods, but there were differences in satisfaction levels, with satisfaction being lowest for Helios. These usability findings—especially the extremely low vote casting completion rates—highlight that it is not enough for a system to be secure; every system must also be usable. 

Available Media

Mitigating Coercion, Maximizing Confidence in Postal Elections

4:30 pm

Jacob Quinn Shenker and R. Michael Alvarez, California Institute of Technology

Elections have traditionally depended on procedural safeguards and best practices to ensure integrity and instill trust. By making it difficult for individuals to manipulate ballots undetected, these policies electoral malfeasance. Even so, it is clearly preferable to move beyond this kind of best-effort security and instead provide strong guarantees of integrity and privacy.

Elections have traditionally depended on procedural safeguards and best practices to ensure integrity and instill trust. By making it difficult for individuals to manipulate ballots undetected, these policies electoral malfeasance. Even so, it is clearly preferable to move beyond this kind of best-effort security and instead provide strong guarantees of integrity and privacy.

An emerging literature on voting systems has identified two distinct approaches towards this end: build trust worthiness into the voting system, or audit the election after-the-fact to verify its integrity. The first strategy is embodied by end-to-end verifiable voting systems, which use cryptography to prove to the voter that their ballot was cast and tallied as intended. However, these systems are predicated on strong assumptions and use complicated, difficult-to-understand cryptography to deliver their security guarantees. Instead of attempting to provide these strict assurances, the auditing approach aims to output statistical evidence that an election was conducted properly.

Available Media