Team for Research in
Ubiquitous Secure Technology

Cryptographic Voting Protocols: A Systems Perspective
Chris Karlof, Naveen Sastry, David Wagner

Citation
Chris Karlof, Naveen Sastry, David Wagner. "Cryptographic Voting Protocols: A Systems Perspective". Proceedings of the Fourteenth USENIX Security Symposium (USENIX Security 2005), 33-50, August, 2005.

Abstract
Cryptographic voting protocols offer the promise of verifiable voting without needing to trust the integrity of any software in the system. However, these cryptographic protocols are only one part of a larger system composed of voting machines, software implementations, and election procedures, and we must analyze their security by considering the system in its entirety. In this paper, we analyze the security properties of two different cryptographic protocols, one proposed by Andrew Neff and another by David Chaum. We discovered several potential weaknesses in these voting protocols which only became apparent when considered in the context of an entire voting system. These weaknesses include: subliminal channels in the encrypted ballots, problems resulting from human unreliability in cryptographic protocols, and denial of service. These attacks could compromise election integrity, erode voter privacy, and enable vote coercion. Whether our attacks succeed or not will depend on how these ambiguities are resolved in a full implementation of a voting system, but we expect that a well designed implementation and deployment may be able to mitigate or even eliminate the impact of these weaknesses. However, these protocols must be analyzed in the context of a complete specification of the system and surrounding procedures before they are deployed in any large-scale public election.

Electronic downloads

Citation formats  
  • HTML
    Chris Karlof, Naveen Sastry, David Wagner. <a
    href="http://www.truststc.org/pubs/188.html"
    >Cryptographic Voting Protocols: A Systems
    Perspective</a>, Proceedings of the Fourteenth USENIX
    Security Symposium (USENIX Security 2005), 33-50, August,
    2005.
  • Plain text
    Chris Karlof, Naveen Sastry, David Wagner.
    "Cryptographic Voting Protocols: A Systems
    Perspective". Proceedings of the Fourteenth USENIX
    Security Symposium (USENIX Security 2005), 33-50, August,
    2005.
  • BibTeX
    @inproceedings{KarlofSastryWagner05_CryptographicVotingProtocolsSystemsPerspective,
        author = {Chris Karlof and Naveen Sastry and David Wagner},
        title = {Cryptographic Voting Protocols: A Systems
                  Perspective},
        booktitle = {Proceedings of the Fourteenth USENIX Security
                  Symposium (USENIX Security 2005)},
        pages = {33-50},
        month = {August},
        year = {2005},
        abstract = {Cryptographic voting protocols offer the promise
                  of verifiable voting without needing to trust the
                  integrity of any software in the system. However,
                  these cryptographic protocols are only one part of
                  a larger system composed of voting machines,
                  software implementations, and election procedures,
                  and we must analyze their security by considering
                  the system in its entirety. In this paper, we
                  analyze the security properties of two different
                  cryptographic protocols, one proposed by Andrew
                  Neff and another by David Chaum. We discovered
                  several potential weaknesses in these voting
                  protocols which only became apparent when
                  considered in the context of an entire voting
                  system. These weaknesses include: subliminal
                  channels in the encrypted ballots, problems
                  resulting from human unreliability in
                  cryptographic protocols, and denial of service.
                  These attacks could compromise election integrity,
                  erode voter privacy, and enable vote coercion.
                  Whether our attacks succeed or not will depend on
                  how these ambiguities are resolved in a full
                  implementation of a voting system, but we expect
                  that a well designed implementation and deployment
                  may be able to mitigate or even eliminate the
                  impact of these weaknesses. However, these
                  protocols must be analyzed in the context of a
                  complete specification of the system and
                  surrounding procedures before they are deployed in
                  any large-scale public election.},
        URL = {http://www.truststc.org/pubs/188.html}
    }
    

Posted by Chris Karlof on 5 Mar 2007.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.