Cryptographic Voting Protocols: A Systems Perspective

Cryptographic Voting Protocols: A Systems Perspective
Chris Karlof, Naveen Sastry, David Wagner

Citation
Chris Karlof, Naveen Sastry, David Wagner. "Cryptographic Voting Protocols: A Systems Perspective". Proceedings of the Fourteenth USENIX Security Symposium (USENIX Security 2005), 33-50, August, 2005.

Abstract
Cryptographic voting protocols offer the promise of verifiable voting without needing to trust the integrity of any software in the system. However, these cryptographic protocols are only one part of a larger system composed of voting machines, software implementations, and election procedures, and we must analyze their security by considering the system in its entirety. In this paper, we analyze the security properties of two different cryptographic protocols, one proposed by Andrew Neff and another by David Chaum. We discovered several potential weaknesses in these voting protocols which only became apparent when considered in the context of an entire voting system. These weaknesses include: subliminal channels in the encrypted ballots, problems resulting from human unreliability in cryptographic protocols, and denial of service. These attacks could compromise election integrity, erode voter privacy, and enable vote coercion. Whether our attacks succeed or not will depend on how these ambiguities are resolved in a full implementation of a voting system, but we expect that a well designed implementation and deployment may be able to mitigate or even eliminate the impact of these weaknesses. However, these protocols must be analyzed in the context of a complete specification of the system and surrounding procedures before they are deployed in any large-scale public election.

Electronic downloads

http://www.cs.berkeley.edu/~ckarlof/papers/cryptovoting-usenix05.pdf

Citation formats

HTML

Chris Karlof, Naveen Sastry, David Wagner. <a
href="http://www.truststc.org/pubs/188.html"
>Cryptographic Voting Protocols: A Systems
Perspective</a>, Proceedings of the Fourteenth USENIX
Security Symposium (USENIX Security 2005), 33-50, August,
2005.

Plain text

Chris Karlof, Naveen Sastry, David Wagner.
"Cryptographic Voting Protocols: A Systems
Perspective". Proceedings of the Fourteenth USENIX
Security Symposium (USENIX Security 2005), 33-50, August,
2005.

BibTeX

@inproceedings{KarlofSastryWagner05_CryptographicVotingProtocolsSystemsPerspective,
    author = {Chris Karlof and Naveen Sastry and David Wagner},
    title = {Cryptographic Voting Protocols: A Systems
              Perspective},
    booktitle = {Proceedings of the Fourteenth USENIX Security
              Symposium (USENIX Security 2005)},
    pages = {33-50},
    month = {August},
    year = {2005},
    abstract = {Cryptographic voting protocols offer the promise
              of verifiable voting without needing to trust the
              integrity of any software in the system. However,
              these cryptographic protocols are only one part of
              a larger system composed of voting machines,
              software implementations, and election procedures,
              and we must analyze their security by considering
              the system in its entirety. In this paper, we
              analyze the security properties of two different
              cryptographic protocols, one proposed by Andrew
              Neff and another by David Chaum. We discovered
              several potential weaknesses in these voting
              protocols which only became apparent when
              considered in the context of an entire voting
              system. These weaknesses include: subliminal
              channels in the encrypted ballots, problems
              resulting from human unreliability in
              cryptographic protocols, and denial of service.
              These attacks could compromise election integrity,
              erode voter privacy, and enable vote coercion.
              Whether our attacks succeed or not will depend on
              how these ambiguities are resolved in a full
              implementation of a voting system, but we expect
              that a well designed implementation and deployment
              may be able to mitigate or even eliminate the
              impact of these weaknesses. However, these
              protocols must be analyzed in the context of a
              complete specification of the system and
              surrounding procedures before they are deployed in
              any large-scale public election.},
    URL = {http://www.truststc.org/pubs/188.html}
}

Posted by Chris Karlof on 5 Mar 2007.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.