Team for Research in
Ubiquitous Secure Technology

Crypotgraphic Voting Protocol: A Systems Perspective
Chris Karlof, Naveen Sastry, David Wagner

Citation
Chris Karlof, Naveen Sastry, David Wagner. "Crypotgraphic Voting Protocol: A Systems Perspective". Talk or presentation, 27, April, 2006; Poster given at Trust NSF Site Visit.

Abstract
Cryptographic voting protocols offer the promise of verifiable voting without needing to trust the integrity of any software in the system. However, these cryptographic protocols are only one part of a larger system composed of voting machines, software implementations, and election procedures, and we must analyze their security by considering the system in its entirety. In this paper, we analyze the security properties of two different cryptographic protocols, one proposed by Andrew Neff and another by David Chaum. We discovered several potential weaknesses in these voting protocols which only became apparent when considered in the context of an entire voting system. These weaknesses include: subliminal channels in the encrypted ballots, problems resulting from human unreliability in cryptographic protocols, and denial of service. These attacks could compromise election integrity, erode voter privacy, and enable vote coercion. Whether our attacks succeed or not will depend on how these ambiguities are resolved in a full implementation of a voting system, but we expect that a well designed implementation and deployment may be able to mitigate or even eliminate the impact of these weaknesses. However, these protocols must be analyzed in the context of a complete specification of the system and surrounding procedures before they are deployed in any large-scale public election.

Electronic downloads

Citation formats  
  • HTML
    Chris Karlof, Naveen Sastry, David Wagner. <a
    href="http://www.truststc.org/pubs/80.html"
    ><i>Crypotgraphic Voting Protocol: A Systems
    Perspective</i></a>, Talk or presentation,  27,
    April, 2006; Poster given at Trust NSF Site Visit.
  • Plain text
    Chris Karlof, Naveen Sastry, David Wagner.
    "Crypotgraphic Voting Protocol: A Systems
    Perspective". Talk or presentation,  27, April, 2006;
    Poster given at Trust NSF Site Visit.
  • BibTeX
    @presentation{KarlofSastryWagner06_CrypotgraphicVotingProtocolSystemsPerspective,
        author = {Chris Karlof, Naveen Sastry, David Wagner},
        title = {Crypotgraphic Voting Protocol: A Systems
                  Perspective},
        day = {27},
        month = {April},
        year = {2006},
        note = {Poster given at Trust NSF Site Visit.},
        abstract = {Cryptographic voting protocols offer the promise
                  of verifiable voting without needing to trust the
                  integrity of any software in the system. However,
                  these cryptographic protocols are only one part of
                  a larger system composed of voting machines,
                  software implementations, and election procedures,
                  and we must analyze their security by considering
                  the system in its entirety. In this paper, we
                  analyze the security properties of two different
                  cryptographic protocols, one proposed by Andrew
                  Neff and another by David Chaum. We discovered
                  several potential weaknesses in these voting
                  protocols which only became apparent when
                  considered in the context of an entire voting
                  system. These weaknesses include: subliminal
                  channels in the encrypted ballots, problems
                  resulting from human unreliability in
                  cryptographic protocols, and denial of service.
                  These attacks could compromise election integrity,
                  erode voter privacy, and enable vote coercion.
                  Whether our attacks succeed or not will depend on
                  how these ambiguities are resolved in a full
                  implementation of a voting system, but we expect
                  that a well designed implementation and deployment
                  may be able to mitigate or even eliminate the
                  impact of these weaknesses. However, these
                  protocols must be analyzed in the context of a
                  complete specification of the system and
                  surrounding procedures before they are deployed in
                  any large-scale public election.},
        URL = {http://www.truststc.org/pubs/80.html}
    }
    

Posted by Christopher Brooks on 4 May 2006.
Groups: trust
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.