Team for Research in
Ubiquitous Secure Technology

Citation
Chris Karlof, Naveen Sastry, David Wagner. "Crypotgraphic Voting Protocol: A Systems Perspective". Talk or presentation, 27, April, 2006; Poster given at Trust NSF Site Visit.

Abstract
Cryptographic voting protocols offer the promise of verifiable voting without needing to trust the integrity of any software in the system. However, these cryptographic protocols are only one part of a larger system composed of voting machines, software implementations, and election procedures, and we must analyze their security by considering the system in its entirety. In this paper, we analyze the security properties of two different cryptographic protocols, one proposed by Andrew Neff and another by David Chaum. We discovered several potential weaknesses in these voting protocols which only became apparent when considered in the context of an entire voting system. These weaknesses include: subliminal channels in the encrypted ballots, problems resulting from human unreliability in cryptographic protocols, and denial of service. These attacks could compromise election integrity, erode voter privacy, and enable vote coercion. Whether our attacks succeed or not will depend on how these ambiguities are resolved in a full implementation of a voting system, but we expect that a well designed implementation and deployment may be able to mitigate or even eliminate the impact of these weaknesses. However, these protocols must be analyzed in the context of a complete specification of the system and surrounding procedures before they are deployed in any large-scale public election.

Electronic downloads

• karlof_CryptoVotingProtocols_TrustApril06Poster.ppt · application/vnd.ms-powerpoint · 116 kbytes

• HTML

  Chris Karlof, Naveen Sastry, David Wagner. <a
  href="http://www.truststc.org/pubs/80.html"
  ><i>Crypotgraphic Voting Protocol: A Systems
  Perspective</i></a>, Talk or presentation,  27,
  April, 2006; Poster given at Trust NSF Site Visit.

• Plain text

  Chris Karlof, Naveen Sastry, David Wagner.
  "Crypotgraphic Voting Protocol: A Systems
  Perspective". Talk or presentation,  27, April, 2006;
  Poster given at Trust NSF Site Visit.

• BibTeX

  @presentation{KarlofSastryWagner06_CrypotgraphicVotingProtocolSystemsPerspective,
      author = {Chris Karlof, Naveen Sastry, David Wagner},
      title = {Crypotgraphic Voting Protocol: A Systems
                Perspective},
      day = {27},
      month = {April},
      year = {2006},
      note = {Poster given at Trust NSF Site Visit.},
      abstract = {Cryptographic voting protocols offer the promise
                of verifiable voting without needing to trust the
                integrity of any software in the system. However,
                these cryptographic protocols are only one part of
                a larger system composed of voting machines,
                software implementations, and election procedures,
                and we must analyze their security by considering
                the system in its entirety. In this paper, we
                analyze the security properties of two different
                cryptographic protocols, one proposed by Andrew
                Neff and another by David Chaum. We discovered
                several potential weaknesses in these voting
                protocols which only became apparent when
                considered in the context of an entire voting
                system. These weaknesses include: subliminal
                channels in the encrypted ballots, problems
                resulting from human unreliability in
                cryptographic protocols, and denial of service.
                These attacks could compromise election integrity,
                erode voter privacy, and enable vote coercion.
                Whether our attacks succeed or not will depend on
                how these ambiguities are resolved in a full
                implementation of a voting system, but we expect
                that a well designed implementation and deployment
                may be able to mitigate or even eliminate the
                impact of these weaknesses. However, these
                protocols must be analyzed in the context of a
                complete specification of the system and
                surrounding procedures before they are deployed in
                any large-scale public election.},
      URL = {http://www.truststc.org/pubs/80.html}
  }
  

Posted by Christopher Brooks on 4 May 2006.
Groups: trust
For additional information, see the Publications FAQ or contact webmaster at www truststc org.