Estonian Voting Verification Mechanism Revisited Again

Kubjas, Ivo; Pikma, Tiit; Willemson, Jan

doi:10.1007/978-3-319-68687-5_19

Ivo Kubjas¹⁹,
Tiit Pikma¹⁹ &
Jan Willemson^20,21

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10615))

Included in the following conference series:

International Joint Conference on Electronic Voting

1137 Accesses
6 Citations

Abstract

Recently, Muş, Kiraz, Cenk and Sertkaya proposed an improvement over the present Estonian Internet voting vote verification scheme [6]. This paper points to the weaknesses and questionable design choices of the new scheme. We show that the scheme does not fix the vote privacy issue it claims to. It also introduces a way for a malicious voting application to manipulate the vote without being detected by the verification mechanism, hence breaking the cast-as-intended property. As a solution, we propose modifying the protocol of Muş et al. slightly and argue for improvement of the security guarantees. However, there is inherent drop in usability in the protocol as proposed by Muş et al., and this issue will also remain in our improved protocol.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
Of course we assume here that the voter’s computer is honest in the sense that it does not send the QR code anywhere else. But if it would be willing to do so in order to break the voter’s privacy, it could already send away the vote itself.
2.
“Valimised” means “Elections” in Estonian.

References

Heiberg, S., Laud, P., Willemson, J.: The application of I-voting for estonian parliamentary elections of 2011. In: Kiayias, A., Lipmaa, H. (eds.) Vote-ID 2011. LNCS, vol. 7187, pp. 208–223. Springer, Heidelberg (2012). doi:10.1007/978-3-642-32747-6_13
Chapter Google Scholar
Heiberg, S., Martens, T., Vinkel, P., Willemson, J.: Improving the verifiability of the Estonian internet voting scheme. In: Krimmer, R., Volkamer, M., Barrat, J., Benaloh, J., Goodman, N., Ryan, P.Y.A., Teague, V. (eds.) E-Vote-ID 2016. LNCS, vol. 10141, pp. 92–107. Springer, Cham (2017). doi:10.1007/978-3-319-52240-1_6
Chapter Google Scholar
Heiberg, S., Parsovs, A., Willemson, J.: Log analysis of Estonian internet voting 2013–2014. In: Haenni, R., Koenig, R.E., Wikström, D. (eds.) VOTELID 2015. LNCS, vol. 9269, pp. 19–34. Springer, Cham (2015). doi:10.1007/978-3-319-22270-7_2
Chapter Google Scholar
Heiberg, S., Parsovs, A., Willemson, J.: Log analysis of estonian internet voting 2013–2015. Cryptology ePrint Archive, Report 2015/1211 (2015). http://eprint.iacr.org/2015/1211
Heiberg, S., Willemson, J.: Verifiable internet voting in Estonia. In: 2014 6th International Conference on Electronic Voting: Verifying the Vote (EVOTE), pp. 1–8. IEEE (2014)
Google Scholar
Muş, K., Kiraz, M.S., Cenk, M., Sertkaya, I.: Estonian voting verification mechanism revisited. Cryptology ePrint Archive, Report 2016/1125 (2016). http://eprint.iacr.org/2016/1125
Vinkel, P., Krimmer, R.: The how and why to internet voting an attempt to explain E-Stonia. In: Krimmer, R., Volkamer, M., Barrat, J., Benaloh, J., Goodman, N., Ryan, P.Y.A., Teague, V. (eds.) E-Vote-ID 2016. LNCS, vol. 10141, pp. 178–191. Springer, Cham (2017). doi:10.1007/978-3-319-52240-1_11
Chapter Google Scholar
Wagenaar, W.A.: Generation of random sequences by human subjects: a critical survey of literature. Psychol. Bullet. 77(1), 65 (1972)
Article Google Scholar

Download references

Acknowledgements

The research leading to these results has received funding from the European Regional Development Fund through Estonian Centre of Excellence in ICT Research (EXCITE) and the Estonian Research Council under Institutional Research Grant IUT27-1. The authors are also grateful to Arnis Paršovs for pointing out a flaw in an earlier version of the improved protocol.

Author information

Authors and Affiliations

Smartmatic-Cybernetica Centre of Excellence for Internet Voting, Ülikooli 2, 51003, Tartu, Estonia
Ivo Kubjas & Tiit Pikma
Cybernetica AS, Ülikooli 2, 51003, Tartu, Estonia
Jan Willemson
Software Technology and Applications Competence Center, Ülikooli 2, 51003, Tartu, Estonia
Jan Willemson

Authors

Ivo Kubjas
View author publications
You can also search for this author in PubMed Google Scholar
Tiit Pikma
View author publications
You can also search for this author in PubMed Google Scholar
Jan Willemson
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jan Willemson .

Editor information

Editors and Affiliations

Tallinn University of Technology, Tallinn, Estonia
Robert Krimmer
Technische Universität Darmstadt, Darmstadt, Germany
Melanie Volkamer
German Research Institute for Public Administration, Speyer, Germany
Nadja Braun Binder
University of Münster, Münster, Germany
Norbert Kersting
Université Catholique de Louvain, Louvain, Belgium
Olivier Pereira
IT University of Copenhagen, Copenhagen, Denmark
Carsten Schürmann

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Kubjas, I., Pikma, T., Willemson, J. (2017). Estonian Voting Verification Mechanism Revisited Again. In: Krimmer, R., Volkamer, M., Braun Binder, N., Kersting, N., Pereira, O., Schürmann, C. (eds) Electronic Voting. E-Vote-ID 2017. Lecture Notes in Computer Science(), vol 10615. Springer, Cham. https://doi.org/10.1007/978-3-319-68687-5_19

Download citation

DOI: https://doi.org/10.1007/978-3-319-68687-5_19
Published: 06 October 2017
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-68686-8
Online ISBN: 978-3-319-68687-5
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics