Paper 2020/1406

How not to VoteAgain: Pitfalls of Scalable Coercion-Resistant E-Voting

Thomas Haines and Johannes Mueller

Abstract

Secure electronic voting is a relatively trivial exercise if a single authority can be completely trusted. In contrast, the construction of efficient and usable schemes which provide strong security without strong trust assumptions is still an open problem, particularly in the remote setting. Coercion-resistance is one of, if not the hardest property to add to a verifiable e-voting system. Numerous secure e-voting systems have been designed to provide coercion-resistance. One of these systems is VoteAgain (Usenix Security 2020) whose security we revisit in this work. We discovered several pitfalls that break the security properties of VoteAgain in threat scenarios for which it was claimed secure. The most critical consequence of our findings is that there exists a voting authority in VoteAgain which needs to be trusted for all security properties. This means that VoteAgain is as (in)secure as a trivial voting system with a single and completely trusted voting authority. We argue that this problem is intrinsic to VoteAgain's design and could thus only be resolved, if possible, by fundamental modifications. We hope that our work will ensure that VoteAgain is not employed for real elections in its current form. Further, we highlight subtle security pitfalls to avoid on the path towards more efficient, usable, and reasonably secure coercion-resistant e-voting. To this end, we conclude the paper by describing the open problems which need to be solved to make VoteAgain's approach secure.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
votingcoercion-resistanceverifiabilityprivacy
Contact author(s)
johannes mueller @ uni lu
History
2021-04-30: last of 2 revisions
2020-11-15: received
See all versions
Short URL
https://ia.cr/2020/1406
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/1406,
      author = {Thomas Haines and Johannes Mueller},
      title = {How not to {VoteAgain}: Pitfalls of Scalable Coercion-Resistant E-Voting},
      howpublished = {Cryptology {ePrint} Archive, Paper 2020/1406},
      year = {2020},
      url = {https://eprint.iacr.org/2020/1406}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.