Auditing for privacy in threshold PKE e-voting
Information and Computer Security
Article publication date: 13 March 2017
This paper aims to investigate the importance of auditing for election privacy via issues that appear in the state-of-the-art implementations of e-voting systems that apply threshold public key encryption (TPKE) in the client such as Helios and use a bulletin board (BB).
Argumentation builds upon a formal description of a typical TPKE-based e-voting system where the election authority (EA) is the central node in a star network topology. The paper points out the weaknesses of the said topology with respect to privacy and analyzes how these weaknesses affect the security of several instances of TPKE-based e-voting systems. Overall, it studies the importance of auditing from a privacy aspect.
The paper shows that without public key infrastructure (PKI) support or – more generally – authenticated BB “append” operations, TPKE-based e-voting systems are vulnerable to attacks where the malicious EA can act as a man-in-the-middle between the election trustees and the voters; hence, it can learn how the voters have voted. As a countermeasure for such attacks, this work suggests compulsory trustee auditing. Furthermore, it analyzes how lack of cryptographic proof verification affects the level of privacy that can be provably guaranteed in a typical TPKE e-voting system.
As opposed to the extensively studied importance of auditing to ensure election integrity, the necessity of auditing to protect privacy in an e-voting system has been mostly overlooked. This paper reveals design weaknesses present in noticeable TPKE-based e-voting systems that can lead to a total breach of voters’ privacy and shows how auditing can be applied for providing strong provable privacy guarantees.
This research was partly supported by ERC project #259152 (CODAMODA), Horizon 2020 project #653497 (PANORAMIX) and project FINER, Greek Secretariat of Research and Technology, funded under action ARISTEIA 1.
Kiayias, A., Zacharias, T. and Zhang, B. (2017), "Auditing for privacy in threshold PKE e-voting", Information and Computer Security, Vol. 25 No. 1, pp. 100-116. https://doi.org/10.1108/ICS-07-2016-0056
Emerald Publishing Limited
Copyright © 2017, Emerald Publishing Limited