Verifiability experiences in government online voting

Transcription

1 Verifiability experiences in government online voting E-Vote-ID 2017 Jordi Puiggalí CSO and SVP of Research & Security Scytl Secure Electronic Voting October, 2017

2 Online voting security and verifiability Government adoption

3 Security and verifiability Privacy & Integrity Anonymous tally Neuchâtel Geneva Privacy & Integrity E2E encryption Standard security

4 Security and verifiability Verifiability Auditability Privacy & Integrity Universal verifiability Individual verifiability Anonymous tally E2E encryption Standard security Neuchâtel Geneva Neuchâtel Geneva

5 Verifiability

6 Verifiability Types of verifiability Vote preparation Vote casting Vote reception Vote Cast-as-intended Recorded-as-cast Electoral board Individual verifiability Based on what is verified Universal verifiability Eligibility verification Counted-as-recorded Vote counting Based on who verifies 6

7 Verifiability Implementations Cast-as-intended Return Codes: Norway and Switzerland Cast and decrypt: Estonia and Australia (NSW) Cast or cancel: used by Helios but not adopted by governments Recorded-as-cast Voting receipts: Norway and Switzerland Embedded in cast-as-intended proof: Estonia and Australia Counted-as-recorded Verifiable mixnet: Norway and Switzerland Homomorphic tally: none of the governments implemented it 7

8 Verifiability Provable security How is possible to verify if verifiability properties are properly designed? Provable security Provable security uses security (cryptographic) and/or formal (symbolic) proofs to define the security properties of the system Security proofs are based on modeling the security of the protocol in front an adversary. Formal proofs use an specific mathematical formal algebra to represent the protocol and test it using an automated formal framework. 8

9 Verifiability Source code publication Source code publication provides transparency /** * The HelloWorldApp class implements an application that * simply prints "Hello World!" to standard output. */ class HelloWorldApp { public static void main(string[] args) { System.out.println("Hello World!"); // Display the string. } } But not verifiability Publishing source code does not ensure that there are no security errors in the code that can be exploited (e.g., Washington DC project) Publishing the source code does not ensure that this code is the same one used by the voter to cast a vote Election accuracy should be independent from software audits: software independence 9

10 Verifiability Vote correctness Voting Server Ballot Box Internet Checks if vote is valid without decryption Types of votes correctness: Before casting the vote: warns voters against incorrect selections. Before storing the vote in the Ballot Box: checks contents of received votes (without compromising voter privacy) Before counting the votes: prevents counting invalid votes 10

11 Verifiability Framework The analysis of implemented voting system will evaluate the following parameters: Cast-as-intended implementation Recorded-as-cast implementation Counted-as-recorded implementation Voter verification usage Publication of source code Provable security Other properties (e.g., vote correctness) 11

12 Verifiability in government implementations Government adoption

13 Government implementations Norway Voter Encrypted vote Operates encrypted vote Operated vote Operates encrypted vote Voting card Verifies return codes Online voting server Return codes Sends return codes 13

14 Government implementations Estonia 1 Cast Voter Encrypted vote Stores encrypted vote 1 2 Verification bar code 3 4 Vote identifier 5 Online voting system server 2 Verify Encrypted vote 6 Vote decryption 14.

15 Government implementations Switzerland SwissPost/Scytl 1 Cast & verify Voter 1 Encrypted vote + verification proof Return Codes from encrypted vote 2 Voting card Verifies Return Codes 4 Return codes 3 Internet Encrypted vote Online voting system server 2 Confirm Voting card Voter 5 Validation code Internet Operates validation code 6 Verifies Finalization Code Finalization code 7 Online voting system server 15.

16 Government implementations Switzerland Geneva 1 Cast & verify Voter 1 Return Codes from clear text vote 2 Verifies Return Codes Voting card 4 return codes 3 Internet Clear-text vote Online voting system server 2 Confirm Voter 5 Validation code Operates validation code 6 Verifies Finalization Code Voting card 8 7 Finalization code Internet Online voting system server 16.

17 Government implementations Australia New South Wales 1 Cast Voter 1 Encrypted + verification vote Stores encrypted vote 2 Receipt number Online voting system 2 Verify Credential + Receipt Number 4 Stores verification vote 3 Vote contents 6 Internet Verification system 5 Decrypts verification vote 17.

18 Norway Estonia Switzerland (Swiss Post) Cast-as-intended Return codes Decryption in device Recorded-as-cast At any time Up to 1 hour with receipts Counted-as-recorded Verifiable None mixnet Voter verification 70% (small sample) 4% (large sample) Government implementations Switzerland (Geneva) Summary Australia (NSW) Return codes Return codes Decryption in server After counting None None with receipts Verifiable None Vote reencryption mixnet Unknown Unknown 1% (large sample) Public source code All the system Only server None Only counting None side + verifier side Vote correctness Yes None Yes Yes None Provable security Yes (Individual None Yes (Individual None None and Universal) and Universal) E2E encryption Yes Yes Yes No Yes 18

19 Conclusions

20 Not enough case studies to point a specific model as example of best practice, but Norway and Switzerland still the ones that have made so far more efforts Cast-as-intended implementation is more adopted than counted-asrecoded Governments still keep trust on server side and do not broad adopt universal verifiability Only two system provides full verifiability: Norway and Switzerland (SwissPost) Publication of source code is usually partial and full disclosure is linked to achieve full verifiability to avoid risks Provable security is gaining on acceptance to evaluate the correct implementation of the security properties (mainly verifiability) Conclusions Analysis 20

21 Any Questions?

22