Research Group Security • Usability • Society (SECUSO)

Pretty Understandable Democracy (Code-Based Voting)

Motivation

Internet voting continues to raise interest. However, despite this interest, and the fact that many Internet voting schemes are already available, further research is needed regarding security and understandability. As such, the underlying security model of most existing schemes is not adequate for high-stake elections. One of the problem with these schemes is that one single entity can violate secrecy and/or integrity, while in traditional elections at least two entities control each other (the four-eyes principle). Another important problem is the problem of having to trust a voting platform, e.g. a personal computer in case of Interent voting, that the vote is not manipulated while being cast, or that a malicious voting platform does not leak the cast vote to the adversary, violating vote privacy. Furthermore, little attention has been paid to the understandability of Internet voting schemes and related understandability criteria in research literature. Consequently, those schemes which provide adequate security for high-stake elections have not yet been evaluated with respect to understandability for the average voter. However, understandability directly affects the trust that voters place on a voting scheme. Therefore, although these schemes provide adequate security, they are not likely to be used in real-world elections. As a result of this state of affairs, there is a need for an adequate security model, understandability criteria, and an Internet voting scheme that meets both.

Results

The research group proposes an Internet voting scheme, Pretty Understandable Democracy (PUD), that aims to ensure a security model adequate for high-stake elections. The scheme, in particular, belongs to the so-called code voting schemes. Instead of providing the name of their chosen candidate directly, the voters input a unique code that corresponds to this candidate and is found on the voter's code sheet, distributed before the election. In such way, even a malicious voting platform does not learn the voter's choice, as soon as the correspondence between the candiates and the codes on the code sheets remains secret. The same code sheets are furthermore used for verifying, that the right vote has been cast by the voting platform. As such, after casting the vote, a so-called acknowledgement code is output to the voter. If this code matches the acknowledgement code on the voter's code sheet, the voter can conclude that her vote has been cast correctly. PUD furthermore relies on the principle of trust distribution and techniques of distributed cryptography such as secret sharing for ensuring, that no single entity is capable of violating any security requirement.

In order to address the problem of understandability of Internet voting schemes, criteria of measuring such understandability are proposed. The first criterion is the number of cryptographic algorithms in use as a measure for the overall understandability of Internet voting schemes. This sub-criterion identifies how many cryptographic algorithms are applied in the Internet voting scheme. Examples of cryptographic algorithms are encryption, re-encryption, signing, permutation, and zero-knowledge proofs. A verifiable re-encryption mix-net consists of the cryptographic algorithms re-encryption, permutation, and zero-knowledge proofs. Yet, it becomes apparent that, even if the number of crypto- graphic algorithms is low, these algorithms might be used several times and in an interfering manner such that under- standability of the overall Internet voting scheme decreases. Therefore, a second criterion to measure understandability of Internet voting schemes is the number of essential process steps. This sub-criterion identifies the number of essential process steps affecting an individual voter’s vote. Essential process steps are those containing cryptographic algorithms. Particularly critical is the number of applications of cryptographic algorithms affecting an individual voter’s vote because these are the steps that the voter must understand. An example of an essential process step is the encryption of the voter’s vote. Both of the criteria are applied to the evaluation of PUD, showing that it is more understandable than the Pretty Good Democracy voting scheme, which satisfies a similar security model.

Publications

Pretty Understandable Democracy - A Secure and Understandable Internet Voting Scheme: Budurushi, J.; Neumann, S.; Olembo, M.; Volkamer, M. 2013. Eighth International Conference on Availability, Reliability and Security (ARES), 2013 : Regensburg, Germany, 2 - 6 Sept. 2013, proceedings. Hrsg.: Pernul, Günther; Sandhu, Ravi, 198-207, IEEE, Piscataway, NJ. doi:10.1109/ARES.2013.27