How Not To Prove Your Election Outcome

Published: 18 May 2020

A full analysis of the critical cryptographic vulnerabilities present in the Scytl/SwissPost e-voting solution to be presented at 41st IEEE Symposium on Security and Privacy.

Authors

  • Thomas Haines - Norwegian University of Science and Technology
  • Sarah Jamie Lewis - Open Privacy Research Society
  • Olivier Pereira - UCLouvain – ICTeam, B-1348 Louvain-la-Neuve, Belgium
  • Vanessa Teague - The University of Melbourne, Parkville, Australia

Abstract

The Scytl/SwissPost e-voting solution was intended to provide complete verifiability for Swiss government elections. We show failures in both individual verifiability and universal verifiability (as defined in Swiss Federal Ordinance 161.116), based on mistaken implementations of cryptographic components. These failures allow for the construction of proofs’’ of an accurate election outcome that pass verification though the votes have been manipulated. Using sophisticated cryptographic protocols without a proper consideration of what properties they offer, and under which conditions, can introduce opportunities for undetectable fraud even though the system appears to allow verification of the outcome. Our findings are immediately relevant to systems in use in Switzerland and Australia, and probably also elsewhere.

Full Text: /assets/how-not-to-prove-your-election-outcome-preprint.pdf

Fund Projects like Election Security


Donate via Patreon

Become a Patron!

Donate via Paypal

Donate via Cryptocurrencies


Open Privacy is an incorporated non-profit society in British Columbia, Canada. Donations are not tax deductible. You can Donate Once via Bitcoin, Monero, Zcash, and Paypal, or you can Donate Monthly via Patreon or Paypal. Please contact us to arrange donation by other methods.

More About How Not To Prove Your Election Outcome