How not to prove your election outcome

Published: 25 March 2019

The use of non-adaptive zero knowledge proofs in theScytl-SwissPost Internet voting system, and its implications for decryption proof soundness

Authors

  • Sarah Jamie Lewis - Open Privacy Research Society
  • Olivier Pereira - UCLouvain – ICTeam, B-1348 Louvain-la-Neuve, Belgium
  • Vanessa Teague - The University of Melbourne, Parkville, Australia

Abstract

We show that a weakness in the SwissPost-Scytl implementation of th eFiat-Shamir transform allows the creation of false decryption proofs, which verify perfectly but actually “prove” a decryption that is different from thetrue plaintext.

this could, for instance, be used by a cheating decryption service to changevalid votes into nonsense that would not be counted. This attack could have a political effect if the attacker knew which votes supported a party it wanted to harm.

Although it would be informally apparent that something had gone wrong,the formal verification process would pass. This contradicts the completeverifiability property that this voting system is supposed to offer.If the decryption proofs were mistakenly believed to be sound, it seemsthat our exploit would put the system in an “impossible state”, which would make it difficult to define a meaningful investigation process. We have provided two cheating decryption proof transcripts with this re-port, which verify but do not claim the correct plaintext.

SwissPost have not yet confirmed our analysis, and NSWEC claim that this problem does not affect the iVote system.We also list a collection of other issues in the implementation of non-interactive zero knowledge proofs. These cause concern, though it is notimmediately obvious how they could be exploited

Note

Since the above abstract was written SwissPost & Scytl have confirmed our analysis, and the entire evoting program was suspended after we reported a 3rd critical flaw which impacted Individual Verifiability.

Full Text: https://people.eng.unimelb.edu.au/vjteague/HowNotToProveElectionOutcome.pdf

Fund Projects like Election Security


Donate via Cryptocurrencies

Donate via Paypal

Donate via Patreon

Become a Patron!

Donate via Paypal


Open Privacy is an incorporated non-profit society in British Columbia, Canada. Donations are not tax deductible. You can Donate Once via Bitcoin, Monero, Zcash, and Paypal, or you can Donate Monthly via Patreon or Paypal. Please contact us to arrange donation by other methods.

More About How not to prove your election outcome