Norwegian internet voting protocol revisited: ballot box and receipt generator are allowed to collude
Date
2016-11-02
Advisors
Journal Title
Journal ISSN
ISSN
1939-0114
Volume Title
Publisher
Wiley
Type
Article
Peer reviewed
Yes
Abstract
Norway experienced internet voting in 2011 and 2013 for municipal and parliamentary elections, respectively. Its security depends on the assumptions that the involving organizations are completely independent, reliable, and the receipt codes are securely sent to the voters. In this paper, we point out the following aspects:
- The vote privacy of the Norwegian scheme is violated if Ballot Box and Receipt Generator cooperate because the private key of Decryption Service can be obtained by the two former players. We propose a solution to avoid this issue without adding new players.
- To assure the correctness, the receipt codes are sent to the voters over a pre‐channel (postal service) and a post‐channel (Short Message Service [SMS]). However, by holding both SMS and the postal receipt code, a voter can reveal his vote even after the elections. Albeit revoting is a fairly well solution for coercion or concealment, intentional vote revealing is still a problem. We suggest SMS only for notification of vote submission.
- In case the codes are falsely generated or the pre‐channel is not secure, a vote can be counted for a different candidate without detection. We propose a solution in which voters verify the integrity of the postal receipt codes.
Description
The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link. open access article
Keywords
internet voting, vote privacy, cryptographic protocols, threshold cryptography, homomorphic encryption
Citation
Kardas, S., Kiraz, M.S., Bingol, M.A. and Birinci, F. (2016) Norwegian internet voting protocol revisited: ballot box and receipt
generator are allowed to collude. Security and Communication Networks, 9(18), pp. 5051–5063.