research-article

Themis: An On-Site Voting System with Systematic Cast-as-intended Verification and Partial Accountability

Authors:

Hervé Chabanne,

Véronique Cortier,

Alexandre Debant,

Emmanuelle Dottax,

Pierrick Gaudry,

Mathieu TuruaniAuthors Info & Claims

CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

Pages 397 - 410

https://doi.org/10.1145/3548606.3560563

Published: 07 November 2022 Publication History

Abstract

We propose an on-site voting system Themis, that aims at improving security when local authorities are not fully trusted. Voters vote thanks to voting sheets as well as smart cards that produce encrypted ballots. Electronic ballots are systematically audited, without compromising privacy. Moreover, the system includes a precise dispute resolution procedure identifying misbehaving parties in most cases.

We conduct a full formal analysis of Themis using ProVerif, with a novel approach in order to cover the modular arithmetic needed in our protocol. In order to evaluate the usability of our system, we organized a voting experiment on a (small) group of voters.

References

[1]

Ben Adida. 2008. Helios: Web-based Open-Audit Voting. In Proceedings of the 17th USENIX Security Symposium, July 28-August 1, 2008, San Jose, CA, USA, Paul C. van Oorschot (Ed.). USENIX Association, 335--348. http://www.usenix.org/events/sec08/tech/full_papers/adida/adida.pdf

[2]

Andrew Appel, Richard DeMillo, and Philip Stark. 2019. Ballot-Marking Devices (BMDs) Cannot Assure the Will of the Voters. Technical Report. SSRN. Available at SSRN: https://ssrn.com/abstract=3375755.

[3]

David Basin, Savs a Radomirović, and Lara Schmid. 2020. Dispute resolution in voting. In 2020 IEEE 33rd Computer Security Foundations Symposium (CSF). IEEE, 1--16.

[4]

Josh Benaloh. 2006. Simple Verifiable Elections. In Voting Technology Workshop (EVT'06).

[5]

Josh Benaloh, Michael D. Byrne, Bryce Eakin, Philip T. Kortum, Neal McBurnett, Olivier Pereira, Philip B. Stark, Dan S. Wallach, Gail Fisher, Julian Montoya, Michelle Parker, and Michael Winn. 2013. STAR-Vote: A Secure, Transparent, Auditable, and Reliable Voting System. In EVT/WOTE.

[6]

Karthikeyan Bhargavan, Bruno Blanchet, and Nadim Kobeissi. 2017. Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate. In IEEE Symposium on Security and Privacy (S&P'17). 483--502.

[7]

B. Blanchet. 2001. An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. In Proc. 14th Computer Security Foundations Workshop (CSFW'01). IEEE Computer Society Press, 82--96.

Digital Library

[8]

Bruno Blanchet. 2016. Modeling and Verifying Security Protocols with the Applied Pi Calculus and ProVerif. Foundations and Trends in Privacy and Security, Vol. 1, 1--2 (2016), 1-135.

Digital Library

[9]

Bruno Blanchet, Vincent Cheval, and Véronique Cortier. 2022. Machine-Checked Proofs of Privacy for Electronic Voting Protocols. In 42nd IEEE Symposium on Security and Privacy (S&P'22).

[10]

Mikaël Bougon, Hervé Chabanne, Véronique Cortier, Alexandre Debant, Emmanuelle Dottax, Jannik Dreier, Pierrick Gaudry, and Mathieu Turuani. 2022. Themis: an On-Site Voting System with Systematic Cast-as-intended Verification and Partial Accountability (full version). Full version, available at https://hal.inria.fr/hal-03763294.

[11]

David Chaum, Richard Carback, Jeremy Clark, Aleksander Essex, Stefan Popoveniuc, Ronald L. Rivest, Peter Y. A. Ryan, Emily Shen, and Alan T. Sherman. 20008. Scantegrity II: End-to-End Verifiability for Optical Scan Election Systems using Invisible Ink Confirmation Codes. In USENIX/ACCURATE EVT.

[12]

Michael Clarkson, Stephen Chong, and Andrew Myers. 2008. Civitas: Toward a Secure Voting System. In IEEE Symposium on Security and Privacy (S&P'08). IEEE Computer Society.

Digital Library

[13]

Vé ronique Cortier, Pierrick Gaudry, and Sté phane Glondu. 2019. Belenios: A Simple Private and Verifiable Electronic Voting System. In Foundations of Security, Protocols, and Equational Reasoning (LNCS), Vol. 11565. Springer, 214--238.

[14]

Stéphanie Delaune, Steve Kremer, and Mark D. Ryan. 2009. Verifying Privacy-type Properties of Electronic Voting Protocols. Journal of Computer Security, Vol. 17, 4 (July 2009), 435--487. https://doi.org/10.3233/JCS-2009-0340

[15]

Rolf Haenni, Reto E. Koenig, Philipp Locher, and Eric Dubuis. 2017. CHVote System Specification. Cryptology ePrint Archive, Report 2017/325.

[16]

Douglas W. Jones. 2005. Threats to Voting Systems. https://homepage.divms.uiowa.edu/ jones/voting/nist2005.shtml.

[17]

Ari Juels, Dario Catalano, and Markus Jakobsson. 2005. Coercion-Resistant Electronic Elections. In ACM Workshop on Privacy in the Electronic Society (WPES'05). ACM.

[18]

Aggelos Kiayias, Thomas Zacharias, and Bingsheng Zhang. 2015. End-to-End Verifiable Elections in the Standard Model. In Advances in Cryptology (EuroCrypt'15) (Lecture Notes in Computer Science), Vol. 9057. Springer, 468--498.

[19]

Nadim Kobeissi, Karthikeyan Bhargavan, and Bruno Blanchet. 2017. Automated Verification for Secure Messaging Protocols and Their Implementations: A Symbolic and Computational Approach. In IEEE European Symposium on Security and Privacy (EuroS&P'17). IEEE, 435--450.

[20]

Nadim Kobeissi, Georgio Nicolas, and Karthikeyan Bhargava. 2019. Noise Explorer: Fully Automated Modeling and Verification for Arbitrary Noise Protocols. In 4th IEEE European Symposium on Security and Privacy (EuroS&P'19).

[21]

Ralf Küsters, Tomasz Truderung, and Andreas Vogt. 2010. Accountability: definition and relationship to verifiability. In Proceedings of the 17th ACM conference on Computer and communications security. 526--535.

Digital Library

[22]

Ralf Kü sters, Tomasz Truderung, and Andreas Vogt. 2012. Clash Attacks on the Verifiability of E-Voting Systems. In IEEE Symposium on Security and Privacy, SP 2012, 21--23 May 2012, San Francisco, California, USA. IEEE Computer Society, 395--409. https://doi.org/10.1109/SP.2012.32

Digital Library

[23]

M. Lindeman and P. B. Stark. 2012. A Gentle Introduction to Risk-Limiting Audits. IEEE Security Privacy, Vol. 10, 5 (2012), 42--49.

Digital Library

[24]

Karola Marky, Oksana Kulyk, Karen Renaud, and Melanie Volkamer. 2018. What Did I Really Vote For? On the Usability of Verifiable E-Voting Schemes. In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems (Montreal QC, Canada) (CHI '18). Association for Computing Machinery, New York, NY, USA, 1--13. https://doi.org/10.1145/3173574.3173750

Digital Library

[25]

Peter Ryan, Peter Rønne, and Vincenzo Iovino. 2016. Selene: Voting with Transparent Verifiability and Coercion-Mitigation. In Financial Cryptography Workshops 2016. 176--192.

[26]

Peter Y.A. Ryan and Steve Schneider. 2006. Prêtà Voter with re-encryption mixes. In 11th European Symposium on Research in Computer Security (Esorics'06). 313--326.

[27]

Douglas Wikström. 2022. The Verificatum Mixnet. https://www.verificatum.org/.

Cited By

Devillez HPereira OPeters TYang Q(2024)Can we cast a ballot as intended and be receipt free?2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00176(3440-3457)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00176
Mieno TOkazaki HArai KFuta Y(2024)How to Formalize Loop Iterations in Cryptographic Protocols Using ProVerifIEEE Access10.1109/ACCESS.2024.336845312(31605-31625)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3368453
Rønne PFinogina THerranz J(2024)Expanding the Toolbox: Coercion and Vote-Selling at Vote-Casting RevisitedElectronic Voting10.1007/978-3-031-72244-8_9(141-157)Online publication date: 23-Sep-2024
https://doi.org/10.1007/978-3-031-72244-8_9

Index Terms

Themis: An On-Site Voting System with Systematic Cast-as-intended Verification and Partial Accountability
1. Security and privacy
  1. Formal methods and theory of security

Recommendations

Kryvos: Publicly Tally-Hiding Verifiable E-Voting
CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

Elections are an important corner stone of democratic processes. In addition to publishing the final result (e.g., the overall winner), elections typically publish the full tally consisting of all (aggregated) individual votes. This causes several ...
Voting in E-Participation: A Set of Requirements to Support Accountability and Trust by Electoral Committees
Electronic Voting
Abstract
Voting is an important part of electronic participation whenever it comes to finding a common opinion among the many participants. The impact of the voting result on the outcome of the e-participation process might differ a lot as voting can ...
Towards verifying voter privacy through unlinkability
ESSoS'13: Proceedings of the 5th international conference on Engineering Secure Software and Systems

The increasing official use of security protocols for electronic voting deepens the need for their trustworthiness, hence for their formal verification. The impossibility of linking a voter to her vote, often called voter privacy or ballot secrecy, is ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

November 2022

3598 pages

ISBN:9781450394505

DOI:10.1145/3548606

General Chairs:
Heng Yin
University of California, Riverside
,
Angelos Stavrou
Virginia Tech
,
Program Chairs:
Cas Cremers
CISPA Helmholtz Center for Information Security
,
Elaine Shi
Carnegie Mellon University

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 November 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '22

Sponsor:

SIGSAC

CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security

November 7 - 11, 2022

CA, Los Angeles, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
279
Total Downloads

Downloads (Last 12 months)68
Downloads (Last 6 weeks)9

Reflects downloads up to 06 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Devillez HPereira OPeters TYang Q(2024)Can we cast a ballot as intended and be receipt free?2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00176(3440-3457)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00176
Mieno TOkazaki HArai KFuta Y(2024)How to Formalize Loop Iterations in Cryptographic Protocols Using ProVerifIEEE Access10.1109/ACCESS.2024.336845312(31605-31625)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3368453
Rønne PFinogina THerranz J(2024)Expanding the Toolbox: Coercion and Vote-Selling at Vote-Casting RevisitedElectronic Voting10.1007/978-3-031-72244-8_9(141-157)Online publication date: 23-Sep-2024
https://doi.org/10.1007/978-3-031-72244-8_9

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents