Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

Breaking and Fixing Vote Privacy of the Estonian E-Voting Protocol IVXV

  • Conference paper
  • First Online:
Financial Cryptography and Data Security. FC 2022 International Workshops (FC 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13412))

Included in the following conference series:

Abstract

We revisit the e-voting protocol IVXV that is used for legally-binding political elections in Estonia from a privacy perspective. We demonstrate that IVXV is vulnerable to attacks against vote privacy in those threat scenarios that were considered for IVXV originally. We explain how to improve IVXV so that it protects against the privacy issues we discovered.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    To be more precise, in our presentation, we simplified the checks carried out to verify eligibility of voters, and we completely omitted the voters’ individual verification procedures.

References

  1. Adida, B.: Helios: web-based open-audit voting. In: Proceedings of the 17th USENIX Security Symposium, 2008, pp. 335–348. USENIX Association (2008)

    Google Scholar 

  2. El Gamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Advances in Cryptology, Proceedings of CRYPTO ’84, pp. 10–18 (1984)

    Google Scholar 

  3. Gennaro, R.: Achieving independence efficiently and securely. In: Anderson, J.H. (ed.), Proceedings of the Fourteenth Annual ACM Symposium on Principles of Distributed Computing, Ottawa, Ontario, Canada, 20–23 August 1995, pp. 130–136. ACM (1995)

    Google Scholar 

  4. Heiberg, S., Martens, T., Vinkel, P., Willemson, J.: Improving the verifiability of the Estonian internet voting scheme. In: Krimmer, R., et al. (eds.) E-Vote-ID 2016. LNCS, vol. 10141, pp. 92–107. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-52240-1_6

    Chapter  Google Scholar 

  5. Hirschi, L., Schmid, L., Basin, D.: Fixing the achilles heel of e-voting: the bulletin board. In: 34th IEEE Computer Security Foundations Symposium, CSF 2021, Dubrovnik, Croatia, 21–25 June 2021, pp. 1–17. IEEE (2021)

    Google Scholar 

  6. Khazaei, S., Wikström, D.: Randomized partial checking revisited. In: Dawson, E. (ed.) CT-RSA 2013. LNCS, vol. 7779, pp. 115–128. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36095-4_8

    Chapter  Google Scholar 

  7. Pereira, O.: Individual verifiability and Revoting in the Estonian internet voting system. IACR Cryptology ePrint Archive, p. 1098 (2021)

    Google Scholar 

  8. Pfitzmann, B.: Breaking an efficient anonymous channel. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 332–340. Springer, Heidelberg (1995). https://doi.org/10.1007/BFb0053448

    Chapter  Google Scholar 

  9. Pfitzmann, B., Pfitzmann, A.: How to break the direct RSA-implementation of mixes. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 373–381. Springer, Heidelberg (1990). https://doi.org/10.1007/3-540-46885-4_37

    Chapter  Google Scholar 

  10. Schnorr, C.P.: Efficient identification and signatures for smart cards. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 688–689. Springer, Heidelberg (1990). https://doi.org/10.1007/3-540-46885-4_68

    Chapter  Google Scholar 

  11. Springall, D., et al.: Security analysis of the Estonian internet voting system. In: Ahn, G.-J., Yung, M., Li, N. (eds.), Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, 3–7 November 2014, pp. 703–715. ACM (2014)

    Google Scholar 

  12. Valimised. https://rk2019.valimised.ee/en/voting-result/voting-result-main.html. Accessed 23 Aug 2021

  13. Valimised. https://www.valimised.ee/en/internet-voting/documents-about-internet-voting. Accessed 23 Aug 2021

  14. Verificatum Mix Net (VMN). https://www.verificatum.org/html/product_vmn.html

Download references

Acknowledgements

I thank Jan Willemson for his open-minded discussions about the vote privacy (issues) of IVXV as well as his critical remarks on a preliminary version of this report. I also thank the anonymous referees for their helpful feedback.

Johannes Müller was supported by the Luxembourg National Research Fund (FNR), under the CORE Junior project FP2 (C20/IS/14698166/FP2/Mueller).

Author information

Authors and Affiliations

  1. SnT, University of Luxembourg, Esch-sur-Alzette, Luxembourg

    Johannes Müller

Authors
  1. Johannes Müller
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Johannes Müller .

Editor information

Editors and Affiliations

  1. Georgetown University, Washington, DC, USA

    Shin'ichiro Matsuo

  2. Imperial College London, London, UK

    Lewis Gudgeon

  3. Cornell University, Ithaca, NY, USA

    Ariah Klages-Mundt

  4. Imperial College London, London, UK

    Daniel Perez Hernandez

  5. Imperial College London, London, UK

    Sam Werner

  6. The Australian National University, Canberra, ACT, Australia

    Thomas Haines

  7. Western University, London, ON, Canada

    Aleksander Essex

  8. University of Stirling, Stirling, UK

    Andrea Bracciali

  9. University of Trento, Trento, Trento, Italy

    Massimiliano Sala

Rights and permissions

Reprints and permissions

Copyright information

© 2023 International Financial Cryptography Association

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Müller, J. (2023). Breaking and Fixing Vote Privacy of the Estonian E-Voting Protocol IVXV. In: Matsuo, S., et al. Financial Cryptography and Data Security. FC 2022 International Workshops. FC 2022. Lecture Notes in Computer Science, vol 13412. Springer, Cham. https://doi.org/10.1007/978-3-031-32415-4_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-32415-4_22

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-32414-7

  • Online ISBN: 978-3-031-32415-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation