Cryptology ePrint Archive: Report 2017/081

Estonian Voting Verification Mechanism Revisited Again

Ivo Kubjas and Tiit Pikma and Jan Willemson

Abstract: Recently, Muş, Kiraz, Cenk and Sertkaya proposed an improvement over the present Estonian Internet voting vote verification scheme. This paper points to the weaknesses and questionable design choices of the new scheme. We show that the scheme does not fix the vote privacy issue it claims to. It also introduces a way for a malicious voting application to manipulate the vote without being detected by the verification mechanism, hence breaking the cast-as-intended property. In addition, the proposal would seriously harm usability of the Estonian vote verification scheme.

Category / Keywords: cryptographic protocols / Electronic voting, vote verification

Date: received 2 Feb 2017, last revised 14 Feb 2017

Contact author: jan willemson at gmail com

Available format(s): PDF | BibTeX Citation

Note: Added an additional side channel attack.

Version: 20170214:124250 (All versions of this report)

Short URL: ia.cr/2017/081

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]