Cryptology ePrint Archive: Report 2021/1098

Individual Verifiability and Revoting in the Estonian Internet Voting System

Olivier Pereira

Abstract: Individual verifiability remains one of the main practical challenges in e-voting systems and, despite the central importance of this property, countries that sought to implement it faced repeated security problems.

In this note, we revisit this property in the context of the IVXV version of the Estonian voting system, which has been in used for the Estonian municipal elections of 2017 and for the Estonian and European parliamentary elections of 2019.

We show that a compromised voter device can defeat the individual verifiability mechanism of the current Estonian voting system. Our attack takes advantage of the revoting option that is available in the Estonian voting system, and only requires compromise of the voting client application: it does not require compromising the mobile device verification app, or any server side component.

Category / Keywords: cryptographic protocols / election schemes, verifiability

Date: received 25 Aug 2021, last revised 30 Aug 2021

Contact author: olivier pereira at uclouvain be

Available format(s): PDF | BibTeX Citation

Version: 20210830:145715 (All versions of this report)

Short URL: ia.cr/2021/1098


[ Cryptology ePrint archive ]