Paper 2021/1098
Individual Verifiability and Revoting in the Estonian Internet Voting System
Olivier Pereira
Abstract
Individual verifiability remains one of the main practical challenges in e-voting systems and, despite the central importance of this property, countries that sought to implement it faced repeated security problems. In this note, we revisit this property in the context of the IVXV version of the Estonian voting system, which has been in used for the Estonian municipal elections of 2017 and for the Estonian and European parliamentary elections of 2019. We show that a compromised voter device can defeat the individual verifiability mechanism of the current Estonian voting system. Our attack takes advantage of the revoting option that is available in the Estonian voting system, and only requires compromise of the voting client application: it does not require compromising the mobile device verification app, or any server side component.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Preprint. MINOR revision.
- Keywords
- election schemesverifiability
- Contact author(s)
- olivier pereira @ uclouvain be
- History
- 2021-08-30: revised
- 2021-08-26: received
- See all versions
- Short URL
- https://ia.cr/2021/1098
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2021/1098, author = {Olivier Pereira}, title = {Individual Verifiability and Revoting in the Estonian Internet Voting System}, howpublished = {Cryptology {ePrint} Archive, Paper 2021/1098}, year = {2021}, url = {https://eprint.iacr.org/2021/1098} }