Paper 2021/1098

Individual Verifiability and Revoting in the Estonian Internet Voting System

Olivier Pereira

Abstract

Individual verifiability remains one of the main practical challenges in e-voting systems and, despite the central importance of this property, countries that sought to implement it faced repeated security problems. In this note, we revisit this property in the context of the IVXV version of the Estonian voting system, which has been in used for the Estonian municipal elections of 2017 and for the Estonian and European parliamentary elections of 2019. We show that a compromised voter device can defeat the individual verifiability mechanism of the current Estonian voting system. Our attack takes advantage of the revoting option that is available in the Estonian voting system, and only requires compromise of the voting client application: it does not require compromising the mobile device verification app, or any server side component.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
election schemesverifiability
Contact author(s)
olivier pereira @ uclouvain be
History
2021-08-30: revised
2021-08-26: received
See all versions
Short URL
https://ia.cr/2021/1098
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/1098,
      author = {Olivier Pereira},
      title = {Individual Verifiability and Revoting in the Estonian Internet Voting System},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/1098},
      year = {2021},
      url = {https://eprint.iacr.org/2021/1098}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.