Secure, Usable and Robust Cryptographic Voting Systems (SURCVS)
A voting system is a method for conducting an election and determining the outcome. Traditional voting has some significant limitations. From a security viewpoint, it has relied heavily on trust in the election officials, which in turn restricts independent verifiability and high assurance regarding confidentiality of votes. In addition, traditional voting has problems regarding errors in counting, accessability, and timeliness. For these reasons it is widely accepted that there is a strong need for new voting systems which can:
- benefit from electronic systems support;
- support public verification;
- help voters to gain confidence in the privacy and integrity of their votes.
Although cryptographic voting systems have been proposed almost 30 years ago, and deployed in many countries more recently, there remain major obstacles to their widespread adoption. As we have seen in recent years, voting systems sometimes fail and they are susceptible to a range of attacks, even in established democracies. Issues, in particular with regards to attacks on the election process, have been publicly discussed in relation to the recent elections in France, the Netherlands and USA.
Another issue is that many voting system vendors claim very strong properties for their systems, yet still have a dismal record with regard to avoiding practical attacks. The ability to demonstrate security effectively, verifiably and publicly may allow society to avoid insecure voting systems.
This project will investigate the security of voting systems and increase our assurance in state-of-the-art voting systems. We have identified three specific areas which are critical in progressing towards adoption of modern voting systems to the benefit of society.
- User confidence. Most users are not interested in the cryptographic details, but user acceptance relies on an understanding of the processes involved. Voting systems must be designed so that voters believe in their security and integrity.
- Security proofs. In the cryptographic community it is now routine to provide a mathematical security proof for algorithms and protocols. This is not typically the case for electronic voting systems deployed today. Obtaining such proofs for typical complex voting systems will require innovative proof methods.
- Long-term security. Electronic records will be protected by cryptography, but they will be public and must remain secure into the future. A specific long-term threat against most existing voting system is quantum computers.
This project will address each of these areas. We will contribute to increased confidence in our voting systems, and thereby also in the integrity of the electoral process. Our emphasis on security proofs for voting systems will improve the overall assurance of voting systems, both directly and by establishing a scientific standard in the field of voting systems.
This project will also generate new knowledge with regard to cryptographic protocols, in particular about protocols involving humans and the practicability of automatic verification for complicated, real-world protocols.