The importance of voter auditing in order to ensure election integrity has been extensively studied in the e-voting literature. On the other hand, the necessity of auditing to protect voter privacy in an e-voting system has been mostly overlooked. In this work, we investigate election privacy issues that appear in the state-of-theart implementations of e-voting systems that apply threshold public key encryption (TPKE) in the client like Helios and use a bulletin board (BB). More specifically, we show that without PKI support or -more generally- authenticated BB “append” operations, such systems are vulnerable to attacks where the malicious election server can act as a manin- the-middle between the election trustees and the voters, hence it can learn how the voters have voted. We suggest compulsory trustee auditing as countermeasure for this type of man-in-the-middle attacks. Furthermore, we propose a list of guidelines to avoid some common, subtle, yet important problems that may appear during the implementation of any TPKE-based e-voting system.
CITATION STYLE
Kiayias, A., Zacharias, T., & Zhang, B. (2015). On the necessity of auditing for election privacy in e-voting systems. In Communications in Computer and Information Science (Vol. 570, pp. 3–17). Springer Verlag. https://doi.org/10.1007/978-3-319-27164-4_1
Mendeley helps you to discover research relevant for your work.