How Not to Prove Your Election Outcome

Earlier this year we (Lewis, Pereira and Teague) examined the source code for the SwissPost e-voting system, intended to be used for Swiss elections in May. The system was in the process of certification for use by up to 100% of Swiss voters in the cantons that chose to use it.

We found three different ways in which a compromised computer could manipulate votes while pretending to provide a proof that no manipulation had taken place. One was a cryptographic trapdoor which allowed a cheating authority to provide a perfectly-verifying proof that it had shuffled the votes correctly, even if the votes had been manipulated. This would leave no way for anyone to detect the fraud. In the light of our findings, the Swiss authorities decided not to offer
their e-voting system for upcoming elections in May, citing the need for further
reassessment of its security properties.

Although numerous serious security problems have been found in e-voting systems before, this was the first discovery of a fundamental weakness in a cryptographic correctness proof in a system advertised to offer a form of verifiability. This is significant because verification potentially allows a way out of the inscrutability of computers, and perhaps a way forward for securing electronic elections.

In order to explain the importance of this failure, we need to explain what verifiability is, and what it isn’t, and how to tell when you can trust an election outcome even when you don’t trust the computers, administrators, or vendors.


Speaker Details

Vanessa Teague is an Associate Professor in the School of Computing and Information Systems at The University of Melbourne. Her research focuses primarily on cryptographic methods for achieving security and privacy, particularly for issues of public interest such as election integrity and the protection of government data. She was part of the team (with Chris Culnane and Ben Rubinstein) who discovered the easy re-identification of doctors and patients in the Medicare/PBS open dataset released by the Australian Department of Health. She has co-designed numerous protocols for improved election integrity in e-voting systems, and co-discovered serious weaknesses in the cryptography of deployed e-voting systems in NSW, Western Australia and Switzerland.

Vanessa Teague
University of Melbourne