Peter Y. A. RYAN, İsa SERTKAYA, Peter ROENNE

Estonian Internet voting with anonymous credentials

The Estonian Internet voting (EIV) scheme is a unique example of a long-term nation-wide, legally binding electronic voting deployment. The EIV scheme is used in parallel with standard paper-based election day voting, of course invalidating an already cast i-vote. This necessarily requires careful authentication of the eligible voters and makes the Estonian identity card solution a crucial part of the scheme, however, note that Parsovs has recently drawn attention to the security flaws found in Estonian ID-cards. In this study, we propose an e-voting scheme EIV-AC that integrates the EIV scheme with anonymous credentials based on self-sovereign identity. In addition to the EIV scheme’s security properties, the EIV-AC scheme further supports participation privacy, i.e. whether or not an eligible voter has participated in an election is kept hidden – also from the election authorities.

PDF

___

[1] Bernhard M, Benaloh J, Halderman JA, Rivest RL, Ryan PY, et al. Public evidence from secret ballots. In: International Joint Conference on Electronic Voting; Springer, 2017. pp. 84-109. doi: 10.1007/978-3-319-68687-5_6
[2] Kremer S, Ryan M, Smyth B. Election verifiability in electronic voting protocols. In: European Symposium on Research in Computer Security; Springer, 2010. pp. 389-404. doi: 10.1007/978-3-642-15497-3_24
[3] Kulyk O, Teague V, Volkamer M. Extending Helios towards private eligibility verifiability. In: International Conference on E-Voting and Identity; Springer, 2015. pp. 57-73. doi: 10.1007/978-3-319-22270-7_4
[4] Juels A, Catalano D, Jakobsson M. Coercion-resistant electronic elections. In: Towards Trustworthy Elections; Springer, 2010. pp. 37-63. doi: 10.1007/978-3-642-12980-3_2
[5] Eldridge M. A trustworthy electronic voting system for Australian federal elections. 2018. arXiv preprint arXiv:1805.02202. 2018 May 6.
[6] Heiberg S, Martens T, Vinkel P, Willemson J. Improving the verifiability of the Estonian Internet Voting scheme. In: International Joint Conference on Electronic Voting; Springer, 2016. pp. 92-107. doi: 10.1007/978-3-319-52240-1_6 [7] Heiberg S, Laud P, Willemson J. The application of i-voting for Estonian parliamentary elections of 2011. In: International Conference on E-Voting and Identity; Springer, 2011. pp. 208-223. doi: 10.1007/978-3-642-32747- 6_13
[8] Heiberg S, Willemson J. Verifiable internet voting in Estonia. In: 6th International Conference on Electronic Voting: Verifying the vote (EVOTE); IEEE, 2014. pp. 1-8. doi: 10.1109/EVOTE.2014.7001135 5https://github.com/hyperledger/ursa.
[9] Springall D, Finkenauer T, Durumeric Z, Kitcat J, Hursti H, et al. Security analysis of the Estonian internet voting system. In: 2014 ACM SIGSAC Conference on Computer and Communications Security; ACM, 2014. pp. 703-715. doi: 10.1145/2660267.2660315
[10] Heiberg S, Krips K, Willemson J. Planning the next steps for Estonian Internet voting. In: E-Vote-ID 2020; 2020. pp.82.
[11] Parsovs A. Estonian electronic identity card: security flaws in key management. In: 29th USENIX Security Symposium (USENIX Security 20); 2020. pp. 1785-1802.
[12] Khovratovich D, Law J. Sovrin: digital identities in the blockchain era. In: Rebooting Web-of-Trust 3 Workshop. 2016.
[13] Chaum D. Security without identification: Transaction systems to make big brother obsolete. Communications of the ACM. 1985. pp. 1030-1044.
[14] Brands S. Rethinking public key infrastructures and digital certificates: building in privacy. PhD, MIT, USA, 2000,
[15] Camenisch J, Lysyanskaya A. An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT 2001); Springer, 2001. pp. 93-118. doi: 10.1007/3-540-44987-6_7
[16] Camenisch J, Lysyanskaya A. Signature schemes and anonymous credentials from bilinear maps. In: Annual International Cryptology Conference (CRYPTO 2004); Springer, 2004. pp. 56-72. doi: 10.1007/978-3-540-28628-8_4
[17] Camenisch J, Drijvers M, Lehmann A. Anonymous attestation using the strong Diffie Hellman assumption revisited. In: International Conference on Trust and Trustworthy Computing; Springer, 2016. pp. 1-20. doi: 10.1007/978-3- 319-45572-3_1
[18] Camenisch J, Kiayias A, Yung M. On the portability of generalized Schnorr proofs. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT 2009); Springer, 2009. pp. 425-442. doi: 10.1007/978-3-642-01001-9_25
[19] El Mrabet N, Joye M, editors. Guide to pairing-based cryptography. CRC Press; 2017.
[20] IBM Research Zurich Security Team. Specification of the Identity Mixer cryptographic library. Technical Report RZ3730, IBM, 2010.
[21] Lodder M, Zundel B, Khovratovich D. Pairings-based Anonymous Credentials with Circuit-based Revocation and Permission Policies, 2019.
[22] Desmedt Y, Frankel Y. Threshold cryptosystems. In: Conference on the Theory and Application of Cryptology (CRYPTO’89); Springer, 1989. pp. 307-315. doi: 10.1007/0-387-34805-0_28
[23] Belenkiy M, Chase M, Kohlweiss M, Lysyanskaya A. Compact e-cash and simulatable VRFs revisited. In: International Conference on Pairing-Based Cryptography; Springer, 2009. pp. 114-131. doi: 10.1007/978-3-642-03298-1_9