Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006 Votinbox - a voting system based on smart cards Sébastien Canard

Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006

Votinbox - a voting system based on smart cards

Sébastien Canard - France Télécom

Hervé Sibert - France Télécom


Agenda

Introduction Overview of the system Main properties Prototype implementation Conclusion


Agenda



Introduction (1)

Off-line vs. on-line voteOn-line vote = distant vote using a PC or a mobile phoneOff-line vote (using a voting machine)

French context On-line vote assimilated to absentee vote (forbidden in France since 1975)

Off-line vote

Recent deploymentVoting "blackboxes" quite usual nowUse cryptography to secure the system

-e-Poll, e-Poll2 based on blind signatures-e-Poll2 experimented during the vote on the EC Constitution


Introduction (2)

A joint work between and

France Telecom cryptographic algorithms and architectureST smart card technology and knowledge

ObjectivesDevelop an e-Voting system based on smart cardsPut the main cryptographic tools inside the card, so as to have the voter control his own privacy

Prove the feasibility of implementating "complex" algorithms inside smart cards

Take into account countries' specifics-Ballot anonymity revocation (UK)-Elections can last several days (Czech Republic)-…


Agenda



Overview of the system (1)

FrameworkOff-line vote in a polling station, using a voting machineOne voting card is used for several electionsThe attendance is done by the smart card

-There is no handwritten attendance

Design of the smart cardThe smart card is designed to authorize only one vote per electionThe ballot is signed using a list signature scheme

-each card uses its own secret key to enable the detection of double vote

-all cards also share a common private key, used to prove the authenticity of the vote (as for group signatures)


Overview of the system (2) - The actors

VotersRegister at Registration CentersHave their card personalized by the Smart Card Creation Center

System authoritiesThe Certification Authority manages the PKI for attendanceKey Recovery Authorities can help recover the list signature unique secret key of a card

Key Authorities deliver the shared list signature private key to cardsthe Revocation Authority can retrieve the identity from a ballot (optional)

Vote authoritiesControllers are in charge of the organization of an electionTellers are in charge of the reception and counting of the ballots


Overview of the system (3) - Voter registration

Request

Certificate


+

Overview of the system (4) - Voting phase

+


Overview of the system (5) - Counting phase

Done by Tellers Verification of the attendances Counting of the votes Announce of the results


Agenda



Main properties (1) - Cryptographic tools

Usual PK signature scheme for the attendance PK encryption scheme for encrypting the ballot

The El Gamal scheme is particularly suitable to divide the key between several scrutineers

Possibility of using a threshold encryption scheme

List signature schemeSimilar to group signature, but allows the straight detection of double vote

Simplified version built upon classical (RSA) signature scheme, a PK encryption scheme and a PRNG

…all these algorithms being implemented inside the smart card!


Main properties (2) - Security

Security with tamper resistant smart cardsAll and only votes of legitimate voters are taken into account, double vote is detected

Anonymity is ensured thanks to list signatures and can be revokedHash-based mechanism to prove to a voter that his vote was taken into account

Attacks against tamper-resistanceList signature can no more prevent double voteStill, no more frauds than broken cards if there is no other weakness in the voting chain

Double-vote preventionEnsured by three means: list signatures, attendance checking, voting history checked inside the card


Main properties (3) - Scalability

Verifiability and fraud detectionMechanism inside the card that provides each voter with a hash of his plaintext ballot.

After the counting phase, the hash of each deciphered ballot is published.

Minor anonymity concerns

Inclusion of a mix-netTo secure the process against vote tracing on the network layer

Possibility of voting from any polling station / remote votingAttendance databases must be on-line……if off-line, then all multiple votes should be erased before the counting phase


Agenda



Prototype Implementation

ST Smart CardST19WR66

-8-bit CPU with 224 KB ROM, 6 KB RAM and 66 KB EEPROM-ICAO 66 O.S., RSA and 3DES base cryptographic schemes

France Telecom algorithms on board

Voting phasesJava applicationCertification by Certatoo PKI (France Telecom)

PerformanceBallot creation procedure: 900 msAttendance creation procedure: 800 msCounting phase < 1 minute for 1000 ballots (Xeon 2,4GHz, 1GB RAM)


Agenda



Conclusion

Smart cards are the cryptographic heart of the systemNo distant authority like in the case of blind signaturesThe security of the system remains in the voters' handsStimulates the confidence of voters in the system

Improvements to comeComponents and system testing (formal methods, attacks against cards)

Integration of a more complex list signature scheme inside the card

-No longer will there be a private key shared by several cards-Will provide at least the same security as other, blind signature-based

schemes, with improved confidence from the voters


Thank you for your [email protected]

Documents

Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006 Votinbox - a voting system based on smart cards Sébastien Canard