Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006
Votinbox - a voting system based on smart cards
Sébastien Canard - France Télécom
Hervé Sibert - France Télécom
Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006
Agenda
Introduction Overview of the system Main properties Prototype implementation Conclusion
Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006
Agenda
Introduction Overview of the system Main properties Prototype implementation Conclusion
Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006
Introduction (1)
Off-line vs. on-line voteOn-line vote = distant vote using a PC or a mobile phoneOff-line vote (using a voting machine)
French context On-line vote assimilated to absentee vote (forbidden in France since 1975)
Off-line vote
Recent deploymentVoting "blackboxes" quite usual nowUse cryptography to secure the system
-e-Poll, e-Poll2 based on blind signatures-e-Poll2 experimented during the vote on the EC Constitution
Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006
Introduction (2)
A joint work between and
France Telecom cryptographic algorithms and architectureST smart card technology and knowledge
ObjectivesDevelop an e-Voting system based on smart cardsPut the main cryptographic tools inside the card, so as to have the voter control his own privacy
Prove the feasibility of implementating "complex" algorithms inside smart cards
Take into account countries' specifics-Ballot anonymity revocation (UK)-Elections can last several days (Czech Republic)-…
Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006
Agenda
Introduction Overview of the system Main properties Prototype implementation Conclusion
Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006
Overview of the system (1)
FrameworkOff-line vote in a polling station, using a voting machineOne voting card is used for several electionsThe attendance is done by the smart card
-There is no handwritten attendance
Design of the smart cardThe smart card is designed to authorize only one vote per electionThe ballot is signed using a list signature scheme
-each card uses its own secret key to enable the detection of double vote
-all cards also share a common private key, used to prove the authenticity of the vote (as for group signatures)
Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006
Overview of the system (2) - The actors
VotersRegister at Registration CentersHave their card personalized by the Smart Card Creation Center
System authoritiesThe Certification Authority manages the PKI for attendanceKey Recovery Authorities can help recover the list signature unique secret key of a card
Key Authorities deliver the shared list signature private key to cardsthe Revocation Authority can retrieve the identity from a ballot (optional)
Vote authoritiesControllers are in charge of the organization of an electionTellers are in charge of the reception and counting of the ballots
Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006
Overview of the system (3) - Voter registration
Request
Certificate
Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006
+
Overview of the system (4) - Voting phase
+
Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006
Overview of the system (5) - Counting phase
Done by Tellers Verification of the attendances Counting of the votes Announce of the results
Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006
Agenda
Introduction Overview of the system Main properties Prototype implementation Conclusion
Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006
Main properties (1) - Cryptographic tools
Usual PK signature scheme for the attendance PK encryption scheme for encrypting the ballot
The El Gamal scheme is particularly suitable to divide the key between several scrutineers
Possibility of using a threshold encryption scheme
List signature schemeSimilar to group signature, but allows the straight detection of double vote
Simplified version built upon classical (RSA) signature scheme, a PK encryption scheme and a PRNG
…all these algorithms being implemented inside the smart card!
Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006
Main properties (2) - Security
Security with tamper resistant smart cardsAll and only votes of legitimate voters are taken into account, double vote is detected
Anonymity is ensured thanks to list signatures and can be revokedHash-based mechanism to prove to a voter that his vote was taken into account
Attacks against tamper-resistanceList signature can no more prevent double voteStill, no more frauds than broken cards if there is no other weakness in the voting chain
Double-vote preventionEnsured by three means: list signatures, attendance checking, voting history checked inside the card
Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006
Main properties (3) - Scalability
Verifiability and fraud detectionMechanism inside the card that provides each voter with a hash of his plaintext ballot.
After the counting phase, the hash of each deciphered ballot is published.
Minor anonymity concerns
Inclusion of a mix-netTo secure the process against vote tracing on the network layer
Possibility of voting from any polling station / remote votingAttendance databases must be on-line……if off-line, then all multiple votes should be erased before the counting phase
Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006
Agenda
Introduction Overview of the system Main properties Prototype implementation Conclusion
Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006
Prototype Implementation
ST Smart CardST19WR66
-8-bit CPU with 224 KB ROM, 6 KB RAM and 66 KB EEPROM-ICAO 66 O.S., RSA and 3DES base cryptographic schemes
France Telecom algorithms on board
Voting phasesJava applicationCertification by Certatoo PKI (France Telecom)
PerformanceBallot creation procedure: 900 msAttendance creation procedure: 800 msCounting phase < 1 minute for 1000 ballots (Xeon 2,4GHz, 1GB RAM)
Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006
Agenda
Introduction Overview of the system Main properties Prototype implementation Conclusion
Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006
Conclusion
Smart cards are the cryptographic heart of the systemNo distant authority like in the case of blind signaturesThe security of the system remains in the voters' handsStimulates the confidence of voters in the system
Improvements to comeComponents and system testing (formal methods, attacks against cards)
Integration of a more complex list signature scheme inside the card
-No longer will there be a private key shared by several cards-Will provide at least the same security as other, blind signature-based
schemes, with improved confidence from the voters
Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006
Thank you for your [email protected]