On 8 June at 12:15 Kristjan Krips will defend his doctoral thesis “Privacy and coercion resistance in voting” for obtaining the degree of Doctor of Philosophy (in Computer Science).
Supervisors:
Dr. Jan Willemson, Cybernetica AS
Assoc. Prof. Sven Laur, University of Tartu
Opponents:
Prof. Olivier Pereira, Université Catholique de Louvain (Belgium)
Prof. Carsten Schürmann, IT University of Copenhagen (Denmark)
Summary
The cornerstone of democracy is the right for voters to participate in fair and free elections. However, securing elections is a non-trivial task due to the conflicting security requirements. On the one hand, to provide the freedom to vote, it should not be possible to coerce voters into voting for a specific candidate. On the other hand, to guarantee fair elections, it must be possible to verify that the election result is correctly determined.
Remote voting systems, like postal voting and remote online voting, highlight these issues as votes are cast in an uncontrolled environment. Therefore, we studied how different online voting systems attempt to bridge the gap between coercion resistance and verifiability. It turns out that most of the studied online voting schemes rely on non-trivial assumptions to protect voters against coercion.
Regardless of the used anti-coercion measures, it is difficult to protect voter’s privacy if the vote is cast in an uncontrolled environment. However, researchers have shown that vote privacy can also be violated in paper-based voting systems. We built and tested two new proof-of-concept attacks that target vote privacy in paper-based voting systems. These attacks rely on one or more microphones being placed at the voting booth, allowing the sound of filling in the ballot to leak information about voter’s choice.
Similarly to many other voting systems, the designers of the Estonian i-voting system also had to find a balance between coercion resistance and verifiability properties. As a consequence, compromises had to be made. We studied the Estonian i-voting system to identify the security issues related to the voting and vote verification protocol. As a result of the analysis, we proposed possible improvements to the Estonian i-voting system.
As the final contribution, we analysed whether a smartphone-based voting application would introduce new security risks.
The defence will be held in Zoom (Meeting ID: 936 3087 2977, Passcode: 841284).