Go to DBLP homepageFormal Verification and Solutions for Estonian E-Voting
Abstract: Estonia has been deploying electronic voting for its government elections since 2005. The underlying e-voting system and protocol have been continuously improved, aiming to fix the vulnerabilities found over the years and to provide election verifiability, which is now the standard way to ensure election integrity despite corrupt infrastructure or parties. Another goal is receipt-freeness, to ensure privacy even if voters are coerced. However, several recent attacks against its verifiability and privacy show the need of rigorous, realistic formal specifications for the protocol and its security, of new solutions to mitigate attacks, and of automated security proofs to ensure all attacks have been covered. In this paper we propose:• a formal specification of the Estonian E-Voting protocol in a symbolic model suited for automated verification tools;• a general symbolic model for specifying privacy and receipt-freeness in presence of corrupt parties and infrastructure;• automated verification of security with respect to an exhaustive set of corruption scenarios, discovering new attacks on verifiability (with Tamarin) and on privacy (with ProVerif).• new solutions, focused on practical deployment and ease of use, and their automated proofs of security.
Loading