Abstract
ElectionGuard is an open source set of software components and specifications from Microsoft designed to allow the modification of a number of different e-voting protocols and products to produce public evidence (transcripts) which anyone can verify. The software uses ElGamal, homomorphic tallying and sigma protocols to enable public scrutiny without adversely affecting privacy. Some components have been formally verified (machine-checked) to be free of certain software bugs but there was no formal verification of their cryptographic security.
Here, we present a machine-checked proof of the verifiability guarantees of the transcripts produced according to the ElectionGuard specification. We have also extracted an executable version of the verifier specification, which we proved to be secure, and used it to verify election transcripts produced by ElectionGuard. Our results show that our implementation is of similar efficiency to existing implementations.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
For simplicity, we describe a fairly narrow use case of ElectionGuard.
- 3.
- 4.
- 5.
References
Rivest, R.L.: On the notion of ‘software independence’ in voting systems. Philos. Trans. R. Soc. A: Math. Phys. Eng. Sci. 366, 3759–3767 (2008)
Adida, B.: Helios: web-based open-audit voting. In: van Oorschot, P.C. (ed.) USENIX Security Symposium, pp. 335–348. USENIX Association (2008)
Microsoft: Electionguard (2019)
Haines, T., Lewis, S.J., Pereira, O., Teague, V.: How not to prove your election outcome. In Oprea, A., Shacham, H. (eds.) 2020 IEEE Symposium on Security and Privacy, SP 2020, San Jose, CA, USA, May 17–21, 2020, pp. 784–800. IEEE (2020)
Halderman, J.A., Teague, V.: The New South Wales iVote System: security failures and verification flaws in a live online election. In: Haenni, R., Koenig, R.E., Wikström, D. (eds.) VOTELID 2015. LNCS, vol. 9269, pp. 35–53. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22270-7_3
Springall, D., et al.: Security analysis of the Estonian internet voting system. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 703–715. ACM (2014)
Bernhard, D., Cortier, V., Pereira, O., Smyth, B., Warinschi, B.: Adapting Helios for provable ballot privacy. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 335–354. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23822-2_19
Cortier, V., Smyth, B.: Attacking and fixing Helios: an analysis of ballot secrecy. J. Comput. Secur. 21, 89–148 (2013)
Bernhard, D., Pereira, O., Warinschi, B.: How not to prove yourself: pitfalls of the fiat-Shamir heuristic and applications to Helios. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 626–643. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34961-4_38
DamgĂ¥rd, I.: On \({\Sigma }\)-protocols (2002)
Haines, T., Goré, R., Tiwari, M.: Verified verifiers for verifying elections. In: ACM Conference on Computer and Communications Security, pp. 685–702. ACM (2019)
Gonthier, G.: The four colour theorem: engineering of a formal proof. In: Kapur, D. (ed.) ASCM 2007. LNCS (LNAI), vol. 5081, p. 333. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-87827-8_28
Geuvers, H., Wiedijk, F., Zwanenburg, J.: A constructive proof of the fundamental theorem of algebra without using the rationals. In: Callaghan, P., Luo, Z., McKinna, J., Pollack, R., Pollack, R. (eds.) TYPES 2000. LNCS, vol. 2277, pp. 96–111. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45842-5_7
Bertot, Y., Castéran, P., Huet, G., Paulin-Mohring, C.: Interactive Theorem Proving and Program Development: Coq’Art: The Calculus of Inductive Constructions. Texts in Theoretical Computer Science. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-662-07964-5
Bellare, M., Goldreich, O.: On defining proofs of knowledge. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 390–420. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-48071-4_28
Anand, A., et al.: CertiCoq: a verified compiler for Coq. In: The Third International Workshop on Coq for Programming Languages (CoqPL) (2017)
Acknowledgments
This work was supported by the Luxembourg National Research Fund (FNR) and the Research Council of Norway for the joint project SURCVS.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Coq Source
A Coq Source
Our code is available via the link below:
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Haines, T., Goré, R., Stodart, J. (2021). Machine-Checking the Universal Verifiability of ElectionGuard. In: Asplund, M., Nadjm-Tehrani, S. (eds) Secure IT Systems. NordSec 2020. Lecture Notes in Computer Science(), vol 12556. Springer, Cham. https://doi.org/10.1007/978-3-030-70852-8_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-70852-8_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-70851-1
Online ISBN: 978-3-030-70852-8
eBook Packages: Computer ScienceComputer Science (R0)