Skip to main content
SpringerLink
Log in

Machine-Checking the Universal Verifiability of ElectionGuard

  • Conference paper
  • First Online:
Secure IT Systems (NordSec 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12556))

Included in the following conference series:

  • 504 Accesses

Abstract

ElectionGuard is an open source set of software components and specifications from Microsoft designed to allow the modification of a number of different e-voting protocols and products to produce public evidence (transcripts) which anyone can verify. The software uses ElGamal, homomorphic tallying and sigma protocols to enable public scrutiny without adversely affecting privacy. Some components have been formally verified (machine-checked) to be free of certain software bugs but there was no formal verification of their cryptographic security.

Here, we present a machine-checked proof of the verifiability guarantees of the transcripts produced according to the ElectionGuard specification. We have also extracted an executable version of the verifier specification, which we proved to be secure, and used it to verify election transcripts produced by ElectionGuard. Our results show that our implementation is of similar efficiency to existing implementations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 79.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://github.com/microsoft/electionguard/wiki/Informal/ElectionGuardSpecificationV0.85.pdf.

  2. 2.

    For simplicity, we describe a fairly narrow use case of ElectionGuard.

  3. 3.

    http://heartbleed.com/.

  4. 4.

    https://github.com/microsoft/electionguard-verifier.

  5. 5.

    https://github.com/microsoft/electionguard/wiki/Informal/ElectionGuardSpecifi-cationV0.85.pdf.

References

  1. Rivest, R.L.: On the notion of ‘software independence’ in voting systems. Philos. Trans. R. Soc. A: Math. Phys. Eng. Sci. 366, 3759–3767 (2008)

    Article  MathSciNet  Google Scholar 

  2. Adida, B.: Helios: web-based open-audit voting. In: van Oorschot, P.C. (ed.) USENIX Security Symposium, pp. 335–348. USENIX Association (2008)

    Google Scholar 

  3. Microsoft: Electionguard (2019)

    Google Scholar 

  4. Haines, T., Lewis, S.J., Pereira, O., Teague, V.: How not to prove your election outcome. In Oprea, A., Shacham, H. (eds.) 2020 IEEE Symposium on Security and Privacy, SP 2020, San Jose, CA, USA, May 17–21, 2020, pp. 784–800. IEEE (2020)

    Google Scholar 

  5. Halderman, J.A., Teague, V.: The New South Wales iVote System: security failures and verification flaws in a live online election. In: Haenni, R., Koenig, R.E., Wikström, D. (eds.) VOTELID 2015. LNCS, vol. 9269, pp. 35–53. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22270-7_3

    Chapter  Google Scholar 

  6. Springall, D., et al.: Security analysis of the Estonian internet voting system. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 703–715. ACM (2014)

    Google Scholar 

  7. Bernhard, D., Cortier, V., Pereira, O., Smyth, B., Warinschi, B.: Adapting Helios for provable ballot privacy. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 335–354. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23822-2_19

    Chapter  Google Scholar 

  8. Cortier, V., Smyth, B.: Attacking and fixing Helios: an analysis of ballot secrecy. J. Comput. Secur. 21, 89–148 (2013)

    Article  Google Scholar 

  9. Bernhard, D., Pereira, O., Warinschi, B.: How not to prove yourself: pitfalls of the fiat-Shamir heuristic and applications to Helios. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 626–643. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34961-4_38

    Chapter  Google Scholar 

  10. DamgĂ¥rd, I.: On \({\Sigma }\)-protocols (2002)

    Google Scholar 

  11. Haines, T., Goré, R., Tiwari, M.: Verified verifiers for verifying elections. In: ACM Conference on Computer and Communications Security, pp. 685–702. ACM (2019)

    Google Scholar 

  12. Gonthier, G.: The four colour theorem: engineering of a formal proof. In: Kapur, D. (ed.) ASCM 2007. LNCS (LNAI), vol. 5081, p. 333. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-87827-8_28

    Chapter  Google Scholar 

  13. Geuvers, H., Wiedijk, F., Zwanenburg, J.: A constructive proof of the fundamental theorem of algebra without using the rationals. In: Callaghan, P., Luo, Z., McKinna, J., Pollack, R., Pollack, R. (eds.) TYPES 2000. LNCS, vol. 2277, pp. 96–111. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45842-5_7

    Chapter  Google Scholar 

  14. Bertot, Y., Castéran, P., Huet, G., Paulin-Mohring, C.: Interactive Theorem Proving and Program Development: Coq’Art: The Calculus of Inductive Constructions. Texts in Theoretical Computer Science. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-662-07964-5

  15. Bellare, M., Goldreich, O.: On defining proofs of knowledge. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 390–420. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-48071-4_28

    Chapter  Google Scholar 

  16. Anand, A., et al.: CertiCoq: a verified compiler for Coq. In: The Third International Workshop on Coq for Programming Languages (CoqPL) (2017)

    Google Scholar 

Download references

Acknowledgments

This work was supported by the Luxembourg National Research Fund (FNR) and the Research Council of Norway for the joint project SURCVS.

Author information

Authors and Affiliations

  1. Norwegian University of Science and Technology, Trondheim, Norway

    Thomas Haines

  2. The Australian National University, Canberra, Australia

    Rajeev Goré & Jack Stodart

Authors
  1. Thomas Haines
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rajeev Goré
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jack Stodart
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Thomas Haines .

Editor information

Editors and Affiliations

  1. Linköping University, Linköping, Sweden

    Mikael Asplund

  2. Linköping University, Linköping, Sweden

    Simin Nadjm-Tehrani

A Coq Source

A Coq Source

Our code is available via the link below:

https://github.com/gerlion/secure-e-voting-with-coq.

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Haines, T., Goré, R., Stodart, J. (2021). Machine-Checking the Universal Verifiability of ElectionGuard. In: Asplund, M., Nadjm-Tehrani, S. (eds) Secure IT Systems. NordSec 2020. Lecture Notes in Computer Science(), vol 12556. Springer, Cham. https://doi.org/10.1007/978-3-030-70852-8_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-70852-8_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-70851-1

  • Online ISBN: 978-3-030-70852-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation