Votinbox - a voting system based on smart cards

1
Votinbox - a voting system based on smart cards

• Sébastien Canard - France Télécom
• Hervé Sibert - France Télécom

2
Agenda

• Introduction
• Overview of the system
• Main properties
• Prototype implementation
• Conclusion

3
Agenda

• Introduction
• Overview of the system
• Main properties
• Prototype implementation
• Conclusion

4
Introduction (1)

• Off-line vs. on-line vote
• On-line vote distant vote using a PC or a
  mobile phone
• Off-line vote (using a voting machine)
• French context
• On-line vote assimilated to absentee vote
  (forbidden in France since 1975)
• Off-line vote
• Recent deployment
• Voting "blackboxes" quite usual now
• Use cryptography to secure the system
• e-Poll, e-Poll2 based on blind signatures
• e-Poll2 experimented during the vote on the EC
  Constitution

5
Introduction (2)

• A joint work between and
• France Telecom cryptographic algorithms and
  architecture
• ST smart card technology and knowledge
• Objectives
• Develop an e-Voting system based on smart cards
• Put the main cryptographic tools inside the card,
  so as to have the voter control his own privacy
• Prove the feasibility of implementating "complex"
  algorithms inside smart cards
• Take into account countries' specifics
• Ballot anonymity revocation (UK)
• Elections can last several days (Czech Republic)

6
Agenda

• Introduction
• Overview of the system
• Main properties
• Prototype implementation
• Conclusion

7
Overview of the system (1)

• Framework
• Off-line vote in a polling station, using a
  voting machine
• One voting card is used for several elections
• The attendance is done by the smart card
• There is no handwritten attendance
• Design of the smart card
• The smart card is designed to authorize only one
  vote per election
• The ballot is signed using a list signature
  scheme
• each card uses its own secret key to enable the
  detection of double vote
• all cards also share a common private key, used
  to prove the authenticity of the vote (as for
  group signatures)

8
Overview of the system (2) - The actors

• Voters
• Register at Registration Centers
• Have their card personalized by the Smart Card
  Creation Center
• System authorities
• The Certification Authority manages the PKI for
  attendance
• Key Recovery Authorities can help recover the
  list signature unique secret key of a card
• Key Authorities deliver the shared list signature
  private key to cards
• the Revocation Authority can retrieve the
  identity from a ballot (optional)
• Vote authorities
• Controllers are in charge of the organization of
  an election
• Tellers are in charge of the reception and
  counting of the ballots

9
Overview of the system (3) - Voter registration
10
Overview of the system (4) - Voting phase
11
Overview of the system (5) - Counting phase

• Done by Tellers
• Verification of the attendances
• Counting of the votes
• Announce of the results

12
Agenda

• Introduction
• Overview of the system
• Main properties
• Prototype implementation
• Conclusion

13
Main properties (1) - Cryptographic tools

• Usual PK signature scheme for the attendance
• PK encryption scheme for encrypting the ballot
• The El Gamal scheme is particularly suitable to
  divide the key between several scrutineers
• Possibility of using a threshold encryption
  scheme
• List signature scheme
• Similar to group signature, but allows the
  straight detection of double vote
• Simplified version built upon classical (RSA)
  signature scheme, a PK encryption scheme and a
  PRNG
• all these algorithms being implemented inside
  the smart card!

14
Main properties (2) - Security

• Security with tamper resistant smart cards
• All and only votes of legitimate voters are taken
  into account, double vote is detected
• Anonymity is ensured thanks to list signatures
  and can be revoked
• Hash-based mechanism to prove to a voter that his
  vote was taken into account
• Attacks against tamper-resistance
• List signature can no more prevent double vote
• Still, no more frauds than broken cards if there
  is no other weakness in the voting chain
• Double-vote prevention
• Ensured by three means list signatures,
  attendance checking, voting history checked
  inside the card

15
Main properties (3) - Scalability

• Verifiability and fraud detection
• Mechanism inside the card that provides each
  voter with a hash of his plaintext ballot.
• After the counting phase, the hash of each
  deciphered ballot is published.
• Minor anonymity concerns
• Inclusion of a mix-net
• To secure the process against vote tracing on the
  network layer
• Possibility of voting from any polling station /
  remote voting
• Attendance databases must be on-line
• if off-line, then all multiple votes should be
  erased before the counting phase

16
Agenda

• Introduction
• Overview of the system
• Main properties
• Prototype implementation
• Conclusion

17
Prototype Implementation

• ST Smart Card
• ST19WR66
• 8-bit CPU with 224 KB ROM, 6 KB RAM and 66 KB
  EEPROM
• ICAO 66 O.S., RSA and 3DES base cryptographic
  schemes
• France Telecom algorithms on board
• Voting phases
• Java application
• Certification by Certatoo PKI (France Telecom)
• Performance
• Ballot creation procedure 900 ms
• Attendance creation procedure 800 ms
• Counting phase lt 1 minute for 1000 ballots (Xeon
  2,4GHz, 1GB RAM)

18
Agenda

• Introduction
• Overview of the system
• Main properties
• Prototype implementation
• Conclusion

19
Conclusion

• Smart cards are the cryptographic heart of the
  system
• No distant authority like in the case of blind
  signatures
• The security of the system remains in the voters'
  hands
• Stimulates the confidence of voters in the system
• Improvements to come
• Components and system testing (formal methods,
  attacks against cards)
• Integration of a more complex list signature
  scheme inside the card
• No longer will there be a private key shared by
  several cards
• Will provide at least the same security as other,
  blind signature-based schemes, with improved
  confidence from the voters

20
Thank you for your attention herve.sibert_at_francete
lecom.com