Full Program »
The Cloudier Side of Cryptographic End-to-end Verifiable Voting: A Security Analysis of Helios
In this paper we approach the discussion from the flip-side by exploring the practical potential for threats to be introduced by the presence of a cryptographic audit trail. We conducted a security analysis of the Helios implementation and discovered and tested a range of vulnerabilities that would: allow a malicious election official to produce arbitrary election results with accepting proofs of correctness; allow a malicious voter to cast a malformed ballot to prevent the tally from being computed; and, allow an attacker to surreptitiously cast a ballot on a voter's behalf. We also examine privacy issues including a random-number generation bias affecting the indistinguishably of encrypted ballots.
We conclude with a discussion and set of lessons learned for future developers by emphasizing that, relative to conventional, ``less-verifiable'' internet voting systems, the public audit trail of an E2E election introduces unique benefits---and risks.