A Simple E-Voting Protocol

We propose an e-voting protocol that seems to allow citizens to verify that their vote has been accurately taken into account while preserving its secrecy, without requiring the use of a complex process. The main idea is to give each voter a receipt on which her choice is mixed with the choices of other voters.

💡 Research Summary

The paper proposes a simple electronic voting protocol that aims to give each voter a receipt allowing verification that their vote has been correctly recorded while preserving ballot secrecy, without resorting to heavy cryptographic machinery. The core idea is to assign every voter a random unique identifier (ID) and to print on the receipt a list of all candidates, each paired with an ID. The voter’s actual choice is the one linked to the ID they know; the remaining candidate‑ID pairs are taken from IDs of previous voters who chose those candidates. Because the receipt contains all pairs in the same format, an external observer cannot tell which pair corresponds to the voter’s real selection, yet the voter can verify their own vote by checking that their known ID appears next to the intended candidate.

The protocol proceeds as follows. When a voter enters the polling booth, the machine displays a fresh random ID. After the voter makes a choice, the machine prints a paper receipt that lists every candidate together with an ID: the voter’s own ID next to the chosen candidate, and for each other candidate an ID that was previously assigned to a different voter who selected that candidate. The receipt is digitally signed by the voting machine, providing a tamper‑evident proof that can be presented to a court if a dispute arises. After voting ends, the election authority publishes on a public website the complete set of ID‑candidate mappings. Voters can then locate their own ID on the site and confirm that the associated candidate matches their intention. Because the entire mapping is public, anyone can recompute the final tallies and verify the announced results.

A major practical difficulty is the “bootstrap” problem: the first voter has no previous IDs to pair with the other candidates. The authors solve this by having the machine generate a predetermined number of “dummy” votes for each candidate before the election starts. These dummy votes are assigned random IDs and are published alongside real votes; at the end of the day the dummy votes are subtracted from each candidate’s total. To prevent the machine from cheating during bootstrap, the dummy votes are signed with a private key and encrypted with the public key of a trusted authority (e.g., the electoral commission). The authority can later decrypt, verify signatures, and ensure the correct number of dummy votes were generated.

The paper discusses several residual security concerns. First, the voting machine could still fabricate fraudulent receipts that do not correspond to any real or dummy voter; such receipts would increase the total number of signatures, which could be detected by comparing the count of signatures with the number of published votes. Second, an adversary who forces many voters to reveal their receipts could, by analyzing the order of IDs, infer that a particular voter did not vote for a given candidate (because the ID associated with that candidate already appeared earlier). The authors suggest generating as many dummy votes as there are registered voters to make each ID‑candidate pairing unique, but acknowledge that this would give the trusted authority the ability to distinguish real votes from dummy ones, thereby compromising secrecy. Third, the protocol offers no protection against side‑channel attacks such as electromagnetic leakage, hidden cameras, or reconstruction of voting order.

In the conclusion, the authors compare their scheme to the French practice of giving each voter a separate paper ballot for each candidate, noting that their protocol essentially reverses that process: instead of handing out multiple physical ballots before voting, the machine provides multiple “virtual” ballots (the ID‑candidate pairs) on a single receipt after voting. They claim the system is “software independent” because any software malfunction would be detectable by voters through receipt verification, but they also admit that the protocol relies heavily on the honesty of the voting machine and the trusted authority that handles bootstrap votes. Consequently, while the protocol reduces the need for complex cryptographic protocols, it introduces new trust assumptions and does not fully mitigate all threats to ballot secrecy or integrity. The paper ends by posing the classic trade‑off: accepting a minimal risk to secrecy in exchange for the ability of voters to independently verify that their vote was counted.