Security and confidentiality

Electronic voting: 5 questions to find out more with Steve Kremer

Date:
Changed on 14/02/2022
With just a few weeks to go before the start of the 12th presidential election of the French Fifth Republic, the question of electronic voting is resurfacing. What is involved in this alternative to traditional voting, considered useful for drawing voters back to the polls or modernising voting by some, but dangerous because of the risk of fraud by others? Steve Kremer, head of the PESTO project team (Inria Nancy), answers our questions.
Vote électronique
© Inria / Photo G. Scagnelli / Création & réalisation : A. Lacouchie

How do you define electronic voting?

Electronic voting encompasses two main types of voting: voting by machine at a polling station and remote online voting using a smartphone or computer.

How do electronic voting protocols work?

Steve Kremer, ERC Consolidator grant 2014
© Inria / Photo G. Scagnelli

There exist numerous protocols based on a diversity of mechansims. Let us consider the Helios protocol (which is also the basis of Belenios), for example.

This uses the well-known principle of Public Key Encryption. The citizen submits their ballot, encrypted using a public key, on their computer. This encryption key is known to all, whereas the decryption key is kept secret. The ballot is then sent to a server, which makes it visible on a bulletin board so that the voter can check that the "encryption" of their vote has been taken into account.

Once everyone has voted, the server decrypts the result using what is known as homomorphic decryption, meaning that it constructs the encryption of the sum of all the votes, i.e., the result, from the encryption of each individual vote. It doesn’t decrypt the votes separately, but only the final result.

At the end, the system produces a “zero-knowledge proof”, which shows that the result corresponds to the encrypted content without revealing the decryption key, which would allow to see the individual votes. To avoid this, the decryption key is also “cut into pieces”, which are distributed among several trusted people so that no single person can decrypt the votes.

Belenios, an electronic voting platform designed by Inria and Loria

Designed in 2012 in the joint Inria-Loria Pesto and Caramba project-teams, the Belenios e-voting platform allows anyone to organise elections, while guaranteeing voters and organisers absolute vote secrecy. In addition to confidentiality, Belenios also guarantees verifiability: if each voter can verify that his or her ballot is in the ballot box (individual verifiability), everyone can verify that the result corresponds to the ballots in the box (universal verifiability) and everyone can verify that the ballots come from legitimate voters (eligibility verifiability).

Belenios is not intended for and is not suitable for political elections, as electronic voting is still postal voting.

Why would we want to replace traditional voting with electronic voting today? What advantages does electronic voting offer compared with traditional voting?

There can be several reasons, depending on the context of course.

The issues at stake in political, professional or associative elections are not the same. One of the commonly cited reasons is to reduce abstention. Unfortunately, studies carried out abroad show that this does not work or has only a very limited effect.

Some voting systems also make counting very complicated, such as the “Condorcet method”, which requires voters to rank the candidates in order of preference, meaning that calculating the winner by hand is not easy.

The logistics of electronic voting can also be simpler, as there is no need for volunteers to run polling stations. Lastly, in comparison with postal voting which often only offers a weak guarantee of security, electronic voting can sometimes improve security.

À propos du vote par Internet - Avec Pierrick Gaudry

What issues does electronic voting raise?

Several technical questions have been raised with regard to electronic voting. What happens if a person’s computer is infected by malware that modifies their vote? How can a person be sure that the server did not perform ballot stuffing by adding votes to the Bulletin board? Are there any bugs in the programs run on the machine, particularly in terms of tallying? Even if it can be shown that there are no bugs, can we be certain that the expected program is running on the machine?

Today, solutions do exist for most of these issues, but they make voting procedures more complicated and no system satisfactorily addresses all of these issues at once. There are some good ideas in academic literature, but they come up against real usability problems, making them hardly realistic for use on a large scale.

This is particularly true in the case of online ballots, where the absence of a polling booth undermines the two fundamental aspects of voting, namely secrecy and integrity: how can we be sure that the voter’s identity is being used by the right person? Has the voter sold their vote? Are they being directly pressured by someone next to them when they cast their vote?

None of the solutions deployed today can adequately resolve these issues.

Could electronic voting one day replace traditional voting?

That depends on what you want to use it for.

In France, there is little to be gained by replacing paper ballots with machine voting, because the paper ballot system works well, it is very simple to count and is transparent. Of course, nothing is 100% secure, but large-scale cheating is much harder to achieve with paper voting than electronic voting.

Replacing traditional ballots cast in person at a polling station with online voting is a different ball game. We go from voting in a very controlled environment to online voting where you lose all the elements of security.

It works for elections where less is at stake, such as professional elections for which satisfactory solutions exist. But for important political elections, we are just not ready yet. There is currently no solution that can address the issues raised and guarantee a fully secure vote.

However, online voting could be an option for replacing the postal vote because the issues are similar. It could be a good compromise for French citizens abroad who have to travel to an embassy to vote, which is sometimes located far from where they are residing. But again, it is important to be aware that this entails greater risk.

If we consider replacing traditional voting with electronic voting, we must be aware of the potential threats and make an informed choice according to the target populations, situations and solutions available to us.