22. Gulaschprogrammiernacht

Internet voting allows you to submit your vote over the internet using your own device. It improves the feasibility of voting for expats and people with disabilities, and can help simplify and speed up voting for the general public. In turn, it fundamentally changes who you need to trust for a private and secure vote.
To secure such systems, the state of the art is to achieve end-to-end verifiability: The system should provide means that ensure that the election results correctly considers all votes of honest voters. At the same time, the system must achieve strong notions of privacy, allowing the voter to keep their vote private. In their strongest notions, privacy and verifiability cannot be achieved at the same time. We encounter certain limitations that highlight the necessary trade-offs to be considered.

To implement the security properties, the usual building blocks of cryptographic systems are in use, such as public key encryption, digital signatures and zero-knowledge proofs. While the cryptographic details of the system usually differ, they remain similar in their fundamental approaches. We look at a few examples which aim to bridge the gap between verifiability and privacy, and investigate the security assumptions they rely upon.

Internet voting systems are in active use for national elections, notably in Estonia, Switzerland and Australia. Further, some countries (notably the BSI in Germany) released regulations for internet voting for non-political elections (e.g. universities, associations). We look at some of these systems and regulations, and see what properties they achieve.

After the talk, the participants will have a coarse understanding of the security these systems aim to achieve, and how they usually implement this. The legal background and past experiences give appropriate context. This forms the basis for an informed opinion about the use of such systems, and to critically judge the security achieved of a given internet voting system.