Home
Blog
Cybersecurity

What is end-to-end verifiability in electronic voting?

What is end-to-end verifiability in electronic voting?
Download the eBook
Thank you! Hope you enjoy it!
Oops, something is wrong, we can't download the ebook.

When we think of electronic voting, our minds quickly jump to presidential elections. Will we one day replace paper ballots with our mobile phones? 

E-voting in different contexts and with varying scopes

In reality, electronic voting is used in many other areas, primarily in private settings such as shareholders' meetings, homeowners' associations, union elections, and elections and assemblies for sports clubs, professional associations and universities. 

Electronic voting systems also vary in scope, ranging from voting machines used in countries such as Brazil or the U.S. to online e-voting tools that cover the entire electoral process, from voter registration to ballot counting and subsequent auditing.

Depending on the type of event and the category of electronic voting system applied, voting must meet varying levels of security and compliance requirements. For example, in shareholder meetings or assemblies, voting is typically not secret. This makes electronic voting technology for such events much simpler in terms of cryptography. However, since these events operate within tight time constraints, the usability ofthe e-voting solution must be exceptional, allowing hundreds or even thousands of people to vote in seconds without issues. Additionally, if the event is online or hybrid, oter identity verification mustbe properly ensured.

What is end-to-end verifiability, and when does it apply?

End-to-end verifiable electronic voting applies to elections where ballot secrecy is a mandatory requirement. 

End-to-end verifiability in electronic voting systems refers to the ability to maintain ballot secrecy from the moment a voter casts their vote until the final count is completed. These verifiable systems also allow voters and external auditors to confirm that the count is accurate without revealing individual votes. These seemingly contradictory properties - traceability and vote anonymity - are made possible through advanced cryptographic techniques. 

The good news is that you don’t need to understand to understand these technologies in detail because accredited certification bodies verify whether electronic voting providers meet these standards. The bad news is that most providers do not meet these requirements, and some have even falsified their certifications. That’s why it’s crucial to distinguish between reliable solutions and inadequate ones.

Reliable and secure electronic voting

Cybersecurity is one of the most critical aspects of an electronic voting system. However, cybersecurity is a broad concept. A breach that exposes a list of voter names (confidentiality failure) is not the same as one that reveals how each voter cast their ballot (anonymity failure). Similarly, a system outage for a few minutes (availability failure) is different from a system vulnerable to vote manipulation (integrity failure). If an attacker impersonates a voter (authenticity failure), the consequences are more severe if the attack cannot be detected and corrected in time (traceability failure). 

Confidentiality, integrity, availability, authenticity, traceability, and anonymity are the six key principles that a voting provider’s Information Security Management System must uphold. There are standards such as ISO 27001 that establish the minimum requirements providers must meet to ensure these principles. 

To verify that your provider's certifications are legitimate and not forged:

  1. Check that the certifying entity has listed the e-voting provider on its website (e.g. IQNET, Adok or Applus). 
  2. Then ensure that the certification body is accredited by ENAC (the Ministry of Industry’s official accreditation body) to issue these certifications and that it appears on ENAC’s website

Secure-by-design electronic voting

Of the six cybersecurity principles mentioned above, anonymity is the most sensitive. This is why end-to-end verifiability is so crucial. In an end-to-end verifiable system, votes are irreversibly encrypted on the voter’s device before being sent to the provider’s servers. This means that even if an attacker were to breach all the provider’s security systems, it would be mathematically impossible to decrypt the votes. Therefore, in addition to checking for certifications, it’s essential to ensure that your provider correctly implements this standard. 

End-to-end verifiable systems are considered secure by design. That is, regardless of the provider's security measures, these systems guarantee vote anonymity even in a worst-case scenario where all other safeguards fail.

What can go wrong if you choose the wrong provider?

Most e-voting solutions for the private sector do not meet one or both of the key conditions discussed in this article: having an end-to-end verifiable system and being audited by an accredited certification body. But what are the potential consequences of using a low cost solution?

Let’s say your sports club uses e-voting for its elections. Instead of choosing a provider with an end-to-end verifiable system and accredited certification, they opt for a company with questionable credentials that encrypts votes only after they reach the server. Halfway through the election, while voting is still open, the club president is tempted to check the results to see if more effort is needed to mobilize supporters. Since the system is not end-to-end verifiable, an employee of the voting provider could theoretically access the results early and inform the president. 

Even if this scenario never actually happens, the mere suspicion that it could occur might lead a voter to challenge the election. If the electronic voting provider cannot prove that its system is secure by design, a judge might annul the vote, leading to significant financial and reputational costs. The situation could be even worse if an attacker intercepted the votes before they were encrypted.

The end of postal voting

At Kuorum, we have been organizing end-to-end verifiable online elections since 2013, using technology audited under ISO 27001 standard. This technology ensures the six security principles outlined in this article. Additionally, the anti-coercion mechanisms in our electronic voting software already surpass those of postal voting. That’s why professional associations, sports clubs and federations, businesses, and organizations worldwide trust us. If you’d like more information about our services, please contact us anytime - no commitment required.

Share
Recommended articles
See all
Voting online without pressure - Anti-coercion mechanisms
Cybersecurity
Voting online without pressure - Anti-coercion mechanisms
August 7, 2024
4
min read
What is end-to-end verifiability in electronic voting?
Cybersecurity
What is end-to-end verifiability in electronic voting?
August 5, 2024
7
min read
Cybersecurity for businesses - how to protect your information
Cybersecurity
Cybersecurity for businesses - how to protect your information
March 22, 2023
4
min read
Roses are red, violets are blue and websites like this one use cookies to improve the user experience. It doesn't rime but it's true. If you continue, we understand that you are aware of our Cookie Policy and agree to its use.
Configure cookiesAccept