Making e-voting safer from coercion and vote buying

E-voting or online voting concept © 2024 iStock

E-voting or online voting concept © 2024 iStock

As we come to the end of a year in which half the world’s population went to the polls, EPFL researchers developed and field-tested a groundbreaking new technology to protect remote electronic voting or e-voting from voter coercion and vote buying.

In 2024, national or regional elections were held in countries that are home to almost half of the world’s population. These elections have taken place amid growing geopolitical challenges and concerns in many countries about whether voting is free, fair and transparent.

Globally, in-person marked ballot papers are by far the most common form of voting. In-person voting isn’t perfect but it is the current state-of-the-art standard in coercion resistance. A voter shows their ID, enters a protected booth for privacy, marks their ballot paper and puts it in the ballot box, while the entire process is normally watched by independent observers.

Remote, online e-voting is attractive for its convenience and potentially increased voter turnout. Today’s state-of-the-art technology can make e-voting universally verifiable – so that anyone, not just election officials and observers, can verify that votes have been tallied correctly. Most online voting systems are more susceptible than in-person voting to vote buying and voter coercion, however, such as another person sitting next to the voter and telling them how to cast their ballot.

Fake credentials for safer e-voting

As bizarre as it may sound, one promising strategy to overcome this vulnerability to coercion is officially-sanctioned digital fakery. Experimental e-voting systems enable voters to create fake voting credentials that voters may give – or sell – to a coercer, who has no way to detect if these credentials are valid or not. Votes cast using fake voting credentials are silently discarded and don’t count in the election.

Important questions remain, however. Do ordinary voters comprehend the threat of coercion when it comes to online voting? Do they think it’s important? Would they understand, and correctly apply, a mitigation technology using fake credentials?

To try to answer these questions, EPFL researchers in the School of Computer and Communication Sciences undertook a systematic study of 150 participants in Boston, in the United States, who “registered” and “voted” in a mock election. In their paper, presented at the 45th IEEE Symposium on Security and Privacy, the researchers describe how 120 of the participants were exposed to fake credentials while the rest formed a control group.

“In our system, people still need to create their legitimate and fake voting credentials in person to establish a trustworthy communication channel between the voter and supervising authority – this is the bootstrap point where original trust is built,” explained Professor Bryan Ford, Head of the Decentralized and Distributed Systems Laboratory (DEDIS). “But voters only need to do this once every few years, not every time there is an election,” he continued. “Once voters create their credentials they can be installed on any device they want to vote with and they can cast their actual vote wherever they want.”

Cutting-edge cryptographic technology

To create their voting credentials, participants used TRIP, a prototype system for coercion-resistant online voting via fake credentials, developed by Ford and his team. The system uses a well-established cryptographic technology called interactive zero knowledge proofs, to create real and fake paper credentials, so that the voter knows which credential is real but can’t prove that to anyone else.

“Using the TRIP system, voters are able to print both a real credential and any number of fake credentials that utilize QR codes. Each credential includes an interactive zero-knowledge proof, which is sound in real credentials and unsound in fake credentials. Only the voter that created the credentials knows the difference by observing the order of printing steps. The moment they step out of the privacy booth the credentials are completely indistinguishable from one another,” said Louis-Henri Merino, a Doctoral Assistant with DEDIS and primary author of the research paper.

A technology yet to be adopted

Of the 120 participants in the study exposed to fake credentials, almost all understood their use (96%) while just over half reported that they would create fake credentials in a real-world voting scenario, given the opportunity. 10% of participants mistakenly voted with a fake credential, however.

22% of those taking part in the study reported either real-life personal experience with, or direct knowledge of, coercion or vote-buying incidents. These latter participants rated the coercion-resistant system essentially as trustworthy as in-person voting via hand-marked paper ballots.

Overall, of the 150 total participants to use the system, 87% successfully created their credentials without assistance and 83% both successfully created and properly used their credentials. Participants give a System Usability Scale score of 70.4, which is slightly above the industry’s average score of 68.

Upgrading democracy

“I’m really focused on e-voting due to my long-term interest in democracy with more regular participation whilst ensuring trust and privacy. To make democracy work better we can't really leverage current technologies unless we solve problems around transparency and coercion,” said Ford. “Our findings appear to support the importance of the coercion problem in general, and the promise of fake credentials as a possible mitigation, but user error rates remain an important usability challenge for future work.”

Whilst the study took place in the United States, the EPFL researchers believe that there could be important applications closer to home. They say that Switzerland’s postal voting system, like e-voting systems, does not satisfy the requirement of ensuring no voter coercion, as postal voters similarly vote in an uncontrolled environment.

“Switzerland's attitude has basically been that coercion is illegal and Swiss people are law abiding, therefore it obviously doesn't happen. I would love to see a study into what Swiss people think about voter coercion and their perception of potential solutions to it. Finally, I would really like to see more participatory approaches to democracy developed on top of this kind of platform. Can we fundamentally upgrade democracy with something truly safe to use?” Ford concluded.

How TRIP would work in practice

Andrea (fictive name), who has just turned 18, is voting for the first time.Her country is organizing an online vote: the first step for Andreais to go in person to create her voting credentials in a dedicated area, equipped with privacy booths and the TRIP system.

Andrea chooses to create two fake credentials along with her real voting credential. To create each of these credentials, Andrea uses a kiosk in the privacy booth to print a paper receipt and insert it into a special envelope, which she also obtains in the booth. While still within the booth, Andrea uses a pen to mark the envelope containing her real credential, in a way that only she knows and will remember later. When she leaves the booth, she has three envelopes, each containing one of her credentials — but only Andrea knows which credential is the real one, which will cast votes that count in the election. Her two fake credentials will work to cast votes, but those votes will not count.

Andrea lives with her parents, who have pressured her to vote for the political party they support. On election day, Andrea must vote online alongside her parents in her family’s tradition. For this vote she uses one of her fake credentials, however. The vote she casts under her parents’ supervision will later be removed during vote counting because it was cast with a fake credential, while also not being traceable back to her.In order to vote freely for the political party of her choice, unbeknownst to her parents, Andrea uses her real credential at another time while visiting a close friend she trusts, casting a vote online with her real voting credential to express her true preference. Only this real vote is counted in the election.


Author: Tanya Petersen

Source: Computer and Communication Sciences | IC

This content is distributed under a Creative Commons CC BY-SA 4.0 license. You may freely reproduce the text, videos and images it contains, provided that you indicate the author’s name and place no restrictions on the subsequent use of the content. If you would like to reproduce an illustration that does not contain the CC BY-SA notice, you must obtain approval from the author.