{"id":2042,"date":"2025-10-02T22:29:41","date_gmt":"2025-10-03T04:29:41","guid":{"rendered":"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/?p=2042"},"modified":"2025-10-02T22:56:42","modified_gmt":"2025-10-03T04:56:42","slug":"when-cryptography-meets-reality-the-challenges-of-electronic-voting","status":"publish","type":"post","link":"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/2025\/10\/02\/when-cryptography-meets-reality-the-challenges-of-electronic-voting\/","title":{"rendered":"When Cryptography Meets Reality: The Challenges of Electronic Voting"},"content":{"rendered":"\n

ISEC 601 \u2013 FINAL GROUP TEACHING AID<\/strong>  <\/p>\n\n\n\n

List of Group Members:<\/strong> Pranshu Amin – 30302031; Hillary Ogoke – 30141713; Joy Aroh – 30302221; Israel Oni – 30085933; Mohammed Arab \u2013 30129092 \u200b\u200b <\/p>\n\n\n\n

Introduction to E-Voting  <\/strong><\/p>\n\n\n\n

For centuries, democratic elections have relied on paper ballots<\/strong> as the foundation of trust. Paper voting is simple, auditable, and familiar.  Citizens can watch ballots being cast, counted, and stored. While this physical process is slow and costly, it offers a high degree of transparency and verifiability<\/strong> that has earned widespread public confidence.  <\/p>\n\n\n\n

In the digital age, however, governments and organizations have sought ways to make elections more accessible, efficient, and scalable<\/strong>. Electronic voting (e-voting) promises faster tallying, remote participation, and reduced administrative costs, while also offering the potential to strengthen security through cryptographic techniques<\/strong> such as encryption, digital signatures, homomorphic tallying, and zero-knowledge proofs [2]. Estonia is a leading example: since 2005, it has implemented nationwide Internet voting in eleven elections, giving researchers rich evidence of both its benefits and vulnerabilities [1].   <\/p>\n\n\n\n

Despite this promise, large-scale adoption of e-voting has been limited. Paper systems, though imperfect, are resistant to certain digital threats, whereas e-voting introduces new risks: malware on voter devices, insider manipulation of systems, denial-of-service attacks, and the challenge of balancing anonymity with verifiability [3][4]. Even advanced cryptographic systems, while powerful in theory, must contend with the realities of usability, scalability, and public trust.  <\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Figure 1:<\/strong> Flow diagram comparing traditional paper voting with electronic voting (created by the author using ChatGPT, 2025).<\/em>  <\/p>\n\n\n\n

Our teaching aid is a website <\/strong>that brings these concepts to life.<\/strong> It allows you to step through a realistic voting simulation, explore the technical cryptographic mechanisms that secure e-voting, and experiment with an Attack Lab to see how vulnerabilities can compromise elections and how defenses work. This hands-on platform is designed to make complex concepts tangible, interactive, and easy to understand. Please read this pre-document completely before using the website, <\/strong>as it provides essential background that will help you grasp the concepts and get the most from the simulation and Attack Lab (Website link: <\/strong>https:\/\/evote-demo.netlify.app\/<\/strong><\/a>).<\/strong> <\/p>\n\n\n\n

Case Studies: Real-World Attempts at Electronic Voting  <\/p>\n\n\n\n

Electronic voting systems have been piloted or adopted in several countries, with mixed outcomes. These case studies highlight how cryptographic tools are used in practice and why secure, trustworthy e-voting remains difficult to achieve.  <\/p>\n\n\n\n

Estonia: A Long-Term Success Story<\/strong>  <\/p>\n\n\n\n

Estonia is the most prominent example of a national e-voting system, in use since 2005. Voters authenticate with a government-issued ID card containing a secure chip that stores a private key, which is used to digitally sign their encrypted ballot. The ballots are encrypted using public-key cryptography and anonymized through mix-nets before tallying. More recently, zero-knowledge proofs (ZKPs) such as Bulletproofs have been introduced to enhance verifiability [3].  <\/p>\n\n\n\n

As of the 2023 national parliamentary elections, more than 50% of Estonian voters cast ballots online<\/strong> [4]. Despite this success, concerns remain. Critics warn that malware on voters\u2019 personal devices<\/strong> could alter votes before encryption, and remote voting cannot fully prevent coercion<\/strong> or vote buying<\/strong>. Newer research in 2025 also highlights traffic analysis inference attacks<\/strong> as a threat, since encrypted vote submission may still leak metadata [3]. Estonia demonstrates that strong cryptography can make national e-voting possible, but it cannot eliminate all risks.  <\/p>\n\n\n\n \n\n\n\n

\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n

Figure 2:<\/strong> Interactive E-Voting Steps (created by Joy Aroh)<\/em><\/p>\n\n\n\n

<\/p>\n\n\n\n

Switzerland: Ambition and Setbacks<\/strong>  <\/p>\n\n\n\n

Switzerland has long aimed to design an e-voting system with complete verifiability<\/strong>, relying on return codes and zero-knowledge proofs (ZKPs) to let voters and auditors confirm ballot integrity. However, in 2019 researchers uncovered serious flaws in the Swiss Post system. They demonstrated that votes could be altered without detection<\/strong>, breaking the guarantee of universal verifiability, and that protocol weaknesses in the mix-net could allow insiders to manipulate encrypted tallies while still producing valid-looking proofs [5], [6]. These findings forced the suspension of nationwide deployment and highlighted how even well-designed cryptographic systems can fail in implementation, shaking public trust.  <\/p>\n\n\n\n

Since 2023, Switzerland has cautiously relaunched e-voting through restricted cantonal trials<\/strong> under strict federal licences. These pilots include independent audits and public intrusion tests; a 2024 test logged nearly 10,000 hacking attempts with no critical breaches [7]. As of 2025, Switzerland continues limited e-voting trials in four cantons under renewed federal licences through 2027. Recent audits confirm improvements but flagged remaining cryptographic parameterization issues, and Swiss Post has launched a new public bug-bounty intrusion test to strengthen transparency and resilience [8], [9]. However, experts stress that the system\u2019s complexity and trust assumptions remain barriers to wider rollout. Switzerland\u2019s cautious progress underscores that cryptographic strength must be paired with transparency and incremental adoption to build durable public trust.  <\/p>\n\n\n\n

United States: Resistance to Internet Voting<\/strong>  <\/p>\n\n\n\n

The United States has largely rejected internet voting at the federal and state level, citing high risks to election integrity. Pilot projects such as Voatz<\/strong>, a blockchain-based mobile voting app, explored digital signatures and end-to-end verifiability. However, independent analyses by MIT researchers in 2020 found that Voatz was vulnerable to man-in-the-middle attacks, server-side manipulation, and metadata leakage<\/strong> that could reveal voter identities. These flaws meant ballots could potentially be altered or deanonymized, undermining both secrecy and integrity [10].  <\/p>\n\n\n\n

Federal authorities, including the National Institute of Standards and Technology (NIST) and the Cybersecurity and Infrastructure Security Agency (CISA), classify electronic ballot return as \u201chigh risk.\u201d Instead, the U.S. continues to emphasize paper ballots and risk-limiting audits<\/strong> as more trustworthy safeguards [11]. While academic proposals for blockchain and homomorphic tallying persist, experts agree these approaches do not solve challenges like coercion, malware, and denial-of-service attacks [12]. The U.S. case shows that in a high-threat environment, cryptography alone cannot overcome the operational and societal risks of online voting.  <\/p>\n\n\n\n

 Cryptographic Foundations of Secure E-Voting  <\/strong><\/p>\n\n\n\n

For an e-voting system to be trusted, it must guarantee more than just efficient vote casting and counting. It must enforce fundamental security properties that ensure integrity, privacy, fairness, and verifiability of the electoral process. The following table summarizes the core security requirements<\/strong> of e-voting systems and shows why cryptography is indispensable for achieving them. These properties form the foundation upon which encryption, digital signatures, mix-nets, homomorphic tallying, and other cryptographic tools are applied.  <\/p>\n\n\n\n

Table 1: <\/strong>Core Security Properties in Cryptographic E-Voting Systems  <\/p>\n\n\n\n

Property <\/strong> <\/td>Description  <\/strong><\/td>Citation  <\/strong><\/td><\/tr>
Non-repudiation <\/strong> <\/td>A voter cannot later claim they did not cast a vote.  <\/td>[16]  <\/td><\/tr>
Integrity <\/strong> <\/td>Ensures that the vote remains unchanged during transmission or storage and prevents impersonation of voters.  <\/td>[16]  <\/td><\/tr>
Confidentiality \/ Privacy <\/strong> <\/td>No one should be able to link a voter\u2019s identity to their vote.  <\/td>[16]  <\/td><\/tr>
Authentication \/ Legality <\/strong> <\/td>Ensures that only valid voters can vote.  <\/td>[16]  <\/td><\/tr>
Uniqueness <\/strong> <\/td>Each voter ID must be unique, ensuring that no voter can cast more than one ballot.  <\/td>[16]  <\/td><\/tr>
Verifiable <\/strong> <\/td>After the results are announced, the votes should be verifiable by both auditors and voters.  <\/td>[16]  <\/td><\/tr>
Impartiality <\/strong> <\/td>Only trusted authorities can decrypt the votes; other participants should not have access.  <\/td>[16]  <\/td><\/tr>
Coercion resistance <\/strong> <\/td>Ballots are cast without any external pressure or coercion on voters.  <\/td>[17]  <\/td><\/tr>
Receipt freeness <\/strong> <\/td>Voters cannot prove how they voted.  <\/td>[17]  <\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

To make these security properties possible, e-voting systems rely on several cryptographic building blocks:  <\/p>\n\n\n\n