Thesis Type: Doctorate
Institution Of The Thesis: Orta Doğu Teknik Üniversitesi, Institute of Applied Mathematics, Cryptography, Turkey
Approval Date: 2016
Student: KÖKSAL MUŞ
Supervisor: MURAT CENKAbstract:
After the Estonian Parliamentary Elections held in 2011, an additional veriﬁcation mechanism was integrated into the i-voting system in order to resist malicious voting devices, including the so-called Student’s Attack. This mechanism gives voters the opportunitytoverifywhetherthevotetheycastisstoredinthecentralsystemcorrectly. However, the veriﬁcation phase ends by displaying the cast vote in plain form on the veriﬁcation device. Indeed, when applied in wide range, this would even compromise the fairness and the overall secrecy of the elections. In this work, our aim is to investigate this veriﬁcation phase in detail and to point out that displaying the cast vote in plain form may leak voter privacy. In this respect, we propose an alternative veriﬁcation mechanism for the Estonian i-voting system to overcome this vulnerability. Not only is the proposed mechanism secure and resistant against corrupted veriﬁcation devices, so does it successfully verify whether the vote is correctly stored in the system. We also highlight that our proposed mechanism brings only symmetric encryptions and hash functions on the veriﬁcation device, thereby mitigating these weaknesses in an efﬁcient way. More concretely, it brings only m additional symmetric key decryptions to the veriﬁcation device, with m denoting the number of candidates. Finally, we prove the security of the proposed veriﬁcation mechanism and compare the cost complexity of the proposed method with that of the current mechanism.