INNOVATE

E-Vote-ID 2023: Eighth International Joint Conference on Electronic Voting

Scytl’s papers, poster, and experience

Scytl

Published in

EDGE Elections

6 min readOct 17, 2023

On October 4–6, Scytl’s Research & Innovation team attended the E-Vote-ID conference in Luxembourg City to present their latest work. The team had two papers accepted, presented one poster, and chaired two of the conference sessions: “Session 6: Trust but verify (II): trust and audits — Managing election integrity” and “Session 8: Verifiability and Coercion Resistance”. Scytl’s team also organized the conference’s first matchmaking event.

Regulating for the “known unknowns” in Internet voting: quantum computing and long-term privacy

Adrià Rodríguez-Pérez, Núria Costa and Tamara Finogina

This paper highlights the threat of quantum computing and the vulnerability of votes cast by electronic means today to unauthorized decryption in the future (i.e., retrospective decryption). It also calls for a broader discussion on the necessity of long-term privacy protection in internet voting.

The field of quantum computing is developing rapidly. Some estimate that a quantum computer capable of real-life tasks will come as early as the 2030s.

While this time estimate might seem a bit too optimistic, the potential impact of a privacy breach that enables the correlation of votes with their voters in the future makes the risk worth considering. Of course, not everyone might find the threat critical enough to start acting now. However, the question remains: how paramount is long-term privacy, and what can we do today to protect cast votes from a future risk of retrospective decryption?

Considering that banning quantum computer development seems unrealistic and increasing security strength won’t work forever, we should consider alternative strategies for preventing or (at least) decreasing the impact of retrospective decryption. Turns out, there are some measures we can do now to mitigate quantum computer impact on privacy in the future.

For example, we can delete sensitive information and thus ensure that, once the quantum computer is powerful enough to break encryption, there will be no data to decrypt. This would not be a silver bullet since ensuring no unaccounted digital copy exists is impossible. However, data deletion is one of the simplest solutions that definitely should be considered by system designers and administrators today.

Similarly, one might look into quantum-resistant encryption — a very active field of research. Of course, the efficiency is still not satisfactory for many cryptographic primitives, and security guarantees are still being researched, but (partially) switching to post-quantum cryptography is one possibility. Finally, we analyzed anonymous vote-casting, which aims to break the link between the vote and the voter before the ballot reaches the bulletin board. This avenue can potentially conflict with the “1 vote — 1 voter” policy and has other legal and practical considerations requiring evaluation before utilizing the technology. Nevertheless, it can be a solution too.

Some say that the arrival of the quantum computer is inevitable. If so, the privacy of every encrypted message we exchange today will be compromised, including the votes we cast now. The question we urge everyone to consider is how critical the privacy loss of today’s votes will be in the future. And if the risk is deemed worth considering, we suggest starting a dialog with experts and exploring the possible mitigation strategies we analyzed in the paper.

Setting international standards on digital election technologies: mapping trends and stakeholders

Adrià Rodríguez-Pérez and Jordi Barrat Esteve

Our second paper (co-authored with his former PhD supervisor, Jordi Barrat), addresses the growing constellation of international standards on digital election technologies: recommendations by international organizations, methodologies and handbooks to observe voting and counting technologies, compendiums and guides on good practices, etc. all in all, we have found up to 37 different international standards that prescribe certain good or ideal behaviors that electoral stakeholders should follow when digital technologies are introduced in electoral processes:

The standard-setting efforts touch upon several phases, technologies, and aspects of the electoral cycle: from general standards dealing with the introduction of technology in elections and its compliance with international obligations for elections to election cybersecurity, including guides on transparency and certification, standards on specific technologies, as well as on data protection or procurement. According to our findings, this is a growing trend and we expect that many more standards may be developed in the coming years.

Their paper also maps which kind of actors can be found behind the international standard-setting efforts.

In this regard, the authors we identify three trends related to the development of international standards on digital election technologies:

Intergovernmentalism as the “golden standard”: standard setting in digital election technologies is still dominated by public actors, mainly States and intergovernmental organizations. More specifically, international organizations like the Council of Europe, the OSCE/ODIHR and the OAS, as well as International IDEA, are the main driving force behind these efforts.
More stakeholders, not much more multi-stakeholderism: there is also a growing number of NGOs who are also involved in the standard-setting efforts. At the same time, however, most of the standards have been developed independently and without cooperation among different classes of actors (i.e., without multi-stakeholder approaches).
The absence of for-profit electoral stakeholders: it is quite apparent that for-profit companies (e.g., technology vendors, auditors, certification agencies) remain outside these circles.

SOTERIA: uSer-friendly digiTal sEcured peRsonal data and prIvacy plAtform

Polina Toropova

SOTERIA is an EU H2020 funded innovation project aimed at addressing citizen’s privacy concerns through the development and implementation of a user-centric digital data wallet. During the conference, Scytl’s Innovation team presented a poster about an online voting use case.

In March-April 2024, the project team will test and validate the SOTERIA digital wallet during the two stages of the simulated online elections at the two Romanian institutions (a high school and a university). Some pilot participants will be asked to use SOTERIA to authenticate themselves for i-voting, some participants will use individual credentials.

Apart from offering a secure and innovative authentication method for i-voting, SOTERIA will allow its users to save and later retrieve their voting receipt in their digital wallet, thus offering a new way of vote verifiability. To access the impact and sustainability of the SOTERIA solution each participant will be requested to complete surveys.