INNOVATE

Individual Verifiability

What is it and how is it achieved?

In traditional paper-based elections with voting in polling stations, every citizen can see how their vote is cast into the ballot box, as they do it themselves. Because of this, they do not need to worry about their ballot being changed or their marks modified. The presence of observers monitoring the election can also help assure voters that the whole process is being conducted correctly.

In an online voting system, then, how can we be sure that our computer or voting device has not modified our vote before casting it? What happens from the moment we click the “Send” or “Cast” button on our device, to when the results are published?

In order to improve the transparency and auditability of online voting systems, different individual verification mechanisms can be implemented, depending on which level of verifiability we want the system to achieve.

An online voting system provides individual verifiability when:

• It allows voters to check that their ballot contains the voting options they have marked and that the voting client has not modified their selections, what we call cast-as-intended verifiability.
• It allows voters to check that their vote has been successfully stored (without being modified), in the ballot box, which is generally known as recorded-as-cast verifiability.

Was my vote cast as intended?

Verification with codes

In this individual verification mechanism, each voter receives a Voting Card before the voting phase starts in which there are different codes, unique to each voter, assigned to each voting option, known as return codes.

Then, during the voting phase:

1. The voter selects the preferred voting options on their voting device, which then encrypts them.
2. The voting device sends the encrypted vote to the voting server.
3. Then, the voting server, using the encrypted vote sent by the voting device, computes the return codes, and sends them back to the voter.
4. Finally, the voter checks, using their Voting Card, that the return codes correspond to the voting options they originally selected.

Examples of these systems include the one used in Norway, which was later improved and used in Neuchâtel, as well as the Swiss Post’s e-voting solution.

Challenge or cast

With this verification mechanism, after the voting device encrypts the voting options, voters have two alternatives:

1. Challenge the voting device: voters are provided with secret information that allows them, with the aid of a verification device, to check that the encrypted vote indeed contains the voting options selected. If the verification is successful, the voting device generates a new encryption of the voting options, and the voter has the possibility to either challenge the voting device again, if they wish, or to cast the vote.
2. Cast the encrypted vote: the encrypted vote is directly sent to the voting server without being audited by the voter.

In this kind of system, the vote challenged is never the vote cast (since casting a challenged vote would compromise secret suffrage). Therefore, it is recommended to challenge the voting device multiple times before casting the vote, as this increases the probability of catching a cheating voting device. Helios is an example of voting system that implements this verification mechanism.

Decryption-based mechanisms

This individual verification mechanism consists of decrypting the vote that is stored in the voting server to check that it contains the voting options selected by the voter. As in the challenge or cast mechanism, the voter needs a second device to perform the verification.

After the vote is cast, the voting device shows a QR code to the voter that contains some secret information used for encrypting the voting options, as well as an identifier of the vote. The voter uses the second device to read the QR code and requests the encrypted vote from the voting server using the vote identifier. The verification device uses the secret information stored in the QR code to decrypt the vote and shows the voting options to the voter, who is then able to verify that they correspond to the ones originally selected.

Invote Gov, the online voting solution offered by Scytl, implements this verification mechanism, as well as the iVote voting system used in some elections in New South Wales.

Was my vote recorded as cast?

Online voting systems that implement mechanisms to provide recorded-as-cast verifiability allow voters to check that their votes were correctly received and stored by the voting server. The decryption-based mechanism used to provide cast-as-intended verifiability also gives recorded-as-cast verifiability, since the verification requires the vote to be downloaded from the voting server. Because of this, the voter can be sure that the vote stored in the ballot box is the vote that was cast and is being verified.

Another technique frequently used to provide recorded-as-cast verifiability is the generation of voting receipts. These receipts contain values that uniquely identify each vote, and are displayed to each voter after casting their vote.

At the end of the election, the organizers can decide to publish a list with the receipts of the votes received by the server. Voters verify that their votes were stored in the ballot box by checking if their anonymous receipt was published. Examples of online voting systems that implement this mechanism have been used in Norway and in Neuchâtel.

Individual verifiability is just one aspect related to providing complete end-to-end verifiability in elections. With the correct mechanisms in place, individual voters can verify that their votes were cast with the voting options they originally selected (cast-as-intended) and stored correctly in the voting server (recorded-as-cast). To learn more about end-to-end verifiability, and the mechanisms that go beyond individual verifiability, take a look at our previous article.

This article was written by Núria Costa, Cryptography Researcher at Scytl.