Selene: Voter-friendly, Receipt-free Verification

This week at the MIT security seminar, Peter Y A Ryan from University of Luxembourg came to talk about Selene, a new way to do vote verifications. I only provide a high level overview in this post, but if you are interested, Peter has made his slide deck public with more details!

The Challenge: Why is secure voting so hard? The correctness of an election should be universally demonstrable, while ensuring all ballots remain private. No one has a god’s eye view of the correct answer. We need to resolve the tension between verifiability and the need for ballot secrecy. We also don’t want to trust officials, software, hardware, etc. We want a solution that is sufficiently easy to use and to understand for the electorate at large.

In a sense, we want end-to-end verifiability. Some key requirements are the following: integrity/accuracy, individual verifiability, universal verifiability, and eligibility verifiability.

We have secrecy requirements: ballot secrecy, receipt-freeness, coercion resistance. On top of that, we want availability, usability, understandability, accountability, accessibility, resilience, etc.

This is what makes voting so difficult. However, once we have votes in encrypted form, the rest is technically fairly straightforward, essentially a distributed secure computation. The real challenges is at the edges: to provide a usable way for the voter to encrypt her vote in a way that gives her high confidence that her vote is correctly encoded while not providing a means to prove this to a third party.

Internet voting poses a host of new problems: insecure client devices, insecure internet, DoS attacks, coercion, etc.

Peter presents Selene. To avoid having to deal with complicated math in a Medium blog post, I’m going to discuss the high level idea behind Selene. First, assume a standard Diffie-Hellman/El Gamal style setup. Tellers hold shares of a threshold election public key. Voters have secret signing and trapdoor keys. The goal is to ensure that each voter is assigned a unique tracker number, to notify each voter his/her tracker (after trackers/voters have been published) in a way that provides high assurance but is deniable.

Selene seems to provide a high degree of transparency for the verification while providing a good level of receipt freeness. However, if there are serious coercion threats, Peter is looking to a second version of Selene that can be used but at the cost of transparency of verifiability.

This is a very high level view of the ideas surrounding secure voting and its difficulty. Selene makes strides to make secure voting a lot more usable and transparent. For more details on the exact cryptographic scheme and more details on the Selene ideas, please take a look at his slide deck.