In Estonia, nationwide internet voting (i-voting) has been in use since 2005, with its popularity steadily rising.In the recent parliamentary election in March 2023, over half of the cashel tail bag voters cast their ballots electronically.This study focuses on the security of i-voting, specifically potential vulnerabilities to insider attacks and the integrity of the i-ballot-box.We reviewed the i-voting source code, analyzed the operational system in our lab, studied documentation, and examined audit reports from previous elections.
Our systematic examination of the vote processing stage revealed vulnerabilities that could allow a dishonest insider to replace all ballots undetected.To address this, we proposed an audit application to verify that no ballots have been altered during the processing stage.The formula was rigorously tested across multiple scenarios, including ballot replacement, addition, and removal, proving its capability to detect a comprehensive range of manipulations.This study also click here explores the historical development of the i-voting system, end-to-end verifiability, and over-the-shoulder coercion-resistance.
It highlights the limitations of existing coercion-resistant systems and the need for further scrutiny.Our findings suggested additional measures to ensure i-ballot-box integrity.The proposed methodology offers a framework for auditors to enhance voting process security, contributing to the reliability and transparency of internet voting systems.Notably, the source code for the European Parliament election, published on May 30, 2024, includes an enhanced auditing application based on our script.