Theory and Practice, Outreach and Teaching in Electronic Voting

Véronique Cortier is a CNRS research director at the LORIA laboratory in Nancy, France, where she works on electronic voting and formal methods for security. She has published over 100 papers and is editor and PC member of numerous international journals and conferences, as well as the winner of the Gilles Kahn prize for the best French dissertation in computer science in 2003 and the INRIA and French Academy of Sciences Young Researcher Award in 2015. She is one of the invited speakers for ETAPS 2023, and kindly agreed to answer some questions about her work.

Could you introduce you and your research area?

I am working on the verification of security protocols, I started mostly working on verification, formally proving and designing algorithms and tools for security protocols. Little by little I moved to the design of security protocols, in particular electronic voting protocols.

I also work on proofs using computational or cryptographic models that give higher security guarantees than what we call symbolic models (which are usually studied for verification purposes), but where security proofs have to be done mostly by hand.

In protocol design, I work on both theoretical and practical questions. Theoretical questions are, for example, the definition of vote secrecy, where even for a simple property like this there is no consensus and one can design different models and compare them with other properties. On the practical side, I work on the design of protocols, trying to propose state-of-the-art voting platforms like Belenios.

Besides your research activities, you also recently published a book for the general public. What led to your decision to reach out to a new audience?

I also work with companies to analyze or improve their protocols, and as a researcher, I would like the companies to improve their security, but they do not necessarily see the advantage in this, because improving security costs a lot of time and energy. So I need the clients, such as universities, associations, and state agencies, to ask for more security and the regulations to be more demanding. In the end, I try to explain the field to the public in the hope that the regulations will be improved, if the people ask for it. My ultimate, maybe somewhat naive goal is to help the general public to ask more questions, so they can push the client to ask for more security and have more demanding regulations. So I also hope that these people read my book as well.

What are your experiences with other ways to communicate with non-experts?

There is a lot we can do there to communicate our research, and I like to do that with games. I have developed an explanation with locks and boxes that I use for the general public or children. The participants have to invent a safe way to exchange some cake in locked boxes, so in the end Eve cannot steal the cake or poison it. For teaching at the master level, I have developed a little protocol competition, where the students work in groups of 2 or 3 to develop a protocol, and they attack each other’s protocols. There is a competition between the groups, and they earn points if they successfully attack, and they lose points if they are successfully attacked. And in the end, they should use formal verification like ProVerif to either prove or disprove the protocols. In the beginning, they find attacks just like this, but in the end, they see the advantage of using a tool.

And a nice thing about it is that it really motivates the students – when they hand in their solutions late, they lose points for each day they are late, so sometimes I receive emails just 2 minutes after midnight with an excuse why they are late, arguing to not lose points. I was surprised it works so nicely because they lose points not on the final grade, but on the competition.

You reach out to the general public, companies, through teaching, do you also reach out directly to policymakers?

Yes, mostly in France. I am interacting with ANSSI, the French security agency, with CNIL which is regulating privacy rights, and also with some people in the ministries of education and foreign affairs. We help them to advise on elections, for example in this year’s French legislative election, where electronic voting is used only for French living abroad. Otherwise, it is traditional paper-based ballots, which is very good in my point of view, it is perfect for security there is no need to change. My team had a contract with the ministry of foreign affairs to be a third party to ensure some sort of verifiability. We were given the encrypted ballots and verified the cryptographic proofs that show that the result corresponds to the ballots. Additionally, we were authoring an individual verifiability service, where people could check that their votes have been counted. The ballot box cannot be public, but we were given the ballots, and each user that voted had the hash of their ballot. We could publish the hash of the ballots so one could check that it was counted.

And we also wanted to push verifiability, so we required the specification to be public, at least partially. We accepted to work only if we worked on public specifications. Not all the specifications are public, but we worked on the public part. So we push a little more into transparency.

Did E-Voting change in the last 5–6 years for companies or academia?

Companies are late, but they are making progress for sure. The situation depends a lot on the country: Some countries have very advanced technologies, like Switzerland with very demanding regulations, while in some countries like Canada vote per email counts as electronic voting, so there is the whole range. In France, it really depends.

But what we consider in academia to be state-of-the-art, like preserving privacy while having some verifiability, because we can use advanced cryptography like homomorphic encryption on mix-nets, this is now picked up by companies, because the technology is mature and fast enough to be used in practice. Not all of them are using it, sadly, but in the last 5–6 years companies started to be aware that these techniques exist and that they can use them.

And then in academia, what is moving is a property called cast-as-intended, which should let the voter be sure that their vote is cast even if their device is malicious. So if I click on A, then I can check that my device is going to encrypt A, even if it is malicious. This is not so easy, because we need to involve the user to solve some simple task. And the old well-understood ways to do this, for example, Benaloh challenges, were hard to use in practice. But now I think multiple systems are trying to provide alternative techniques.

What do you expect to be the next big research topic in your field?

The next steps are authentication and resistance against vote-buying. Now people receive credentials typically by mail, SMS, or something similar. This means that if I want to sell my vote, I just need to sell some string. That is pretty simple and vote buying exists for sure. So we need a way to better authenticate people. Using electronic ID cards is an improvement, but that is not sufficient, for example, one can still sign their ballots with their ID and could still sell their vote because it is possible to prove how they voted. So we need better authentication and also schemes against vote buying.

Is there some specific point where theory and practice interact for you?

When we design protocols, we have to keep in mind what is feasible and acceptable. And I was surprised that from experience in practice what is possible. For example, in Switzerland they ask users to do things I would not dare to ask: users have to first enter 20 characters, then they have to check several short codes of four digits, and then reenter a 9-digit number and finally check a 8-digit number. And it is all written on paper, so you cannot copy-and-paste, but if we can ask 3 back-and-forth tasks to the voter of this size, then we can try, with this voter experience, to design new protocols.

And the same goes for voting authorities. I thought we could ask them only easy tasks, and I was told that this is not necessarily true, the important thing is to have a clear procedure, even if it has a lot of steps. And I have seen the procedure for legislative elections in France this year: It has more than 500 steps. Not all steps are done by the same person, and they list everything, like “take the CD out of the envelope”, “put the CD into the reader” and so on. But if this is established then we can add 20 cryptographic steps for security as well.