VSPReP: Verifiable, Secure and Privacy-Preserving Remote Polling with Untrusted Computing Devices

  • Amna QureshiEmail author
  • David Megías
  • Helena Rifà-Pous
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 878)


Internet-based polling systems allow voters to cast their votes at any time during the polling period, from any Internet-connected computing device anywhere in the world. Security is an important feature of such systems that should address inherent concerns, such as secrecy of vote, anonymity and unlinkability of voter, voter coercion, secrecy of intermediate results, verifiability, auditability, and poll integrity. Another major concern is that an infected voting device with a malicious program (e.g., virus, malware) could take control over the vote casting process and make unauthorized and potentially undetected modifications to the voter’s voting choices, and, hence, should not be trusted. In this paper we present VSPReP, a verifiable, secure and privacy-preserving remote polling (e-poll) system, which provides vote’s privacy and poll integrity, prevents double voting, enables multiple voting (within the allowed polling period), and achieves verifiability (cast-as-intended and tallied-as-recorded) and uncoercibility in the presence of an untrusted voting device. This paper presents a general design of VSPReP and describes its workflow during three polling phases: pre-polling, polling and post-polling. It also analyzes the security properties of VSPReP and evaluates its performance in terms of computational and cryptographic costs. The experimental results show that the average time a voter takes to cast his/her vote is less than 45 secs, thus demonstrating the practicality of VSPReP.


Remote polling Malware detection Privacy Verifiability 



This work was partly funded by the INCIBEC-2015-02491 “Ayudas para la excelencia de los equipos de investigacin avanzada en ciberseguridad” and TIN2014-57364-C2-2-R “SMARTGLACIS”.


  1. 1.
    Adida, B.: Helios: web-based open-audit voting. In: SS 2008, pp. 335–348 (2008)Google Scholar
  2. 2.
    Allepuz, J.P., Castelló, S.G.: Cast-as intended verification in Norway. In: EVOTE 2012, pp. 49–63 (2012)Google Scholar
  3. 3.
    Allepuz, J.P., Castelló, S.G.: Internet voting system with cast as intended verification. In: Kiayias, A., Lipmaa, H. (eds.) Vote-ID 2011. LNCS, vol. 7187, pp. 36–52. Springer, Heidelberg (2012). Scholar
  4. 4.
    B\(\ddot{o}\)ck, J.: RSA-PSS provable secure RSA signatures and their implementation (2011).
  5. 5.
    Benaloh, J., Rivest, R., Ryan, P.Y.A., Stark, P., Teague, V., Vora, P.: End-to-end verifiability (2013).
  6. 6.
    Brelle, A., Truderung, T.: Cast-as-intended mechanism with return codes based on PETs. In: Krimmer, R., Volkamer, M., Braun Binder, N., Kersting, N., Pereira, O., Schürmann, C. (eds.) E-Vote-ID 2017. LNCS, vol. 10615, pp. 264–279. Springer, Cham (2017). Scholar
  7. 7.
    Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993). Scholar
  8. 8.
    Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987). Scholar
  9. 9.
    Galindo, D., Guasch, S., Puiggalí, J.: 2015 Neuchâtel’s cast-as-intended verification mechanism. In: Haenni, R., Koenig, R.E., Wikström, D. (eds.) VOTELID 2015. LNCS, vol. 9269, pp. 3–18. Springer, Cham (2015). Scholar
  10. 10.
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure distributed key generation for discrete-log based cryptosystems. J. Cryptol. 20(1), 51–83 (2007)MathSciNetCrossRefGoogle Scholar
  11. 11.
    Gjøsteen, K.: The Norwegian internet voting protocol. In: Kiayias, A., Lipmaa, H. (eds.) Vote-ID 2011. LNCS, vol. 7187, pp. 1–18. Springer, Heidelberg (2012). Scholar
  12. 12.
    Joaquim, R., Ribeiro, C., Ferreira, P.: VeryVote: a voter verifiable code voting system. In: Ryan, P.Y.A., Schoenmakers, B. (eds.) Vote-ID 2009. LNCS, vol. 5767, pp. 106–121. Springer, Heidelberg (2009). Scholar
  13. 13.
    Krawczyk, H., Bellare, M., Canetti, R.: HMAC: keyed-hashing for message authentication (1997).
  14. 14.
    Mulligan, G.: Has the time now come for internet voting? (2017).
  15. 15.
    Naor, M., Pinkas, B., Reingold, O.: Distributed pseudo-random functions and KDCs. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 327–346. Springer, Heidelberg (1999). Scholar
  16. 16.
    Qureshi, A., Megías, D., Rifà, H.: Framework for preserving security and privacy in P2P content distribution systems. ESWA 42(3), 1391–1408 (2015)Google Scholar
  17. 17.
    Ryan, P.Y.A., Bismark, D., Heather, J., Schneider, S., Xia, Z.: Prêt à voter: a voter-verifiable voting system. IEEE Trans. Inf. Forensic Secur. 4(4), 662–673 (2009)CrossRefGoogle Scholar
  18. 18.
    Schneider, A., Meter, C., Hagemeister, P.: Survey on remote electronic voting. CoRR (2017).
  19. 19.
    Schnor, C.P.: Efficient signature generation by smart cards. J. Cryptol. 4(3), 161–174 (1991)zbMATHGoogle Scholar
  20. 20.
    Terelius, B., Wikström, D.: Proofs of restricted shuffles. In: Bernstein, D.J., Lange, T. (eds.) AFRICACRYPT 2010. LNCS, vol. 6055, pp. 100–113. Springer, Heidelberg (2010). Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  • Amna Qureshi
    • 1
    Email author
  • David Megías
    • 1
  • Helena Rifà-Pous
    • 1
  1. 1.Internet Interdisciplinary Institute (IN3)Universitat Oberta de Catalunya (UOC)BarcelonaSpain

Personalised recommendations