Skip to main content
USENIX
  • Conferences
  • Students
Sign in
  • Home
  • Attend
    • Registration Information
    • Registration Discounts
    • Venue, Hotel, and Travel
    • Co-Located Workshops
  • Program
    • Workshop Program
  • Participate
    • Call for Articles
  • Sponsorship
  • About
    • Workshop Organizers
    • Services
    • Questions
    • Past Workshops
  • Home
  • Attend
    • Registration Information
    • Registration Discounts
    • Venue, Hotel, and Travel
    • Co-Located Workshops
  • Program
    • Workshop Program
  • Participate
  • Sponsorship
  • About
    • Workshop Organizers
    • Services
    • Questions
    • Past Workshops

connect with us


  •  Twitter
  •  Facebook
  •  LinkedIn
  •  Google+
  •  YouTube

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home » Program » Workshop Program
Tweet

connect with us

Workshop Program

All sessions will be held in Regency D unless otherwise noted.

The accepted refereed articles listed below appear in Volume 3, Numbers 1–2, of the The USENIX Journal of Election Technology and Systems (JETS).

Downloads for Registered Attendees

Attendee Files 

(Registered attendees: Sign in to your USENIX account to download this file.)

JETS '15 Attendee List (PDF)

 

Tuesday, August 11, 2015

8:15 am–9:15 am Tuesday

Continental Breakfast

9:15 am–9:30 am Tuesday

Welcome

Editors-in-Chief: Dan Wallach, Rice University, and Walter Mebane, University of Michigan

9:30 am–11:00 am Tuesday

JETS Article Presentations: New Schemes and Techniques

New Techniques for Electronic Voting

Alan Szepieniec and Bart Preneel, KU Leuven and iMinds

This paper presents a novel unifying framework for electronic voting in the universal composability model that includes a property which is new to universal composability but well-known to voting systems: universal verifiability. Additionally, we propose three new techniques for secure electronic voting and prove their security and universal verifiability in the universal composability framework. 1. A tally-hiding voting system, in which the tally that is released consists of only the winner without the vote count. Our proposal builds on a novel solution to the millionaire problem which is of independent interest. 2. A self-tallying vote, in which the tally can be calculated by any observer as soon as the last vote has been cast — but before this happens, no information about the tally is leaked. 3. Authentication of voting credentials, which is a new approach for electronic voting systems based on anonymous credentials.

This paper presents a novel unifying framework for electronic voting in the universal composability model that includes a property which is new to universal composability but well-known to voting systems: universal verifiability. Additionally, we propose three new techniques for secure electronic voting and prove their security and universal verifiability in the universal composability framework. 1. A tally-hiding voting system, in which the tally that is released consists of only the winner without the vote count. Our proposal builds on a novel solution to the millionaire problem which is of independent interest. 2. A self-tallying vote, in which the tally can be calculated by any observer as soon as the last vote has been cast — but before this happens, no information about the tally is leaked. 3. Authentication of voting credentials, which is a new approach for electronic voting systems based on anonymous credentials. In this approach, the vote authenticates the credential so that it cannot afterwards be used for any other purpose but to cast that vote. We propose a practical voting system that instantiates this high-level concept.

Available Media
  • Read more about New Techniques for Electronic Voting

Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting

Dirk Achenbach, Karlsruhe Institute of Technology; Carmen Kempka, NTT Secure Platform Laboratories; Bernhard Löwe and Jörn Müller-Quade, Karlsruhe Institute of Technology

In a democracy, it is essential that voters cast their votes independently and freely, without any improper influence. Particularly, mechanisms must be put into place that prevent—or at least severely impede—the coercion of voters. One possible counter- measure to coercion is revoting: after casting a vote under coercion, the voter can re-cast and overwrite her choice. However, revoting is only meaningful as a strategy to evade coercion if the adversary cannot infer whether the voter has modified her choice—revoting needs to be deniable, while still being publicly verifiable. We define the notions of correctness, verifiability, and deniability for a tallying protocol which allows for revoting. We also present a protocol realizing these notions. To the best of our knowledge, our solution is the first to achieve both deniability and public verifiability without asking information about the voter’s previously-cast ballots for revoting.

In a democracy, it is essential that voters cast their votes independently and freely, without any improper influence. Particularly, mechanisms must be put into place that prevent—or at least severely impede—the coercion of voters. One possible counter- measure to coercion is revoting: after casting a vote under coercion, the voter can re-cast and overwrite her choice. However, revoting is only meaningful as a strategy to evade coercion if the adversary cannot infer whether the voter has modified her choice—revoting needs to be deniable, while still being publicly verifiable. We define the notions of correctness, verifiability, and deniability for a tallying protocol which allows for revoting. We also present a protocol realizing these notions. To the best of our knowledge, our solution is the first to achieve both deniability and public verifiability without asking information about the voter’s previously-cast ballots for revoting. A seemingly competitive line of work, started by the well-known work of Juels, Catalano, and Jakobsson, uses fake credentials as a strategy to evade coercion: the voter presents to the adversary a fake secret for voting. In this work, we extend Juels et al.’s work to achieve deniable revoting. Their solution also allows for revoting, however not deniably. Our solution supports fake credentials as an opt-in property, providing the advantages of both worlds.

Available Media
  • Read more about Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting

Verifiable European Elections: Risk-limiting Audits and Universally Verifiable Tallies for D'Hondt and Its Relatives

Philip B. Stark, University of California, Berkeley; Vanessa Teague, University of Melbourne

We provide Risk Limiting Audits for proportional representation election systems such as D'Hondt and Sainte-Laguë. These techniques could be used to produce evidence of correct (electronic) election outcomes in Denmark, Luxembourg, Estonia, Norway, and many other countries.

We provide Risk Limiting Audits for proportional representation election systems such as D'Hondt and Sainte-Laguë. These techniques could be used to produce evidence of correct (electronic) election outcomes in Denmark, Luxembourg, Estonia, Norway, and many other countries.

Available Media
  • Read more about Verifiable European Elections: Risk-limiting Audits and Universally Verifiable Tallies for D'Hondt and Its Relatives
11:00 am–11:30 am Tuesday

Break with Refreshments

11:30 am–12:30 pm Tuesday

Keynote Address

Decertifying the Worst Voting Machine in the US: Lessons Learned and Looking Forward

Jeremy Epstein, SRI International

Available Media
  • Read more about Decertifying the Worst Voting Machine in the US: Lessons Learned and Looking Forward
12:30 pm–2:00 pm Tuesday

Luncheon for Workshop Attendees


2:00 pm–3:00 pm Tuesday

Invited Talk

The New South Wales iVote System: Security Failures and Verification Flaws in a Live Online Election

J. Alex Halderman, University of Michigan; Vanessa Teague, University of Melbourne

  • Read more about The New South Wales iVote System: Security Failures and Verification Flaws in a Live Online Election
3:00 pm–3:30 pm Tuesday

Break with Refreshments

3:30 pm–4:30 pm Tuesday

JETS Article Presentations: Usability of Verification

From Error to Error: Why Voters Could not Cast a Ballot and Verify Their Vote with Helios, Prêt à Voter, and Scantegrity II

Claudia Z. Acemyan, Philip Kortum, Michael D. Byrne, and Dan S. Wallach, Rice University

The aim of this paper is to identify user errors, and the related potential design deficiencies, that contributed to participants failing to vote cast and vote verify across three end-to-end voting systems: Helios, Prêt à Voter, and Scantegrity II. To understand why voters could not cast a vote 42% of the time and verify that their ballots were cast and counted with the tested e2e systems 53% of the time, we reviewed data collected during a system usability study. An analysis of the findings revealed subjects were most often not able to vote with Helios because they did not log in after encrypting their ballot but before casting it. For both Prêt à Voter and Scantegrity II, failing to vote was most frequently attributed to not scanning the completed ballot. Across all three systems, the most common reason participants did not verify their vote was due to not casting a ballot in the first place.

The aim of this paper is to identify user errors, and the related potential design deficiencies, that contributed to participants failing to vote cast and vote verify across three end-to-end voting systems: Helios, Prêt à Voter, and Scantegrity II. To understand why voters could not cast a vote 42% of the time and verify that their ballots were cast and counted with the tested e2e systems 53% of the time, we reviewed data collected during a system usability study. An analysis of the findings revealed subjects were most often not able to vote with Helios because they did not log in after encrypting their ballot but before casting it. For both Prêt à Voter and Scantegrity II, failing to vote was most frequently attributed to not scanning the completed ballot. Across all three systems, the most common reason participants did not verify their vote was due to not casting a ballot in the first place. While there were numerous usability failures identified in the study, these errors can likely be designed out of the systems. This formative information can be used to avoid making the same types of mistakes in the next generation of voting systems—ultimately resulting in more usable e2e methods.

Available Media
  • Read more about From Error to Error: Why Voters Could not Cast a Ballot and Verify Their Vote with Helios, Prêt à Voter, and Scantegrity II

Diffusion of Voter Responsibility: Potential Failings in E2E Voter Receipt Checking

Ester Moher, Children's Hospital of Eastern Ontario Research Institute; Jeremy Clark, Concordia University; Aleksander Essex, Western University

End-to-end verifiable (E2E) voting systems provide voters with (privacy preserving) receipts of their ballots allowing them to check that their votes were correctly included in the final tally. A number of recent studies and field tests have examined the usability of ballot casting and receipt checking. Simply checking receipts, however, is not enough to provide strong assurance that the election outcome is correct; voters must also be counted on to report any discrepancies between their receipts and the official record when they occur. In this paper we designed and ran a study examining the frequency and conditions under which voters (a) check their receipts, and (b) report discrepancies when they occur. Participants were recruited online and were asked to vote in a survey on charitable giving. Similar to previous work, we found that the proportion of voters performing a receipt check was low.

End-to-end verifiable (E2E) voting systems provide voters with (privacy preserving) receipts of their ballots allowing them to check that their votes were correctly included in the final tally. A number of recent studies and field tests have examined the usability of ballot casting and receipt checking. Simply checking receipts, however, is not enough to provide strong assurance that the election outcome is correct; voters must also be counted on to report any discrepancies between their receipts and the official record when they occur. In this paper we designed and ran a study examining the frequency and conditions under which voters (a) check their receipts, and (b) report discrepancies when they occur. Participants were recruited online and were asked to vote in a survey on charitable giving. Similar to previous work, we found that the proportion of voters performing a receipt check was low. More importantly, within this group, we found that the proportion of voters reporting discrepancies was also low. We did however observe that the incidence of receipt checking was significantly higher when the election outcome was unanticipated or unexpected by voters. In the condition with an adverse election result we observed that, while 7.5% of voters checked receipts, only 0.5% filed a dispute when shown an incorrect receipt. With such low reporting rates, E2E voting systems will struggle to detect fraud with high confidence, especially in elections with narrow margins of victory. We posit, therefore, that improving the usability of the receipt check component in E2E systems is an important open problem.

Available Media
  • Read more about Diffusion of Voter Responsibility: Potential Failings in E2E Voter Receipt Checking
4:30 pm–5:00 pm Tuesday

Invited Talk

TBA

Matt Masterson, U.S. Elections Assistance Commission

Matthew Masterson was nominated by President Barack H. Obama and confirmed by unanimous consent of the United States Senate on December 16, 2014 to serve on the U.S. Election Assistance Commission (EAC). His term of service extends through December 12, 2017.

Matthew Masterson was nominated by President Barack H. Obama and confirmed by unanimous consent of the United States Senate on December 16, 2014 to serve on the U.S. Election Assistance Commission (EAC). His term of service extends through December 12, 2017.

Prior to his appointment with EAC, Commissioner Masterson served as Interim Chief of Staff for the Ohio Secretary of State, a position he held since November 2014, he previously served as Deputy Chief of Staff and Chief Information Officer from 2013 to 2014, as well as Deputy Director of Elections from 2011 to 2013. In these roles Mr. Masterson was responsible for voting system certification efforts by the Secretary of State’s office including being the liaison to the Ohio Board of Voting Machine Examiners. Additionally, Mr. Masterson was in charge of Ohio’s effort to develop an online voter registration database and online ballot delivery for military and overseas voters. He is widely regarded as an expert on elections administration throughout Ohio and the country.

Prior to joining the Ohio Secretary of State’s Office, Mr. Masterson held multiple roles at the Election Assistance Commission from 2006 to 2011. Mr. Masterson was Deputy Director for the EAC’s Voting System Testing and Certification Program. In this role Mr. Masterson’s primary responsibility was the creation of the next iteration of the Voluntary Voting System Guidelines (VVSG). Mr. Masterson worked with the EAC’s Technical Guidelines Development Committee (TGDC) and the National Institute of Standards and Technology (NIST) in the creation of the TGDC’s recommended Voluntary Voting System Guidelines. In addition to these responsibilities, Mr. Masterson managed the day to day business of the EAC’s laboratory accreditation program including the creation of the EAC’s Voting System Test Laboratory Program Manual. Prior to this position Mr. Masterson joined the EAC in 2006 as a Special Assistant/Counsel to Chairman Paul DeGregorio.

Mr. Masterson was admitted to practice law in the State of Ohio in November of 2006. Mr. Masterson graduated from The University of Dayton School of Law in May 2006. At the University of Dayton Mr. Masterson served as the Chief Justice of the Moot Court program and Student Bar Association Vice President. Prior to law school Mr. Masterson received BS and BA degrees from Miami University in Oxford, OH.

  • Read more about TBA

© USENIX

  • Privacy Policy
  • Contact Us