Defeating Malicious Terminals in an Electronic Voting System

The advent of electronic voting gives rise to a new threat: Adversaries may execute undetectable, automated attacks against the system. Elections are often secured through complex policies, which may be difficult to enforce; Completely Automated Public Turing Tests to Tell Computers and Humans Apart (CAPTCHAs) provide an inexpensive alternative. The goal of this study is to introduce a unique application of CAPTCHAs that allows a human to transmit a message securely across an untrusted medium, and this has direct implications in the domain of electronic voting. We assume that the voter is equipped with a trusted voting device capable of digitally signing the vote. A trusted tallier generates a CAPTCHA-encrypted ballot, which contains a one-time pad, a mapping of candidates to values. This CAPTCHA is sent to the user across an untrusted voting terminal. The user transmits to the trusted device a value corresponding to his chosen candidate, which is signed using a blind signature scheme and transmitted to the tallier. Finally, the tallier then translates this value into the voter’s selected candidate. All steps of such a protocol must be defined such that they are usable by all voters, and we will consider the usability of some example CAPTCHA-based voting systems.