Paper 2025/080

Breaking verifiability and vote privacy in CHVote

Véronique Cortier, Université de Lorraine, CNRS, Inria
Alexandre Debant, Université de Lorraine, CNRS, Inria
Pierrick Gaudry, Université de Lorraine, CNRS, Inria
Abstract

Abstract. CHVote is one of the two main electronic voting systems developed in the context of political elections in Switzerland, where the regulation requires a specific setting and specific trust assumptions. We show that actually, CHVote fails to achieve vote secrecy and individual verifiability (here, recorded-as-intended), as soon as one of the online components is dishonest, contradicting the security claims of CHVote. In total, we found 9 attacks or variants against CHVote, 2 of them being based on a bug in the reference implementation. We confirmed our findings through a proof-of-concept implementation of our attacks.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Preprint.
Contact author(s)
veronique cortier @ loria fr
alexandre debant @ inria fr
pierrick gaudry @ loria fr
History
2025-01-20: approved
2025-01-18: received
See all versions
Short URL
https://ia.cr/2025/080
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2025/080,
      author = {Véronique Cortier and Alexandre Debant and Pierrick Gaudry},
      title = {Breaking verifiability and vote privacy in {CHVote}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/080},
      year = {2025},
      url = {https://eprint.iacr.org/2025/080}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.