Defeating Malicious Terminals in an Electronic Voting System

  • Daniel Hanley Georgia Institute of Technology
  • Jeff King Georgia Institute of Technology
  • André dos Santos Georgia Institute of Technology


The advent of electronic voting gives rise to a new threat: Adversaries may execute undetectable, automated attacks against the system. Elections are often secured through complex policies, which may be difficult to enforce; Completely Automated Public Turing Tests to Tell Computers and Humans Apart (CAPTCHAs) provide an inexpensive alternative. The goal of this study is to introduce a unique application of CAPTCHAs that allows a human to transmit a message securely across an untrusted medium, and this has direct implications in the domain of electronic voting. We assume that the voter is equipped with a trusted voting device capable of digitally signing the vote. A trusted tallier generates a CAPTCHA-encrypted ballot, which contains a one-time pad, a mapping of candidates to values. This CAPTCHA is sent to the user across an untrusted voting terminal. The user transmits to the trusted device a value corresponding to his chosen candidate, which is signed using a blind signature scheme and transmitted to the tallier. Finally, the tallier then translates this value into the voter’s selected candidate. All steps of such a protocol must be defined such that they are usable by all voters, and we will consider the usability of some example CAPTCHA-based voting systems.


Chaum, D. (2004). E-voting: Secret-ballot receipts: True voter-verifiable elections. IEEE Security & Privacy, 2(1):38-47.

Hirt, M. and Sako, K. (2000). Efficient receipt-free voting based on homomorphic encryption. In Advances in Cryptology - EUROCRYPT '2000, pages 539-556. Springer-Verlag.

King, J. and dos Santos, A. (2005). A user-friendly approach to human authentication of messages. In Proceedings of FC05, Financial Cryptography and Data Security.

King, J., dos Santos, A., and Xuan, C. (2004). KHAP: Using keyed hard AI problems to secure human interfaces. In Proceedings of IV Workshop em Seguranca de Sistemas Computacionais, Gramado, RS, Brasil.

Kockhanski, G., Lopresti, D., and Shih, C. (2002). A reverse turing test using speech. In Proceedings of the International Conference on Language Processing, Denver, Colorado.

Okamoto, T. (1997). Receipt-free electronic voting schemes for large scale elections. Proc. of Workshop on Security Protocols '97, pages 25-35.

Ryan, P. Y. A. (2005). A variant of the chaum voter-verifiable scheme. In WITS '05: Proceedings of the 2005 workshop on Issues in the theory of security, pages 81-88, New York, NY, USA. ACM Press.

Stabell-Kulø, T., Arild, R., and Myrvang, P. H. (1999). Providing authentication to messages signed with a smart card in hostile environments. In USENIX Workshop on Smartcard Technology.

von Ahn, L., Blum, M., Hopper, N., and Langford, J. (2003). CAPTCHA: Using hard AI problems for security. In Proceedings of Eurocrypt 2003.
HANLEY, Daniel; KING, Jeff; SANTOS, André dos. Defeating Malicious Terminals in an Electronic Voting System. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 5. , 2005, Florianópolis. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2005 . p. 113-123. DOI: