Electronic voting plays an increasingly important role in the democratic process in the US and other countries. As technology continues to advance, the security and privacy requirements of contemporary voting platforms become even more strict, and several voting protocols have been proposed. At the same time, homomorphic encryption offers powerful primitives that allow provable guarantees of security. In this paper, we analyze the security of a partially homomorphic electronic voting architecture and describe a vote-stealing attack by exploiting a length-extension vulnerability in the message authentication component of the system. Our attack scales with the public key parameters of the homomorphic encryption scheme and does not require any exhaustive search for secret keys or initialization vectors.
展开▼