Last year, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) announced the first four quantum-resistant cryptographic algorithms from its six-year selection process. In fact, quantum computing could potentially crack the security used to protect the digital systems we rely on every day. The EquiVox project led by Prof. Peter Y. A. Ryan, professor of Applied Security at the University of Luxembourg’s Interdisciplinary Centre for Security, Reliability and Trust (SnT), focusses on developing secure and practical e-voting schemes that are resilient against quantum computers.

"The EquiVox project addresses the security challenges posed by quantum computing, which has the potential to break cryptographic algorithms commonly used in electronic voting systems", says Professor Peter Ryan. "Our APSIA (Applied Security and Information Assurance Group) research group, consisting of about 20 members, conducts research on cryptographic protocols, security-critical systems, quantum cryptography, and post-quantum resistant cryptography".

Prof. Ryan's interest in secure voting systems dates back almost 20 years when he started working on a large-scale project on the dependability of critical systems at the University of Newcastle. These years inspired him to look into the sociotechnical aspects of voting systems and taught him the need to adopt an interdisciplinary approach to address the challenge of designing secure and verifiable voting schemes. 

"Elections present unique challenges, due to the vote privacy requirements there is no god’s eye view to determine if an election outcome is correct. The project's focus is on developing verifiable voting systems that not only produce accurate results but also provide convincing evidence of their correctness", he says.

There are two approaches to voting systems: in-person voting and internet voting. On the one hand, in-person voting is relatively easier to manage in terms of security and privacy, as measures can be taken to ensure voter isolation within a polling booth. However, with the increasing use of smartphones and other devices equipped with cameras, even in this approach there are challenges. Internet voting, on the other hand, is highly complex due to the fundamental insecurities of the Internet and the potential for coercion. Prof. Ryan believes that current technology does not allow for secure internet voting, especially for critical elections such as national elections. While there are companies claiming to offer secure internet voting solutions, he remains sceptical of their effectiveness. He emphasises the need for verifiability in voting systems, allowing voters to ensure accurate counting of their votes without compromising privacy or introducing threats of coercion.

The EquiVox project addresses an additional layer of complexity by exploring the potential threat of large-scale quantum computers. "If quantum computers capable of running algorithms like Shor's algorithm become a reality, contemporary public key asymmetric cryptography, including extensively used algorithms like RSA and Diffie-Hellman, would be rendered obsolete", says Peter Ryan. This poses a serious threat to the whole digital society, including internet infrastructure, e-commerce, e-government, voting systems, etc. "While the timeline for the development of large-scale quantum computers remains uncertain, experts in the field emphasise the need to prepare for this eventuality", he adds. Research is being conducted to find alternative forms of public key cryptography that can resist attacks from quantum computers. "The EquiVox project explores how to address this problem specifically in the context of voting systems, aiming to develop secure and verifiable schemes that are resistant to quantum computing threats", says Professor Ryan.

The project also explores the concepts of "everlasting security" or "information-theoretic security," which provide security even against an attacker with infinite computing power. In certain special contexts, such as correctly implemented one-time pad encryption systems, everlasting unconditional security can be achieved. The EquiVox project investigates these possibilities within the field of voting systems and beyond.

By addressing the challenges of developing secure and verifiable voting systems that can withstand the potential threats posed by the emergence of quantum computers, the EquiVox project aims to contribute to the security and integrity of core mechanisms such as elections.  The project, therefore, evolves around systems like elections that are fundamental to the functioning of democratic societies – and, may be extended to other security-critical systems.