2,579 research outputs found
Public Evidence from Secret Ballots
Elections seem simple---aren't they just counting? But they have a unique,
challenging combination of security and privacy requirements. The stakes are
high; the context is adversarial; the electorate needs to be convinced that the
results are correct; and the secrecy of the ballot must be ensured. And they
have practical constraints: time is of the essence, and voting systems need to
be affordable and maintainable, and usable by voters, election officials, and
pollworkers. It is thus not surprising that voting is a rich research area
spanning theory, applied cryptography, practical systems analysis, usable
security, and statistics. Election integrity involves two key concepts:
convincing evidence that outcomes are correct and privacy, which amounts to
convincing assurance that there is no evidence about how any given person
voted. These are obviously in tension. We examine how current systems walk this
tightrope.Comment: To appear in E-Vote-Id '1
What proof do we prefer? Variants of verifiability in voting
In this paper, we discuss one particular feature of Internet
voting, verifiability, against the background of scientific
literature and experiments in the Netherlands. In order
to conceptually clarify what verifiability is about, we distinguish
classical verifiability from constructive veriability in
both individual and universal verification. In classical individual
verifiability, a proof that a vote has been counted can
be given without revealing the vote. In constructive individual
verifiability, a proof is only accepted if the witness (i.e.
the vote) can be reconstructed. Analogous concepts are de-
fined for universal veriability of the tally. The RIES system
used in the Netherlands establishes constructive individual
verifiability and constructive universal verifiability,
whereas many advanced cryptographic systems described
in the scientific literature establish classical individual
verifiability and classical universal verifiability.
If systems with a particular kind of verifiability continue
to be used successfully in practice, this may influence the
way in which people are involved in elections, and their image
of democracy. Thus, the choice for a particular kind
of verifiability in an experiment may have political consequences.
We recommend making a well-informed democratic
choice for the way in which both individual and universal
verifiability should be realised in Internet voting, in
order to avoid these unconscious political side-effects of the
technology used. The safest choice in this respect, which
maintains most properties of current elections, is classical
individual verifiability combined with constructive universal
verifiability. We would like to encourage discussion
about the feasibility of this direction in scientific research
NetVote: A strict-coercion resistance re-voting based internet voting scheme with linear filtering
This paper is an extended of: Querejeta-Azurmendi, I.; Hernández Encinas, L.; Arroyo Guardeño, D.; Hernandez-Ardieta, J.L. An internet voting proposal towards improving usability and coercion resistance. Proceedings of the International Joint Conference: 12th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2019) and 10th International Conference on EUropean Transnational Education (ICEUTE 2019), Seville, Spain, 13-15 May 2019.This paper proposes NetVote, an internet voting protocol where usability and ease in deployment are a priority. We introduce the notion of strict coercion resistance, to distinguish between vote-buying and coercion resistance. We propose a protocol with ballot secrecy, practical everlasting privacy, verifiability and strict coercion resistance in the re-voting setting. Coercion is mitigated via a random dummy vote padding strategy to hide voting patterns and make re-voting deniable. This allows us to build a filtering phase with linear complexity, based on zero knowledge proofs to ensure correctness while maintaining privacy of the process. Voting tokens are formed by anonymous credentials and pseudorandom identifiers, achieving practical everlasting privacy, where even if dealing with a future computationally unbounded adversary, vote intention is still hidden. It is not assumed for voters to own cryptographic keys prior to the election, nor store cryptographic material during the election. This property allows voters not only to vote multiple times, but also from different devices each time, granting the voter a vote-from-anywhere experience. This paper builds on top of the paper published in CISIS'19. In this version, we modify the filtering. Moreover, we formally define the padding technique, which allows us to perform the linear filtering scheme. Similarly we provide more details on the protocol itself and include a section of the security analysis, where we include the formal definitions of strict coercion resistance and a game based definition of practical everlasting privacy. Finally, we prove that NetVote satisfies them all.This research has been partially supported by Ministerio de EconomĂa, Industria y Competitividad (MINECO), Agencia Estatal de InvestigaciĂłn (AEI), and European Regional Development Fund (ERDF, EU), through project COPCIS, grant number TIN2017-84844-C2-1-R, and by Comunidad de Madrid (Spain) through project CYNAMON, grant number P2018/TCS-4566-CM, co-funded along with ERDF
Receipt-Freeness and Coercion Resistance in Remote E-Voting Systems
Abstract: Remote electronic voting (E-voting) is a more convenient and efficient methodology when compared with traditional voting systems. It allows voters to vote for candidates remotely, however, remote E-voting systems have not yet been widely deployed in practical elections due to several potential security issues, such as vote-privacy, robustness and verifiability. Attackers' targets can be either voting machines or voters. In this paper, we mainly focus on three important security properties related to voters: receipt-freeness, vote-selling resistance, and voter-coercion resistance. In such scenarios, voters are willing or forced to cooperate with attackers. We provide a survey of existing remote E-voting systems, to see whether or not they are able to satisfy these three properties to avoid corresponding attacks. Furthermore, we identify and summarise what mechanisms they use in order to satisfy these three security properties
Extending Helios Towards Private Eligibility Verifiability
We show how to extend the Helios voting system to provide eligibility verifiability without revealing who voted which we call private eligibility verifiability. The main idea is that real votes are hidden in a crowd of null votes that are cast by others but are indistinguishable from those of the eligible voter. This extended Helios scheme also improves Helios towards receipt-freeness
- …