An individually verifiable voting protocol with complete recorded-as-intended and counted-as-recorded guarantees

Democratic principles demand that every voter should be able to individually verify that their vote is recorded as intended and counted as recorded, without having to trust any authorities. However, most end-to-end (E2E) verifiable voting protocols that provide universal verifiability and voter secrecy implicitly require to trust some authorities or auditors for the correctness guarantees that they provide. In this paper, we explore the notion of individual verifiability. We evaluate the existing E2E voting protocols and propose a new protocol that guarantees such verifiability without any trust requirements. Our construction depends on a novel vote commitment scheme to capture voter intent that allows voters to obtain a direct zero-knowledge proof of their vote being recorded as intended. We also ensure protection against spurious vote injection or deletion post eligibility verification, and polling-booth level community profiling

Democracy Enhancing Technologies: Toward deployable and incoercible E2E elections

End-to-end verifiable election systems (E2E systems) provide a provably correct tally while maintaining the secrecy of each voter's ballot, even if the voter is complicit in demonstrating how they voted. Providing voter incoercibility is one of the main challenges of designing E2E systems, particularly in the case of internet voting. A second challenge is building deployable, human-voteable E2E systems that conform to election laws and conventions. This dissertation examines deployability, coercion-resistance, and their intersection in election systems. In the course of this study, we introduce three new election systems, (Scantegrity, Eperio, and Selections), report on two real-world elections using E2E systems (Punchscan and Scantegrity), and study incoercibility issues in one deployed system (Punchscan). In addition, we propose and study new practical primitives for random beacons, secret printing, and panic passwords. These are tools that can be used in an election to, respectively, generate publicly verifiable random numbers, distribute the printing of secrets between non-colluding printers, and to covertly signal duress during authentication. While developed to solve specific problems in deployable and incoercible E2E systems, these techniques may be of independent interest

Proving Coercion-Resistance of Scantegrity II

By now, many voting protocols have been proposed that, among others, are designed to achieve coercion-resistance, i.e., resistance to vote buying and voter coercion. Scantegrity II is among the most prominent and successful such protocols in that it has been used in several elections. However, almost none of the modern voting protocols used in practice, including Scantegrity II, has undergone a rigorous cryptographic analysis. In this paper, we prove that Scantegrity II enjoys an optimal level of coercion-resistance, i.e., the same level of coercion-resistance as an ideal voting protocol (which merely reveals the outcome of the election), except for so-called forced abstention attacks. This result is obtained under the (necessary) assumption that the workstation used in the protocol is honest. Our analysis is based on a rigorous cryptographic definition of coercion-resistance we recently proposed. We argue that this definition is in fact the only existing cryptographic definition of coercion-resistance suitable for analyzing Scantegrity II. Our case study should encourage and facilitate rigorous cryptographic analysis of coercion-resistance also for other voting protocols used in practice

On Provable Security for Complex Systems

We investigate the contribution of cryptographic proofs of security to a systematic security engineering process. To this end we study how to model and prove security for concrete applications in three practical domains: computer networks, data outsourcing, and electronic voting. We conclude that cryptographic proofs of security can benefit a security engineering process in formulating requirements, influencing design, and identifying constraints for the implementation

Contamination in Cryptographic Protocols

We discuss a foundational issue in multi-prover interactive proofs (MIP) which we call "contamination" by the verifier. We propose a model which accounts for, and controls, verifier contamination, and show that this model does not lose expressive power. A new characterization of zero-knowledge naturally follows. We show the usefulness of this model by constructing a practical MIP for NP where the provers are spatially separated. Finally, we relate our model to the practical problem of e-voting by constructing a functional voter roster based on distributed trust

Matters of Coercion-Resistance in Cryptographic Voting Schemes

This work addresses coercion-resistance in cryptographic voting schemes. It focuses on three particularly challenging cases: write-in candidates, internet elections and delegated voting. Furthermore, this work presents a taxonomy for analyzing and comparing a huge variety of voting schemes, and presents practical experiences with the voting scheme Bingo Voting

Verifiability, Privacy, and Coercion-Resistance: New Insights from a Case Study

In this paper, we present new insights into central properties of voting systems, namely verifiability, privacy, and coercion-resistance. We demonstrate that the combination of the two forms of verifiability considered in the literature---individual and universal verifiability---are, unlike commonly believed, insufficient to guarantee overall verifiability. We also demonstrate that the relationship between coercion-resistance and privacy is more subtle than suggested in the literature. Our findings are partly based on a case study of prominent voting systems, ThreeBallot and VAV, for which, among others, we show that, unlike commonly believed, they do not provide any reasonable level of verifiability, even though they satisfy individual and universal verifiability. Also, we show that the original variants of ThreeBallot and VAV provide a better level of coercion-resistance than of privacy

Reclaiming scalability and privacy in the decentralized setting

The advent of blockchains has expanded the horizon of possibilities to novel decentralised applications and protocols that were not possible before. Designing and building such applications, be it for offering new ways for humans to interact or for circumventing the shortcomings of existing blockchains, requires analysing their security with a rigorous and multi-faceted approach. Indeed, the attack surface of decentralised, trustless applications is vastly more expansive than that of classical, server-client-based ones. Desirable properties such as security, privacy and scalability are attainable via established and widely applied approaches in the centralised case, where clients can afford to trust third party servers. Is it possible though for clients to self organize and attain these properties in use cases of interest without reliance on central authorities? We examine this question in the setting of a variety of blockchain-based applications. With an explicit aim of improving the state of the art and extending the limits of possible decentralised operations with precision and robustness, the present thesis explores, builds, analyses, and improves upon payments, content curation and decision making