18 research outputs found
An Epistemic Approach to Coercion-Resistance for Electronic Voting Protocols
Coercion resistance is an important and one of the most intricate security
requirements of electronic voting protocols. Several definitions of coercion
resistance have been proposed in the literature, including definitions based on
symbolic models. However, existing definitions in such models are rather
restricted in their scope and quite complex.
In this paper, we therefore propose a new definition of coercion resistance
in a symbolic setting, based on an epistemic approach. Our definition is
relatively simple and intuitive. It allows for a fine-grained formulation of
coercion resistance and can be stated independently of a specific, symbolic
protocol and adversary model. As a proof of concept, we apply our definition to
three voting protocols. In particular, we carry out the first rigorous analysis
of the recently proposed Civitas system. We precisely identify those conditions
under which this system guarantees coercion resistance or fails to be coercion
resistant. We also analyze protocols proposed by Lee et al. and Okamoto.Comment: An extended version of a paper from IEEE Symposium on Security and
Privacy (S&P) 200
Classifying Privacy and Verifiability Requirements for Electronic Voting
Abstract: Voter privacy and verifiability are fundamental security concepts for elec-tronic voting. Existing literature on electronic voting provides many definitions and interpretations of these concepts, both informal and formal. While the informal defini-tions are often vague and imprecise, the formal definitions tend to be very complex and restricted in their scope as they are usually tailored for specific scenarios. Moreover, some of the existing interpretations are contradictory. This paper provides informal, yet precise definitions of anonymity, receipt-freeness and coercion-resistance and identifies different levels of individual and universal veri-fiability. The overarching goal of this paper is to investigate which levels are conceiv-able for implementing these requirements in e-voting systems for elections of different significance (for instance political elections vs. elections in associations).
Statistical Epistemic Logic
We introduce a modal logic for describing statistical knowledge, which we
call statistical epistemic logic. We propose a Kripke model dealing with
probability distributions and stochastic assignments, and show a stochastic
semantics for the logic. To our knowledge, this is the first semantics for
modal logic that can express the statistical knowledge dependent on
non-deterministic inputs and the statistical significance of observed results.
By using statistical epistemic logic, we express a notion of statistical
secrecy with a confidence level. We also show that this logic is useful to
formalize statistical hypothesis testing and differential privacy in a simple
and abstract manner
LNCS
Composable notions of incoercibility aim to forbid a coercer from using anything beyond the coerced partiesâ inputs and outputs to catch them when they try to deceive him. Existing definitions are restricted to weak coercion types, and/or are not universally composable. Furthermore, they often make too strong assumptions on the knowledge of coerced partiesâe.g., they assume they known the identities and/or the strategies of other coerced parties, or those of corrupted partiesâ which makes them unsuitable for applications of incoercibility such as e-voting, where colluding adversarial parties may attempt to coerce honest voters, e.g., by offering them money for a promised vote, and use their own view to check that the voter keeps his end of the bargain. In this work we put forward the first universally composable notion of incoercible multi-party computation, which satisfies the above intuition and does not assume collusions among coerced parties or knowledge of the corrupted set. We define natural notions of UC incoercibility corresponding to standard coercion-types, i.e., receipt-freeness and resistance to full-active coercion. Importantly, our suggested notion has the unique property that it builds on top of the well studied UC framework by Canetti instead of modifying it. This guarantees backwards compatibility, and allows us to inherit results from the rich UC literature. We then present MPC protocols which realize our notions of UC incoercibility given access to an arguably minimal setupânamely honestly generate tamper-proof hardware performing a very simple cryptographic operationâe.g., a smart card. This is, to our knowledge, the first proposed construction of an MPC protocol (for more than two parties) that is incoercibly secure and universally composable, and therefore the first construction of a universally composable receipt-free e-voting protocol
A Formal Taxonomy of Privacy in Voting Protocols
International audiencePrivacy is one of the main issues in electronic voting. We propose a family of symbolic privacy notions that allows to assess the level of privacy ensured by a voting protocol. Our definitions are applicable to protocols featuring multiple votes per voter and special attack scenarios such as vote-copying or forced abstention. Finally we employ our definitions on several existing voting protocols to show that our model allows to compare different types of protocols based on different techniques, and is suitable for automated verification using existing tools
Expressing Receipt-Freeness and Coercion-Resistance in Logics of Strategic Ability: Preliminary Attempt
ABSTRACT Voting is a mechanism of utmost importance to social processes. In this paper, we focus on the strategic aspect of information security in voting procedures. We argue that the notions of receipt-freeness and coercion resistance are underpinned by existence (or nonexistence) of a suitable strategy for some participants of the voting process. In order to back the argument formally, we provide logical "transcriptions" of the informal intuitions behind coercion-related properties that can be found in the existing literature. The transcriptions are formulated in the modal game logic ATL * , well known in the area of multi-agent systems