86 research outputs found
An individually verifiable voting protocol with complete recorded-as-intended and counted-as-recorded guarantees
Democratic principles demand that every voter should be able to individually
verify that their vote is recorded as intended and counted as recorded, without
having to trust any authorities. However, most end-to-end (E2E) verifiable
voting protocols that provide universal verifiability and voter secrecy
implicitly require to trust some authorities or auditors for the correctness
guarantees that they provide.
In this paper, we explore the notion of individual verifiability. We evaluate
the existing E2E voting protocols and propose a new protocol that guarantees
such verifiability without any trust requirements. Our construction depends on
a novel vote commitment scheme to capture voter intent that allows voters to
obtain a direct zero-knowledge proof of their vote being recorded as intended.
We also ensure protection against spurious vote injection or deletion post
eligibility verification, and polling-booth level community profiling
Public Evidence from Secret Ballots
Elections seem simple---aren't they just counting? But they have a unique,
challenging combination of security and privacy requirements. The stakes are
high; the context is adversarial; the electorate needs to be convinced that the
results are correct; and the secrecy of the ballot must be ensured. And they
have practical constraints: time is of the essence, and voting systems need to
be affordable and maintainable, and usable by voters, election officials, and
pollworkers. It is thus not surprising that voting is a rich research area
spanning theory, applied cryptography, practical systems analysis, usable
security, and statistics. Election integrity involves two key concepts:
convincing evidence that outcomes are correct and privacy, which amounts to
convincing assurance that there is no evidence about how any given person
voted. These are obviously in tension. We examine how current systems walk this
tightrope.Comment: To appear in E-Vote-Id '1
Receipt-Freeness and Coercion Resistance in Remote E-Voting Systems
Abstract: Remote electronic voting (E-voting) is a more convenient and efficient methodology when compared with traditional voting systems. It allows voters to vote for candidates remotely, however, remote E-voting systems have not yet been widely deployed in practical elections due to several potential security issues, such as vote-privacy, robustness and verifiability. Attackers' targets can be either voting machines or voters. In this paper, we mainly focus on three important security properties related to voters: receipt-freeness, vote-selling resistance, and voter-coercion resistance. In such scenarios, voters are willing or forced to cooperate with attackers. We provide a survey of existing remote E-voting systems, to see whether or not they are able to satisfy these three properties to avoid corresponding attacks. Furthermore, we identify and summarise what mechanisms they use in order to satisfy these three security properties
Dispute Resolution in Voting
In voting, disputes arise when a voter claims that the voting authority is
dishonest and did not correctly process his ballot while the authority claims
to have followed the protocol. A dispute can be resolved if any third party can
unambiguously determine who is right. We systematically characterize all
relevant disputes for a generic, practically relevant, class of voting
protocols. Based on our characterization, we propose a new definition of
dispute resolution for voting that accounts for the possibility that both
voters and the voting authority can make false claims and that voters may
abstain from voting.
A central aspect of our work is timeliness: a voter should possess the
evidence required to resolve disputes no later than the election's end. We
characterize what assumptions are necessary and sufficient for timeliness in
terms of a communication topology for our voting protocol class. We formalize
the dispute resolution properties and communication topologies symbolically.
This provides the basis for verification of dispute resolution for a broad
class of protocols. To demonstrate the utility of our model, we analyze a
mixnet-based voting protocol and prove that it satisfies dispute resolution as
well as verifiability and receipt-freeness. To prove our claims, we combine
machine-checked proofs with traditional pen-and-paper proofs
- …