Coercion-Resistant Hybrid Voting Systems

Abstract: This paper proposes hybrid voting systems as a solution for the vote buying and voter coercion problem of electronic voting systems. The key idea is to allow voters to revoke and overrule their electronic votes at the polling station. We analyze the potential and pitfalls of such revocation procedures and give concrete recommendations on how to build a hybrid system offering coercion-resistance based on this feature. Our solution may be of interest to governments, which aim at integrating paper-based and electronic voting systems rather than replacing the former by the latter.

Voting with unconditional privacy: CFSY for booth voting

In this note we simplify the Cramer, Franklin, Schoenmaker and Yung internet voting protocol to the booth setting. In it, objects of the form $g_0^r g_1^{x_1}...g_l^{x_l}$ are used to define an unconditionally hiding commitment scheme. Because of their homomorphic properties they are particularly suited for voting protocols with unconditional privacy. In fact, we show that almost all existing protocols that provide unconditional privacy use or could benefit from these commitments. Even though we present no novelty from a cryptographic perpective, the protocol presented is interesting from a voting perspective because it is simple enough to be understood by non-cryptographers, yet very powerful

A Formal Taxonomy of Privacy in Voting Protocols

International audiencePrivacy is one of the main issues in electronic voting. We propose a family of symbolic privacy notions that allows to assess the level of privacy ensured by a voting protocol. Our definitions are applicable to protocols featuring multiple votes per voter and special attack scenarios such as vote-copying or forced abstention. Finally we employ our definitions on several existing voting protocols to show that our model allows to compare different types of protocols based on different techniques, and is suitable for automated verification using existing tools

LNCS

Composable notions of incoercibility aim to forbid a coercer from using anything beyond the coerced parties’ inputs and outputs to catch them when they try to deceive him. Existing definitions are restricted to weak coercion types, and/or are not universally composable. Furthermore, they often make too strong assumptions on the knowledge of coerced parties—e.g., they assume they known the identities and/or the strategies of other coerced parties, or those of corrupted parties— which makes them unsuitable for applications of incoercibility such as e-voting, where colluding adversarial parties may attempt to coerce honest voters, e.g., by offering them money for a promised vote, and use their own view to check that the voter keeps his end of the bargain. In this work we put forward the first universally composable notion of incoercible multi-party computation, which satisfies the above intuition and does not assume collusions among coerced parties or knowledge of the corrupted set. We define natural notions of UC incoercibility corresponding to standard coercion-types, i.e., receipt-freeness and resistance to full-active coercion. Importantly, our suggested notion has the unique property that it builds on top of the well studied UC framework by Canetti instead of modifying it. This guarantees backwards compatibility, and allows us to inherit results from the rich UC literature. We then present MPC protocols which realize our notions of UC incoercibility given access to an arguably minimal setup—namely honestly generate tamper-proof hardware performing a very simple cryptographic operation—e.g., a smart card. This is, to our knowledge, the first proposed construction of an MPC protocol (for more than two parties) that is incoercibly secure and universally composable, and therefore the first construction of a universally composable receipt-free e-voting protocol

Public Evidence from Secret Ballots

Elections seem simple---aren't they just counting? But they have a unique, challenging combination of security and privacy requirements. The stakes are high; the context is adversarial; the electorate needs to be convinced that the results are correct; and the secrecy of the ballot must be ensured. And they have practical constraints: time is of the essence, and voting systems need to be affordable and maintainable, and usable by voters, election officials, and pollworkers. It is thus not surprising that voting is a rich research area spanning theory, applied cryptography, practical systems analysis, usable security, and statistics. Election integrity involves two key concepts: convincing evidence that outcomes are correct and privacy, which amounts to convincing assurance that there is no evidence about how any given person voted. These are obviously in tension. We examine how current systems walk this tightrope.Comment: To appear in E-Vote-Id '1