4,619 research outputs found
Public Evidence from Secret Ballots
Elections seem simple---aren't they just counting? But they have a unique,
challenging combination of security and privacy requirements. The stakes are
high; the context is adversarial; the electorate needs to be convinced that the
results are correct; and the secrecy of the ballot must be ensured. And they
have practical constraints: time is of the essence, and voting systems need to
be affordable and maintainable, and usable by voters, election officials, and
pollworkers. It is thus not surprising that voting is a rich research area
spanning theory, applied cryptography, practical systems analysis, usable
security, and statistics. Election integrity involves two key concepts:
convincing evidence that outcomes are correct and privacy, which amounts to
convincing assurance that there is no evidence about how any given person
voted. These are obviously in tension. We examine how current systems walk this
tightrope.Comment: To appear in E-Vote-Id '1
HandiVote: simple, anonymous, and auditable electronic voting
We suggest a set of procedures utilising a range of technologies by which a major democratic deficit of modern society can be addressed. The mechanism, whilst it makes limited use of cryptographic techniques in the background, is based around objects and procedures with which voters are currently familiar. We believe that this holds considerable potential for the extension of democratic participation and control
What proof do we prefer? Variants of verifiability in voting
In this paper, we discuss one particular feature of Internet
voting, verifiability, against the background of scientific
literature and experiments in the Netherlands. In order
to conceptually clarify what verifiability is about, we distinguish
classical verifiability from constructive veriability in
both individual and universal verification. In classical individual
verifiability, a proof that a vote has been counted can
be given without revealing the vote. In constructive individual
verifiability, a proof is only accepted if the witness (i.e.
the vote) can be reconstructed. Analogous concepts are de-
fined for universal veriability of the tally. The RIES system
used in the Netherlands establishes constructive individual
verifiability and constructive universal verifiability,
whereas many advanced cryptographic systems described
in the scientific literature establish classical individual
verifiability and classical universal verifiability.
If systems with a particular kind of verifiability continue
to be used successfully in practice, this may influence the
way in which people are involved in elections, and their image
of democracy. Thus, the choice for a particular kind
of verifiability in an experiment may have political consequences.
We recommend making a well-informed democratic
choice for the way in which both individual and universal
verifiability should be realised in Internet voting, in
order to avoid these unconscious political side-effects of the
technology used. The safest choice in this respect, which
maintains most properties of current elections, is classical
individual verifiability combined with constructive universal
verifiability. We would like to encourage discussion
about the feasibility of this direction in scientific research
Accuracy: The fundamental requirement for voting systems
There have been several attempts to develop a comprehensive account of the requirements for voting systems, particularly for public elections. Typically, these approaches identify a number of "high level" principals which are then refined either into more detailed statements or more formal constructs. Unfortunately, these approaches do not acknowledge the complexity and diversity of the contexts in which voting takes place. This paper takes a different approach by arguing that the only requirement for a voting system is that it is accurate. More detailed requirements can then be derived from this high level requirement for the particular context in which the system is implemented and deployed. A general, formal high level model for voting systems and their context is proposed. Several related definitions of accuracy for voting systems are then developed, illustrating how the term "accuracy" is in interpreted in different contexts. Finally, a context based requirement for voting system privacy is investigated as an example of deriving a subsidiary requirement from the high level requirement for accuracy
Receipt-Freeness and Coercion Resistance in Remote E-Voting Systems
Abstract: Remote electronic voting (E-voting) is a more convenient and efficient methodology when compared with traditional voting systems. It allows voters to vote for candidates remotely, however, remote E-voting systems have not yet been widely deployed in practical elections due to several potential security issues, such as vote-privacy, robustness and verifiability. Attackers' targets can be either voting machines or voters. In this paper, we mainly focus on three important security properties related to voters: receipt-freeness, vote-selling resistance, and voter-coercion resistance. In such scenarios, voters are willing or forced to cooperate with attackers. We provide a survey of existing remote E-voting systems, to see whether or not they are able to satisfy these three properties to avoid corresponding attacks. Furthermore, we identify and summarise what mechanisms they use in order to satisfy these three security properties
- …