Self-tallying Elections and Perfect Ballot Secrecy

Strong voter privacy, although an important property of an election scheme, is usually compromised in election protocol design in favor of other (desirable) properties. In this work we introduce a new election paradigm with strong voter privacy as its primary objective. Our paradigm is built around three useful properties of voting schemes we define: (1) Perfect Ballot Secrecy, ensures that knowledge about the partial tally of the ballots of any set of voters is only computable by the coalition of all the remaining voters (this property captures strong voter privacy as understood in real world elections). (2) Self-tallying, suggests that the post-ballot-casting phase is an open procedure that can be performed by any interested (casual) third party. Finally, (3) Dispute-freeness, suggests that disputes between active parties are prevented altogether, which is an important efficient integrity component.We investigate conditions for the properties to exist, and their implications. We present a novel voting scheme which is the first system that is dispute-free, self-tallying and supports perfect ballot secrecy. Previously, any scheme which supports (or can be modified to support) perfect ballot secrecy suffers from at least one of the following two deficiencies: it involves voter-to-voter interactions and/or lacks fault tolerance (one faulty participant would fail the election). In contrast, our design paradigm obviates the need for voter-to-voter interaction (due to its dispute-freeness and publicly verifiable messages), and in addition our paradigm suggests a novel "corrective fault tolerant" mechanism. This mechanism neutralizes faults occurring before and after ballot casting, while self-tallying prevents further faults. Additionally, the mechanism is secrecy-preserving and "adaptive" in the sense that its cost is proportional to the number of faulty participants. As a result, our protocol is more efficient and robust than previous schemes that operate (or can be modified to operate) in the perfect ballot secrecy setting.

[1]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[2]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[3]  Nancy A. Lynch,et al.  Cryptographic protocols , 1982, STOC '82.

[4]  Michael J. Fischer,et al.  A robust and verifiable cryptographically secure election scheme , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[5]  Moti Yung,et al.  Distributing the power of a government to enhance the privacy of voters , 1986, PODC '86.

[6]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[7]  Josh Benaloh Verifiable secret-ballot elections , 1987 .

[8]  David Chaum,et al.  Elections with Unconditionally-Secret Ballots and Disruption Equivalent to Breaking RSA , 1988, EUROCRYPT.

[9]  Colin Boyd,et al.  A New Multiple Key Cipher and an Improved Voting Scheme , 1990, EUROCRYPT.

[10]  Adi Shamir,et al.  Witness indistinguishable and witness hiding protocols , 1990, STOC '90.

[11]  Lila Kari,et al.  Secret ballot elections in computer networks , 1991, Computers & security.

[12]  Rafail Ostrovsky,et al.  How To Withstand Mobile Virus Attacks , 1991, PODC 1991.

[13]  Rafail Ostrovsky,et al.  How to withstand mobile virus attacks (extended abstract) , 1991, PODC '91.

[14]  Atsushi Fujioka,et al.  A Practical Secret Voting Scheme for Large Scale Elections , 1992, AUSCRYPT.

[15]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[16]  Kaoru Kurosawa,et al.  Efficient Anonymous Channel and All/Nothing Election Scheme , 1994, EUROCRYPT.

[17]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[18]  Josh Benaloh,et al.  Receipt-Free Secret-Ballot Elections , 1994, STOC 1994.

[19]  Kazue Sako Electronic Voting Scheme Allowing Open Objection to the Tally , 1994 .

[20]  Kazue Sako,et al.  Secure Voting Using Partially Compatible Homomorphisms , 1994, CRYPTO.

[21]  Giovanni Di Crescenzo,et al.  On monotone formula closure of SZK , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[22]  Josh Benaloh,et al.  Receipt-free secret-ballot elections (extended abstract) , 1994, STOC '94.

[23]  Kazue Sako,et al.  Receipt-Free Mix-Type Voting Scheme - A Practical Solution to the Implementation of a Voting Booth , 1995, EUROCRYPT.

[24]  Matthew K. Franklin,et al.  Multi-Autority Secret-Ballot Elections with Linear Work , 1996, EUROCRYPT.

[25]  Kazue Sako,et al.  Fault tolerant anonymous channel , 1997, ICICS.

[26]  Ronald Cramer,et al.  A secure and optimally efficient multi-authority election scheme , 1997, Eur. Trans. Telecommun..

[27]  Tatsuaki Okamoto,et al.  Receipt-Free Electronic Voting Schemes for Large Scale Elections , 1997, Security Protocols Workshop.

[28]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[29]  Markus Jakobsson,et al.  Flash mixing , 1999, PODC '99.

[30]  Berry Schoenmakers,et al.  A Simple Publicly Verifiable Secret Sharing Scheme and Its Application to Electronic , 1999, CRYPTO.

[31]  Masayuki Abe,et al.  Mix-Networks on Permutation Networks , 1999, ASIACRYPT.

[32]  Hugo Krawczyk,et al.  Secure Distributed Key Generation for Discrete-Log Based Cryptosystems , 1999, EUROCRYPT.

[33]  Jacques Stern,et al.  Sharing Decryption in the Context of Voting or Lotteries , 2000, Financial Cryptography.

[34]  Kazue Sako,et al.  Efficient Receipt-Free Voting Based on Homomorphic Encryption , 2000, EUROCRYPT.

[35]  Jonathan Katz,et al.  Cryptographic Counters and Applications to Electronic Voting , 2001, EUROCRYPT.

[36]  Jacques Stern,et al.  Practical multi-candidate election system , 2001, PODC '01.

[37]  Ivan Damgård,et al.  A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System , 2001, Public Key Cryptography.

[38]  Music Musi Georgia Institute of Technology , 2002 .