Simulation-Based Analysis of E2E Voting Systems

End-to-end auditable voting systems are expected to guarantee very interesting, and often sophisticated security properties, including correctness, privacy, fairness, receipt-freeness, . . . However, for many well-known protocols, these properties have never been analyzed in a systematic way. In this paper, we investigate the use of techniques from the simulation-based security tradition for the analysis of these protocols, through a case-study on the ThreeBallot protocol. Our analysis shows that the ThreeBallot protocol fails to emulate some natural voting functionality, reflecting the lack of election fairness guarantee from this protocol. Guided by the reasons that make our security proof fail, we propose a simple variant of the ThreeBallot protocol and show that this variant emulates our functionality.

[1]  Josh Benaloh,et al.  Receipt-Free Secret-Ballot Elections , 1994, STOC 1994.

[2]  Jens Groth Evaluating Security of Voting Schemes in the Universal Composability Framework , 2004, ACNS.

[3]  Kevin J. Henry,et al.  The Effectiveness of Receipt-Based Attacks on ThreeBallot , 2009, IEEE Transactions on Information Forensics and Security.

[4]  Mark Ryan,et al.  Coercion-resistance and receipt-freeness in electronic voting , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[5]  Birgit Pfitzmann,et al.  A model for asynchronous reactive systems and its application to secure message transmission , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[6]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[7]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[8]  Jeroen van de Graaf,et al.  A Verifiable Voting Protocol Based on Farnel , 2010, Towards Trustworthy Elections.

[9]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[10]  Charlie E. M. Strauss A critical review of the triple ballot voting system , 2006 .

[11]  R. Rivest The ThreeBallot Voting System , 2006 .

[12]  Moni Naor,et al.  Receipt-Free Universally-Verifiable Voting with Everlasting Privacy , 2006, CRYPTO.

[13]  David Chaum,et al.  A Practical Voter-Verifiable Election Scheme , 2005, ESORICS.

[14]  Instructor,et al.  ThreeBallot in the Field , 2006 .

[15]  Markus Jakobsson,et al.  Coercion-resistant electronic elections , 2005, WPES '05.

[16]  Jeremy Clark,et al.  On the Security of Ballot Receipts in E 2 E Voting Systems , 2007 .

[17]  Alan T. Sherman,et al.  Punchscan: Introduction and System Definition of a High-Integrity Election System , 2006 .

[18]  Warren D. Smith Three Voting Protocols: ThreeBallot, VAV, and Twin , 2007, EVT.

[19]  Josh Benaloh,et al.  Receipt-free secret-ballot elections (extended abstract) , 1994, STOC '94.