VOTOR: conceptually simple remote voting against tiny tyrants

This paper seeks to address the need for fair elections in an adversarial online setting in ad hoc elections. A major issue with existing online solutions is reliance on authorities, which in practice are often instantiated by only one organisation. We propose a conceptually simple but highly robust approach for casting ballots over commodity anonymisers under minimal assumptions. While other schemes have followed a similar approach none have utilised the primitives to achieve so many desirable properties. We then exploit this to construct a practical instantiation, called VOTOR---Voting over Tor---(one need not use Tor specifically), whose properties we show to compare favourably with prominent modern remote voting schemes such as Remotegrity and Helios. In particular, it shares the same coercion-resistance property, which we call weak receiptfreeness, as the latter two, but also provides privacy against election tellers. It is also conceptually simpler in its design than most modern schemes, and can be instantiated to allow voting credentials to persist from one election to the next without privacy attacks on past elections.

[1]  Kazue Sako,et al.  Receipt-Free Mix-Type Voting Scheme - A Practical Solution to the Implementation of a Voting Booth , 1995, EUROCRYPT.

[2]  Sébastien Canard,et al.  List signature schemes , 2006, Discret. Appl. Math..

[3]  Ben Smyth,et al.  Adapting Helios for Provable Ballot Privacy , 2011, ESORICS.

[4]  David Chaum,et al.  A Practical Voter-Verifiable Election Scheme , 2005, ESORICS.

[5]  Joseph K. Liu,et al.  Linkable Ring Signature with Unconditional Anonymity , 2014, IEEE Transactions on Knowledge and Data Engineering.

[6]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[7]  Atsushi Fujioka,et al.  A Practical Secret Voting Scheme for Large Scale Elections , 1992, AUSCRYPT.

[8]  Mark Ryan,et al.  Coercion-resistance and receipt-freeness in electronic voting , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[9]  Rafail Ostrovsky,et al.  Deniable Encryption , 1997, IACR Cryptol. ePrint Arch..

[10]  Ben Adida,et al.  Helios: Web-based Open-Audit Voting , 2008, USENIX Security Symposium.

[11]  Jeremy Clark,et al.  Scantegrity II: end-to-end verifiability by voters of optical scan elections through confirmation codes , 2009, IEEE Trans. Inf. Forensics Secur..

[12]  Josh Benaloh Verifiable secret-ballot elections , 1987 .

[13]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[14]  Masayuki Abe,et al.  Mix-Networks on Permutation Networks , 1999, ASIACRYPT.

[15]  Tatsuaki Okamoto,et al.  An electronic voting scheme , 1996, IFIP World Conference on IT Tools.

[16]  Michael J. Fischer,et al.  A robust and verifiable cryptographically secure election scheme , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[17]  Kazue Sako,et al.  Efficient Receipt-Free Voting Based on Homomorphic Encryption , 2000, EUROCRYPT.

[18]  Tatsuaki Okamoto,et al.  Receipt-Free Electronic Voting Schemes for Large Scale Elections , 1997, Security Protocols Workshop.

[19]  Yael Tauman Kalai,et al.  How to Leak a Secret: Theory and Applications of Ring Signatures , 2001, Essays in Memory of Shimon Even.

[20]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[21]  Jeroen van de Graaf,et al.  Improving Helios with Everlasting Privacy Towards the Public , 2012, EVT/WOTE.

[22]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[23]  Jeremy Clark,et al.  How to print a secret , 2009 .

[24]  Véronique Cortier,et al.  Measuring vote privacy, revisited , 2012, CCS.

[25]  David Chaum,et al.  Elections with Unconditionally-Secret Ballots and Disruption Equivalent to Breaking RSA , 1988, EUROCRYPT.

[26]  Jeremy Clark,et al.  Scantegrity II: End-to-End Verifiability for Optical Scan Election Systems using Invisible Ink Confirmation Codes , 2008, EVT.

[27]  Jeremy Clark,et al.  Remotegrity: Design and Use of an End-to-End Verifiable Remote Voting System , 2013, ACNS.

[28]  Panayiotis Tsanakas,et al.  From Helios to Zeus , 2013, EVT/WOTE.

[29]  Kaoru Kurosawa,et al.  Efficient Anonymous Channel and All/Nothing Election Scheme , 1994, EUROCRYPT.

[30]  Joseph K. Liu,et al.  Linkable Ring Signatures: Security Models and New Schemes , 2005, ICCSA.

[31]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[32]  Matthew K. Franklin,et al.  Multi-Autority Secret-Ballot Elections with Linear Work , 1996, EUROCRYPT.

[33]  Ben Smyth,et al.  Ballot Secrecy and Ballot Independence Coincide , 2013, ESORICS.

[34]  Josh Benaloh,et al.  Receipt-free secret-ballot elections (extended abstract) , 1994, STOC '94.

[35]  Michael R. Clarkson,et al.  Civitas: Toward a Secure Voting System , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).