Anonymity and Verifiability in Voting: Understanding (Un)Linkability

Anonymity and verifiability are crucial security requirements for voting. Still, they seem to be contradictory, and confusion exists about their precise meanings and compatibility. In this paper, we resolve the confusion by showing that both can be expressed in terms of (un)linkability: while anonymity requires unlinkability of voter and vote, verifiability requires linkability of voters and election result. We first provide a conceptual model which captures anonymity as well as verifiability. Second, we express the semantics of (un)linkability in terms of (in)distinguishability. Third, we provide an adversary model that describes which capabilities the attacker has for establishing links. These components form a comprehensive model for describing and analyzing voting system security. In a case study we use our model to analyze the security of the voting scheme Pret a Voter. Our work contributes to a deeper understanding of anonymity and verifiability and their correlation in voting.

[1]  David Chaum,et al.  A Practical Voter-Verifiable Election Scheme , 2005, ESORICS.

[2]  Dieter Gollmann,et al.  Computer Security – ESORICS 2003 , 2003, Lecture Notes in Computer Science.

[3]  Markus Jakobsson,et al.  Making Mix Nets Robust for Electronic Voting by Randomized Partial Checking , 2002, USENIX Security Symposium.

[4]  Atsushi Fujioka,et al.  A Practical Secret Voting Scheme for Large Scale Elections , 1992, AUSCRYPT.

[5]  Mark Ryan,et al.  Coercion-resistance and receipt-freeness in electronic voting , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[6]  Jennifer Seberry,et al.  Advances in Cryptology — AUSCRYPT '92 , 1992, Lecture Notes in Computer Science.

[7]  Dieter Gollmann,et al.  Computer Security - ESORICS 2005, 10th European Symposium on Research in Computer Security, Milan, Italy, September 12-14, 2005, Proceedings , 2005, ESORICS.

[8]  David Pointcheval,et al.  On Some Incompatible Properties of Voting Schemes , 2010, Towards Trustworthy Elections.

[9]  Markus Jakobsson,et al.  Coercion-resistant electronic elections , 2005, WPES '05.

[10]  Ralf Küsters,et al.  An Epistemic Approach to Coercion-Resistance for Electronic Voting Protocols , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[11]  Wolter Pieters,et al.  Provable anonymity , 2005, FMSE '05.

[12]  C. Andrew Neff,et al.  Ballot Casting Assurance , 2006, EVT.

[13]  Emmanouil Magkos,et al.  Towards Secure and Practical E-Elections in the New Era , 2003, Secure Electronic Voting.

[14]  David Chaum,et al.  Secret-ballot receipts: True voter-verifiable elections , 2004, IEEE Security & Privacy Magazine.

[15]  David A. Wagner,et al.  Cryptographic Voting Protocols: A Systems Perspective , 2005, USENIX Security Symposium.

[16]  Josh Benaloh,et al.  Receipt-free secret-ballot elections (extended abstract) , 1994, STOC '94.

[17]  Warren D. Smith Three Voting Protocols: ThreeBallot, VAV, and Twin , 2007, EVT.

[18]  Dan Boneh,et al.  Proceedings of the 11th USENIX Security Symposium , 2002 .

[19]  Josh Benaloh,et al.  Ballot Casting Assurance via Voter-Initiated Poll Station Auditing , 2007, EVT.

[20]  Bart Preneel,et al.  Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[21]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[22]  Mark Ryan,et al.  Election Verifiability in Electronic Voting Protocols , 2010, ESORICS.

[23]  Kazue Sako,et al.  Efficient Receipt-Free Voting Based on Homomorphic Encryption , 2000, EUROCRYPT.

[24]  Peter Y. A. Ryan,et al.  A variant of the Chaum voter-verifiable scheme , 2005, WITS '05.

[25]  Marek Klonowski,et al.  Rapid Mixing and Security of Chaum's Visual Electronic Voting , 2003, ESORICS.