A Game-Based Definition of Coercion-Resistance and Its Applications

Coercion-resistance is one of the most important and intricate security requirements for voting protocols. Several definitions of coercion-resistance have been proposed in the literature, both in cryptographic settings and more abstract, symbolic models. However, unlike symbolic approaches, only very few voting protocols have been rigorously analyzed within the cryptographic setting. A major obstacle is that existing cryptographic definitions of coercion-resistance tend to be complex and limited in scope: They are often tailored to specific classes of protocols or are too demanding. In this paper, we therefore present a simple and intuitive, yet widely applicable cryptographic definition of coercionresistance, in the style of game-based definitions. This definition allows to precisely measure the level of coercion-resistance a protocol provides. As a proof of concept, we apply our definition to two voting systems, namely, the Bingo voting system and ThreeBallot. The results we obtain are out of the scope of existing approaches. We show that the Bingo voting system provides the same level of coercion-resistance as an ideal voting system. We also precisely measure the degradation of coercion-resistance of ThreeBallot in case the so-called short ballot assumption does not hold and show that the level of coercion-resistance ThreeBallot provides is significantly lower than that of an ideal system, even in case of short ballots.

[1]  Jörn Müller-Quade,et al.  Universally Composable Incoercibility , 2009, IACR Cryptol. ePrint Arch..

[2]  Michael Backes,et al.  Automated Verification of Remote Electronic Voting Protocols in the Applied Pi-Calculus , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[3]  Ralf Küsters,et al.  An Epistemic Approach to Coercion-Resistance for Electronic Voting Protocols , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[4]  Kevin J. Henry,et al.  The Effectiveness of Receipt-Based Attacks on ThreeBallot , 2009, IEEE Transactions on Information Forensics and Security.

[5]  Ralf Küsters,et al.  Simulation-based security with inexhaustible interactive Turing machines , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[6]  Markus Jakobsson,et al.  Coercion-resistant electronic elections , 2005, WPES '05.

[7]  Warren D. Smith Three Voting Protocols: ThreeBallot, VAV, and Twin , 2007, EVT.

[8]  Lee Naish,et al.  Coercion-Resistant Tallying for STV Voting , 2008, EVT.

[9]  R. Rivest The ThreeBallot Voting System , 2006 .

[10]  Miroslaw Kutylowski,et al.  Short Ballot Assumption and Threeballot Voting Protocol , 2008, SOFSEM.

[11]  Moni Naor,et al.  Receipt-Free Universally-Verifiable Voting with Everlasting Privacy , 2006, CRYPTO.

[12]  Ran Canetti,et al.  Incoercible Multiparty Computation (extended abstract). , 1996, IEEE Annual Symposium on Foundations of Computer Science.

[13]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[14]  Tatsuaki Okamoto,et al.  Receipt-Free Electronic Voting Schemes for Large Scale Elections , 1997, Security Protocols Workshop.

[15]  Josh Benaloh,et al.  Receipt-free secret-ballot elections (extended abstract) , 1994, STOC '94.

[16]  Michael R. Clarkson,et al.  Civitas: Toward a Secure Voting System , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[17]  Mark Ryan,et al.  Coercion-resistance and receipt-freeness in electronic voting , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[18]  Jörn Müller-Quade,et al.  Bingo Voting: Secure and Coercion-Free Voting Using a Trusted Random Number Generator , 2007, VOTE-ID.

[19]  Ryan W. Gardner,et al.  Coercion Resistant End-to-end Voting , 2009, Financial Cryptography.

[20]  Wolter Pieters,et al.  Receipt-freeness as a special case of anonymity in epistemic logic , 2006 .

[21]  Ralf Küsters,et al.  A Game-Based Definition of Coercion-Resistance and Its Applications , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[22]  David Pointcheval,et al.  On Some Incompatible Properties of Voting Schemes , 2010, Towards Trustworthy Elections.

[23]  Jean-Jacques Quisquater,et al.  Simulation-Based Analysis of E2E Voting Systems , 2007, VOTE-ID.

[24]  Moni Naor,et al.  Split-ballot voting: Everlasting privacy with distributed trust , 2007, TSEC.