论文信息 - On the Security of Ballot Receipts in E 2 E Voting Systems

On the Security of Ballot Receipts in E 2 E Voting Systems

This paper examines and compares the security of ballot receipts in three end-to-end auditable (E2E) voting systems: Prêt à Voter, Punchscan, and ThreeBallot. Ballot receipts should have two properties: from a privacy perspective, they should provide no information as to how the ballot was cast, and from an integrity perspective, they should provide no information that would assist an adversary in tampering with the tallying process. We find that Prêt à Voter and Punchscan have similar security properties with respect to ballot receipts, and provide no nonnegligible information on the receipt itself that could compromise privacy or security (assuming the underlying cryptography is secure). However we show that ThreeBallot receipts leak partial information that is useful for compromising voter privacy and the integrity of the tally.

[1] Senator,et al. The ThreeBallot Voting System , 2006 .

[2] Warren D. Smith. Three Voting Protocols: ThreeBallot, VAV, and Twin , 2007, EVT.

[3] Jeremy Clark,et al. Punchscan in Practice: An E2E Election Case Study , 2007 .

[4] David A. Wagner,et al. Cryptographic Voting Protocols: A Systems Perspective , 2005, USENIX Security Symposium.

[5] Charlie E. M. Strauss. A critical review of the triple ballot voting system , 2006 .

[6] David Chaum,et al. A Practical Voter-Verifiable Election Scheme , 2005, ESORICS.

[7] Peter Y. A. Ryan,et al. Prêt à Voter : a Systems Perspective , 2005 .

[8] Silvio Micali,et al. Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[9] David Chaum,et al. Multiparty unconditionally secure protocols , 1988, STOC '88.

[10] Alan T. Sherman,et al. Punchscan: Introduction and System Definition of a High-Integrity Election System , 2006 .