Cobra: Toward Concurrent Ballot Authorization for Internet Voting

We propose and study the notion of concurrent ballot authorization for coercion-resistant, end-to-end verifiable (E2E) internet voting. A central part of providing coercion resistance is the ability for an election authority to filter out fake ballots from legitimate ones in a way that is both private and universally verifiable. This ballot authorization process, however, can potentially come at a heavy computational cost. In previous proposals, the bulk of this computation cannot be performed until the last ballot has been cast. By contrast, concurrent ballot authorization allows ballots to be authorized as they are submitted, allowing the tally to be declared immediately after polls close. An efficient tally is especially important in the coercion-resistant internet voting setting, as it is particularly vulnerable to denial of service attacks caused by floods of fake ballots. We present a proof-of-concept voting system, Cobra, the first coercion-resistant system to offer concurrent ballot authorization. Although Cobra offers the fastest tallying relative to the related work, it has a registration process that we consider to be too slow to be viable; one that is quadratic in the number of eligible voters. We present Cobra as a first-step toward what we hope will become a standard feature of coercion-resistant internet voting schemes: concurrent ballot authorization.

[1]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[2]  Hugo Krawczyk,et al.  Secure Distributed Key Generation for Discrete-Log Based Cryptosystems , 1999, Journal of Cryptology.

[3]  Miroslaw Kutylowski,et al.  Verifiable Internet Voting Solving Secure Platform Problem , 2007, IWSEC.

[4]  Benny Pinkas,et al.  Efficient Private Matching and Set Intersection , 2004, EUROCRYPT.

[5]  Jeremy Clark,et al.  Selections: Internet Voting with Over-the-Shoulder Coercion-Resistance , 2011, Financial Cryptography.

[6]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[7]  Martin Hirt,et al.  Receipt-Free K-out-of-L Voting Based on ElGamal Encryption , 2010, Towards Trustworthy Elections.

[8]  Bill Cheswick,et al.  Privacy-Enhanced Searches Using Encrypted Bloom Filters , 2004, IACR Cryptol. ePrint Arch..

[9]  Eu-Jin Goh,et al.  Secure Indexes , 2003, IACR Cryptol. ePrint Arch..

[10]  Dan S. Wallach,et al.  Denial of Service via Algorithmic Complexity Attacks , 2003, USENIX Security Symposium.

[11]  Olivier Pereira,et al.  Running Mixnet-Based Elections with Helios , 2011, EVT/WOTE.

[12]  Rolf Haenni,et al.  Efficient Vote Authorization in Coercion-Resistant Internet Voting , 2011, VoteID.

[13]  Torben P. Pedersen A Threshold Cryptosystem without a Trusted Party (Extended Abstract) , 1991, EUROCRYPT.

[14]  David Mandell Freeman,et al.  Converting Pairing-Based Cryptosystems from Composite-Order Groups to Prime-Order Groups , 2010, EUROCRYPT.

[15]  Jörn Schweisgut Coercion-Resistant Electronic Elections with Observer , 2006, Electronic Voting.

[16]  Mariana Raykova,et al.  Verifiable Remote Voting with Large Scale Coercion Resistance , 2011 .

[17]  Ralf Küsters,et al.  An Epistemic Approach to Coercion-Resistance for Electronic Voting Protocols , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[18]  Carlos Ribeiro,et al.  CodeVoting Protection Against Automatic Vote Manipulation in an Uncontrolled Environment , 2007, VOTE-ID.

[19]  Ralf Küsters,et al.  A Game-Based Definition of Coercion-Resistance and Its Applications , 2010, CSF.

[20]  J. Markus,et al.  Millimix: Mixing in Small Batches , 1999 .

[21]  Michael R. Clarkson,et al.  Civitas: Toward a Secure Voting System , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[22]  Johannes A. Buchmann,et al.  On Coercion-Resistant Electronic Elections with Linear Work , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[23]  Jacques Traoré,et al.  Towards Practical and Secure Coercion-Resistant Electronic Elections , 2010, CANS.

[24]  Markus Jakobsson,et al.  Mix and Match: Secure Function Evaluation via Ciphertexts , 2000, ASIACRYPT.

[25]  Martin Hirt,et al.  Multi party computation: efficient protocols, general adversaries, and voting , 2001 .

[26]  Kazuo Ohta,et al.  Divertible Zero Knowledge Interactive Proofs and Commutative Random Self-Reducibility , 1990, EUROCRYPT.

[27]  Markus Jakobsson,et al.  Designated Verifier Proofs and Their Applications , 1996, EUROCRYPT.

[28]  Sven Heiberg,et al.  On E-Vote Integrity in the Case of Malicious Voter Computers , 2010, ESORICS.

[29]  Jacques Traoré,et al.  A practical and secure coercion-resistant scheme for remote elections , 2007, Frontiers of Electronic Voting.

[30]  Warren D. Smith New cryptographic election protocol with best-known theoretical properties , 2005 .

[31]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[32]  Bo Meng A Coercion-Resistant Internet Voting Protocol , 2007, 2007 Second International Conference on Systems and Networks Communications (ICSNC 2007).

[33]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[34]  Rolf Haenni,et al.  A New Approach towards Coercion-Resistant Remote E-Voting in Linear Time , 2011, Financial Cryptography.

[35]  Ben Riva,et al.  Bare-Handed Electronic Voting with Pre-processing , 2007, EVT.

[36]  Xun Yi,et al.  Practical Remote End-to-End Voting Scheme , 2011, EGOVIS.

[37]  Rolf Haenni,et al.  Preventing Board Flooding Attacks in Coercion-Resistant Electronic Voting Schemes , 2011, SEC.

[38]  Jean-Jacques Quisquater,et al.  Electing a University President Using Open-Audit Voting: Analysis of Real-World Use of Helios , 2009, EVT/WOTE.

[39]  Peter Y. A. Ryan,et al.  Pretty Good Democracy , 2009, Security Protocols Workshop.

[40]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[41]  Richard Buckland,et al.  Masked Ballot Voting for Receipt-Free Online Elections , 2009, VoteID.

[42]  Dan Boneh,et al.  Evaluating 2-DNF Formulas on Ciphertexts , 2005, TCC.

[43]  Ben Adida,et al.  Helios: Web-based Open-Audit Voting , 2008, USENIX Security Symposium.

[44]  Rolf Haenni,et al.  Coercion-Resistant Hybrid Voting Systems , 2010, Electronic Voting.

[45]  Rafail Ostrovsky,et al.  Public Key Encryption That Allows PIR Queries , 2007, CRYPTO.

[46]  Jeremy Clark,et al.  Panic Passwords: Authenticating under Duress , 2008, HotSec.

[47]  Alessandro Acquisti,et al.  Receipt-Free Homomorphic Elections and Write-in Ballots , 2004, IACR Cryptol. ePrint Arch..

[48]  Masayuki Abe,et al.  Mix-Networks on Permutation Networks , 1999, ASIACRYPT.

[49]  Mark Ryan,et al.  Election Verifiability in Electronic Voting Protocols , 2010, ESORICS.

[50]  Ronald Cramer,et al.  A secure and optimally efficient multi-authority election scheme , 1997, Eur. Trans. Telecommun..

[51]  Markus Jakobsson,et al.  Coercion-resistant electronic elections , 2005, WPES '05.