论文信息 - Countering Ballot Stuffing and Incorporating Eligibility Verifiability in Helios

Countering Ballot Stuffing and Incorporating Eligibility Verifiability in Helios

Helios is a web-based end-to-end verifiable electronic voting system which has been said to be suitable for low-coercion environments. Although many Internet voting schemes have been proposed in the literature, Helios stands out for its real world relevance. It has been used in a number of elections in university campuses around the world and it has also been used recently by the IACR to elect its board members. It was noted that a dishonest server in Helios can stuff ballots and this seems to limit the claims of end-to-end verifiability of the system. In this work, we investigate how the issue of ballot stuffing can be addressed with minimum change to the current vote casting experience in Helios and we argue formally about the security of our techniques. Our ideas are intuitive and general enough to be applied in the context of other Internet voting scheme and they also address recent attacks exploiting the malleability of ballots in Helios.

Zhe Xia | Steve A. Schneider | Sriramkrishnan Srinivasan | Chris Culnane | James Heather

[1] Andrew C. Myers,et al. Civitas: A Secure Remote Voting System , 2007, Frontiers of Electronic Voting.

[2] Ben Adida,et al. Helios: Web-based Open-Audit Voting , 2008, USENIX Security Symposium.

[3] Markus Jakobsson,et al. Coercion-resistant electronic elections , 2005, WPES '05.

[4] Mark Ryan,et al. Towards Automatic Analysis of Election Verifiability Properties , 2010, ARSPA-WITS.

[5] Gavin Lowe,et al. Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security , 2010, Lecture Notes in Computer Science.

[6] Javier Herranz,et al. A Generic Construction for Token-Controlled Public Key Encryption , 2006, Financial Cryptography.

[7] Jean-Jacques Quisquater,et al. Electing a University President Using Open-Audit Voting: Analysis of Real-World Use of Helios , 2009, EVT/WOTE.

[8] Ben Smyth. Replay attacks that violate ballot secrecy in Helios , 2012, IACR Cryptol. ePrint Arch..

[9] Joonsang Baek,et al. Token-Controlled Public Key Encryption , 2005, ISPEC.

[10] Joseph Bonneau,et al. What's in a Name? , 2020, Financial Cryptography.

[11] Jeremy Clark,et al. Cobra: Toward Concurrent Ballot Authorization for Internet Voting , 2012, EVT/WOTE.

[12] Ben Smyth,et al. Attacking and Fixing Helios: An Analysis of Ballot Secrecy , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[13] Josh Benaloh,et al. Simple Verifiable Elections , 2006, EVT.