Coercion-resistant electronic elections

We introduce a model for electronic election schemes that involves a more powerful adversary than previous work. In particular, we allow the adversary to demand of coerced voters that they vote in a particular manner, abstain from voting, or even disclose their secret keys. We define a scheme to be coercion-resistant if it is infeasible for the adversary to determine if a coerced voter complies with the demands.A first contribution of this paper is to describe and characterize a new and strengthened adversary for coercion in elections. (In doing so, we additionally present what we believe to be the first formal security definitions for electronic elections of any type.) A second contribution is to demonstrate a protocol that is secure against this adversary. While it is clear that a strengthening of attack models is of theoretical relevance, it is important to note that our results lie close to practicality. This is true both in that we model real-life threats (such as vote-buying and vote-canceling), and in that our proposed protocol combines a fair degree of efficiency with an unusual lack of structural complexity. Furthermore, previous schemes have required use of an untappable channel throughout. Ours only carries the much more practical requirement of an anonymous channel during the casting of ballots, and an untappable channel during registration (potentially using postal mail).This extended abstract is a heavily truncated version of the full paper available at http://eprint.iacr.org/2002/165.

[1]  Peter Y. A. Ryan,et al.  Prêt à Voter with Re-encryption Mixes , 2006, ESORICS.

[2]  Moni Naor,et al.  Receipt-Free Universally-Verifiable Voting with Everlasting Privacy , 2006, CRYPTO.

[3]  Josh Benaloh,et al.  Receipt-free secret-ballot elections (extended abstract) , 1994, STOC '94.

[4]  Markus Jakobsson,et al.  Designated Verifier Proofs and Their Applications , 1996, EUROCRYPT.

[5]  David A. Wagner,et al.  Cryptographic Voting Protocols: A Systems Perspective , 2005, USENIX Security Symposium.

[6]  Stefan A. Brands,et al.  Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy , 2000 .

[7]  David Chaum,et al.  Secret-ballot receipts: True voter-verifiable elections , 2004, IEEE Security & Privacy Magazine.

[8]  Wenbo Mao Verifiable Partial Sharing of Integer Fractions , 1998, Selected Areas in Cryptography.

[9]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[10]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[11]  Jan Camenisch,et al.  Efficient group signature schemes for large groups , 1997 .

[12]  Kazue Sako,et al.  An Efficient Scheme for Proving a Shuffle , 2001, CRYPTO.

[13]  Ronald Cramer,et al.  A secure and optimally efficient multi-authority election scheme , 1997, Eur. Trans. Telecommun..

[14]  Valtteri Niemi,et al.  How to Prevent Buying of Votes in Computer Elections , 1994, ASIACRYPT.

[15]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[16]  Kazue Sako,et al.  Efficient Receipt-Free Voting Based on Homomorphic Encryption , 2000, EUROCRYPT.

[17]  Wenbo Mao Veriable Partial Sharing of Integer Factors , 1999 .

[18]  Matthew K. Franklin,et al.  An Efficient Public Key Traitor Tracing Scheme , 1999, CRYPTO.

[19]  Hugo Krawczyk,et al.  Adaptive Security for Threshold Cryptosystems , 1999, CRYPTO.

[20]  Kazue Sako,et al.  Receipt-Free Mix-Type Voting Scheme - A Practical Solution to the Implementation of a Voting Booth , 1995, EUROCRYPT.

[21]  Atsushi Fujioka,et al.  A Practical Secret Voting Scheme for Large Scale Elections , 1992, AUSCRYPT.

[22]  Jun Furukawa,et al.  Efficient, Verifiable Shuffle Decryption and Its Requirement of Unlinkability , 2004, Public Key Cryptography.

[23]  David Chaum,et al.  A Practical Voter-Verifiable Election Scheme , 2005, ESORICS.

[24]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[25]  Dan S. Wallach,et al.  Analysis of an electronic voting system , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[26]  Ari Juels,et al.  $evwu Dfw , 1998 .

[27]  Markus Jakobsson,et al.  Mix and Match: Secure Function Evaluation via Ciphertexts , 2000, ASIACRYPT.

[28]  Emmanouil Magkos,et al.  Receipt-Freeness in Large-Scale Elections without Untappable Channels , 2001, I3E.

[29]  Dan Boneh,et al.  The Decision Diffie-Hellman Problem , 1998, ANTS.

[30]  Jacques Stern,et al.  Practical multi-candidate election system , 2001, PODC '01.

[31]  Rafail Ostrovsky,et al.  Deniable Encryption , 1997, IACR Cryptol. ePrint Arch..

[32]  Hugo Krawczyk,et al.  Secure Distributed Key Generation for Discrete-Log Based Cryptosystems , 1999, EUROCRYPT.

[33]  Jan Camenisch,et al.  Efficient Group Signature Schemes for Large Groups (Extended Abstract) , 1997, CRYPTO.

[34]  Kazue Sako,et al.  An Ecient Scheme for Proving a Shue , 2001 .

[35]  Markus Jakobsson,et al.  Making Mix Nets Robust for Electronic Voting by Randomized Partial Checking , 2002, USENIX Security Symposium.

[36]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[37]  Tatsuaki Okamoto,et al.  Receipt-Free Electronic Voting Schemes for Large Scale Elections , 1997, Security Protocols Workshop.

[38]  C. Andrew Neff,et al.  A verifiable secret shuffle and its application to e-voting , 2001, CCS '01.

[39]  Yiannis Tsiounis,et al.  On the Security of ElGamal Based Encryption , 1998, Public Key Cryptography.

[40]  Patrick Horster,et al.  Some Remarks on a Receipt-Free and Universally Verifiable Mix-Type Voting Scheme , 1996, ASIACRYPT.

[41]  Jan Camenisch,et al.  Proving in Zero-Knowledge that a Number Is the Product of Two Safe Primes , 1998, EUROCRYPT.

[42]  Tatsuaki Okamoto,et al.  An electronic voting scheme , 1996, IFIP World Conference on IT Tools.

[43]  Aggelos Kiayias,et al.  Self-tallying Elections and Perfect Ballot Secrecy , 2002, Public Key Cryptography.

[44]  Jacques Stern,et al.  Security Proofs for Signature Schemes , 1996, EUROCRYPT.

[45]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[46]  Berry Schoenmakers,et al.  A Simple Publicly Verifiable Secret Sharing Scheme and Its Application to Electronic , 1999, CRYPTO.

[47]  Manuel Blum,et al.  Noninteractive Zero-Knowledge , 1991, SIAM J. Comput..

[48]  Markus Jakobsson,et al.  Threshold Password-Authenticated Key Exchange , 2002, Journal of Cryptology.

[49]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[50]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[51]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[52]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[53]  Dan Boneh,et al.  Almost entirely correct mixing with applications to voting , 2002, CCS '02.

[54]  Markus Jakobsson,et al.  Security of Signed ElGamal Encryption , 2000, ASIACRYPT.

[55]  Jeremy Epstein,et al.  Electronic Voting , 2007, Computer.