An Epistemic Approach to Coercion-Resistance for Electronic Voting Protocols

Coercion resistance is an important and one of themost intricate security requirements of electronicvoting protocols. Several definitions of coercionresistance have been proposed in the literature,including definitions based on symbolic models.However, existing definitions in such models arerather restricted in their scope and quite complex.In this paper, we therefore propose a new definitionof coercion resistance in a symbolic setting, basedon an epistemic approach. Our definition isrelatively simple and intuitive. It allows for afine-grained formulation of coercion resistance andcan be stated independently of a specific, symbolicprotocol and adversary model. As a proof of concept,we apply our definition to three votingprotocols. In particular, we carry out the firstrigorous analysis of the recently proposed Civitassystem. We precisely identify those conditions underwhich this system guarantees coercion resistance orfails to be coercion resistant. We also analyzeprotocols proposed by Lee et al. and Okamoto.

[1]  Byoungcheon Lee,et al.  Providing Receipt-Freeness in Mixnet-Based Voting Protocols , 2003, ICISC.

[2]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[3]  Ralf Küsters,et al.  Reducing protocol analysis with XOR to the XOR-free case in the horn theory based approach , 2008, CCS.

[4]  Lee Naish,et al.  Shuffle-Sum: Coercion-Resistant Verifiable Tallying for STV Voting , 2009, IEEE Transactions on Information Forensics and Security.

[5]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[6]  Moni Naor,et al.  Receipt-Free Universally-Verifiable Voting with Everlasting Privacy , 2006, CRYPTO.

[7]  Vitaly Shmatikov,et al.  Finite-State Analysis of SSL 3.0 , 1998, USENIX Security Symposium.

[8]  Kazue Sako,et al.  Receipt-Free Mix-Type Voting Scheme - A Practical Solution to the Implementation of a Voting Booth , 1995, EUROCRYPT.

[9]  Tatsuaki Okamoto,et al.  Receipt-Free Electronic Voting Schemes for Large Scale Elections , 1997, Security Protocols Workshop.

[10]  Véronique Cortier,et al.  Computationally Sound Symbolic Secrecy in the Presence of Hash Functions , 2006, FSTTCS.

[11]  Wolter Pieters,et al.  Receipt-freeness as a special case of anonymity in epistemic logic , 2006 .

[12]  Jun Pang,et al.  Measuring Voter-Controlled Privacy , 2009, 2009 International Conference on Availability, Reliability and Security.

[13]  Fabio Massacci,et al.  An overview of the verification of SET , 2005, International Journal of Information Security.

[14]  Bogdan Warinschi,et al.  Soundness of Formal Encryption in the Presence of Active Adversaries , 2004, TCC.

[15]  Markus Jakobsson,et al.  Coercion-resistant electronic elections , 2005, WPES '05.

[16]  Mark Ryan,et al.  Verifying privacy-type properties of electronic voting protocols , 2009, J. Comput. Secur..

[17]  Andrew D. Gordon,et al.  Verified Interoperable Implementations of Security Protocols , 2006, CSFW.

[18]  Moni Naor,et al.  Split-ballot voting: Everlasting privacy with distributed trust , 2007, TSEC.

[19]  Takayasu Ito,et al.  Theoretical Computer Science: Exploring New Frontiers of Theoretical Informatics , 2001, Lecture Notes in Computer Science.

[20]  Erik P. de Vink,et al.  Formalising Receipt-Freeness , 2006, ISC.

[21]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[22]  Kazue Sako,et al.  Efficient Receipt-Free Voting Based on Homomorphic Encryption , 2000, EUROCRYPT.

[23]  David Pointcheval,et al.  On Some Incompatible Properties of Voting Schemes , 2010, Towards Trustworthy Elections.

[24]  Andre Scedrov,et al.  Breaking and fixing public-key Kerberos , 2006, Information and Computation.

[25]  Mark Ryan,et al.  Coercion-resistance and receipt-freeness in electronic voting , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[26]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[27]  Ralf Küsters,et al.  Simulation-based security with inexhaustible interactive Turing machines , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[28]  Josh Benaloh,et al.  Receipt-free secret-ballot elections (extended abstract) , 1994, STOC '94.

[29]  Michael R. Clarkson,et al.  Civitas: Toward a Secure Voting System , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[30]  Ramaswamy Ramanujam,et al.  Knowledge-based modelling of voting protocols , 2007, TARK '07.

[31]  Michael Backes,et al.  Automated Verification of Remote Electronic Voting Protocols in the Applied Pi-Calculus , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[32]  France T́elécom,et al.  Verifying Properties of Electronic Voting Protocols , 2006 .

[33]  Lee Naish,et al.  Coercion-Resistant Tallying for STV Voting , 2008, EVT.

[34]  Stefanos Gritzalis,et al.  Information Security, 9th International Conference, ISC 2006, Samos Island, Greece, August 30 - September 2, 2006, Proceedings , 2006, ISC.

[35]  Martín Abadi,et al.  Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption)* , 2001, Journal of Cryptology.

[36]  Michael Backes,et al.  Zero-Knowledge in the Applied Pi-calculus and Automated Verification of the Direct Anonymous Attestation Protocol , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[37]  Ralf Küsters,et al.  On the Relationships between Notions of Simulation-Based Security , 2005, Journal of Cryptology.