A critique of game-based definitions of receipt-freeness for voting

We analyse three game-based definitions of receipt-freeness; uncovering soundness issues with two of the definitions and completeness issues with all three. Hence, two of the definitions are too weak, i.e., satisfiable by voting schemes that are not intuitively receipt-free. More precisely, those schemes need not even satisfy ballot secrecy. Consequently, the definitions are satisfiable by schemes that reveal how voters vote. Moreover, we find that each definition is limited in scope. Beyond soundness and completeness issues, we show that each definition captures a different attacker model and we examine some of those differences.

[1]  Melanie Volkamer,et al.  Extending Helios Towards Private Eligibility Verifiability , 2015, VoteID.

[2]  Véronique Cortier,et al.  SoK: Verifiability Notions for E-Voting Protocols , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[3]  Ben Smyth Ballot secrecy with malicious bulletin boards , 2014, IACR Cryptol. ePrint Arch..

[4]  Ben Adida,et al.  Helios: Web-based Open-Audit Voting , 2008, USENIX Security Symposium.

[5]  Ben Smyth Surveying definitions of coercion resistance , 2019, IACR Cryptol. ePrint Arch..

[6]  Ben Smyth,et al.  Ballot secrecy: Security definition, sufficient conditions, and analysis of Helios , 2021, J. Comput. Secur..

[7]  Ralf Küsters,et al.  Verifiability, Privacy, and Coercion-Resistance: New Insights from a Case Study , 2011, 2011 IEEE Symposium on Security and Privacy.

[8]  Georg Fuchsbauer,et al.  BeleniosRF: A Non-interactive Receipt-Free Electronic Voting Scheme , 2016, CCS.

[9]  Rolf Haenni,et al.  Coercion-Resistant Internet Voting with Everlasting Privacy , 2016, Financial Cryptography Workshops.

[10]  Mark Ryan,et al.  Verifying privacy-type properties of electronic voting protocols , 2009, J. Comput. Secur..

[11]  Josh Benaloh,et al.  Receipt-free secret-ballot elections (extended abstract) , 1994, STOC '94.

[12]  Pascal Lafourcade,et al.  A formal taxonomy of privacy in voting protocols , 2012, 2012 IEEE International Conference on Communications (ICC).

[13]  Melanie Volkamer,et al.  Security Proofs for Participation Privacy, Receipt-Freeness and Ballot Privacy for the Helios Voting Scheme , 2017, ARES.

[14]  Byoungcheon Lee,et al.  Providing Receipt-Freeness in Mixnet-Based Voting Protocols , 2003, ICISC.

[15]  Ben Smyth,et al.  Election Verifiability: Cryptographic Definitions and an Analysis of Helios and JCJ , 2015 .

[16]  J. Alex Halderman,et al.  Security Analysis of the Estonian Internet Voting System , 2014, CCS.

[17]  Josh Benaloh Verifiable secret-ballot elections , 1987 .

[18]  Wolter Pieters,et al.  Receipt-freeness as a special case of anonymity in epistemic logic , 2006 .

[19]  Markus Jakobsson,et al.  Coercion-resistant electronic elections , 2005, WPES '05.

[20]  Rolf Haenni,et al.  Receipt-free remote electronic elections with everlasting privacy , 2016, Ann. des Télécommunications.

[21]  Véronique Cortier,et al.  SoK: A Comprehensive Analysis of Game-Based Ballot Privacy Definitions , 2015, 2015 IEEE Symposium on Security and Privacy.

[23]  Tatsuaki Okamoto,et al.  Receipt-Free Electronic Voting Schemes for Large Scale Elections , 1997, Security Protocols Workshop.

[24]  Jörn Müller-Quade,et al.  Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting , 2015 .

[25]  Erik P. de Vink,et al.  Formalising Receipt-Freeness , 2006, ISC.

[26]  Melanie Volkamer,et al.  Security Proofs for Participation Privacy , Receipt-Freeness , Ballot Privacy , and Verifiability Against Malicious Bulletin Board for the Helios Voting Scheme , 2017 .

[27]  Josh Benaloh,et al.  Receipt-Free Secret-Ballot Elections , 1994, STOC 1994.

[28]  David Pointcheval,et al.  On Some Incompatible Properties of Voting Schemes , 2010, Towards Trustworthy Elections.

[29]  Véronique Cortier,et al.  Voting: You Can't Have Privacy without Individual Verifiability , 2018, CCS.

[30]  Moni Naor,et al.  Receipt-Free Universally-Verifiable Voting with Everlasting Privacy , 2006, CRYPTO.

[31]  Ben Smyth,et al.  A foundation for secret, verifiable elections , 2018, IACR Cryptol. ePrint Arch..

[32]  Ramaswamy Ramanujam,et al.  Knowledge-based modelling of voting protocols , 2007, TARK '07.

[33]  Ben Smyth,et al.  Computational Election Verifiability: Definitions and an Analysis of Helios and JCJ , 2015, IACR Cryptol. ePrint Arch..

[34]  Ben Smyth Verifiability of Helios Mixnet , 2018, IACR Cryptol. ePrint Arch..

[35]  Aggelos Kiayias,et al.  End-to-End Verifiable Elections in the Standard Model , 2015, EUROCRYPT.

[36]  Mark Ryan,et al.  Coercion-resistance and receipt-freeness in electronic voting , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).