Receipt-free secret-ballot elections (extended abstract)

Prior verifiable secret-ballot election protocols all suffer from a common defect whkhrenderst hemunsuitablef orpracticalu se: they allow voters to (if they wish) carry away from the protocol receipts which can be used to prove to others how they voted. This simple defect enables vote buying and coercion which are impractical in current physical election systems due to the " plausible deniability " offered by a voting booth. This defect is embedded, not only within prior election protocols, but within all of the more general protocols for collective computation of a public function from private inputs. This paper presents the first verifiable secret-ballot election protocols in which participants are unable to prove to others how they voted. 1 Introduction In traditional elections, the voting booth does more thi~n allow voters to keep their votes private, it actually requires that votes stay secret. This may seem like a subtle distinction, but it is, in fact, an essential component of secret-ballot elections. If a voter is allowed, but not required, to keep a vote secret, the voter could be coerced by an employer or anyone with power over the voter into casting a certain vote. The cryptographic election schemes found in the literature all suffer from a common deficiency. While they may allow a voter to conceal a vote, they also allow a voter to carry away a receipt which can be used to prove to a third party that a particular vote was cast. While thki receipt may seem like a feature, it eliminates the ability of a voter to deceive others about its vote. The additional capabilities given to an individual voter are actually a dlsadv.antage for that voter! * benaloh@crypt.mcs. — supported in pmt by a Clarkson Graduate Trustees' Scholarship. Permission to copy without fee all or part of this material is granted provided that the copies are not made or distributed for direct commercial advantage, the ACM copyright notice and the title of the publication and its date appear, and notice is given that copying is by permission of the Association of Computing Machinery. To copy otherwise, or to republish, requires a fee and/or specific permission. With voting booths, a voter can make promises to employers, accept bribes, and belong to organizations which are committed to a particular vote. Yet the voter, in the privacy of a voting booth, may cast the opposite vote without fear of repercussions or …

[1]  Yoram Moses,et al.  Fully polynomial Byzantine agreement in t + 1 rounds , 1993, STOC.

[2]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[3]  Baruch Awerbuch,et al.  Verifiable secret sharing and achieving simultaneity in the presence of faults , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[4]  Donald Beaver,et al.  Multiparty computation with faulty majority , 1989, 30th Annual Symposium on Foundations of Computer Science.

[5]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[6]  David Chaum,et al.  Elections with Unconditionally-Secret Ballots and Disruption Equivalent to Breaking RSA , 1988, EUROCRYPT.

[7]  Josh Benaloh,et al.  Cryptographic Capsules: A Disjunctive Primative for Interactive Protocols , 1986, CRYPTO.

[8]  Josh Benaloh Verifiable secret-ballot elections , 1987 .

[9]  Michael J. Fischer,et al.  A robust and verifiable cryptographically secure election scheme , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[10]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[11]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[12]  Josh Benaloh,et al.  Secret sharing homomorphisms: keeping shares of a secret secret , 1987, CRYPTO 1987.

[13]  Judit Bar-Ilan,et al.  Non-cryptographic fault-tolerant computing in constant number of rounds of interaction , 1989, PODC '89.

[14]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[15]  Evangelos Kranakis Primality and cryptography , 1986, Wiley-Teubner series in computer science.

[16]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[17]  Joan Feigenbaum,et al.  Security with Low Communication Overhead , 1990, CRYPTO.

[18]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[19]  Ran Canetti,et al.  Fast asynchronous Byzantine agreement with optimal resilience , 1993, STOC.

[20]  L. A. Goodman,et al.  Social Choice and Individual Values , 1951 .

[21]  László Babai,et al.  Trading group theory for randomness , 1985, STOC '85.

[22]  Donald Beaver,et al.  Multiparty Protocols Tolerating Half Faulty Processors , 1989, CRYPTO.

[23]  Ronald L. Rivest,et al.  ON DATA BANKS AND PRIVACY HOMOMORPHISMS , 1978 .

[24]  Michael O. Rabin,et al.  Transaction Protection by Beacons , 1983, J. Comput. Syst. Sci..

[25]  Donald Beaver,et al.  Foundations of Secure Interactive Computing , 1991, CRYPTO.

[26]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[27]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[28]  Nancy A. Lynch,et al.  Cryptographic protocols , 1982, STOC '82.

[29]  Philip D. Straffin,et al.  Topics in the theory of voting , 1980 .

[30]  Donald Beaver,et al.  Multiparty Computation with Faulty Majority , 1989, CRYPTO.

[31]  Moti Yung,et al.  Distributing the power of a government to enhance the privacy of voters , 1986, PODC '86.

[32]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[33]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.