Practical Governmental Voting with Unconditional Integrity and Privacy

Throughout the years, many cryptographically verifiable voting systems have been proposed with a whole spectrum of features and security assumptions. Where the voter casts an in-person (and possibly paper) ballot and leaves, as is common in a governmental election, the majority of the proposals fall in the category of providing unconditional integrity and computational privacy. A minority of papers have looked at the inverse scenario: everlasting privacy with computational integrity. However as far as we know, no paper has succeeded in providing both unconditional integrity and privacy in this setting—it has only been explored in boardroom voting schemes where voters participate in the tallying process. Our paper aims for a two-level contribution: first, we present a concrete system with these security properties (one that works as a backend for common ballot styles like Scantegrity II or Pret a Voter); and second, we provide some insight into how different combinations of security assumptions are interdependent.

[1]  Moni Naor,et al.  Split-ballot voting: Everlasting privacy with distributed trust , 2007, TSEC.

[2]  Ben Adida,et al.  Helios: Web-based Open-Audit Voting , 2008, USENIX Security Symposium.

[3]  Rolf Haenni,et al.  Verifiable Internet Elections with Everlasting Privacy and Minimal Trust , 2015, VoteID.

[4]  Rolf Haenni,et al.  Coercion-Resistant Internet Voting with Everlasting Privacy , 2016, Financial Cryptography Workshops.

[5]  Yael Tauman Kalai,et al.  On the (In)security of the Fiat-Shamir paradigm , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[6]  Poorvi L. Vora,et al.  An information-theoretic model of voting systems , 2008, Math. Comput. Model..

[7]  Jeremy Clark,et al.  Scantegrity II Municipal Election at Takoma Park: The First E2E Binding Governmental Election with Ballot Privacy , 2010, USENIX Security Symposium.

[8]  Jeroen van de Graaf,et al.  Improving Helios with Everlasting Privacy Towards the Public , 2012, EVT/WOTE.

[9]  Carlisle M. Adams,et al.  Eperio: Mitigating Technical Complexity in Cryptographic Election Verification , 2010, EVT/WOTE.

[10]  Steve A. Schneider,et al.  vVote: Verifiable Electronic Voting in Practice , 2016, IEEE Security & Privacy.

[11]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[12]  Ben Riva,et al.  Bare-Handed Electronic Voting with Pre-processing , 2007, EVT.

[13]  Stefan Popoveniuc,et al.  An Introduction to PunchScan , 2010, Towards Trustworthy Elections.

[14]  Markus Stadler,et al.  Publicly Verifiable Secret Sharing , 1996, EUROCRYPT.

[15]  Steve A. Schneider,et al.  Secure and Verifiable Electronic Voting in Practice: the use of vVote in the Victorian State Election , 2015, ArXiv.

[16]  Moni Naor,et al.  Receipt-Free Universally-Verifiable Voting with Everlasting Privacy , 2006, CRYPTO.

[17]  Philip B. Stark,et al.  STAR-Vote: A Secure, Transparent, Auditable, and Reliable Voting System , 2012, EVT/WOTE.

[18]  Jeremy Clark,et al.  Scantegrity II: End-to-End Verifiability for Optical Scan Election Systems using Invisible Ink Confirmation Codes , 2008, EVT.

[19]  David Pointcheval,et al.  On Some Incompatible Properties of Voting Schemes , 2010, Towards Trustworthy Elections.

[20]  Jeremy Clark,et al.  Remotegrity: Design and Use of an End-to-End Verifiable Remote Voting System , 2013, ACNS.

[21]  C. Andrew Neff,et al.  A verifiable secret shuffle and its application to e-voting , 2001, CCS '01.

[22]  Josh Benaloh,et al.  Simple Verifiable Elections , 2006, EVT.

[23]  Ronald Cramer,et al.  A secure and optimally efficient multi-authority election scheme , 1997, Eur. Trans. Telecommun..

[24]  Michael J. Fischer,et al.  A robust and verifiable cryptographically secure election scheme , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[25]  Aggelos Kiayias,et al.  End-to-End Verifiable Elections in the Standard Model , 2015, EUROCRYPT.

[26]  Dahlia Malkhi,et al.  E-Voting Without 'Cryptography' , 2002, Financial Cryptography.

[27]  Rafail Ostrovsky,et al.  Broadcast (and Round) Efficient Verifiable Secret Sharing , 2013, ICITS.

[28]  David Lie,et al.  Unicorn: two-factor attestation for data security , 2011, CCS '11.

[29]  Aggelos Kiayias,et al.  Self-tallying Elections and Perfect Ballot Secrecy , 2002, Public Key Cryptography.

[30]  Lam Berry Schoenmakers,et al.  Fully auditable electronic secret-ballot elections , 2000 .

[31]  Kevin J. Henry,et al.  The Effectiveness of Receipt-Based Attacks on ThreeBallot , 2009, IEEE Transactions on Information Forensics and Security.

[32]  David Chaum,et al.  Elections with Unconditionally-Secret Ballots and Disruption Equivalent to Breaking RSA , 1988, EUROCRYPT.

[33]  Jeremy Clark,et al.  Scantegrity: End-to-End Voter-Verifiable Optical- Scan Voting , 2008, IEEE Security & Privacy.

[34]  Matthew K. Franklin,et al.  Multi-Autority Secret-Ballot Elections with Linear Work , 1996, EUROCRYPT.

[35]  Alain Tapp,et al.  Information-Theoretically Secure Voting Without an Honest Majority , 2008, IACR Cryptol. ePrint Arch..

[36]  David Chaum,et al.  A Practical Voter-Verifiable Election Scheme , 2005, ESORICS.

[37]  Feng Hao,et al.  A 2-Round Anonymous Veto Protocol , 2009, Security Protocols Workshop.

[38]  David Chaum,et al.  Secret-ballot receipts: True voter-verifiable elections , 2004, IEEE Security & Privacy Magazine.

[39]  Berry Schoenmakers,et al.  A Simple Publicly Verifiable Secret Sharing Scheme and Its Application to Electronic , 1999, CRYPTO.

[40]  Jeremy Clark,et al.  On the Use of Financial Data as a Random Beacon , 2010, EVT/WOTE.

[41]  Warren D. Smith Three Voting Protocols: ThreeBallot, VAV, and Twin , 2007, EVT.