Anonymity vs. traceability : revocable anonymity in remote electronic voting protocols

Remote electronic voting has long been considered a panacea for many of the problems with existing, paper-based election mechanisms: assurance that one’s vote has been counted as cast; ability to vote without fear of coercion; fast and reliable tallying; improvement in voter turnout. Despite these promised improvements, take-up of remote electronic voting schemes has been very poor, particularly when considering country-wide general elections. In this thesis, we explore a new class of remote electronic voting protocols: speci cally, those which t with the United Kingdom’s requirement that it should be possible to link a ballot to a voter in the case of personation. We address the issue of revocable anonymity in electronic voting. Our contributions are threefold. We begin with the introduction of a new remote electronic voting protocol, providing revocable anonymity for any voter with access to an Internet-connected computer of their choice. We provide a formal analysis for the security properties of this protocol. Next, we are among the rst to consider client-side security in remote electronic voting, providing a protocol which uses trusted computing to assure the voter and authorities of the state of the voter’s machine. Finally, we address revocable anonymity more generally: should a user have the right to know when their anonymity has been revoked? We provide a protocol which uses trusted computing to achieve this. Ultimately, the work in this thesis can be seen as a sound starting point for the deployment of remote electronic voting in the United Kingdom. For Gem, Alexis and Rosie, the girls in my life