Anonymity and Verifiability in Voting: Understanding (Un)Linkability
نویسندگان
چکیده
Anonymity and verifiability are crucial security requirements for voting. Still, they seem to be contradictory, and confusion exists about their precise meanings and compatibility. In this paper, we resolve the confusion by showing that both can be expressed in terms of (un)linkability: while anonymity requires unlinkability of voter and vote, verifiability requires linkability of voters and election result. We first provide a conceptual model which captures anonymity as well as verifiability. Second, we express the semantics of (un)linkability in terms of (in)distinguishability. Third, we provide an adversary model that describes which capabilities the attacker has for establishing links. These components form a comprehensive model for describing and analyzing voting system security. In a case study we use our model to analyze the security of the voting scheme Prêt à Voter. Our work contributes to a deeper understanding of anonymity and verifiability and their correlation in voting.
منابع مشابه
Coercion-Resistant Remote Voting using Decryption Mixes
The recently proposed Prêt à Voter election scheme uses decryption mixes to achieve anonymity of votes and verifiability of an election while requiring minimal trust in the component of the election system that performs these mixes. However, this scheme still requires trust in several human and machine components; these requirements make the scheme impractical for use in remote voting. To adapt...
متن کاملClassifying Privacy and Verifiability Requirements for Electronic Voting
Voter privacy and verifiability are fundamental security concepts for electronic voting. Existing literature on electronic voting provides many definitions and interpretations of these concepts, both informal and formal. While the informal definitions are often vague and imprecise, the formal definitions tend to be very complex and restricted in their scope as they are usually tailored for spec...
متن کاملOn Some Incompatible Properties of Voting Schemes
In this paper, we study the problem of simultaneously achieving several security properties, for voting schemes, without non-standard assumptions. This paper is a work in progress. More specifically, we focus on the universal verifiability of the computation of the tally, on the unconditional privacy/anonymity of the votes, and on the receipt-freeness properties. More precisely, under usual ass...
متن کاملBidder-anonymous English auction scheme with privacy and public verifiability
This work studies the English auction protocol, which comprises three interactive parties—the Registration Manager, the Auction Manager and the Bidder. The registration manager confirms and authenticates the identities of bidders; the auction manager issues the bidding rights and maintains order in holding the auction. The proposed scheme provides the following security features—anonymity, trac...
متن کاملElection Verifiability for Helios under Weaker Trust Assumptions
Most electronic voting schemes aim at providing verifiability: voters should trust the result without having to rely on some authorities. Actually, even a prominent voting system like Helios cannot fully achieve verifiability since a dishonest bulletin board may add ballots. This problem is called ballot stuffing. In this paper we give a definition of verifiability in the computational model to...
متن کامل