Protecting Against Privacy Compromise and Ballot Stuffing by Eliminating Non-Determinism from End-to-end Voting Schemes
نویسندگان
چکیده
End-to-end voting schemes have been researched significantly over the past two decades and aim to establish voter verifiable elections. Many of these schemes rely on non-deterministic inputs, such as the randomness used in encryption, for several tasks in the voting process. Karlof et al. show that the randomness in a scheme by Neff enables potential malicious subliminal channels. We revist the issue of non-determinism and show that it leads to possible attacks on several end-to-end voting schemes including coercion and ballot stuffing. In particular, we argue that non-determinism in cryptographic voting schemes is problematic in general. In this paper we present a technique for eliminating non-determinism in cryptographic voting protocols. Our approach provides the voter with a proof of deterministically generated pseudorandomness. This requires trust in at least one of the political parties. Our method is general and we discuss its application to several existing voting protocols. As such, our constructions provide probabilistic assurance to the voter that her ballot was created deterministically.
منابع مشابه
On the Security of Ballot Receipts in E2E Voting Systems
This paper examines and compares the security of ballot receipts in three end-to-end auditable (E2E) voting systems: Prêt à Voter, Punchscan, and ThreeBallot. Ballot receipts should have two properties: from a privacy perspective, they should provide no information as to how the ballot was cast, and from an integrity perspective, they should provide no information that would assist an adversary...
متن کاملCountering Ballot Stuffing and Incorporating Eligibility Verifiability in Helios
Helios is a web-based end-to-end verifiable electronic voting system which has been said to be suitable for low-coercion environments. Although many Internet voting schemes have been proposed in the literature, Helios stands out for its real world relevance. It has been used in a number of elections in university campuses around the world and it has also been used recently by the IACR to elect ...
متن کاملDRE-ip: A Verifiable E-Voting Scheme Without Tallying Authorities
Nearly all verifiable e-voting schemes require trustworthy authorities to perform the tallying operations. An exception is the DRE-i system which removes this requirement by pre-computing all encrypted ballots before the election using random factors that will later cancel out and allow the public to verify the tally after the election. While the removal of tallying authorities significantly si...
متن کاملSecurity Proofs for Participation Privacy, Receipt-Freeness, Ballot Privacy, and Verifiability Against Malicious Bulletin Board for the Helios Voting Scheme
The Helios voting scheme is well studied including formal proofs for verifiability and ballot privacy. However, depending on its version, the scheme provides either participation privacy (hiding who participated in the election) or verifiability against malicious bulletin board (preventing election manipulation by ballot stuffing), but not both at the same time. It also does not provide receipt...
متن کاملPractical Attacks on Cryptographically End-to-end Verifiable Internet Voting Systems
Cryptographic end-to-end verifiable voting technologies concern themselves with the provision of a more trustworthy, transparent, and robust elections. To provide voting systems with more transparency and accountability throughout the process while preserving privacy which allows voters to express their true intent. Helios Voting is one of these systems—an online platform where anyone can easil...
متن کامل