Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
Preventing Coercion in E-Voting: Be Open and Commit Read chapter Read first chapter

2017 | OriginalPaper | Chapter

Truly Multi-authority ‘Prêt-à-Voter’

Authors : Thomas Haines, Xavier Boyen

Published in: Electronic Voting

Publisher: Springer International Publishing

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

In-polling-booth electronic voting schemes are being implemented in government binding elections to enable fast tallying with end-to-end verification of the election result. One of the most significant issues with these schemes is how to print or display the ballot without jeopardising privacy. In several of these schemes, freshly generated unmarked ballots contain critical information which combined with public “bulletin board” information breaks ballot secrecy. We present a practical solution which uses re-encryption inside the polling booth to print ballot papers in a privacy-preserving manner. This makes practical, at a user rather than computer level, multi-authority voting.
We apply this solution to Prêt à Voter, a state-of-the-art electronic voting system trialled in a recent Victorian state election. We propose two approaches: one with higher security and another with stricter usability constraints. The primary benefit is that ballot papers no longer pose a privacy risk. The solution has the major benefit of resolving the conflict between auditability and forward secrecy of printers, a problem left open by the most recent work in this area. Additional benefits include practical privacy from compromised polling-place devices, while preserving receipt-freeness against a more general adversary. Although we do not provide privacy against a wholly compromised authority, a voter needs honesty from only one of the machines at the polling site for secrecy.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter E-Voting in Developing Countries
next chapter Cast-as-Intended Verification in Electronic Elections Based on Oblivious Transfer
Footnotes
1
Threshold cryptography is further complicated by requiring an additional trusted computational device, in the absence of human-computable threshold schemes.
 
2
In a nutshell, a Prêt-à-Voter separated ballot is the one half of the paper ballot that is about to be cast; see Sect. 2 for details.
 
3
It is reasonable for small permutations. Nevertheless, the Victorian Prêt-à-Voter variant used a machine to assist voters with this task because computing a permutation of its 50 candidates was deemed too difficult.
 
4
The composition of two permutations resulting in their product is a basic algebraic operation. This operation is a special case of the pointwise sequential evaluation of two enumerated functions.
 
5
This is because all information the in-booth mixers see, used to be public in the original scheme.
 
6
The Italian attacks works in systems where the set of all ballots cast is known; the attacker gets the voter to cast an unusual vote and then checks to see if this vote occurs in the set of ballots cast.
 
7
While Ryan’s solution would work in variant 2’s EBM model, it may still allow an adversary knowing the initial permutation to trace votes, and it would require a device capable of decrypting the onions inside every polling booth: a risky proposition.
 
8
Audit 3 is temporarily omitted; it will be needed in the second variant of the scheme.
 
9
This audit is required to prevent a Pfitzmann malleability attack which would break privacy.
 
Literature
1.
2.
Aditya, R., Lee, B., Boyd, C., Dawson, E.: An efficient mixnet-based voting scheme providing receipt-freeness. In: Katsikas, S., Lopez, J., Pernul, G. (eds.) TrustBus 2004. LNCS, vol. 3184, pp. 152–161. Springer, Heidelberg (2004). doi:10.​1007/​978-3-540-30079-3_​16 CrossRef
3.
Benaloh, J.: Verifiable secret-ballot elections. Ph.D. thesis, Yale University (1987)
4.
Benaloh, J., Byrne, M., Kortum, P.T., McBurnett, N., Pereira, O., Stark, P.B., Wallach, D.S.: Star-vote: a secure, transparent, auditable, and reliable voting system. CoRR abs/1211.1904 (2012)
5.
Burton, C., Culnane, C., Heather, J., Peacock, T., Ryan, P.Y., Schneider, S., Srinivasan, S., Teague, V., Wen, R., Xia, Z.: Using Prêt à voter in Victorian state elections. In: Proceedings of USENIX EVT/WoTE (2012)
6.
Carback, R., Chaum, D., abd John Conwaym, J.C., Essex, A., Hernson, P.S., Mayberry, T., Popoveniuc, S., Rivest, R.L., Shen, E., Sherman, A.T., Vora, P.L.: Scantegrity II municipal election at Takoma Park: the first E2E binding governmental election with ballot privacy. In: Proceedings of USENIX Accurate Electronic Voting Technology Workshop (2010)
7.
Chaum, D.: Untraceable mail, return addresses and digital pseudonyms. Commun. ACM 24(2), 84–88 (1981)CrossRef
8.
Chaum, D.: Elections with unconditionally-secret ballots and disruption equivalent to breaking RSA. In: Barstow, D., et al. (eds.) EUROCRYPT 1988. LNCS, vol. 330, pp. 177–182. Springer, Heidelberg (1988). doi:10.​1007/​3-540-45961-8_​15
9.
Chaum, D.: Secret-ballot receipts: true voter-verifiable elections. IEEE Secur. Priv. 2(1), 38–47 (2004)CrossRef
10.
Chaum, D., Carback, R., Clark, J., Essex, A., Popoveniuc, S., Rivest, R.L., Ryan, P.Y.A., Shen, E., Sherman, A.T.: Scantegrity ii: end-to-end verifiability for optical scan election systems using invisible ink confirmation codes. In: EVT. USENIX Association (2008)
11.
Chaum, D., Ryan, P.Y.A., Schneider, S.: A practical voter-verifiable election scheme. In: Vimercati, S.C., Syverson, P., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 118–139. Springer, Heidelberg (2005). doi:10.​1007/​11555827_​8 CrossRef
12.
Clarkson, M.R., Chong, S., Myers, A.C.: Civitas: toward a secure voting system. In: Proceedings of IEEE Symposium on Security and Privacy (2008)
13.
Cohen, J.D., Fischer, M.J.: A robust and verifiable cryptographically secure election scheme. In: FOCS, pp. 372–382 (1985)
14.
Cramer, R., Franklin, M., Schoenmakers, B., Yung, M.: Multi-authority secret-ballot elections with linear work. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 72–83. Springer, Heidelberg (1996). doi:10.​1007/​3-540-68339-9_​7
15.
Culnane, C., Heather, J., Joaquim, R., Ryan, P.Y.A., Schneider, S., Teague, V.: Faster print on demand for prêt à voter. J. Election Technol. Sys. 2(1), 1–14 (2013)
16.
Culnane, C., Ryan, P.Y.A., Schneider, S.A., Teague, V.: vVote: a verifiable voting system. ACM Trans. Inf. Syst. Secur. 18(1), 3 (2015)CrossRef
17.
Essex, A., Clark, J., Hengartner, U., Adams, C.: How to print a secret. In: Proceedings of USENIX Hot Topics in Security (2009)
18.
Fujioka, A., Okamoto, T., Ohta, K.: A practical secret voting scheme for large scale elections. In: Seberry, J., Zheng, Y. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 244–251. Springer, Heidelberg (1993). doi:10.​1007/​3-540-57220-1_​66
19.
Gogolewski, M., Klonowski, M., Kubiak, P., Kutyłowski, M., Lauks, A., Zagórski, F.: Kleptographic attacks on e-voting schemes. In: Müller, G. (ed.) ETRICS 2006. LNCS, vol. 3995, pp. 494–508. Springer, Heidelberg (2006). doi:10.​1007/​11766155_​35 CrossRef
20.
Grundland, E.: An analysis of the wombat voting system model (2012)
21.
22.
Juels, A., Catalano, D., Jakobsson, M.: Coercion-resistant electronic elections. In: Proceedings of WPES (2005)
23.
Lee, B., Boyd, C., Dawson, E., Kim, K., Yang, J., Yoo, S.: Providing receipt-freeness in mixnet-based voting protocols. In: Lim, J.-I., Lee, D.-H. (eds.) ICISC 2003. LNCS, vol. 2971, pp. 245–258. Springer, Heidelberg (2004). doi:10.​1007/​978-3-540-24691-6_​19 CrossRef
24.
Moran, T., Naor, M.: Split-ballot voting: everlasting privacy with distributed trust. ACM Trans. Inf. Syst. Secur. 13(2), 16 (2010)CrossRef
25.
Neff, C.A.: A verifiable secret shuffle and its application to e-voting. In: CCS (2001)
26.
Okamoto, T.: An electronic voting scheme. In: Terashima, N., Altman, E. (eds.) Advanced IT Tools, pp. 21–30. Springer, New York (1996)CrossRef
27.
Okamoto, T.: Receipt-free electronic voting schemes for large scale elections. In: Christianson, B., Crispo, B., Lomas, M., Roe, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 25–35. Springer, Heidelberg (1998). doi:10.​1007/​BFb0028157 CrossRef
28.
Park, C., Itoh, K., Kurosawa, K.: Efficient anonymous channel and all/nothing election scheme. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 248–259. Springer, Heidelberg (1994). doi:10.​1007/​3-540-48285-7_​21
29.
Ryan, P.Y.A., Teague, V.: Ballot permutations in pret a voter. In: Proceedings of Electronic Voting Technology/Workshop on Trustworthy Elections (2009)
30.
Ryan, P.: The computer ate my vote. In: Boca, P., Bowen, J.P., Siddiqi, J. (eds.) Formal Methods: State of the Art and New Directions, pp. 147–184. Springer, London (2010)CrossRef
31.
Ryan, P.: A variant of the Chaum voter-verifiable scheme. In: Proceedings of the 2005 Workshop on Issues in the Theory of Security, pp. 81–88. ACM (2005)
32.
Sako, K., Kilian, J.: Receipt-free mix-type voting scheme. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 393–403. Springer, Heidelberg (1995). doi:10.​1007/​3-540-49264-X_​32
33.
Wikström, D.: A universally composable mix-net. In: TCC, pp. 317–335 (2004)
Metadata
Title
Truly Multi-authority ‘Prêt-à-Voter’
Authors
Thomas Haines
Xavier Boyen
Copyright Year
2017
Book
Electronic Voting

Print ISBN: 978-3-319-52239-5

Electronic ISBN: 978-3-319-52240-1

Copyright Year: 2017

DOI
https://doi.org/10.1007/978-3-319-52240-1_4

Premium Partner

    Image Credits