E-Vote-ID 2016: Electronic Voting pp 56-72 | Cite as

Truly Multi-authority ‘Prêt-à-Voter’

Conference paper
First Online:
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10141)

Abstract

In-polling-booth electronic voting schemes are being implemented in government binding elections to enable fast tallying with end-to-end verification of the election result. One of the most significant issues with these schemes is how to print or display the ballot without jeopardising privacy. In several of these schemes, freshly generated unmarked ballots contain critical information which combined with public “bulletin board” information breaks ballot secrecy. We present a practical solution which uses re-encryption inside the polling booth to print ballot papers in a privacy-preserving manner. This makes practical, at a user rather than computer level, multi-authority voting.

We apply this solution to Prêt à Voter, a state-of-the-art electronic voting system trialled in a recent Victorian state election. We propose two approaches: one with higher security and another with stricter usability constraints. The primary benefit is that ballot papers no longer pose a privacy risk. The solution has the major benefit of resolving the conflict between auditability and forward secrecy of printers, a problem left open by the most recent work in this area. Additional benefits include practical privacy from compromised polling-place devices, while preserving receipt-freeness against a more general adversary. Although we do not provide privacy against a wholly compromised authority, a voter needs honesty from only one of the machines at the polling site for secrecy.

Keywords

Bulletin Board Forward Secrecy Visual Cryptography Electronic Vote Threshold Cryptography 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in to check access.

Notes

Acknowledgements

The authors would like to thank Vanessa Teague for stimulating discussions on this and related subjects. We would also like to thank Douglas Wikström and the reviewers for their helpful comments.

References

  1. 1.
    Abe, M.: Mix-networks on permutation networks. In: Lam, K.-Y., Okamoto, E., Xing, C. (eds.) ASIACRYPT 1999. LNCS, vol. 1716, pp. 258–273. Springer, Heidelberg (1999). doi: 10.1007/978-3-540-48000-6_21 CrossRefGoogle Scholar
  2. 2.
    Aditya, R., Lee, B., Boyd, C., Dawson, E.: An efficient mixnet-based voting scheme providing receipt-freeness. In: Katsikas, S., Lopez, J., Pernul, G. (eds.) TrustBus 2004. LNCS, vol. 3184, pp. 152–161. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-30079-3_16 CrossRefGoogle Scholar
  3. 3.
    Benaloh, J.: Verifiable secret-ballot elections. Ph.D. thesis, Yale University (1987)Google Scholar
  4. 4.
    Benaloh, J., Byrne, M., Kortum, P.T., McBurnett, N., Pereira, O., Stark, P.B., Wallach, D.S.: Star-vote: a secure, transparent, auditable, and reliable voting system. CoRR abs/1211.1904 (2012)Google Scholar
  5. 5.
    Burton, C., Culnane, C., Heather, J., Peacock, T., Ryan, P.Y., Schneider, S., Srinivasan, S., Teague, V., Wen, R., Xia, Z.: Using Prêt à voter in Victorian state elections. In: Proceedings of USENIX EVT/WoTE (2012)Google Scholar
  6. 6.
    Carback, R., Chaum, D., abd John Conwaym, J.C., Essex, A., Hernson, P.S., Mayberry, T., Popoveniuc, S., Rivest, R.L., Shen, E., Sherman, A.T., Vora, P.L.: Scantegrity II municipal election at Takoma Park: the first E2E binding governmental election with ballot privacy. In: Proceedings of USENIX Accurate Electronic Voting Technology Workshop (2010)Google Scholar
  7. 7.
    Chaum, D.: Untraceable mail, return addresses and digital pseudonyms. Commun. ACM 24(2), 84–88 (1981)CrossRefGoogle Scholar
  8. 8.
    Chaum, D.: Elections with unconditionally-secret ballots and disruption equivalent to breaking RSA. In: Barstow, D., et al. (eds.) EUROCRYPT 1988. LNCS, vol. 330, pp. 177–182. Springer, Heidelberg (1988). doi: 10.1007/3-540-45961-8_15 Google Scholar
  9. 9.
    Chaum, D.: Secret-ballot receipts: true voter-verifiable elections. IEEE Secur. Priv. 2(1), 38–47 (2004)CrossRefGoogle Scholar
  10. 10.
    Chaum, D., Carback, R., Clark, J., Essex, A., Popoveniuc, S., Rivest, R.L., Ryan, P.Y.A., Shen, E., Sherman, A.T.: Scantegrity ii: end-to-end verifiability for optical scan election systems using invisible ink confirmation codes. In: EVT. USENIX Association (2008)Google Scholar
  11. 11.
    Chaum, D., Ryan, P.Y.A., Schneider, S.: A practical voter-verifiable election scheme. In: Vimercati, S.C., Syverson, P., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 118–139. Springer, Heidelberg (2005). doi: 10.1007/11555827_8 CrossRefGoogle Scholar
  12. 12.
    Clarkson, M.R., Chong, S., Myers, A.C.: Civitas: toward a secure voting system. In: Proceedings of IEEE Symposium on Security and Privacy (2008)Google Scholar
  13. 13.
    Cohen, J.D., Fischer, M.J.: A robust and verifiable cryptographically secure election scheme. In: FOCS, pp. 372–382 (1985)Google Scholar
  14. 14.
    Cramer, R., Franklin, M., Schoenmakers, B., Yung, M.: Multi-authority secret-ballot elections with linear work. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 72–83. Springer, Heidelberg (1996). doi: 10.1007/3-540-68339-9_7 Google Scholar
  15. 15.
    Culnane, C., Heather, J., Joaquim, R., Ryan, P.Y.A., Schneider, S., Teague, V.: Faster print on demand for prêt à voter. J. Election Technol. Sys. 2(1), 1–14 (2013)Google Scholar
  16. 16.
    Culnane, C., Ryan, P.Y.A., Schneider, S.A., Teague, V.: vVote: a verifiable voting system. ACM Trans. Inf. Syst. Secur. 18(1), 3 (2015)CrossRefGoogle Scholar
  17. 17.
    Essex, A., Clark, J., Hengartner, U., Adams, C.: How to print a secret. In: Proceedings of USENIX Hot Topics in Security (2009)Google Scholar
  18. 18.
    Fujioka, A., Okamoto, T., Ohta, K.: A practical secret voting scheme for large scale elections. In: Seberry, J., Zheng, Y. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 244–251. Springer, Heidelberg (1993). doi: 10.1007/3-540-57220-1_66 Google Scholar
  19. 19.
    Gogolewski, M., Klonowski, M., Kubiak, P., Kutyłowski, M., Lauks, A., Zagórski, F.: Kleptographic attacks on e-voting schemes. In: Müller, G. (ed.) ETRICS 2006. LNCS, vol. 3995, pp. 494–508. Springer, Heidelberg (2006). doi: 10.1007/11766155_35 CrossRefGoogle Scholar
  20. 20.
    Grundland, E.: An analysis of the wombat voting system model (2012)Google Scholar
  21. 21.
    Hirt, M., Sako, K.: Efficient receipt-free voting based on homomorphic encryption. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 539–556. Springer, Heidelberg (2000). doi: 10.1007/3-540-45539-6_38 CrossRefGoogle Scholar
  22. 22.
    Juels, A., Catalano, D., Jakobsson, M.: Coercion-resistant electronic elections. In: Proceedings of WPES (2005)Google Scholar
  23. 23.
    Lee, B., Boyd, C., Dawson, E., Kim, K., Yang, J., Yoo, S.: Providing receipt-freeness in mixnet-based voting protocols. In: Lim, J.-I., Lee, D.-H. (eds.) ICISC 2003. LNCS, vol. 2971, pp. 245–258. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-24691-6_19 CrossRefGoogle Scholar
  24. 24.
    Moran, T., Naor, M.: Split-ballot voting: everlasting privacy with distributed trust. ACM Trans. Inf. Syst. Secur. 13(2), 16 (2010)CrossRefGoogle Scholar
  25. 25.
    Neff, C.A.: A verifiable secret shuffle and its application to e-voting. In: CCS (2001)Google Scholar
  26. 26.
    Okamoto, T.: An electronic voting scheme. In: Terashima, N., Altman, E. (eds.) Advanced IT Tools, pp. 21–30. Springer, New York (1996)CrossRefGoogle Scholar
  27. 27.
    Okamoto, T.: Receipt-free electronic voting schemes for large scale elections. In: Christianson, B., Crispo, B., Lomas, M., Roe, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 25–35. Springer, Heidelberg (1998). doi: 10.1007/BFb0028157 CrossRefGoogle Scholar
  28. 28.
    Park, C., Itoh, K., Kurosawa, K.: Efficient anonymous channel and all/nothing election scheme. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 248–259. Springer, Heidelberg (1994). doi: 10.1007/3-540-48285-7_21 Google Scholar
  29. 29.
    Ryan, P.Y.A., Teague, V.: Ballot permutations in pret a voter. In: Proceedings of Electronic Voting Technology/Workshop on Trustworthy Elections (2009)Google Scholar
  30. 30.
    Ryan, P.: The computer ate my vote. In: Boca, P., Bowen, J.P., Siddiqi, J. (eds.) Formal Methods: State of the Art and New Directions, pp. 147–184. Springer, London (2010)CrossRefGoogle Scholar
  31. 31.
    Ryan, P.: A variant of the Chaum voter-verifiable scheme. In: Proceedings of the 2005 Workshop on Issues in the Theory of Security, pp. 81–88. ACM (2005)Google Scholar
  32. 32.
    Sako, K., Kilian, J.: Receipt-free mix-type voting scheme. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 393–403. Springer, Heidelberg (1995). doi: 10.1007/3-540-49264-X_32 Google Scholar
  33. 33.
    Wikström, D.: A universally composable mix-net. In: TCC, pp. 317–335 (2004)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Queensland University of TechnologyBrisbaneAustralia

Personalised recommendations