Selene: Voting with Transparent Verifiability and Coercion-Mitigation
End-to-end verifiable voting schemes typically involve voters handling an encrypted ballot in order to confirm that their vote is accurately included in the tally. While this may be technically valid, from a public acceptance standpoint it may be problematic: many voters may not really understand the purpose of the encrypted ballot and the various checks that they can perform. In this paper we take a different approach and revisit an old idea: to provide each voter with a private tracking number. Votes are posted on a bulletin board in the clear along with their associated tracking number. This is appealing in that it provides voters with a very simple, intuitive way to verify their vote, in the clear. However, there are obvious drawbacks: we must ensure that no two voters are assigned the same tracker and we need to keep the link between voters and trackers private.
We propose a scheme that addresses both of these problems: we ensure that voters get unique trackers and we close off coercion opportunities by ensuring that the voters only learn their tracking numbers after the votes have been posted. The resulting scheme provides receipt-freeness, and indeed a good level of coercion-resistance while also providing a more immediately understandable form of verifiability.
We would like to thank Sunoo Park, Bill Roscoe, Mark Ryan and Richard Stallman for interesting discussions and suggestions. Further, Vincenzo Iovino is supported by the National Research Fund, Luxembourg, and Peter B. Rønne is supported by the ANR/FNR project Sequoia ANR-14-CE28-0030-01.
- 2.Ben-Nun, J., Fahri, N., Llewellyn, M., Riva, B., Rosen, A., Ta-Shma, A., Wikström, D.: A new implementation of a dual (paper and cryptographic) voting system. In: 5th International Conference on Electronic Votin (eVOTE) (2012)Google Scholar
- 3.Benaloh, J.: Simple verifiable elections. In: Wallach, D.S., Rivest, R.L. (eds.) USENIX/ACCURATE Electronic Voting Technology Workshop, EVT 2006, Vancouver, BC, Canada, 1 August 2006. USENIX Association (2006)Google Scholar
- 4.Benaloh, J.C., Tuinstra, D.: Receipt-free secret-ballot elections (extended abstract). In: Leighton, F.T., Goodrich, M.T. (eds.) Proceedings of the Twenty-Sixth Annual ACM Symposium on Theory of Computing, 23–25 May 1994, Montréal, Québec, Canada, pp. 544–553. ACM (1994)Google Scholar
- 7.Clarkson, M.R., Chong, S., Myers, A.C.: Civitas: a secure voting system. In: IEEE Symposium on Security and Privacy (2008)Google Scholar
- 8.Cortier, V., Fuchsbauer, G., Galindo, D.: Beleniosrf: a strongly receipt-free electronic voting scheme. IACR Cryptology ePrint Archive 2015:629 (2015)Google Scholar
- 9.Cortier, V., Galindo, D., Glondu, S., Izabachène, M.: Election verifiability for Helios under weaker trust assumptions. In: Kutyłowski, M., Vaidya, J. (eds.) ICAIS 2014, Part II. LNCS, vol. 8713, pp. 327–344. Springer, Heidelberg (2014)Google Scholar
- 10.Cortier, V., Smyth, B.: Attacking and fixing Helios: an analysis of ballot secrecy. In: Proceedings of the 24th IEEE Computer Security Foundations Symposium, CSF 2011, Cernay-la-Ville, France, pp. 297–311, 27–29 June 2011Google Scholar
- 12.Gennaro, R.: Achieving independence efficiently and securely. In: Anderson, J.H. (ed.) 14th ACM Symposium Annual on Principles of Distributed Computing, pp. 130–136. Association for Computing Machinery, August 1995Google Scholar
- 14.Grewal, G.S., Ryan, M.D., Bursuc, S., Ryan, P.Y.A.: Caveat coercitor: coercion-evidence in electronic voting. In: 2013 IEEE Symposium on Security and Privacy, SP 2013, Berkeley, CA, USA, 19–22 May 2013, pp. 367–381. IEEE Computer Society (2013)Google Scholar
- 15.Grewal, G.S., Ryan, M.D., Chen, L., Clarkson, M.R.: Du-vote: remote electronic voting with untrusted computers. In: Fournet, C., Hicks, M.W., Viganò, L. (eds.) IEEE 28th Computer Security Foundations Symposium, CSF 2015, Verona, Italy, 13–17 July 2015, pp. 155–169. IEEE (2015)Google Scholar
- 17.Juels, A., Catalano, D., Jakobsson, M.: Coercion-resistant electronic elections. In: Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society, WPES 2005, Alexandria, VA, USA, pp. 61–70, 7 November 2005Google Scholar
- 20.Ramchen, K., Teague, V.: Parallel shuffling and its application to prêt à voter. In: 2010 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections, EVT/WOTE 2010, Washington, D.C., USA, 9–10 August 2010Google Scholar
- 21.Randell, B., Ryan, P.Y.A.: Voting technologies and trust. In: IEEE Symposium on Security and Privacy, pp. 50–56 (2006)Google Scholar
- 22.Rivest, R.L.: The ThreeBallot Voting System. https://people.csail.mit.edu/rivest/Rivest-TheThreeBallotVotingSystem.pdf
- 23.Ryan, P.Y.A., Rønne, P.B., Iovino, V.: Selene: voting with transparent verifiability and coercion-mitigation. IACR Cryptology ePrint Archive, 2015:1105 (2015)Google Scholar
- 24.Ryan, P.Y.A., Teague, V.: Pretty good democracy. In: Workshop on Security Protocols (2009)Google Scholar
- 25.Ryan, P.Y.A., Schneider, S.A.: Prêt à voter with re-encryption mixes. Technical report CS-TR-956, University of Newcastle (2006)Google Scholar
- 26.Scantegrity Team. Scantegrity. http://www.scantegrity.org/papers/whitepaper.pdf