Selections: Internet Voting with Over-the-Shoulder Coercion-Resistance

  • Jeremy Clark
  • Urs Hengartner
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7035)


We present Selections, a new cryptographic voting protocol that is end-to-end verifiable and suitable for Internet voting. After a one-time in-person registration, voters can cast ballots in an arbitrary number of elections. We say a system provides over-the-shoulder coercion-resistance if a voter can undetectably avoid complying with an adversary that is present during the vote casting process. Our system is the first in the literature to offer this property without the voter having to anticipate coercion and precompute values. Instead, a voter can employ a panic password. We prove that Selections is coercion-resistant against a non-adaptive adversary.


Vote System Covert Channel Modular Exponentiation Electronic Vote Registered Voter 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Acquisti, A.: Receipt-free homomorphic elections and write-in ballots. Tech. rep., IACR Eprint Report 2004/105 (2004)Google Scholar
  2. 2.
    Adida, B.: Helios: web-based open-audit voting. In: USENIX Security Symposium, pp. 335–348 (2008)Google Scholar
  3. 3.
    Adida, B., Marneffe, O.d., Pereira, O., Quisquater, J.J.: Electing a university president using open-audit voting: analysis of real-world use of Helios. In: EVT/WOTE (2009)Google Scholar
  4. 4.
    Araujo, R., Foulle, S., Traore, J.: A practical and secure coercion-resistant scheme for remote elections. In: Frontiers of Electronic Voting (2007)Google Scholar
  5. 5.
    Araújo, R., Ben Rajeb, N., Robbana, R., Traoré, J., Youssfi, S.: Towards Practical and Secure Coercion-Resistant Electronic Elections. In: Heng, S.-H., Wright, R.N., Goi, B.-M. (eds.) CANS 2010. LNCS, vol. 6467, pp. 278–297. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  6. 6.
    Benaloh, J.: Simple verifiable elections. In: EVT (2006)Google Scholar
  7. 7.
    Carback, R.T., Chaum, D., Clark, J., Conway, J., Essex, A., Hernson, P.S., Mayberry, T., Popoveniuc, S., Rivest, R.L., Shen, E., Sherman, A.T., Vora, P.L.: Scantegrity II election at Takoma Park. In: USENIX Security Symposium (2010)Google Scholar
  8. 8.
    Chaum, D.: Surevote: Technical overview. In: WOTE (2001)Google Scholar
  9. 9.
    Chaum, D., Carback, R., Clark, J., Essex, A., Popoveniuc, S., Rivest, R.L., Ryan, P.Y.A., Shen, E., Sherman, A.T.: Scantegrity II: end-to-end verifiability for optical scan election systems using invisible ink confirmation codes. In: EVT (2008)Google Scholar
  10. 10.
    Chaum, D., Pedersen, T.P.: Wallet Databases with Observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  11. 11.
    Chaum, D., Ryan, P.Y.A., Schneider, S.: A Practical Voter-Verifiable Election Scheme. In: di Vimercati, S.d.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 118–139. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  12. 12.
    Clark, J., Hengartner, U.: Panic passwords: authenticating under duress. In: HotSec (2008)Google Scholar
  13. 13.
    Clark, J., Hengartner, U., Larson, K.: Not-so-hidden information: optimal contracts for undue influence in E2E voting systems. In: VOTE-ID (2009)Google Scholar
  14. 14.
    Clarkson, M.R., Chong, S., Myers, A.C.: Civitas: Toward a secure voting system. In: IEEE Symposium on Security and Privacy, pp. 354–368 (2008)Google Scholar
  15. 15.
    Cramer, R., Damgård, I.B., Schoenmakers, B.: Proof of Partial Knowledge and Simplified Design of Witness Hiding Protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994)Google Scholar
  16. 16.
    Feldman, A.J., Benaloh, J.: On subliminal channels in encrypt-on-cast voting systems. In: EVT/WOTE (2009)Google Scholar
  17. 17.
    Gardner, R.W., Garera, S., Rubin, A.D.: Coercion Resistant End-to-End Voting. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 344–361. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  18. 18.
    Heiberg, S., Lipmaa, H., van Laenen, F.: On E-vote Integrity in the Case of Malicious Voter Computers. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 373–388. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  19. 19.
    Jacobsson, M., Juels, A., Rivest, R.L.: Making mix nets robust for electronic voting by randomized partial checking. In: USENIX Security Symposium (2002)Google Scholar
  20. 20.
    Jakobsson, M., Juels, A.: Mix and Match: Secure Function Evaluation via Ciphertexts. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 162–177. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  21. 21.
    Jakobsson, M., Sako, K., Impagliazzo, R.: Designated Verifier Proofs and their Applications. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 143–154. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  22. 22.
    Jakobsson, M., Stolterman, E., Wetzel, S., Yang, L.: Love and authentication. In: CHI (2008)Google Scholar
  23. 23.
    Joaquim, R., Ribeiro, C.: Codevoting: protection against automatic vote manipulation in an uncontrolled environment. In: VOTE-ID (2007)Google Scholar
  24. 24.
    Juels, A., Catalano, D., Jacobsson, M.: Coercion-resistant electronic elections. In: WPES (2005)Google Scholar
  25. 25.
    Kane, C.: Voting and verifiability: interview with Ron Rivest. RSA Vantage Magazine 7(1) (2010)Google Scholar
  26. 26.
    Pedersen, T.P.: A Threshold Cryptosystem without a Trusted Party. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 522–526. Springer, Heidelberg (1991)CrossRefGoogle Scholar
  27. 27.
    Rivest, R.L., Smith, W.D.: Three voting protocols: Threeballot, VAV, and Twin. In: EVT (2007)Google Scholar
  28. 28.
    Ryan, P.Y.A., Bismark, D., Heather, J., Schneider, S., Xia, Z.: Prêt à Voter: a voter-verifiable voting system. IEEE TIFS 4(4) (2009)Google Scholar
  29. 29.
    Ryan, P.Y.A., Teague, V.: Pretty good democracy. In: Workshop on Security Protocols (2009)Google Scholar
  30. 30.
    Schnorr, C.P.: Efficient signature generation by smart cards. Journal of Cryptography 4 (1991)Google Scholar
  31. 31.
    Smith, W.D.: New cryptographic election protocol with best-known theoretical properties. In: Frontiers in Electronic Elections (2005)Google Scholar
  32. 32.
    Spycher, O., Koenig, R., Haenni, R., Schlapfer, M.: A new approach towards coercion-resistant remote e-voting in linear time. In: Danezis, G. (ed.) FC 2011. LNCS, vol. 7035, pp. 182–189. Springer, Heidelberg (2011)Google Scholar
  33. 33.
    Weber, S.G., Araujo, R.S.d., Buchmann, J.: On coercion-resistant electronic elections with linear work. In: ARES (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Jeremy Clark
    • 1
  • Urs Hengartner
    • 1
  1. 1.University of WaterlooCanada

Personalised recommendations