Coercion-resistant electronic elections (original) (raw)
Related papers
CIVIS-A Coercion-Resistant Election System
2018
Coercion is an intrinsic problem of Internet elections that certainly prevent its wide use. Although there is no optimal solution for this problem, modern cryptographic election schemes can mitigate it. Most of these proposals, however, were never used to carry out real elections due to the lack of software implementations. As a result, it is not possible to test these schemes in realistic election scenarios and so their interest remain purely theoretical. In this context, this work introduces the CIVIS election system. CIVIS is a web-based system that implements ideas to fight coercive attacks. It is based on a secure coercion-resistant election scheme and it shows the applicability of this scheme to accomplish realistic elections. Besides introducing CIVIS, we show that a famous Internet-based election system used in Brazil does not satisfy important security properties for voting.
Towards Everlasting Privacy and Efficient Coercion Resistance in Remote Electronic Voting
Lecture Notes in Computer Science, 2019
In this work, we propose a first version of an e-voting scheme that achieves end-to-end verifiability, everlasting privacy and efficient coercion resistance in the JCJ setting. Everlasting privacy is achieved assuming an anonymous channel, without resorting to dedicated channels between the election authorities to exchange private data. In addition, the proposed scheme achieves coercion resistance under standard JCJ assumptions. As a core building block of our scheme, we also propose a new primitive called publicly auditable conditional blind signature (PACBS), where a client receives a token from the signing server after interaction; the token is a valid signature only if a certain condition holds and the validity of the signature can only be checked by a designated verifier. We utilize this primitive to blindly mark votes under coercion in an auditable manner.
Coercion-Resistant Blockchain-Based E-Voting Protocol
IACR Cryptol. ePrint Arch., 2020
Coercion resistance is one of the most important features of a secure voting procedure. Because of the properties such as transparency, decentralization, and non-repudiation, blockchain is a fundamental technology of great interest in its own right, and it also has large potential when integrated into many other areas. Here we propose a decentralized e-voting protocol that is coercion-resistant and vote-selling resistant, while being also completely transparent and not receipt-free. We prove the security of the protocol under the standard DDH assumption.
Revisiting Practical and Usable Coercion-Resistant Remote E-Voting
Lecture Notes in Computer Science, 2020
In this paper we revisit the seminal coercion-resistant e-voting protocol by Juels, Catalano and Jakobsson (JCJ) and in particular the attempts to make it usable and practical. In JCJ the user needs to handle cryptographic credentials and be able to fake these in case of coercion. In a series of three papers Neumann et al. analysed the usability of JCJ, and constructed and implemented a practical credential handling system using a smart card which unlock the true credential via a PIN code, respectively fake the credential via faking the PIN. We present several attacks and problems with the security of this protocol, especially an attack on coercion-resistance due to information leakage from the removal of duplicate ballots. Another problem, already stressed but not solved by Neumann et al, is that PIN typos happen frequently and would invalidate the cast vote without the voter being able to detect this. We construct different protocols which repair these problems. Further, the smart card is a trusted component which can invalidate cast votes without detection and can be removed by a coercer to force abstention, i.e. presenting a single point of failure. Hence we choose to make the protocols hardware-flexible i.e. also allowing the credentials to be store by ordinary means, but still being PIN based and providing PIN error resilience. Finally, one of the protocols has a linear tally complexity to ensure an efficient scheme also with many voters.
A coercion-resistant blockchain-based E-voting protocol with receipts
Advances in Mathematics of Communications, 2021
We propose a decentralized e-voting protocol that is coercion-resistant and vote-selling resistant, while being also completely transparent and not receipt-free. We achieve decentralization using blockchain technology. Because of the properties such as transparency, decentralization, and nonrepudiation, blockchain is a fundamental technology of great interest in its own right, and it also has large potential when integrated into many other areas. We prove the security of the protocol under the standard DDH assumption on the underlying prime-order cyclic group (e.g. the group of points of an elliptic curve), as well as under standard assumptions on blockchain robustness.
Coercion-Freeness in E-voting via Multi-Party Designated Verifier Schemes
2012
In this paper we present how multi-party designated verifier signatures can be used as generic solution to the coercion-freeness problem in electronic voting schemes. We illustrate the concept of multi-party designated verifier signatures with an enhanced version of Ghodosi and Pieprzyk [GP06]’s threshold signature scheme. The proposed scheme is efficient, secure, allows distributed computations of the sig- nature on the ballot receipt and can be parameterized to set a threshold on the number of required signers. The security of the designated verifier property is evaluated using the simulation paradigm [Gol00] based on the security analysis of [GHKR08]. Unlike previously provable schemes ours is ideal, i.e. the bit-lenght of each secret key share is bounded by the bit-lenght of the RSA modulus.
Multiple Candidates Coercion-Resistant Blockchain-Based E-Voting Protocol With Receipts
IACR Cryptol. ePrint Arch., 2021
This paper extends the two-candidate’s protocol of [11] to the multi-candidate case, making it applicable to elections where each voter expresses P preferences among M possible choices. The generalized protocol still achieves coercion and vote-selling resistance while being transparent, fully verifiable and receipt-based. The protocol relies on a generic blockchain with standard properties, and we prove the security of the construction under the standard Decisional Diffie Hellman assumption.
A pervasively verifiable online voting scheme
We present an improvement of Ohkubo et al.'s e-voting protocol [OMA + 99]: We provide that the validator's signature is attached directly to the vote although the vote has been encrypted before. Thus verifiability does not end before tallying like in the original scheme but is pervasive even beyond the end of the election. This prevents manipulation of the plaintext votes and offers verifiability to the public instead of restricting it to the talliers. Moreover, privacy can be ensured without using blind signatures, which facilitates receipt-freeness. Our variant of the scheme also allows the voter to seemingly comply with the demand of a coercer while actually casting the vote she intended.