Nothing Special   »   [go: up one dir, main page]

Skip to main content
Log in

Receipt-free remote electronic elections with everlasting privacy

  • Published:
Annals of Telecommunications Aims and scope Submit manuscript

Abstract

We present a new cryptographic voting protocol for remote electronic voting that offers three of the most challenging features of such protocols: verifiability, everlasting privacy, and receipt-freeness. Trusted authorities and computational assumptions are only needed during vote casting and tallying to prevent the creation of invalid ballots and to achieve receipt-freeness and fairness, but not to guarantee vote privacy. The implementation of everlasting privacy is based on perfectly hiding commitments and non-interactive zero-knowledge proofs, whereas receipt-freeness is realized with mix networks and homomorphic tallying.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

Notes

  1. To ensure that generators are independent, they need to be generated in some publicly reproducible way, for example by deriving them from a common reference string.

  2. We are aware that requiring a secure platform is a strong assumption. We do not explicitly address this problem in this paper, but our protocol allows voters at least to detect a compromised platform as long as they can read the bulletin board in a secure way.

  3. To ensure that u has been computed from fresh values (α,β,γ), the voter could be asked to prove knowledge of (α,β,γ) by computing \(\mathit {NIZKP}[(\alpha ,\beta ,\gamma ):u = h_{1}^{\alpha }h_{2}^{\beta }h_{3}^{\gamma }]\). As this is not an essential step for our protocol, we omit it in our presentation.

  4. At first sight, it may appear that π 2 and π 3 are very similar proofs, but a subtle difference disallows π 2 to be implemented as a standard preimage proof. The subtlety lies in the fact that u and \(\hat {u}\) are both elements of \(\mathbb {G}_{q}\), but to use u as input of \(\text {com}_{p}:\mathbb {Z}_{p}\times \mathbb {Z}_{p}\rightarrow \mathcal {G}_{p}\), it needs to be interpreted as an element of \(\mathbb {Z}_{p}\). As a consequence, com p is not a group homomorphism with respect to (α,β,γ), i.e., the preconditions for constructing a preimage proof are not satisfied.

  5. The bulletin board could also accept multiple copies of the same ballot, which then need to be eliminated in the tallying phase. But this makes preventing replay and board flooding attacks more complicated.

  6. Shuffling and decrypting a list of ciphertexts can be performed in a single serial process [38]. This is an optional implementation variant of our protocol, which we do not pursue here.

  7. By mixing up list and set operations in one expression, we slightly abuse standard mathematical notation.

  8. Some lists are implicitly given: E F (follows from B), \(\mathbf {E}^{\prime }\) (follows from \(\mathbf {EF}^{\prime }\)), F H (follows from H and \(\mathbf {EF}^{\prime }\)), and \(\mathbf {V}^{\prime }\) (follows from V). As such, they need not to be published, but we include them for improved clarity.

  9. In case x is shared among multiple authorities, the literal y = h x in π 4 can be replaced by a disjunction \(\bigvee _{\!j} (y_{j}=h^{x_{i}})\), where x i is a single private key share of an individual trusted authority and y j are corresponding public values of all trusted authorities. In this way, null votes can be generated individually by a single trusted authority.

  10. An additive vote encoding capable of representing all possible election results is necessary for this.

  11. The security parameter K determines the soundness of the proof. We adopt the recommendation of K≥80 from [4].

References

  1. Arapinis M, Cortier V, Kremer S, Ryan M (2013) Practical everlasting privacy. In: Basin D, Mitchell J (eds) POST’13, 2nd conference on principles of security and trust, LNCS 7796, Rome, pp 21–40

  2. Araújo R, Foulle S, Traoré J (2007) A practical and secure coercion-resistant scheme for remote elections. In: Chaum D, Kutylowski M, Rivest RL, Ryan PYA (eds) FEE’07, Workshop on frontiers in electronic elections. Schloss Dagstuhl, Germany, pp 330–342

  3. Araújo R, Foulle S, Traoré J (2010) A practical and secure coercion-resistant scheme for internet voting. In: Chaum D, Jakobsson M, Rivest R, Ryan PYA, Benaloh J, Kutylowski M, Adida B (eds) Towards trustworthy elections: new directions in electronic voting, LNCS 6000. Springer, pp 330–342

  4. Au MH, Susilo W, Mu Y (2010) Proof-of-knowledge of representation of committed value and its applications. In: Steinfeld R, Hawkes P (eds) ACISP’10, 15th Australasian conference on information security and privacy, LNCS 6168, Sydney, pp 352–369

  5. Bayer S, Groth J (2012) Efficient zero-knowledge argument for correctness of a shuffle. In: Pointcheval D, Johansson T (eds) EUROCRYPT’12, 31st annual international conference on theory and applications of cryptographic techniques, LNCS 7237, Cambridge, pp 263–280

  6. Bayer S, Groth J (2013) Zero-knowledge argument for polynomial evaluation with application to blacklists. In: Johansson T, Nguyen PQ (eds) EUROCRYPT’13, 32nd annual international conference on the theory and applications of cryptographic techniques, LNCS 7881, Athens, pp 646–663

  7. Benaloh J, Tuinstra D (1994) Receipt-free secret-ballot elections. In: STOC’94, 26th Annual ACM symposium on theory of computing. Montréal, pp 544–553

  8. Brands S (2000) Rethinking public key infrastructures and digital certificates: building in privacy. MIT Press

  9. Brands S, Demuynck L, De Decker B (2007) A practical system for globally revoking the unlinkable pseudonyms of unknown users. In: Pieprzyk J, Ghodosi H, Dawson E (eds) ACISP’07, 12th Australasian conference on information security and privacy, LNCS 4586, Townsville, pp 400–415

  10. Buchmann J, Demirel D, van de Graaf J (2013) Towards a publicly-verifiable mix-net providing everlasting privacy. In: Sadeghi AR (ed) FC’13, 17th International conference on financial cryptography, LNCS 7859, Okinawa, pp 197–204

  11. Camenisch J, Chaabouni R, Shelat A (2008) Efficient protocols for set membership and range proofs. In: Pieprzyk J (ed) ASIACRYPT’08, 14th International conference on the theory and application of cryptology and information security, LNCS 5350, Melbourne, pp 234–252

  12. Camenisch J, Stadler M (1997) Efficient group signature schemes for large groups. In: Kaliski BS Jr (ed) CRYPTO’97, 17th Annual international cryptology conference on advances in cryptology, LNCS 1294, Santa Barbara, pp 410–424

  13. Canard S, Traoré J (2003) List signature schemes and application to electronic voting. In: Augot D, Charpin P, Kabatianski G (eds) WCC’03, 3rd International workshop on coding and cryptography, Versailles, pp 81–90

  14. Chaum D (1988) The dining cryptographers problem: unconditional sender and recipient untraceability. J Cryptol 1(1):65–75

    Article  MathSciNet  MATH  Google Scholar 

  15. Clark J, Hengartner U (2011) Selections: internet voting with over-the-shoulder coercion-resistance. In: Danezis G (ed) FC’11, 15th International conference on financial cryptography, LNCS 7035, St. Lucia, pp 47–61

  16. Cranor LF, Cytron RK (1996) Design and implementation of a practical security-conscious electronic polling system. Tech. Rep. WUCS-96-02. Washington University

  17. Cuvelier E, Pereira O, Peters T (2013) Election verifiability or ballot privacy : Do we need to choose? In: Crampton J, Jajodia S, Mayes K (eds) ESORICS’13, 18th European conference on research in computer security, LNCS 8134, Egham, pp 481–498

  18. Demirel D, Henning M, van de Graaf J, Ryan PYA, Buchmann (2013) Pret à Voter̂ providing everlasting privacy. In: Heather J, Schneider S, Teague V (eds) VoteID’13, 4th International conference on e-voting and identity, LNCS 7985, Guildford, pp 156–175

  19. Demirel D, van de Graaf J, Araújo R (2012) Improving Helios with everlasting privacy towards the public. In: Halderman JA, Pereira O (eds) EVT/WOTE’12, Electronic voting technology workshop/workshop on trustworthy elections, Bellevue

  20. Fiat A, Shamir A (1986) How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko AM (ed) CRYPTO’86, 6th Annual international cryptology conference on advances in cryptology, Santa Barbara, pp 186–194

  21. Fujioka A, Okamoto T, Ohta K (1992) A practical secret voting scheme for large scale elections. In: Seberry J, Zheng Y (eds) ASIACRYPT’92, Workshop on the theory and application of cryptographic techniques, LNCS 718, Gold Coast, pp 244–251

  22. Groth J (2005) Non-interactive zero-knowledge arguments for voting. In: Ioannidis J, Keromytis A, Yung M (eds) ACNS’05, 3th International conference on applied cryptography and network security, LNCS 3531, New York, pp 467–482

  23. Haenni R, Koenig RE (2013) A generic approach to prevent board flooding attacks in coercion-resistant electronic voting schemes. Comput Secur 33:59–69

    Article  Google Scholar 

  24. Hirt M, Sako K (2000) Efficient receipt-free voting based on homomorphic encryption. In: Goos G, Hartmanis J, van Leeuwen J (eds) EUROCRYPT’00, 19th International conference on the theory and applications of cryptographic techniques, LNCS 1807, Bruges, pp 539–556

  25. Juang WS, Liaw HT (2004) Fair blind threshold signatures in wallet with observers. J Syst Softw 72 (1):25–31

    Article  Google Scholar 

  26. Juels A, Catalano D, Jakobsson M (2005) Coercion-resistant electronic elections. In: Atluri V, De Capitani di Vimercati S, Dingledine R (eds) WPES’05, 4th ACM workshop on privacy in the electronic society, Alexandria, pp 61–70

  27. Kulyk O, Teague V, Volkamer M (2015) Extending helios towards private eligibility verifiability. In: Haenni R, Koenig RE, Wikström D (eds) VoteID’15, 5th International conference on e-voting and identity, LNCS 9269, Bern, pp 57–73

  28. Locher P, Haenni R (2015) Verifiable internet elections with everlasting privacy and minimal trust. In: Haenni R, Koenig RE, Wikström D (eds) VoteID’15, 5th International conference on e-voting and identity, LNCS 9269, Bern, pp 74–91

  29. Moran T, Naor M (2006) Receipt-free universally-verifiable voting with everlasting privacy. In: Dwork C (ed) CRYPTO’06, 26th Annual international cryptology conference on advances in cryptology, LNCS 4117, Santa Barbara, pp 373–392

  30. Moran T, Naor M (2007) Split-ballot voting: everlasting privacy with distributed trust. In: Ning P, de Capitani di Vimercati S, Syverson P (eds) CCS’07, 14th ACM conference on computer and communications security, Alexandria, pp 246–255

  31. Moran T, Naor M (2010) Split-ballot voting: everlasting privacy with distributed trust. ACM Trans Inf Syst Secur 13(2):16:1–16:43

    Article  Google Scholar 

  32. Okamoto T (1997) Receipt-free electronic voting schemes for large scale elections. In: Christianson B, Crispo B, Lomas TMA, Roe M (eds) 5th International security protocols workshop, LNCS 1361, Paris, pp 25–35

  33. Rivest RL, Smith WD (2007) Three voting protocols: ThreeBallot, VAV, and Twin. In: EVT’07, USENIX/ACCURATE Electronic voting technology workshop. Boston

  34. Sako K, Kilian J (1995) Receipt-free mix-type voting scheme: a practical solution to the implementation of a voting booth. In: Guillou LC, Quisquater JJ (eds) EUROCRYPT’95, 14th International conference on the theory and applications of cryptographic techniques, LNCS 921, Saint-Malo, pp 393–403

  35. Schläpfer M, Haenni R, Koenig RE, Spycher O (2011) Efficient vote authorization in coercion-resistant internet voting. In: Kiayias A, Lipmaa H (eds) VoteID’11, 3rd International conference on e-voting and identity, LNCS 7187, Tallinn, pp 71–88

  36. Spycher O, Koenig RE, Haenni R, Schläpfer M (2011) A new approach towards coercion-resistant remote e-voting in linear time. In: Danezis G (ed) FC’11, 15th International conference on financial cryptography, LNCS 7035, St. Lucia, pp 182– 189

  37. Terelius B, Wikström D (2010) Proofs of restricted shuffles. In: Bernstein DJ, Lange T (eds) AFRICACRYPT’10, 3rd International conference on cryptology in Africa, LNCS 6055, Stellenbosch, pp 100–113

  38. Wikström D (2009) A commitment-consistent proof of a shuffle. In: Boyd C, González Nieto J (eds) ACISP’09, 14th Australasian conference on information security and privacy, LNCS 5594, Brisbane, pp 407–421

  39. Xia Z, Schneider S (2006) A new receipt-free e-voting scheme based on blind signature. In: WOTE’06, IAVoSS Workshop on trustworthy elections. Cambridge, pp 127–135

Download references

Acknowledgments

Research supported by the Swiss National Science Foundation (project No. 200021L_140650).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Philipp Locher.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Locher, P., Haenni, R. Receipt-free remote electronic elections with everlasting privacy. Ann. Telecommun. 71, 323–336 (2016). https://doi.org/10.1007/s12243-016-0519-6

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12243-016-0519-6

Keywords

Navigation