VERICONDOR: End-to-End Verifiable Condorcet Voting without Tallying Authorities

Condorcet voting, first proposed by Marquis de Condorcet in the 18th century, chooses a winner of an election as one that defeats every other candidate by a simple majority. According to Condorcet's criterion, a Condorcet winner is the socially optimal choice in a multi-candidate election. However, despite the crucial importance of this voting system in social-choice theory, it has not been widely used in practical applications. This is partly due to the complex tallying procedure, and also the fact that several candidates may form a tie. Existing systems that provide online Condorcet voting services in the real world try to speed up the tallying process by collecting and tallying Condorcet ballots in a digital form. However, they require voters to completely trust the server. In this paper, we propose VERICONDO, the first end-to-end verifiable Condorcet e-voting system without any tallying authorities. Our system allows a voter to fully verify the tallying integrity without involving any trustworthy tallying authorities and provides strong protection of the ballot secrecy. One main challenge in our work lies in proving the well-formedness of an encrypted ballot while being able to tally the ballots in a publicly verifiable yet privacy-preserving manner. We overcome this challenge by adopting a pairwise comparison matrix and applying a novel vector-sum technique to achieve exceptional efficiency. The overall computational cost per ballot is O (n2) where n is the number of candidates. This is probably the best that one may hope for given the use of a n x n matrix to record a Condorcet ballot. In case of a tie, we show how to apply known Condorcet methods to break the tie in a publicly verifiable manner. Finally, we present a prototype implementation and benchmark performance to show the feasibility of our system.