We investigate the receipt-freeness issue of electronic voting protocols. Receipt-freeness means that a voter neither obtains nor is able to construct a receipt proving the content of his vote. [Hirt01] proposed a receipt-free voting scheme by introducing a third-party randomizer and by using divertible zero-knowledge proof of validity and designated verifier re-encryption proof. This scheme satisfies receipt-freeness under the assumption that the randomizer does not collude with a buyer and two-way untappable channel exists between voters and the randomizer.

It had been thought that it is di#cult to provide receiptfreeness in mixnet-based electronic voting schemes. Any kind of user chosen randomness can be used to construct a receipt, since a user can prove to a buyer how he had encrypted the ballot. In this paper we propose a simple and e#cient method to incorporate receipt-freeness in mixnetbased electronic voting schemes by using the well known re-encryption technique and designated verifier re-encryption proof (DVRP). In our scheme a voter has to prepare his encrypted ballot through a randomization service provided by a tamper resistant randomizer (TRR), in such a way that he finally loses his knowledge on randomness. This method can be used in most mixnet-based electronic voting scheme to provide receipt-freeness.

We present a voting protocol that protects voters ’ privacy and achieves universal verifiability, receipt-freeness, and uncoercibility without ad hoc physical assumptions or procedural constraints (such as untappable channels, voting booths, smart cards, third-party randomizers, and so on). We discuss under which conditions the scheme allows voters to cast write-in ballots, and we show how it can be practically implemented through voter-verified (paper) ballots. The scheme allows voters to combine voting credentials with their chosen votes applying the homomorphic properties of certain probabilistic cryptosystems.

We have designed an Internet voting system applicable for worldwide voting which is based on Ohkubo et. al.'s scheme [23] combined with Public Key Infrastructure (PKI). To the best of our knowledge, this is the first trial to serve secure Internet voting system to the world. In our system, voter's privacy is guaranteed by using blind signature and mix-net, and robustness is provided through the threshold encryption scheme. By employing Java technology, we propose a way of typical implementation for internet voting system. Furthermore, PKI permits worldwide key distribution and achieve "one certificate/one vote" policy. Therefore, anyone can participate in the voting if he gets a certificate from Certificate Authority (CA). By the joint work between Korean and Japanese teams, the implementation aims to select MVPs in 2002 FIFA World Cup Korea-Japan in easy and friendly manner for any Internet user to participate and enjoy Internet voting.

Electronic voting is an application of cryptography. Voting schemes that provide receipt-freeness prevents voters from proving their cast vote, and hence thwart vote-buying and coercion. We revise the contemporary state of research in electronic voting and propose an e#cient receipt-free voting scheme. Similar to the scheme of Hirt and Sako, it assumes the existence of untappable communication channels between the voter and the authorities. Compared to the receipt-free scheme of Hirt and Sako, the scheme described in this paper realizes an improvement of the total number of bits sent through the untappable channel by a factor L (number of possible votes/choices) while achieving the same security properties. We also discuss an implementation of the untappable channel.

In this paper, we analyse information leakage in Ryan’s Prêt à Voter with Paillier encryption scheme (PAV-Paillier). Our analysis shows that although PAV-Paillier seems to achieve a high level of voter privacy at first glance, it might still leak voter’s choice information in some circumstances. Some threats are trivial and have appeared in the literature, but others are more complicated because colluding adversaries may apply combined attacks. Several strategies have been suggested to mitigate these threats, but we have not resolved all the threats. We leave those unsolved threats as open questions. In order to describe our analysis in a logical manner, we will introduce an information leakage model to aid our analysis. We suggest that this model can be applied to analyse information leakage in other complex mixnet based e-voting schemes as well. Furthermore, we introduce a simplification of PAV-Paillier. In our proposal, without degrading security properties such as voter privacy, verifiability and reliability, we no longer need to apply the homomorphic property to absorb the voter’s choice index into the onion, thus we step back to employ the ElGamal encryption. This results in a simpler and more straightforward threshold cryptosystem. Some other attractive properties of our proposal scheme are: unlike traditional Prêt à Voter schemes, the candidate list in our scheme can be in alphabetical order. Our scheme not only handles approval elections, but also it handles ranked elections (e.g. Single Transferable Voting). Furthermore, our scheme mitigates the randomisation attack. 1

Abstract. All the currently existing homomorphic e-voting schemes are based on additive homomorphism. In this paper a new e-voting scheme based on multiplicative homomorphism is proposed. In the tallying phase, a decryption is performed to recover the product of the votes, instead of the sum of them (as in the additive homomorphic e-voting schemes). Then, the product is factorized to recover the votes. The new e-voting scheme is more efficient than the additive homomorphic e-voting schemes and more efficient than other voting schemes when the number of candidates is small. Strong vote privacy and public verifiability are obtained in the new e-voting scheme. 1

Electronic voting is an important cryptographic application. Groth presented some efficient non-interactive zero-knowledge (NIZK) arguments based on homomorphic integer commitments for voting. He investigated four types of e-voting schemes: limited vote, approval vote, divisible vote and Borda vote. Receipt-freeness means that a voter is unable to construct a receipt to convince others she has voted for a particular candidate. It is a security property to protect the election against vote buying and coercion. Groth’s schemes do not satisfy receipt-freeness for a voter can exploit the randomness she chooses in encryptions or commitments to construct a receipt. In this paper a receipt-free variant of the limited vote election protocol is constructed. A third party called “randomizer” is employed to re-encrypt the votes and to mask the commitments made by the voters while preserving the validity of the votes. The construction is generic and can be easily modified to introduce receipt-freeness into other types of Groth’s e-voting schemes.

For most elections, receipt-freeness is important – voters are unable to prove to others on how they voted, in order to prevent vote-buying. Many existing receipt-free electronic voting systems are not practical enough as they require voters to participate in the tallying phase (i.e. do not satisfy the vote-and-go requirement), or have no mechanism for the voters to verify whether their votes have been counted (i.e. do not satisfy universal verifiability). We propose a new way of constructing vote-and-go election system without tamper-resistant hardware, or anonymous channel. Receipt-freeness is guaranteed even if there is only one voting authority (in a distributed setting) being honest. Regarding the correctness, voter alone has no chance to tamper with the validity of the final tally, while any misbehaving authority can be detected (and proven to the public) by the tallying center. Robustness can be achieved by fixing the corrupted vote in a verifiable manner. Ballot secrecy cannot be compromised even if all tallying authorities collude.