Electronic voting promises the possibility of a convenient, efficient and secure facility for recording and tallying votes in an election. Recently highlighted inadequacies of implemented systems have demonstrated the importance of formally verifying the underlying voting protocols. We study three privacy-type properties of electronic voting protocols: in increasing order of strength, they are vote-privacy, receipt-freeness, and coercionresistance. We use the applied pi calculus, a formalism well adapted to modelling such protocols, which has the advantages of being based on well-understood concepts. The privacy-type properties are expressed using observational equivalence and we show in accordance with intuition that coercion-resistance implies receipt-freeness, which implies vote-privacy. We illustrate our definitions on three electronic voting protocols from the literature. Ideally, these three properties should hold even if the election officials are corrupt. However, protocols that were designed to satisfy receipt-freeness or coercion-resistance may not do so in the presence of corrupt officials. Our model and definitions allow us to specify and easily change which authorities are supposed to be trustworthy.

In this paper we formally study important properties of electronic voting protocols. In particular we are interested in coercion-resistance and receipt-freeness. Intuitively, an election protocol is coercion-resistant if a voter A cannot prove to a potential coercer C that she voted in a particular way. We assume that A cooperates with C in an interactive fashion. Receipt-freeness is a weaker property, for which we assume that A and C cannot interact during the protocol: to break receipt-freeness, A later provides evidence (the receipt) of how she voted. While receipt-freeness can be expressed using observational equivalence from the applied pi calculus, we need to introduce a new relation to capture coercion-resistance. Our formalization of coercion-resistance and receipt-freeness are quite different. Nevertheless, we show in accordance with intuition that coercion-resistance implies receipt-freeness, which implies privacy, the basic anonymity property of voting protocols, as defined in previous work. Finally we illustrate the definitions on a simplified version of the Lee et al. voting protocol.

In this paper, we propose two group-oriented (t; n) blind threshold signature schemes based on the discrete logarithm problem. By these schemes, any t out of n signers in a group can represent the group to sign blind threshold signatures. In our schemes, the size of a threshold signature is the same as the size of an individual signature and the signature verification process is simplified by means of a group public key. Our proposed schemes do not require the assistance of a mutually trusted authority. In addition each signer can select his own private key and the group public key is determined by all the members. The security of our schemes rely on the difficulty of computing discrete logarithm.

In this paper, we propose a scheme for providing anonymous channel service in wireless communications. By this service, many interesting applications, such as electronic elections, anonymous group discussions, with user identification confidential can be easily realized. No one can trace a sender's identification and no one but the authority centre can distinguish an anonymous message from a normal message when a user uses the anonymous channel. The user anonymity in our scheme is neither based on any trusted authority nor on the cooperation of all potential senders. Our scheme can be easily applied to existing wireless systems, such as GSM and CDPD, without changing their underlying structures. # 1999 Elsevier Science B.V. All rights reserved. Keywords: Anonymous channel; Authentication; Untraceable e-mail systems; Electronic elections; Anonymous group discussions; Privacy and security 1. Introduction Many applications, such as electronic voting schemes [1-- 3], anonymous group dis...

In this work we propose a secure electronic voting protocol that is suitable for large scale voting over the Internet. The protocol allows a voter to cast his or her ballot anonymously, by exchanging untraceable yet authentic messages. The protocol ensures that (i) only eligible voters are able to cast votes, (ii) a voter is able to cast only one vote, (iii) a voter is able to verify that his or her vote is counted in the final tally, (iv) nobody, other than the voter, is able to link a cast vote with a voter, and (v) if a voter decides not to cast a vote, nobody is able to cast a fraudulent vote in place of the voter. The protocol does not require the cooperation of all registered voters. Neither does it require the use of complex cryptographic techniques like threshold cryptosystems or anonymous channels for casting votes. This is in contrast to other voting protocols that have been proposed in the literature. The protocol uses three agents, other than the voters, for successful operation. However, we do not require any of these agents to be trusted. That is, the agents may be physically co-located or may collude with one another to try to commit a fraud. If a fraud is committed, it can be easily detected and proven, so that the vote can be declared null and void. Although we propose the protocol with electronic voting in mind, the protocol can be used in other applications that involve exchanging an untraceable yet authentic message. Examples of such applications are answering confidential questionnaire anonymously or anonymous financial transactions. Keywords: Security, Voting, Auction, Protocols, Internet Contact Address: Dr. Indrajit Ray Department of Computer and Information Science University of Michigan-Dearborn Dearborn, MI 48188 Phone: (313) 593-1793...

Abstract not found

Abstract. With the advent of Internet Communications Technologies (ICT), the use of cryptographic protocols is a technical response to the loss of all traditional means that were used so far to establish security in democratic elections. We employ simple cryptographic techniques to address the “abstaining voters ” problem in electronic elections with central administration. In such elections, voting authorities can cast a bogus vote on behalf of an authorized voter who decides to abstain. Our system is equitably fair: while a voter who registers for the election is allowed to abstain from voting (legal abstention), all registered voters who cast an encrypted vote must acknowledge, at some time later, the fact that they have voted. If not (illegal abstention), a cryptographic time capsule will be broken and their identity will be disclosed. Our system satisfies most requirements of a secure election and could be used in similar frameworks such as electronic polling and/or surveys over the Web.

In this paper, we propose a group-oriented fair blind (t; n) threshold signature scheme based on the discrete logarithm problem. By the scheme, any t out of n signers in a group can represent the group to sign fair blind threshold signatures, which can be used in anonymous e-cash systems. Since blind signature schemes provide perfect unlinkability, such e-cash systems can be misused by criminals, e.g. to safely obtain a ransom or to launder money. Our scheme allows the judge (or the government) to deliver information allowing anyone of the t signers to link his view of the protocol and the message-signature pair. In our scheme, the size of a fair blind threshold signature is the same as that of an individual fair blind signature and the signature verification process is simplified by means of a group public key. The security of our scheme relies on the difficulty of computing discrete logarithm. Keywords: Fair Blind Signatures, Threshold Signatures, Discrete Logarithm, Priva...

In this paper, we propose a group-oriented partially blind (t, n) threshold signature scheme based on the discrete logarithm problem. By the scheme, any t out of n signers in a group can represent the group to sign partially blind threshold signatures, which can be used in anonymous digital e-cash systems or secure voting schemes. By our proposed scheme, the growth of the bank's database was successfully minimized and the issue of e-coins is controlled by several authorities. Our proposed scheme can greatly simplify the voting processes when several elections are to be held in a short period of time by embedding information about each election in a partially blind threshold signature. In our scheme, the size of a partially blind threshold signature is the same as that of an individual partially blind signature and the signature verification process is simplified by a group public key. The security of our scheme relies on the difficulty of computing discrete logarithm.

We suggest a set of procedures utilising a range of technologies by which a major democratic deficit of modern society can be addressed. The mechanism, whilst it makes limited use of cryptographic techniques in the background, is based around objects and procedures with which voters are currently familiar. We believe that this holds considerable potential for the extension of democratic participation and control. HandiVote 3 HandiVote: Simple, Anonymous and Auditable Electronic Voting