Results 1 - 10
of
19
Accountability: definition and relationship to verifiability
- In Proceedings of the 17th ACM conference on Computer and communications security, CCS ’10
, 2010
"... Many cryptographic tasks and protocols, such as non-repudiation, contract-signing, voting, auction, identity-based encryption, and certain forms of secure multi-party computation, involve the use of (semi-)trusted parties, such as notaries and authorities. It is crucial that such parties can be held ..."
Abstract
-
Cited by 34 (6 self)
- Add to MetaCart
(Show Context)
Many cryptographic tasks and protocols, such as non-repudiation, contract-signing, voting, auction, identity-based encryption, and certain forms of secure multi-party computation, involve the use of (semi-)trusted parties, such as notaries and authorities. It is crucial that such parties can be held accountable in case they misbehave as this is a strong incentive for such parties to follow the proto-col. Unfortunately, there does not exist a general and convincing definition of accountability that would allow to assess the level of accountability a protocol provides. In this paper, we therefore propose a new, widely applicable def-inition of accountability, with interpretations both in symbolic and computational models. Our definition reveals that accountability is closely related to verifiability, for which we also propose a new definition. We prove that verifiability can be interpreted as a re-stricted form of accountability. Our findings on verifiability are of independent interest. As a proof of concept, we apply our definitions to the analy-sis of protocols for three different tasks: contract-signing, voting, and auctions. Our analysis unveils some subtleties and unexpected weaknesses, showing in one case that the protocol is unusable in practice. However, for this protocol we propose a fix to establish a reasonable level of accountability. 1.
Prêt à voter: a voter-verifiable voting system
- IEEE TRANSIFS
, 2009
"... Prêt à Voter provides a practical approach to end-to-end verifiable elections with a simple, familiar voter-expe-rience. It assures a high degree of transparency while preserving secrecy of the ballot. Assurance arises from the auditability of the election itself, rather than the need to place trus ..."
Abstract
-
Cited by 27 (14 self)
- Add to MetaCart
(Show Context)
Prêt à Voter provides a practical approach to end-to-end verifiable elections with a simple, familiar voter-expe-rience. It assures a high degree of transparency while preserving secrecy of the ballot. Assurance arises from the auditability of the election itself, rather than the need to place trust in the system components. The original idea has undergone several revisions and enhancements since its inception in 2004, driven by the iden-tification of threats, the availability of improved cryptographic primitives, and the desire to make the scheme as flexible as possible. This paper presents the key elements of the approach and describes the evolution of the design and their suitability in various contexts. We also describe the voter experience, and the security properties that the schemes provide.
A Game-Based Definition of Coercion-Resistance and its Applications
, 2009
"... Coercion-resistance is one of the most important and intricate security requirements for voting protocols. Several definitions of coercion-resistance have been proposed in the literature, both in cryptographic settings and more abstract, symbolic models. However, unlike symbolic approaches, only ver ..."
Abstract
-
Cited by 26 (2 self)
- Add to MetaCart
(Show Context)
Coercion-resistance is one of the most important and intricate security requirements for voting protocols. Several definitions of coercion-resistance have been proposed in the literature, both in cryptographic settings and more abstract, symbolic models. However, unlike symbolic approaches, only very few voting protocols have been rigorously analyzed within the cryptographic setting. A major obstacle is that existing cryptographic definitions of coercion-resistance tend to be complex and limited in scope: They are often tailored to specific classes of protocols or are too demanding. In this paper, we therefore present a simple and intuitive cryptographic definition of coercion-resistance, in the style of game-based definitions. This definition allows to precisely measure the level of coercion-resistance a protocol provides. As the main technical contribution of this paper, we apply our definition to two voting systems, namely, the Bingo voting system and ThreeBallot. The results we obtain are out of the scope of existing approaches. We show that the Bingo voting system provides the same level of coercion-resistance as an ideal voting system. We also precisely measure the degradation of coercion-resistance of ThreeBallot in case the so-called short ballot assumption is not met and show that the level of coercion-resistance ThreeBallot provides is significantly lower than that of an ideal system, even in case of short ballots. 1
A Taxonomy of Privacy in Voting Protocols
, 2011
"... Privacy is one of the main issues in electronic voting. We propose a modular family of symbolic privacy notions that allows to assess the level of privacy ensured by a voting protocol. Our definitions are applicable to protocols featuring multiple votes per voter and special attack scenarios such as ..."
Abstract
-
Cited by 12 (5 self)
- Add to MetaCart
Privacy is one of the main issues in electronic voting. We propose a modular family of symbolic privacy notions that allows to assess the level of privacy ensured by a voting protocol. Our definitions are applicable to protocols featuring multiple votes per voter and special attack scenarios such as vote-copying or forced abstention. Finally we employ our definitions on several existing voting protocols to show that our model allows to compare different types of protocols based on different techniques, and is suitable for automated verification using existing tools.
The Prêt à voter verifiable election system
"... ... several revisions and enhancements since its inception in 2004, resulting in a family of election systems designed to provide end-to-end verifiability and a high degree of transparency while ensuring secrecy of the ballot. Assurance for these systems arises from the auditability of the election ..."
Abstract
-
Cited by 11 (1 self)
- Add to MetaCart
... several revisions and enhancements since its inception in 2004, resulting in a family of election systems designed to provide end-to-end verifiability and a high degree of transparency while ensuring secrecy of the ballot. Assurance for these systems arises from the auditability of the election itself, rather than the need to place trust in the system components. This paper brings together the variations of Prêt a ̀ Voter, presents their design, describes the voter experience, and considers the security properties that they provide.
Vote-independence: A powerful privacy notion for voting protocols
, 2011
"... Abstract. Recently an attack on ballot privacy in Helios has been discovered [20], which is essentially based on copying other voter’s votes. To capture this and similar attacks, we extend the classical threat model and introduce a new security notion for voting protocols: Vote-Independence. We give ..."
Abstract
-
Cited by 9 (5 self)
- Add to MetaCart
(Show Context)
Abstract. Recently an attack on ballot privacy in Helios has been discovered [20], which is essentially based on copying other voter’s votes. To capture this and similar attacks, we extend the classical threat model and introduce a new security notion for voting protocols: Vote-Independence. We give a formal definition and analyze its relationship to established privacy properties such as Vote-Privacy, Receipt-Freeness and Coercion-Resistance. In particular we show that even Coercion-Resistant protocols do not necessarily ensure Vote-Independence.
Versatile Prêt à Voter: Handling multiple election methods with a unified interface
- In INDOCRYPT
, 2010
"... Abstract. A number of end-to-end verifiable voting schemes have been introduced recently. These schemes aim to allow voters to verify that their votes have contributed in the way they intended to the tally and in addition allow anyone to verify that the tally has been generated correctly. These goal ..."
Abstract
-
Cited by 9 (6 self)
- Add to MetaCart
(Show Context)
Abstract. A number of end-to-end verifiable voting schemes have been introduced recently. These schemes aim to allow voters to verify that their votes have contributed in the way they intended to the tally and in addition allow anyone to verify that the tally has been generated correctly. These goals must be achieved while maintaining voter privacy and providing receipt-freeness. However, most of these end-to-end voting schemes are only designed to handle a single election method and the voter interface varies greatly between different schemes. In this paper, we introduce a scheme which handles many of the popular election methods that are currently used around the world. Our scheme not only ensures privacy, receipt-freeness and end-to-end verifiability, but also keeps the voter interface simple and consistent between various election methods.
Defining privacy for weighted votes, single and multi-voter coercion
- IN: ESORICS 2012. LNCS
, 2012
"... Most existing formal privacy definitions for voting protocols are based on observational equivalence between two situations where two voters swap their votes. These definitions are unsuitable for cases where votes are weighted. In such a case swapping two votes can result in a different outcome and ..."
Abstract
-
Cited by 8 (4 self)
- Add to MetaCart
(Show Context)
Most existing formal privacy definitions for voting protocols are based on observational equivalence between two situations where two voters swap their votes. These definitions are unsuitable for cases where votes are weighted. In such a case swapping two votes can result in a different outcome and both situations become trivially distinguishable. We present a definition for privacy in voting protocols in the applied π-calculus that addresses this problem. Using our model, we are also able to define multi-voter coercion, i.e. situations where several voters are attacked at the same time. Then we prove that under certain realistic assumptions a protocol secure against coercion of a single voter is also secure against coercion of multiple voters. This applies for Receipt-Freeness as well as Coercion-Resistance.
Verifiability, privacy, and coercion-resistance: New insights from a case study
- In IEEE Symposium on Security and Privacy
, 2011
"... In this paper, we present new insights into central properties of voting systems, namely verifiability, privacy, and coercion-resistance. We demonstrate that the combination of the two forms of verifiability considered in the literature—individual and universal verifiability—are, unlike commonly bel ..."
Abstract
-
Cited by 8 (0 self)
- Add to MetaCart
(Show Context)
In this paper, we present new insights into central properties of voting systems, namely verifiability, privacy, and coercion-resistance. We demonstrate that the combination of the two forms of verifiability considered in the literature—individual and universal verifiability—are, unlike commonly believed, insufficient to guarantee overall verifiability. We also demonstrate that the relationship between coercion-resistance and privacy is more subtle than suggested in the literature. Our findings are partly based on a case study of prominent voting systems, ThreeBallot and VAV, for which, among others, we show that, unlike commonly believed, they do not provide any reasonable level of verifiability, even though they satisfy individual and universal verifiability. Also, we show that the original variants of ThreeBallot and VAV provide a better level of coercion-resistance than of privacy.
Proving Coercion-Resistance of Scantegrity II
- Proceedings of the 12th International Conference on Information and Communications Security (ICICS 2010), volume 6476 of Lecture Notes in Computer Science
, 2010
"... Abstract. By now, many voting protocols have been proposed that, among others, are designed to achieve coercion-resistance, i.e., resis-tance to vote buying and voter coercion. Scantegrity II is among the most prominent and successful such protocols in that it has been used in several elections. How ..."
Abstract
-
Cited by 7 (1 self)
- Add to MetaCart
(Show Context)
Abstract. By now, many voting protocols have been proposed that, among others, are designed to achieve coercion-resistance, i.e., resis-tance to vote buying and voter coercion. Scantegrity II is among the most prominent and successful such protocols in that it has been used in several elections. However, almost none of the modern voting proto-cols used in practice, including Scantegrity II, has undergone a rigorous cryptographic analysis. In this paper, we prove that Scantegrity II enjoys an optimal level of coercion-resistance, i.e., the same level of coercion-resistance as an ideal voting protocol (which merely reveals the outcome of the election), ex-cept for so-called forced abstention attacks. This result is obtained under the (necessary) assumption that the workstation used in the protocol is honest. Our analysis is based on a rigorous cryptographic definition of coercion-resistance we recently proposed. We argue that this definition is in fact the only existing cryptographic definition of coercion-resistance suitable for analyzing Scantegrity II. Our case study should encourage and facili-tate rigorous cryptographic analysis of coercion-resistance also for other voting protocols used in practice. 1
