One of the most challenging aspects in computer-supported voting is to combine the apparently conflicting requirements of privacy and verifiability. On the one hand, privacy requires that a vote cannot be traced back from the result to a voter, while on the other hand, verifiability states that a voter can trace the effect of her vote on the result. This can be addressed using various privacy-enabling cryptographic primitives which also offer verifiability. As more and more refined voting systems were proposed, understanding of first privacy and later verifiability in voting increased, and notions of privacy as well as notions of verifiability in voting became increasingly more refined. This has culminated in a variety of verifiable systems that use cryptographic primitives to ensure specific kinds of privacy. However, the corresponding privacy and verifiability claims are not often verified independently. When they are investigated, claims have been invalidated sufficiently often to warrant a cautious approach to them. The multitude of notions, primitives and proposed solutions that claim to achieve both privacy and verifiability form an interesting but complex landscape. The purpose of this paper is to survey this landscape by providing an overview of the methods, developments and current trends regarding privacy and verifiability in voting systems.

We present a symbolic definition of election verifiability for electronic voting protocols. Our definition is given in terms of reachability assertions in the applied pi calculus and is amenable to automated reasoning using the tool ProVerif. The definition distinguishes three aspects of verifiability, which we call individual, universal, and eligibility verifiability. It also allows us to determine precisely what aspects of the system are required to be trusted. We demonstrate our formalism by analysing the protocols due to Fujioka, Okamoto & Ohta and Juels, Catalano & Jakobsson; the latter of which has been implemented by Clarkson, Chong & Myers.

Abstract: Voter privacy and verifiability are fundamental security concepts for electronic voting. Existing literature on electronic voting provides many definitions and interpretations of these concepts, both informal and formal. While the informal definitions are often vague and imprecise, the formal definitions tend to be very complex and restricted in their scope as they are usually tailored for specific scenarios. Moreover, some of the existing interpretations are contradictory. This paper provides informal, yet precise definitions of anonymity, receipt-freeness and coercion-resistance and identifies different levels of individual and universal verifiability. The overarching goal of this paper is to investigate which levels are conceivable for implementing these requirements in e-voting systems for elections of different significance (for instance political elections vs. elections in associations). 1

We present a survey on electronic voting schemes. We first summarize properties than such protocols should guarantee. In a second time we describe cryptographic primitives used in the context of electronic elections. Using these definitions we present a list of protocols and for each protocol we mention claimed, supposed, achieved or proven properties. When it is possible we also give existing or new attacks.

Definitions of election verifiability in the computational model of cryptography are proposed. The definitions formalize notions of voters verifying their own votes, auditors verifying the tally of votes, and auditors verifying that only eligible voters vote. The Helios (Adida et al., 2009) and JCJ (Juels et al., 2010) election schemes are analyzed using these definitions. Helios 4.0 satisfies the definitions, but Helios 2.0 does not because of previously known attacks. JCJ does not satisfy the definitions because of a trust assumption it makes, but it does satisfy a weakened definition. Two previous definitions of verifiability (Juels et al., 2010; Cortier et al., 2014) are shown to permit election schemes vulnerable to attacks, whereas the new definitions prohibit those schemes.

We propose a new voting scheme, BeleniosRF, that offers both strong receipt-freeness and end-to-end verifiability. It is strongly receipt-free in the sense that even dishonest voters cannot prove how they voted. We give a game-based definition capturing this property, inspired by and improving the original receipt-freeness definition by Benaloh and Tuinstra. Built upon the Helios protocol, BeleniosRF inherits from its simplicity. 1

Abstract not found

Abstract Blind signatures allow users to obtain signatures on messages hidden from the signer; moreover, the signer cannot link the resulting message/signature pair to the signing session. This paper presents blind signature schemes, in which the number of interactions between the user and the signer is minimal and whose blind signatures are short. Our schemes are defined over bilinear groups and are proved secure in the common-reference-string model without random oracles and under standard assumptions: CDH and the decision-linear assumption. (We also give variants over asymmetric groups based on similar assumptions.) The blind signatures are Waters signatures, which consist of 2 group elements. Moreover, we instantiate partially blind signatures, where the message consists of a part hidden from the signer and a commonly known public part, and schemes achieving perfect blindness. We propose new variants of blind signatures, such as signer-friendly partially blind signatures, where the public part can be chosen by the signer without prior agreement, 3-party blind signatures, as well as blind signatures on multiple aggregated messages provided by independent sources. We also extend Waters signatures to non-binary alphabets by proving a new result on the underlying hash function.

ABSTRACT. Recently, Küsters, Truderung, and Vogt have proposed a simple, yet widely applicable and formal definition of coercion-resistance for voting protocols, which allows to precisely quantify the level of coercion-resistance a protocol provides. In this paper, we use their definition to analyze coercion-resistance of Scantegrity II, one of the most prominent voting systems used in practice. We show that the level of coercion-resistance of Scantegrity II is as high as the one of an ideal voting system, under the assumption that the workstation and the PRNG used in Scantegrity II are honest. 1

Helios 2.0 is an open-source web-based end-to-end verifiable electronic voting system, suitable for use in low-coercion environments. In this report, we present an attack against ballot secrecy, a fix and a cryptographic proof of the corrected version of Helios. 1