Abstract
Many voter-verifiable, coercion-resistant schemes have been proposed, but even the most carefully designed systems necessarily leak information via the announced result. In corner cases, this may be problematic. For example, if all the votes go to one candidate then all vote privacy evaporates. The mere possibility of candidates getting no or few votes could have implications for security in practice: if a coercer demands that a voter cast a vote for such an unpopular candidate, then the voter may feel obliged to obey, even if she is confident that the voting system satisfies the standard coercion resistance definitions. With complex ballots, there may also be a danger of “Italian” style (aka “signature”) attacks: the coercer demands the voter cast a ballot with a specific, identifying pattern.
Here we propose an approach to tallying end-to-end verifiable schemes that avoids revealing all the votes but still achieves whatever confidence level in the announced result is desired. Now a coerced voter can claim that the required vote must be amongst those that remained shrouded. Our approach is based on the well-established notion of Risk-Limiting Audits, but here applied to the tally rather than to the audit. We show that this approach counters coercion threats arising in extreme tallies and “Italian” attacks. We illustrate our approach by applying it to the Selene scheme, and we extend the approach to Risk-Limiting Verification, where not all vote trackers are revealed, thereby enhancing the coercion mitigation properties of Selene.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
The trustworthiness of the underlying records should be assessed by a compliance audit [25]. A RLA that relies on an untrustworthy record cannot reliably assess whether outcomes reflect how voters voted.
- 2.
In our case, the items will be ballots, and their labels will represent votes; see Sect. 4.2.
- 3.
Private communication.
References
Adida, B., de Marneffe, O., Pereira, O., Quisquater, J.-J.: Electing a university president using open-audit voting: analysis of real-world use of Helios. In: Proceedings of EVT/WOTE (2009)
Adida, B., Neff, C.A.: Ballot casting assurance. In: Proceedings of the USENIX/Accurate Electronic Voting Technology Workshop 2006 on Electronic Voting Technology Workshop, EVT 2006, p. 7 (2006)
Basin, D.A., Radomirovic, S., Schmid, L.: Alethea: a provably secure random sample voting protocol. In: 31st IEEE Computer Security Foundations Symposium, CSF 2018, pp. 283–297 (2018)
Benaloh, J., Tuinstra, D.: Receipt-free secret-ballot elections. In: Proceedings of the Twenty-Sixth Annual ACM Symposium on Theory of Computing, pp. 544–553. ACM (1994)
Benaloh, J.: Simple verifiable elections. In: Proceedings of the USENIX/Accurate Electronic Voting Technology Workshop 2006 on Electronic Voting Technology Workshop, EVT 2006, p. 5 (2006)
Canard, S., Pointcheval, D., Santos, Q., Traoré, J.: Practical strategy-resistant privacy-preserving elections. In: Lopez, J., Zhou, J., Soriano, M. (eds.) ESORICS 2018. LNCS, vol. 11099, pp. 331–349. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98989-1_17
Chaum, D.: Random-sample voting. http://rsvoting.org/whitepaper/white_paper.pdf
Chaum, D., Ryan, P.Y.A., Schneider, S.: A practical voter-verifiable election scheme. In: di Vimercati, S.C., Syverson, P., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 118–139. Springer, Heidelberg (2005). https://doi.org/10.1007/11555827_8
Cohen, J.: Improving privacy in cryptographic elections. Technical report (1986)
Delaune, S., Kremer, S., Ryan, M.: Verifying privacy-type properties of electronic voting protocols: a taster. In: Chaum, D., et al. (eds.) Towards Trustworthy Elections. LNCS, vol. 6000, pp. 289–309. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12980-3_18
Evans, S.N., Stark, P.B.: Confidence bounds for the mean of a non-negative population (2019, in press)
Juels, A., Catalano, D., Jakobsson, M.: Coercion-resistant electronic elections. In: Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society, pp. 61–70. ACM (2005)
Kiayias, A., Zacharias, T., Zhang, B.: DEMOS-2: scalable E2E verifiable elections without random oracles. In: Proceedings of CCS, pp. 352–363 (2015)
Küsters, R., Truderung, T., Vogt, A.: A game-based definition of coercion-resistance and its applications. In: Proceedings of IEEE Computer Security Foundations Symposium (CSF), pp. 122–136 (2010)
Lindeman, M., Stark, P.B., Yates, V.: BRAVO: ballot-polling risk-limiting audits to verify outcomes. In: Proceedings of EVT/WOTE 2011 (2012)
Lindeman, M., Stark, P.B.: A gentle introduction to risk-limiting audits. IEEE Secur. Priv. 10, 42–49 (2012)
Micali, S.: ALGORAND: the efficient and democratic ledger. CoRR, abs/1607.01341 (2016)
Ottoboni, K., Stark, P.B., Lindeman, M., McBurnett, N.: Risk-limiting audits by stratified union-intersection tests of elections (SUITE). In: Krimmer, R., et al. (eds.) E-Vote-ID 2018. LNCS, vol. 11143, pp. 174–188. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-00419-4_12
Rivest, R.L.: The ThreeBallot voting system. https://people.csail.mit.edu/rivest/Rivest-TheThreeBallotVotingSystem.pdf
Ryan, P.Y.A., Rønne, P.B., Iovino, V.: Selene: voting with transparent verifiability and coercion-mitigation. In: Financial Cryptography and Data Security: Workshops, pp. 176–192 (2016)
Ryan, P.Y.A., Schneider, S.A., Teague, V.: End-to-end verifiability in voting systems, from theory to practice. IEEE Secur. Priv. 13(3), 59–62 (2015)
Christianson, B.: Introduction: brief encounters. In: Christianson, B., Malcolm, J.A., Matyáš, V., Roe, M. (eds.) Security Protocols 2009. LNCS, vol. 7028, pp. 1–2. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36213-2_1
Schneider, S., Sidiropoulos, A.: CSP and anonymity. In: Bertino, E., Kurth, H., Martella, G., Montolivo, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 198–218. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-61770-1_38
Stark, P.B.: Conservative statistical post-election audits. Ann. Appl. Stat. 2, 550–581 (2008)
Stark, P.B., Wagner, D.A.: Evidence-based elections. IEEE Secur. Priv. 10, 33–41 (2012)
Szepieniec, A., Preneel, B.: New techniques for electronic voting. USENIX J. Election Technol. Syst. (JETS) 3(2), 46–69 (2015)
Teague, V., Ramchen, K., Naish, L.: Coercion-resistant tallying for STV voting. In: 2008 USENIX/ACCURATE Electronic Voting Workshop, EVT 2008, Proceedings (2008)
Acknowledgements
WJ and PYAR acknowledge the support of the Luxembourg National Research Fund (FNR) and the National Centre for Research and Development (NCBiR Poland) under the INTER/PolLux project VoteVerif (POLLUX-IV/1/2016). PBR was supported by the EU Horizon 2020 research and innovation programme under grant agreement No. 779391 (FutureTPM).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Jamroga, W., Roenne, P.B., Ryan, P.Y.A., Stark, P.B. (2019). Risk-Limiting Tallies. In: Krimmer, R., et al. Electronic Voting. E-Vote-ID 2019. Lecture Notes in Computer Science(), vol 11759. Springer, Cham. https://doi.org/10.1007/978-3-030-30625-0_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-30625-0_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-30624-3
Online ISBN: 978-3-030-30625-0
eBook Packages: Computer ScienceComputer Science (R0)