Election Verifiability for Helios under Weaker Trust Assumptions
Election Verifiability for Helios under Weaker Trust Assumptions. Véronique Cortier, David Galindo, Stéphane Glondu, and Malika Izabachene. In Proceedings of the 19th European Symposium on Research in Computer Security (ESORICS'14), pp. 327–344, LNCS 8713, Springer, Wroclaw, Poland, September 2014.
Download
Abstract
Most electronic voting schemes aim at providing verifiability: voters should trust the result without having to rely on some authorities. Actually, even a prominent voting system like Helios cannot fully achieve verifiability since a dishonest bulletin board may add ballots. This problem is called ballot stuffing.
In this paper we give a definition of verifiability in the computational model to account for a malicious bulletin board that may add ballots. Next, we provide a generic construction that transforms a voting scheme that is verifiable against an honest bulletin board and an honest registration authority (weak verifiability) into a verifiable voting scheme under the weaker trust assumption that the registration authority and the bulletin board are not simultaneously dishonest (strong verifiability). This construction simply adds a registration authority that sends private credentials to the voters, and publishes the corresponding public credentials.
We further provide simple and natural criteria that imply weak verifiability. As an application of these criteria, we formally prove the latest variant of Helios by Bernhard, Pereira and Warinschi weakly verifiable.
By applying our generic construction we obtain a Helios-like scheme that has ballot privacy and strong verifiability (and thus prevents ballot stuffing).
The resulting voting scheme, Helios-C, retains the simplicity of Helios and has been implemented and tested.
BibTeX
@InProceedings{CGGI-esorics14, author = {V\'eronique Cortier and David Galindo and St\'ephane Glondu and Malika Izabachene}, title = {Election Verifiability for {Helios} under Weaker Trust Assumptions}, booktitle = {Proceedings of the 19th European Symposium on Research in Computer Security (ESORICS'14)}, pages = {327-344}, year = {2014}, OPTeditor = {}, volume = {8713}, OPTnumber = {}, series = {LNCS}, address = {Wroclaw, Poland}, month = sep, publisher = {Springer}, abstract = {Most electronic voting schemes aim at providing verifiability: voters should trust the result without having to rely on some authorities. Actually, even a prominent voting system like Helios cannot fully achieve verifiability since a dishonest bulletin board may add ballots. This problem is called ballot stuffing. \par In this paper we give a definition of verifiability in the computational model to account for a malicious bulletin board that may add ballots. Next, we provide a generic construction that transforms a voting scheme that is verifiable against an honest bulletin board and an honest registration authority (weak verifiability) into a verifiable voting scheme under the weaker trust assumption that the registration authority and the bulletin board are not simultaneously dishonest (strong verifiability). This construction simply adds a registration authority that sends private credentials to the voters, and publishes the corresponding public credentials. \par We further provide simple and natural criteria that imply weak verifiability. As an application of these criteria, we formally prove the latest variant of Helios by Bernhard, Pereira and Warinschi weakly verifiable. By applying our generic construction we obtain a Helios-like scheme that has ballot privacy and strong verifiability (and thus prevents ballot stuffing). The resulting voting scheme, Helios-C, retains the simplicity of Helios and has been implemented and tested.}, DOI = {10.1007/978-3-319-11212-1_19}, }