Abstract
Civitas is the first fully remote e-voting protocol which ensures verifiability and coercion resistance at the same time. In 2011, Shirazi et al. found a security flaw on the credential management process during Civitas’ registration phase and proposed solutions to avoid this drawback.
In this paper, we describe some attacks found during the Civitas’ registration phase. We show that Shirazi’s solutions cannot be used in practical situations and/or doesn’t ensure coercion-resistance. Then, we present a fully remote e-voting protocol that addresses these drawbacks.
Our protocol aims to separate voter’s registration data from voter’s vote into two different bulletin boards. Merging this data will only be done by tallying authorities to identify and tally valid votes. Moreover, our protocol uses a new ballot’s encryption function that ensures coercion resistance in a different manner. Compared to Civitas, we use a secure registration phase and we reduce the computational complexity of tallying phase from quadratic to linear time.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
A bulletin board is a public broadcasted channel in which anyone can read and verify data and no one can erase any information from it.
- 2.
Each registration authority will authenticate voters using their registration keys. Note that we do not detail identification and authentication mechanism used in Civitas protocol.
- 3.
The voter uses his private designation key to provide, to an adversary, a fake DVRP proof proving the validity of his fake credential.
- 4.
If voters can re-vote, then only the last ballot with valid credential is counted, the other ones, submitted with duplicate credentials, are eliminated. If voters cannot re-vote, then all ballots casted with the same credential are eliminated.
- 5.
Given a pair of encrypted credentials \(Enc_G(C_1)\) and \(Enc_G(C_2)\), PET checks if \(C_1=C_2\) without revealing any information on \(C_1\) or \(C_2\).
- 6.
Compared to Civitas, \(RA_i\) doesn’t compute an additional encrypted share \(S1_{i,j}^\prime \) and \(V_j\) doesn’t have to verify later the validity of \(S1_{i,j}^\prime \).
- 7.
Note that the voter is the only one who can determine the subset QUAL. This is due to the DVRP proof which convinces only the voter that the credential share is valid.
- 8.
In the first case, the coercer knows it and wants to prevent voter from registering, and in the second case, the voter can use fake credentials without being caught by the coercer.
- 9.
\(Enc(\widetilde{index_j})\) will be used to eliminate invalid ballots with invalid votes or invalid authentication credentials. Note also that the use of this index during the tallying phase reduce the tallying process from quadratic to linear complexity in the number of casted ballots [3].
- 10.
To prevent a coercer from re-using the authentication credential to submit another vote, it will be assumed that the first valid ballot casted into BBB will be considered. The other ones will be eliminated.
- 11.
Note that we keep only the first ballot \(B_{V_j}\), the other duplicated ballots with the same authentication credential are eliminated.
References
Clarkson, M., Chong, S., Myers, A.: Civitas: a secure remote voting system. In: Dagstuhl Seminar Proceedings. Schloss Dagstuhl-Leibniz-Zentrum fúr Informatik (2008)
Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure distributed key generation for discrete-log based cryptosystems. J. Cryptology 20(1), 51–83 (2007)
Spycher, O., Koenig, R., Haenni, R., Schläpfer, M.: A new approach towards coercion-resistant remote e-voting in linear time. In: Danezis, G. (ed.) FC 2011. LNCS, vol. 7035, pp. 182–189. Springer, Heidelberg (2012). doi:10.1007/978-3-642-27576-0_15
Camenisch, J., Stadler, M.: Efficient group signature schemes for large groups. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410–424. Springer, Heidelberg (1997). doi:10.1007/BFb0052252
Jakobsson, M., Juels, A.: Mix and match: secure function evaluation via ciphertexts. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 162–177. Springer, Heidelberg (2000). doi:10.1007/3-540-44448-3_13
Schoenmakers, B.: A simple publicly verifiable secret sharing scheme and its application to electronic voting. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 148–164. Springer, Heidelberg (1999). doi:10.1007/3-540-48405-1_10
Smith, W.D.: New cryptographic election protocol with best-known theoretical properties. In: Proceedings of Workshop on Frontiers in Electronic Elections, September 2005
Weber, S.G., Araujo, R., Buchmann, J.: On coercion-resistant electronic elections with linear work. In: The Second International Conference on Availability, Reliability and Security 2007, ARES 2007, pp. 908–916. IEEE, April 2007
Shirazi, F., Neumann, S., Ciolacu, I., Volkamer, M.: Robust electronic voting: Introducing robustness in civitas. In: 2011 International Workshop on Requirements Engineering for Electronic Voting Systems (REVOTE), pp. 47–55. IEEE, August 2011
Araújo, R., Foulle, S., Traoré, J.: A practical and secure coercion-resistant scheme for internet voting. In: Chaum, D., Jakobsson, M., Rivest, R.L., Ryan, P.Y.A., Benaloh, J., Kutylowski, M., Adida, B. (eds.) Towards Trustworthy Elections. LNCS, vol. 6000, pp. 330–342. Springer, Heidelberg (2010). doi:10.1007/978-3-642-12980-3_20
Neumann, S., Volkamer, M.: Civitas and the real world: problems and solutions from a practical point of view. In: 2012 Seventh International Conference on Availability, Reliability and Security (ARES), pp. 180–185. IEEE, August 2012
Neumann, S., Feier, C., Volkamer, M., Koenig, R.E.: Towards a practical JCJ/Civitas implementation. IACR Cryptology ePrint Archive 2013, p. 464 (2013)
Neji, W., Blibech, K., Ben Rajeb, N.: Distributed key generation protocol with a new complaint management strategy. Security and Communication Networks (2016)
Juels, A., Catalano, D., Jakobsson, M.: Coercion-resistant electronic elections. In: Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society, pp. 61–70. ACM, November 2005
Cramer, R., Gennaro, R., Schoenmakers, B.: A secure and optimally efficient multi-authority election scheme. Eur. Trans. Telecommun. 8(5), 481–490 (1997)
Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993). doi:10.1007/3-540-48071-4_7
Hirt, M., Sako, K.: Efficient receipt-free voting based on homomorphic encryption. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 539–556. Springer, Heidelberg (2000). doi:10.1007/3-540-45539-6_38
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Neji, W., Blibech, K., Ben Rajeb, N. (2017). Incoercible Fully-Remote Electronic Voting Protocol. In: El Abbadi, A., Garbinato, B. (eds) Networked Systems. NETYS 2017. Lecture Notes in Computer Science(), vol 10299. Springer, Cham. https://doi.org/10.1007/978-3-319-59647-1_26
Download citation
DOI: https://doi.org/10.1007/978-3-319-59647-1_26
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-59646-4
Online ISBN: 978-3-319-59647-1
eBook Packages: Computer ScienceComputer Science (R0)