Page 116 - Towards Trustworthy Elections New Directions in Electronic Voting by Ed Gerck (auth.), David Chaum, Markus Jakobsson, Ronald L. Rivest, Peter Y. A. Ryan, Josh Benaloh, Miroslaw Kutylowski, Ben Adida ( (z-lib.org (1)
P. 116
A. Otsuka and H. Imai
108
inputs. Then, after jointly executing a protocol, Bob outputs a value of the
polynomial evaluated at the value without learning any useful information about
the values of their private inputs each other. OPE is first proposed by Naor and
Pinkas [16] in the computational setting. In [6], they improved the efficiency of
OPE, and also proposed OPE in the information theoretic setting. However, the
security of their scheme depends on trustiness of a online trusted party. Our
result shows that if private keys are securely distributed to each players, then
unconditionally secure is efficiently implementable. The simplest implementation
of ou! r protocol requires a trusted party who engages only in the set-up phase
(trusted initializer [18]). Thus no online trusted party is required.
The other primitive introduced in this paper is information theoretic version
of Publicly Verifiable Secret Sharing (PVSS). PVSS is an extension of Verifiable
Secret Sharing [7,11] first introduced by Stadler [22] and later improved [12,19].
PVSS is a VSS with a property that not only the players but anyone can ver-
ify that the secret is shared properly. Interestingly, PVSS is possible under the
computationally bounded model or maybe under the storage bounded model,
but impossible in the information theoretic model. Since the schemes based on
computational assumption can utilize a public verification key to check the con-
sistency of the shares in such a way that the adversary cannot cheat a casual
user without solving a computational hard problem. However, in the informa-
tion theoretic model, it is impossible since the casual user has no information
theoretic advantage over the adversary. Thus, we restrict the notion of public
verifiability of PVSS to that every user with his own private key can verify the
integrity of PVSS. Since every user (including non-voters) is eligible to become a
public verifier, this restriction will not cause a major problem in an application
to e-voting.
1.1 Related Work
In electronic voting systems, the following two security properties are considered
with special importance [4]:
1
– Secret ballots (Receipt-freeness )
Voter must not be able to convince others of how he or she voted.
– Unconditional integrity
Anyone should not allow incorrect tally (except with negligible probability).
Efficient schemes are ever proposed which protects one of the above property
unconditionally but the other only computationally. Chaum et al. [5] proposed
a scheme achieving unconditional integrity with computational receipt-freeness.
Moran and Naor [15] satisfies unconditional receipt-freeness but computational
integrity, and Cramer et al. [10] satisfies similar property but only uncondi-
tional secrecy of ballots. Chaum’s and Moran’s schemes are further designed to
1
Secrecy of ballots is defined in many articles as primary property of electronic vot-
ing. However, receipt-freeness is strictly stronger than secrecy of ballots as receipt-
freeness implies secrecy of ballots. Thus, only receipt-freeness is required here.
