Page 167 - Towards Trustworthy Elections New Directions in Electronic Voting by Ed Gerck (auth.), David Chaum, Markus Jakobsson, Ronald L. Rivest, Peter Y. A. Ryan, Josh Benaloh, Miroslaw Kutylowski, Ben Adida ( (z-lib.org (1)
P. 167
Univ. Verifiability
Efficient Tallying
Approaches
Write-ins
√
√
Homomorphic Encryption
×
√
√
Mix-networks
×
√
√
Blind-Signatures The Vector-Ballot Approach for Online Voting Procedures 159
×
√ √ √
∗
Vector-Ballot approach
Fig. 1. A comparison of the current approach to previous work with respect to the
following three important e-voting properties: (i) efficient-tallying: tallying does not
require the application of a robust-mix to the total number of ballots; in the vector
∗
ballot approach a robust-mix is still required but is applied on a fraction of the to-
tal number of ballots and typically as an offline operation. (ii) universal-verifiability:
any interested third party may verify that the election protocol is executed correctly
assuming a public digital record; (iii) write-ins: voters are allowed to enter write-in
votes.
traded against a quadratic – rather than linear – (in c) work done for validity
checking of ballots; in most settings this would be a reasonable price to pay for
such a speedup.
A preliminary version of this work appeared in [31].
2 Preliminaries
Requirements For Voting Schemes. A voting-scheme needs to fulfill a va-
riety of requirements. A brief presentation of these requirements follows.
Secrecy. Ensures the security of the contents of ballots. In the online setting,
this is typically achieved by relying on the honesty of a sufficient number of the
participating authorities and at the same time on some cryptographic intractabil-
ity assumption. In particular, any polynomial-time probabilistic adversary that
controls some arbitrary number of voters and a number of authorities (below
some predetermined threshold) should be incapable of distinguishing which one
of the predetermined choices a certain voter selected or whether the voter en-
tered a write-in. In all voting schemes, once a certain number of votes have been
aggregated into a partial tally, secrecy is not mandatory, e.g., once the votes of a
precinct have been aggregated it is ok to reveal the partial tally (in fact in many
cases it is not even desired to keep the partial tallies secret, if some regional
statistics are to be extracted from the election results). Thus, voter secrecy will
have an associated Privacy Perimeter b which will refer to the smallest number
of votes that need to be aggregated into a partial tally before some information
about the partial tally can be revealed; we will talk of secrecy with b-perimeter
in this case.
Universal-Verifiability. Ensures that any party, including an outsider, can
be convinced that all valid votes have been included in the final tally. In the
online setting, where votes are casted electronically in a distributed fashion this
property typically relies on the existence of a digital record that maintains the
communication between all parties participated in the system. This notion was
