Page 56 - Towards Trustworthy Elections New Directions in Electronic Voting by Ed Gerck (auth.), David Chaum, Markus Jakobsson, Ronald L. Rivest, Peter Y. A. Ryan, Josh Benaloh, Miroslaw Kutylowski, Ben Adida ( (z-lib.org (1)
P. 56
A. Juels, D. Catalano, and M. Jakobsson
48
then the adversary can mount an abstention attack straightforwardly. The adversary in
this case simply threatens the voter in the case that the total tally for the election is
one hundred and one. Similarly, suppose that the adversary does not know whether or
not any given voter will cast a ballot, but knows that all participating voters will cast a
ballot for the Republican party. In this case, the adversary can win the game we describe
above by specifying a ballot value β =“Democrat.”
It is evident therefore that for any definition of coercion-resistance to be meaning-
ful, the adversary must have uncertain knowledge about how—and indeed whether—
some voters will cast their ballots. In other words, coercion-resistance requires that
there be some “noise” or statistical uncertainty in the adversary’s view of voting pat-
terns. To our benefit, it is natural to expect that in a real-world election an adversary
can obtain only fragmentary knowledge about the likely behavior of voters. This means
5
that coercion-resistance is a viable possibility. For a collection of n voters outside
the control of the adversary—i.e., voters not subject to coercion—we characterize the
.We let φ be a
view of the adversary in terms of a probability distribution D n,n C
symbol denoting a null ballot, i.e., an abstention, and let λ denote a ballot cast with
is a distribution over vectors (β 1 ,β 2 ,...,β n ) ∈
an invalid credential. Then D n,n C
n
(n C φ λ) , i.e., over the set of possible ballot choices for an election plus ab-
serves the purpose in our
stentions and invalid ballots. Thus, the distribution D n,n C
experiment of defining the distribution of the “noise” that conceals the behavior of vot-
ers targeted by the adversary for coercion. For a set of n voting credentials {sk i },we
,k 2 ) denote the casting of ballots according to distri-
let vote({sk i },PK T ,n C ,D n,n C
and vote
bution D n,n C . In other words, a vector (β 1 ,β 2 ,... ,β n ) is drawn from D n,n C
β i is cast using credential sk i .
We are now ready to present an experiment c-resist that defines the game described
above between an adversary and a voter targeted for coercion. Recall that k 1 ,k 2 , and
k 3 are security parameters defined above, n V is the total number of eligible voters
for the election, and n C is the number of candidates, i.e., the size of the candidate
slate. We let n A denote the number of voters that may be completely controlled, i.e.,
corrupted by the adversary. We define n U = n V −n A −1. In other words, the number of
uncertain votes n U equals the total number of possible votes, minus those coming from
voters controlled by the attacker, minus the vote coming from the voter the attacker is
trying to coerce (in the experiment). Note that n U is therefore the number of voters that
contribute “noise” to the experiment.
We consider a static adversary, i.e., one that selects voters to corrupt prior to proto-
col execution. We assume that the adversary has a list of “voter names,” i.e., a roll of
potential participating voters.
We let ← denote assignment and ⇐ denote the append operation, while % denotes
the beginning of an annotative comment on the experiment. Our experiment treats the
case in which the adversary seeks to coerce a single voter; extension of the definition to
coercion of multiple voters is straightforward. The experiments defined here halt when
an output value is produced.
5
Additionally, it is possible for voting authorities—or indeed any entity—intentionally to inject
“chaff” in the form of blank and invalid ballots into an election system.
