How to prove yourself: practical solutions to identification and signature problems
Proceedings on Advances in cryptology---CRYPTO '86
Receipt-free secret-ballot elections (extended abstract)
STOC '94 Proceedings of the twenty-sixth annual ACM symposium on Theory of computing
Untraceable electronic mail, return addresses, and digital pseudonyms
Communications of the ACM
Introduction to Coding Theory
Cryptographic voting protocols: a systems perspective
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Split-ballot voting: everlasting privacy with distributed trust
Proceedings of the 14th ACM conference on Computer and communications security
Ballot casting assurance via voter-initiated poll station auditing
EVT'07 Proceedings of the USENIX Workshop on Accurate Electronic Voting Technology
Bare-handed electronic voting with pre-processing
EVT'07 Proceedings of the USENIX Workshop on Accurate Electronic Voting Technology
Scantegrity: End-to-End Voter-Verifiable Optical- Scan Voting
IEEE Security and Privacy
Secret-Ballot Receipts: True Voter-Verifiable Elections
IEEE Security and Privacy
VoteBox: a tamper-evident, verifiable electronic voting system
SS'08 Proceedings of the 17th conference on Security symposium
Administrative and public verifiability: can we have both?
EVT'08 Proceedings of the conference on Electronic voting technology
EVT'08 Proceedings of the conference on Electronic voting technology
Coercion Resistant End-to-end Voting
Financial Cryptography and Data Security
Fingerprinting Blank Paper Using Commodity Scanners
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Efficient receipt-free voting based on homomorphic encryption
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
A practical voter-verifiable election scheme
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Selections: internet voting with over-the-shoulder coercion-resistance
FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
Hi-index | 0.00 |
Ballot secrecy, while essential, is difficult to achieve with any voting system cryptographic or otherwise. Moreover, the majority of cryptographic voting systems introduce new ballot secrecy problems. In encrypt-on-cast voting systems, like that of Benaloh [1, 2], a malicious voting machine can use the encrypted votes that it posts to the public bulletin board as a subliminal channel to convey information about voters' choices to a coercer. Although it was known that a machine could manipulate the randomness used to encrypt the votes to leak information [14], we show that this threat is more severe than previously recognized and that existing mitigations may be ineffective. A compromised machine may only need to leak a few bits and modify only a handful of ballots in order to coerce most of the voters in a polling place. In light of this threat, we propose an extension to the Benaloh scheme that allows anyone to verify that every ciphertext on the bulletin board uses the right randomness. Finally, we show that even without manipulating the randomness, a machine can still use the ciphertexts to leak a small, but potentially dangerous, number of bits by strategically flipping a few votes. Overall, we show that while subliminal channels in encrypt-on-cast voting systems can be partially mitigated, they cannot yet be eliminated completely.