Logical Analysis and Verification of Cryptographic Protocols - Loria
Logical Analysis and Verification of Cryptographic Protocols - Loria
Logical Analysis and Verification of Cryptographic Protocols - Loria
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
178 CHAPTER 7. VOTER VERIFIABILITY FOR E-VOTING PROTOCOLS<br />
which are not: we show that the protocols due to Fujioka, Okamoto<br />
& Ohta [115] <strong>and</strong> Lee et al. [141] are voter verifiable.<br />
Intuitively, voter verifiability may appear to contradict another<br />
important property <strong>of</strong> voting systems, namely coercion-resistance. If a<br />
voter is capable <strong>of</strong> verifying that her vote has been included in the<br />
tally, she may be able to use that capability to convince a coercer<br />
that she voted as he ordered. However, there are systems that satisfy<br />
both, such as the system by Lee et al. [141] which we consider<br />
in Section 7.5.4. This is achieved by ensuring that what constitutes a<br />
pro<strong>of</strong> for the voter will not be a pro<strong>of</strong> for the coercer. Therefore, it is<br />
important to ensure that voter verifiability is not defined so strongly<br />
that it is incompatible with coercion-resistance.<br />
This work has been done in collaboration with Mark Ryan, Ben<br />
Smyth, <strong>and</strong> Steve Kremer during my internship at the School <strong>of</strong> Computer<br />
Science (University <strong>of</strong> Birmingham) from October, 2008 until<br />
January, 2009. A more recent version will be presented in the 4th<br />
Benelux Workshop on Information <strong>and</strong> System Security (WISSec 2009)<br />
[191].<br />
Outline. We introduce in Section 7.1 the electronic voting protocols.<br />
In Section 7.2, we introduce the applied pi calculus. The formalisation<br />
<strong>of</strong> electronic voting protocols <strong>and</strong> voter verifiability properties<br />
are given in Section 7.3 <strong>and</strong> Section 7.4. We give in Section some examples,<br />
<strong>and</strong> the related works are given in Section 7.6.<br />
7.1 Electronic voting protocols<br />
Electronic voting, also known as e-voting, is a term encompassing several different<br />
types <strong>of</strong> voting, embracing both electronic means <strong>of</strong> casting a vote <strong>and</strong><br />
electronic means <strong>of</strong> counting votes. Electronic voting systems can include<br />
punch cards, optical scan voting systems <strong>and</strong> specialised voting kiosks, including selfcontained<br />
Direct-recording electronic (DRE) voting systems. It can also involve<br />
transmission <strong>of</strong> ballots <strong>and</strong> votes via telephones, private computer networks,<br />
or the Internet. Electronic voting may <strong>of</strong>fer advantages compared to other voting<br />
techniques. It promises the possibility <strong>of</strong> a convenient, efficient <strong>and</strong> secure<br />
facility for recording <strong>and</strong> tallying votes. It can be used for a variety <strong>of</strong> types <strong>of</strong><br />
elections, from small committees or on-line communities through to full-scale<br />
national elections. Electronic voting for electorates have been in use since the<br />
1960. However, the electronic voting machines used in recent US elections have<br />
been fraught with problems. In [132], the authors have analysed the source code<br />
<strong>of</strong> the machines sold by the second largest <strong>and</strong> fastest-growing vendor, which