Logical Analysis and Verification of Cryptographic Protocols - Loria
Logical Analysis and Verification of Cryptographic Protocols - Loria
Logical Analysis and Verification of Cryptographic Protocols - Loria
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
7.1. ELECTRONIC VOTING PROTOCOLS 179<br />
are in use in 37 US states. This analysis has produced a catalogue <strong>of</strong> vulnerabilities<br />
<strong>and</strong> possible attacks.<br />
A potentially much more secure system could be implemented, based on<br />
cryptographic protocols that specify the messages sent between the voters <strong>and</strong><br />
administrators. Such systems are called electronic voting protocols.<br />
Abstractly, electronic voting protocols are cryptographic protocols that specify<br />
the messages sent between the voters <strong>and</strong> administrators, they can be written<br />
as a sequence <strong>of</strong> messages sent between voters <strong>and</strong> administrators. Such<br />
protocols have been studied for several decades [97, 136, 30, 39, 62, 63, 65], <strong>and</strong><br />
a various types <strong>of</strong> electronic voting protocols have been proposed in the literature<br />
[61, 64, 39, 92, 62, 115, 141, 181]. These protocols aim to provide security<br />
properties which go beyond those that can be achieved by paper-based voting<br />
systems. Some <strong>of</strong> these properties are given next.<br />
7.1.1 Properties <strong>of</strong> electronic voting protocols<br />
Some properties commonly sought for electronic voting protocols are the following:<br />
• Fairness: no early results can be obtained which could influence the remaining<br />
voters.<br />
• Vote-privacy: the fact that a particular voter voted in a particular way is<br />
not revealed to anyone.<br />
• Receipt-freeness: a voter does not gain any information which can be used<br />
to prove to a coercer that she voted in a certain way.<br />
• Coercion-resistance: a voter can not cooperate with a coercer to prove to<br />
him that she voted in a certain way.<br />
• Inalterability: no one can change a voter’s vote.<br />
• Declared tally: the published outcome is a correct sum <strong>of</strong> the votes cast.<br />
• Eligibility: only legitimate voters can vote, <strong>and</strong> only once.<br />
• Individual verifiability: a voter can check that her ballot was included in<br />
the tally.<br />
• Universal verifiability: anybody can check the correctness <strong>of</strong> the published<br />
outcome.<br />
• Eligibility verifiability: anybody can check that each vote cast was created<br />
by a unique legitimate voter.