[en] We consider elections that publish anonymised voted ballots or anonymised cast-vote records for transparency or verification purposes, investigating the implications for privacy, coercion, and vote selling and exploring how partially masking the ballots can alleviate these issues. Risk Limiting Tallies (RLT), which reveal only a random sample of ballots, were previously proposed to mitigate some coercion threats. Masking some ballots provides coerced voters with plausible deniability, while risk-limiting techniques ensure that the required confidence level in the election result is achieved. Risk-Limiting Verification (RLV) extended this approach to masking a random subset of receipts or trackers. Here we show how these ideas can be generalised and made more flexible and effective by masking at a finer level of granularity: at the level of the components of ballots. In particular, we consider elections involving complex ballots, where RLT may be vulnerable to pattern-based vote buying. We propose various measures of verifiability and coercion-resistance and investigate how several sampling/masking strategies perform against these measures. Using methods from coding theory, we analyse signature attacks, bounding the number of voters who can be coerced. We also define new quantitative measures for the level of coercion-resistance without plausible deniability and the level of vote-buying-resistance without “free lunch” vote sellers. These results and the different strategies for masking ballots are of general interest for elections that publish ballots for auditing, verification, or transparency purposes.
Disciplines :
Computer science
Author, co-author :
RYAN, Peter Y A ; University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS)
ROENNE, Peter ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > APSIA
OSTREV, Dimiter ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust > APSIA > Team Peter RYAN
El Orche, Fatima-Ezzahra; Interdisciplinary Centre for Security, Reliability, and Trust, SnT, University of Luxembourg, Luxembourg City, Luxembourg ; ENS, CNRS, PSL Research University, Paris, France
SOROUSH, Najmeh ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust > APSIA > Team Peter RYAN
Stark, Philip B. ; Department of Statistics, University of California, Berkeley, United States
External co-authors :
yes
Language :
English
Title :
Who Was that Masked Voter? The Tally Won’t Tell!
Publication date :
2021
Event name :
Electronic Voting - 6th International Joint Conference, E-Vote-ID 2021, Proceedings
Event date :
05-10-2021 => 08-10-2021
Main work title :
Electronic Voting - 6th International Joint Conference, E-Vote-ID 2021, Proceedings
Editor :
Krimmer, Robert
Duenas-Cid, David
Publisher :
Springer Science and Business Media Deutschland GmbH
Acknowledgements. This research was funded in part by the Luxembourg National Research Fund (FNR) grant references STV C18/IS/12685695, Q-CoDe CORE17/IS/11689058 and PRIDE15/10621687/ SPsquared.
Benaloh, J., Jones, D., Lazarus, E.L., Lindeman, M., Stark, P.B.: SOBA: Secrecy-preserving observable ballot-level audit. In: 2011 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections (EVT/WOTE 11). USENIX Association, San Francisco, CA (2011). https://www.usenix.org/conference/evtwote-11/soba-secrecy-preserving-observable-ballot-level-audit
Benaloh, J., Stark, P.B., Teague, V.J.: VAULT: Verifiable audits using limited transparency. In: Krimmer, R., Volkamer, M., Cortier, V., Beckert, B., Küsters, R., Serdült, U., Duenas-Cid, D. (eds.) Proceedings of E-Vote ID 2019. LNCS, vol. 11759. Springer, Chem (2019)
Bernhard, D., Cortier, V., Pereira, O., Warinschi, B.: Measuring vote privacy, revisited. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 941–952 (2012)
Jamroga, W., Roenne, P.B., Ryan, P.Y.A., Stark, P.B.: Risk-limiting tallies. In: Krimmer, R., et al. (eds.) E-Vote-ID 2019. LNCS, vol. 11759, pp. 183–199. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-30625-0 12
Küsters, R., Truderung, T., Vogt, A.: Verifiability, privacy, and coercion-resistance: new insights from a case study. In: 2011 IEEE Symposium on Security and Privacy, pp. 538–553. IEEE (2011)
Küsters, R., Truderung, T., Vogt, A.: A game-based definition of coercion resistance and its applications. J. Comput. Secur. 20(6), 709–764 (2012). https://doi.org/10. 3233/JCS-2012-0444
Liedtke, J., Küsters, R., Müller, J., Rausch, D., Vogt, A.: Ordinos: a verifiable tally-hiding electronic voting protocol. In: IEEE 5th European Symposium on Security and Privacy (EuroS&P 2020) (2020)
Ryan, P.Y.A., Rønne, P.B., Iovino, V.: Selene: voting with transparent verifiability and coercion-mitigation. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 176–192. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53357-4 12
