Secure and Verifiable Coercion-Resistant Electronic Exam

Since they enable efficient assessment of large cohorts of students and
test-takers, electronic exams (e-exams) have become popular. However, the
transition from pencil-and-paper tests to e-exams comes with challenges:
researchers needed to ensure a comparable level of security and privacy as
that enjoyed before the transition; at the same time, they have to address
threats due to the use of information and communication technology. Research has shown
that, for the reason of assessment fairness,
e-exams should satisfy a list of peculiar security properties, for
instance, about authentication, secrecy, integrity, anonymity, and correctness,
including their universal and individual verifiability.
Recently, e-exams have been scrutinized for their resistance to collusion and
coercion. Subsets of participants have an interest in teaming up, or forcing one
another, to gain an unfair advantage over the honest
others. In this work, we study coercion-resistance for e-exams. We propose a novel
strong definition of coercion where all secrets are leaked to the attacker.
Under this threat, we prove that a recent coercion-resistant exam protocol is
subject to attacks. We improve the protocol by ensuring that all its
properties are maintained and that it is coercion-resistant under the
new threat model. Our new protocol is also verifiable, which is a must-have
property whenever there is the need to prove that fairness is preserved
despite anyone attempting to subvert it. All our claims are formally
verified using ProVerif. Notably, our formal verification includes proving the
security of a recent exponentiation mixnet framework proposed in the
literature.