Vote Privacy, Revisited: New Definitions, Tools and Constructions

Опубликовано 28 июля 2016, 23:16

Vote privacy is a central aspect of most of our elections. It is however not an absolute property: it will depend on the ballot format, tallying rules, voter turnout and preferences. Furthermore, it is achieved using various techniques, creating new trade-offs with the adoption of end-to-end verifiable voting systems for instance. We describe various contributions to the analysis of the privacy properties that voting systems provide: - We propose privacy metrics, inspired from classical information theoretic (IT) quantities, and illustrate their use on the public audit data provided for the 2009 Takoma Park election based on Scantegrity. - We propose computational analogs of our IT metrics, together with a more traditional style cryptographic game-based privacy definition and show that this game-based definition can be conveniently used to bridge the gap between our IT and computational metrics. - Focusing on a large class of voting protocols where voters interact with the authorities in one single pass, we identify conditions that guarantee that an encryption scheme is appropriate for the submission of ballots and apply these conditions to analyze the security of the Helios voting sytem. - Finally, we propose a new type of encryption schemes, as well as efficient constructions that can be used to build voting schemes that offer an IT private audit trail and computational privacy towards authorities. This talk is based on joint works with David Bernhard, Véronique Cortier, Edouard Cuvelier, Thomas Peters and Bogdan Warinschi.