Privacy-Oriented Cryptographic Primitives and Protocols for Electronic Voting

Abstract

We propose a new cryptographic primitive, Publicly Auditable Conditional Blind Signatures (PACBS), which connects the verification of a digital signature to publicly available data. During signing, a predicate on these data is embedded into the signature, so that the latter is valid if and only if the former is true. Verification is performed by a designated verifier, in a strong manner, with the use of a private verification key. The privacy of the user requesting the signature is protected information-theoretically, because the message to be signed is blinded. Additionally, to avoid attacks from a malicious signer or verifier that disregards the predicate, all their operations are accompanied with evidence in the form of non-interactive zero-knowledge proofs of knowledge that force them to follow the protocol. We define a security model to capture the guarantees of our primitive and provide an instantiation. We utilize PACBS in a remote electronic voting protocol. The conditional nature of PACBS enables us to build credentials that allow our protocol to provide coercion resistance in the re-voting with anonymous credentials paradigm of Juels, Catalano and Jakobsson. When coerced, a voter uses a fake credential to accompany the vote, while when the coercer is not watching, she can cast her real vote which is accompanied by the valid credential. Only the latter will be counted. All interactions are indistinguishable to the coercer, who cannot tell if his attack succeeded. The evidence generated by PACBS accompanied with standard evidence used in e-voting schemes allows each voter to individually verify that their votes were correctly cast and tallied. Vote counting is also universally verifiable by any interested party. Our overall architecture also provides strong privacy guarantees, since, contrary to the conventional e-voting paradigm, we do not assume that the talliers are trusted for privacy. This allows us, to extend our reasoning about privacy against a computationally unbounded attacker. We generalize our findings to express security models for everlasting privacy that also consider the data available to the adversary.