Abstract:
We propose a new cryptographic primitive, Publicly Auditable Conditional Blind Signatures
(PACBS), which connects the verification of a digital signature to publicly available data.
During signing, a predicate on these data is embedded into the signature, so that the latter is valid if and only if the former is true. Verification is performed by a designated verifier, in a strong manner, with the use of a private verification key. The privacy of the user requesting the signature is protected information-theoretically, because the message to be signed is blinded. Additionally, to avoid attacks from a malicious signer or verifier that disregards the predicate, all their operations are accompanied with evidence in the form of non-interactive zero-knowledge proofs of knowledge that force them to follow the protocol. We define a security model to capture the guarantees of our primitive and provide an instantiation.
We utilize PACBS in a remote electronic voting protocol. The conditional nature of PACBS
enables us to build credentials that allow our protocol to provide coercion resistance in the
re-voting with anonymous credentials paradigm of Juels, Catalano and Jakobsson. When
coerced, a voter uses a fake credential to accompany the vote, while when the coercer is
not watching, she can cast her real vote which is accompanied by the valid credential. Only
the latter will be counted. All interactions are indistinguishable to the coercer, who cannot
tell if his attack succeeded. The evidence generated by PACBS accompanied with standard
evidence used in e-voting schemes allows each voter to individually verify that their votes
were correctly cast and tallied. Vote counting is also universally verifiable by any interested
party. Our overall architecture also provides strong privacy guarantees, since, contrary
to the conventional e-voting paradigm, we do not assume that the talliers are trusted for
privacy. This allows us, to extend our reasoning about privacy against a computationally
unbounded attacker. We generalize our findings to express security models for everlasting
privacy that also consider the data available to the adversary.