Table Of ContentLecture Notes in Computer Science 5767
CommencedPublicationin1973
FoundingandFormerSeriesEditors:
GerhardGoos,JurisHartmanis,andJanvanLeeuwen
EditorialBoard
DavidHutchison
LancasterUniversity,UK
TakeoKanade
CarnegieMellonUniversity,Pittsburgh,PA,USA
JosefKittler
UniversityofSurrey,Guildford,UK
JonM.Kleinberg
CornellUniversity,Ithaca,NY,USA
AlfredKobsa
UniversityofCalifornia,Irvine,CA,USA
FriedemannMattern
ETHZurich,Switzerland
JohnC.Mitchell
StanfordUniversity,CA,USA
MoniNaor
WeizmannInstituteofScience,Rehovot,Israel
OscarNierstrasz
UniversityofBern,Switzerland
C.PanduRangan
IndianInstituteofTechnology,Madras,India
BernhardSteffen
UniversityofDortmund,Germany
MadhuSudan
MicrosoftResearch,Cambridge,MA,USA
DemetriTerzopoulos
UniversityofCalifornia,LosAngeles,CA,USA
DougTygar
UniversityofCalifornia,Berkeley,CA,USA
GerhardWeikum
Max-PlanckInstituteofComputerScience,Saarbruecken,Germany
PeterY.A. Ryan Berry Schoenmakers (Eds.)
E-Voting and Identity
Second International Conference,VOTE-ID 2009
Luxembourg, September 7-8, 2009
Proceedings
1 3
VolumeEditors
PeterY.A.Ryan
UniversityofLuxembourg
Luxembourg
E-mail:[email protected]
BerrySchoenmakers
TechnicalUniversityofEindhoven
Eindhoven,TheNetherlands
E-mail:[email protected]
LibraryofCongressControlNumber:Appliedfor
CRSubjectClassification(1998):E.3,D.4.6,K.6.5,C.2,J.1,K.4.4
LNCSSublibrary:SL4–SecurityandCryptology
ISSN 0302-9743
ISBN-10 3-642-04134-5SpringerBerlinHeidelbergNewYork
ISBN-13 978-3-642-04134-1SpringerBerlinHeidelbergNewYork
Thisworkissubjecttocopyright.Allrightsarereserved,whetherthewholeorpartofthematerialis
concerned,specificallytherightsoftranslation,reprinting,re-useofillustrations,recitation,broadcasting,
reproductiononmicrofilmsorinanyotherway,andstorageindatabanks.Duplicationofthispublication
orpartsthereofispermittedonlyundertheprovisionsoftheGermanCopyrightLawofSeptember9,1965,
initscurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer.Violationsareliable
toprosecutionundertheGermanCopyrightLaw.
springer.com
©Springer-VerlagBerlinHeidelberg2009
PrintedinGermany
Typesetting:Camera-readybyauthor,dataconversionbyScientificPublishingServices,Chennai,India
Printedonacid-freepaper SPIN:12748914 06/3180 543210
Preface
These proceedings containthe papers presented at VoteID 2009,the Second In-
ternationalConferenceonE-votingandIdentity.TheconferencewasheldinLux-
embourgduringSeptember7–8,2009,hostedbytheUniversityofLuxembourg.
VoteID 2009built onthe successofthe 2007edition heldinBochum.Events
havemovedondramaticallyinthe interveningtwoyears:atthe time ofwriting,
people are in the streets of Tehran protesting against the claimed outcome of
theJune12thpresidentialelectioninIran.Bannersbearingthewords“Whereis
myvote?”beartestimonytothe strengthoffeelingandtheneedforelectionsto
be trusted. These events showthat the searchfor high-assurancevotingis nota
purely academic pursuit but one of very real importance. We hope that VoteID
2009willhelp contributeto ourunderstanding ofthe foundations ofdemocracy.
TheProgramCommitteeselected11papersforpresentationattheconference
out of a total of 24 submissions. Each submission was reviewed by at least four
Program Committee members. The EasyChair conference management system
proved instrumental in the reviewing process as well as in the preparation of
these proceedings.
The selected papers cover a wide range of aspects of voting: proposals for
high-assurancevotingsystems,evaluationofexistingsystems,assessmentofpub-
lic response to electronic voting and legal aspects. The programalso included a
keynote by Mark Ryan.
We would like to thank everyonewho helped in making this conference hap-
pen. First of all thanks to the authors for submitting their work and thanks to
the members of the Program Committee and the external reviewers for their
efforts. Many thanks as well to the local organizers for hosting the conference,
with special thanks to Hugo Jonker who served both as General Chair of the
conferenceandas a member ofthe ProgramCommittee. Finally,we shouldalso
like to thank the FNR in Luxembourg for their generous sponsorship of the
workshop that allowed us to extend invites to the two speakers as well as fund
a number of student stipends.
July 2009 Peter Ryan
Berry Schoenmakers
VOTE ID 2009
September 7–8, 2009,Luxembourg
General Chair
Hugo Jonker University of Luxembourg, Luxembourg
Local Organization
Baptiste Alcalde University of Luxembourg, Luxembourg
Ragga Eyjolfsdottir University of Luxembourg, Luxembourg
Program Chairs
Peter Ryan University of Luxembourg, Luxembourg
Berry Schoenmakers Technical University of Eindhoven,
The Netherlands
Program Committee
Mike Alvarez Caltech, USA
Josh Benaloh Microsoft Research, USA
Ian Brown University of Oxford, UK
David Chaum USA
Michael Clarkson Cornell University, USA
Lorrie Faith Cranor Carnegie Mellon University, USA
Peter Emerson de Borda Institute, Ireland
Jeroen van de Graaf Universidade Federal de Ouro Preto, Brazil
Dimitris Gritzalis University of the Aegean, Greece
Bart Jacobs Radboud University, The Netherlands
Hugo Jonker University of Luxembourg, Luxembourg
Steve Kremer LSV ENS Cachan, France
Robert Krimmer evoting.cc, Austria
Olivier Pereira Universite Catholique de Louvain, Belgium
Andreas Pfitzmann Technical University of Dresden, Germany
Josef Pieprzyk Macquarie University, Australia
Bart Preneel Katholieke Universiteit Leuven, Belgium
Mark Ryan University of Birmingham, UK
Ahmad-Reza Sadeghi Ruhr University Bochum, Germany
Ronald Rivest MIT, USA
VIII Organization
Kazue Sako NEC, Japan
Ted Selker MIT, USA
Jacques Traor´e France Telecom, France
Melanie Volkamer Technical University of Darmstadt, Germany
Dan Wallach Rice University, USA
External Reviewers
Roberto Araujo
Rainer Boehme
Benjamin Kellermann
Stefan Ko¨psell
Lucie Langer
Dimitrios Lekkas
Hans L¨ohr
Olivier de Marneffe
Lilian Mitrou
Axel Schmidt
Matt Smart
Ben Smyth
Marianthi Theoharidou
Joe-Kai Tsay
Bill Tsoumas
Table of Contents
Not-So Hidden Information: Optimal Contracts for Undue Influence in
E2E Voting Systems.............................................. 1
Jeremy Clark, Urs Hengartner, and Kate Larson
Masked Ballot Voting for Receipt-Free Online Elections............... 18
Roland Wen and Richard Buckland
Improving and Simplifying a Variant of Prˆet `a Voter ................. 37
Ralf Ku¨sters, Tomasz Truderung, and Andreas Vogt
Implications of Graphics on Usability and Accessibility for the Voter ... 54
Benjamin Smith, Sharon Laskowski, and Svetlana Lowry
Assessing Voters’ Attitudes towards Electronic Voting in Latin
America: Evidence from Colombia’s 2007 E-Voting Pilot .............. 75
R. Michael Alvarez, Gabriel Katz, Ricardo Llamosa, and
Hugo E. Martinez
Developing a Legal Framework for Remote Electronic Voting .......... 92
Axel Schmidt, Dennis Heinson, Lucie Langer, Zoi Opitz-Talidou,
Philipp Richter, Melanie Volkamer, and Johannes Buchmann
VeryVote: A Voter Verifiable Code Voting System.................... 106
Rui Joaquim, Carlos Ribeiro, and Paulo Ferreira
Minimum Disclosure Counting for the Alternative Vote ............... 122
Roland Wen and Richard Buckland
A Design of Secure Preferential E-Voting............................ 141
Kun Peng and Feng Bao
RIES - Rijnland Internet Election System: A Cursory Study of
Published Source Code ........................................... 157
Rop Gonggrijp, Willem-Jan Hengeveld, Eelco Hotting,
Sebastian Schmidt, and Frederik Weidemann
Combatting Electoral Traces: The Dutch Tempest Discussion and
beyond ......................................................... 172
Wolter Pieters
Author Index.................................................. 191
Not-So Hidden Information:
Optimal Contracts for Undue Influence in E2E Voting
Systems
Jeremy Clark, Urs Hengartner, and Kate Larson
Cheriton School of Computer Science
Universityof Waterloo
Waterloo, ON,Canada, N2L 3G1
{j5clark,uhengart,klarson}@cs.uwaterloo.ca
Abstract. This paper considers coercion contracts in voting systems
with end-to-end (E2E) verifiability. Contracts are a set of instructions
that an adversary can dictate to a voter, either through duress or by
offeringpayment,thatincreasetheprobabilityofacompliantvotercon-
structing a vote for the adversary’s preferred candidate. Using a repre-
sentativeE2E system,weplacetheattacksin game-theoretictermsand
study the effectiveness of three proposed contracts from the literature.
We offer a definition of optimality for contracts, provide an algorithm
forgeneratingoptimalcontracts,andshowthatasthenumberofcandi-
dates increases, the adversary’s advantage through the use of contracts
decreases. Wealsoconsidertheuseofcontractsinaheterogeneouspop-
ulation of voters and for financially constrained adversaries.
1 Introduction
End-to-end verifiable voting systems (E2E systems) allow voters to indepen-
dently verify the correctness of the final tally, without needing to trust the
chain-of-custody over the ballots after the election in paper voting settings, nor
anysoftwareorhardwareusedforvotecaptureandtallyinginelectronicandre-
motevotingsettings.E2Esystemsoftenusecryptographicprimitivestoachieve
these properties while maintaining the secrecy of every cast ballot. A sample of
recently proposed E2E systems include VoteHere [20], “Votegrity” [12], Prˆet `a
Voter[14],“Benaloh-06”[7],ScratchandVote[3],Punchscan[15,23],ThreeBal-
lot[24],Scantegrity[10,11],Civitas[19],VoteBox[25]andHelios[1].Acommon
element of these systems is the production of some kind of obfuscation of each
vote, which voters can retain, digitally or physically, as a privacy-preservingre-
ceipt of their vote. Since the receipt does not reveal which candidate the voter
selected, it ostensibly cannot be used effectively in a scheme to buy votes or
coercevotersintovotingforaparticularcandidate.Howeverthisisnotthecase:
evenif votes are correctly obfuscated,undue influence can still be accomplished
by paying or forcing voters to follow certain procedures in the construction of
their receipts, such that the receipts become probabilistically biased toward a
chosen candidate. We call these procedures, and consequences for not following
P.Y.A.RyanandB.Schoenmakers(Eds.):VOTE-ID2009,LNCS5767,pp.1–17,2009.
(cid:2)c Springer-VerlagBerlinHeidelberg2009
2 J. Clark, U. Hengartner, and K. Larson
them,acontract.Inthispaper,wearguethatcontractsarepersistentenoughin
E2E systems to warrant further study and, in response, we conduct a detailed
analysis in a representative E2E system—Punchscan.
Our contributions can be summarized as
• a new analysis of the effectiveness of three existing attacks [9,17,18] using
coercion contracts in Punchscan with two candidates,
• a definition of optimality for contracts and a linear-time algorithm for gen-
erating optimal contracts,
• an analysis of multiple-candidate contracts showing that their effectiveness
decreases with the number of candidates,
• an analysis of contracts in the setting where some voters have intentions
other than accepting the highest payment available to them and hide their
real intentions from the adversary,and
• ananalysisofcontractsinthesettingwheretheadversaryisfinanciallycon-
strained showing that the adversarymust value the vote by, approximately,
an order of magnitude more than the voter selling the vote.
2 Preliminaries
2.1 End-to-End Verifiability
Voting systems that offer end-to-end verifiability often use a variety of crypto-
graphictechniquestosimultaneouslyachieveballotsecrecyandtallycorrectness.
One common construction includes, abstractly, these three critical steps:
i. The voter produces and retains an obfuscation of her vote, such that given
only the obfuscated vote, it is not possible to determine the vote.
ii. Obfuscated votes are collected by the election authority,published publicly,
and voters check that the obfuscation of their vote is included and correct
in this collection.
iii. Obfuscated votes are collectively deobfuscated to produce a tally in a way
thatisverifiablycorrectanddoesnotrevealthelinkbetweenanyobfuscated
and deobfuscated votes.
While there is little roomfor variationwithin (ii), a variety of approachesto (i)
and (iii) have been presented in the literature. The integrity of (i) is sometimes
referred to as ballot casting assurance [2] or voter initiated auditing [5], while
privacy is called coercion resistance [16] or receipt freeness [8]. The dominant
mechanism for achieving obfuscation in (i) is encryption, but more recent lit-
erature includes use of permutations, code substitutions, information splitting,
and vote swapping. When the obfuscation technique is encryption, the deobfus-
cation in (iii) is typically achieved through a mix network [13,22] or additive
homomorphic encryption [6].
