A Polling Booth-Based Electronic Voting Scheme

A Polling Booth-Based Electronic Voting Scheme

Md. Abdul Based (Norwegian University of Science and Technology, Norway)
DOI: 10.4018/978-1-4666-4514-1.ch005


A Polling booth-based Electronic Voting Scheme (PEVS) is presented in this chapter. The scheme allows only eligible voters to cast their ballots inside polling booths, and the ballots cast by the eligible voters are inalterable and non-reusable. The scheme provides vote-privacy and receipt-freeness. The scheme is modeled to fend off forced-abstention attacks, simulation attacks, or randomization attacks. Thus, the scheme is coercion-resistant. The scheme also satisfies voter verifiability, universal verifiability, and eligibility verifiability requirements. The ProVerif tool is used to formally analyze soundness, vote-privacy, receipt-freeness, and coercion-resistance of the scheme. The analysis shows that PEVS satisfies these properties. PEVS is the first electronic voting scheme (polling booth-based) that satisfies all the requirements listed above.
Chapter Preview


Trusted election processes and outcomes are fundamental requirements to democratic societies. Government leaders must be elected in a proper way so that they can truly represent people's opinion and therefore, people can trust them. One possible solution could be a secure electronic voting scheme to reduce election problems and irregularities, especially in the countries where voting is a prominent issue.

The complex requirements of a secure electronic voting (e-voting) scheme include among others, the eligibility of the voter (Backes, Hritcu, & Maffei, 2008), inalterability and non-reusability of the ballot (Backes, Hritcu, & Maffei, 2008), vote-privacy (Delaune, Kremer, & Ryan, 2008), receipt-freeness (Delaune, Kremer, & Ryan, 2008), coercion-resistance (Juels, Catalano, & Jakobsson, 2005), and verifiability (Delaune, Kremer, & Ryan, 2008).

Eligibility means only the legitimate voters are allowed to cast their ballots. Inalterability ensures that the ballot cast by an eligible voter should not be altered and non-reusability ensures that each voter should be allowed to cast a ballot only once. Backes et al. (Backes, Hritcu, & Maffei, 2008) summarize these properties under the notion soundness of an election scheme.

According to Delaune et al. (Delaune, Kremer, & Ryan, 2008), vote-privacy, receipt-freeness, and coercion-resistance are the privacy requirements of a secure e-voting scheme. The property vote-privacy states that it is not possible to reveal for which candidate the voter casts the ballot, receipt-freeness means a voter cannot convince the coercer how the ballot was cast, and coercion-resistance means a coercer should not be able to force a voter to abstain from voting or to cast a ballot for a particular candidate or in a particular way (Juels, Catalano, & Jakobsson, 2005).

Verifiability means voter verifiability and universal verifiability. If the voter can verify that the ballot has been counted properly then the scheme is called voter verifiable and when any observer can verify that the published tally is the outcome of the cast ballots then the scheme is called universally verifiable. Delaune et al. (Delaune, Kremer, & Ryan, 2008) introduced a third aspect of verifiability; eligibility verifiability. Eligibility verifiability means the ballot in the tally is cast by an eligible voter and there is at most one ballot for each voter.

There are two categories of e-voting in terms of control of people and terminals. These are remote e-voting and polling booth based e-voting. A voter can cast a ballot from any place in a remote e-voting scheme. There is no cryptographic way to defend a voter from physical coercion in such voting. In the second category, a voter casts the ballot inside a polling booth (also known as election booth). Cryptographic mechanisms are then used inside the booth to achieve receipt-freeness and coercion-resistance. Since remote e-voting cannot achieve coercion-resistance, we choose polling booth based e-voting and name our scheme Polling booth-based Electronic Voting Scheme (PEVS). A preliminary version of PEVS is published in (Based, Tsay, & Mjølsnes, 2012) without the detail of the formal analysis of PEVS. However, this chapter describes PEVS in detail and provides the detail of the formal analysis of PEVS.

Figure 1 shows the basic diagram of PEVS. In PEVS the voter can generate any number of key pairs using the voter computer inside the polling booth. Each pair consists of a private key and a corresponding public key. The registrar signs the public keys in a blind signature scheme to ensure that there is no link between the voter and the keys. This satisfies the vote-privacy requirement. The voter computer inside the booth performs the cryptographic tasks to construct the ballot using one of these keys. So, the voter cannot prove to anyone how the ballot is cast and this satisfies the receipt-freeness requirement.

Figure 1.

PEVS: VC = voter computer, R = registrar, BA = ballot acquirer, BB = bulletin board, and CS = counting server (Based, Tsay, & Mjølsnes, 2012)

Complete Chapter List

Search this Book: