Numerous institutions, such as companies, universities, or non-governmental organizations, employ Internet voting for remote elections. Since the main purpose of an election is to determine the voters' will, it is fundamentally important to ensure that the final election result correctly reflects the voters' votes. To this end, modern secure Internet voting schemes aim for what is called end-to-end verifiability. This fundamental security property ensures that the correctness of the final result can be verified, even if some of the computers or parties involved are malfunctioning or corrupted. A standard component in this approach is so called cast-as-intended verifiability which enables individual voters to verify that the ballots cast on their behalf contain their intended choices. Numerous approaches for cast-as-intended verifiability have been proposed in the literature, some of which have also been employed in real-life Internet elections. One of the well established approaches for cast-as-intended verifiability is to employ a second device which can be used by voters to audit their submitted ballots. This approach offers several advantages - including support for flexible ballot/election types and intuitive user experience - and it has been used in real-life elections, for instance in Estonia. In this work, we improve the existing solutions for cast-as-intended verifiability based on the use of a second device. We propose a solution which, while preserving the advantageous practical properties sketched above, provides tighter security guarantees. Our method does not increase the risk of vote-selling when compared to the underlying voting protocol being augmented and, to achieve this, it requires only comparatively weak trust assumptions. It can be combined with various voting protocols, including commitment-based systems offering everlasting privacy.
翻译:许多机构使用互联网投票进行远程选举,例如公司,大学或非政府组织。由于选举的主要目的是确定选民的意愿,因此非常重要的是确保最终选举结果正确反映选民的投票。为此,现代安全的互联网投票方案旨在实现所谓的端到端可验证性。这种基本的安全属性确保即使涉及的一些计算机或方在故障或被破坏的情况下,最终结果的正确性也可以被验证。这种方法的一个标准组件是所谓的预期投票确认,它使个人选民能够验证代表他们的提交投票是否包含他们打算选出的选择。文献中提出了许多预期投票确认的方法,其中一些已经在现实中的互联网选举中得到了应用。预期投票确认的一种成熟方法是使用第二设备,选民可以通过该设备审核提交的投票。这种方法提供了几个优点 - 包括支持灵活的选票/选举类型和直观的用户体验 - 并且已经在实际选举中使用,例如在爱沙尼亚。在这项工作中,我们改进了基于第二设备使用的预期投票确认的现有解决方案。我们提出了一种解决方案,保留上述有利的实际属性,同时提供更严格的安全性保证。我们的方法不会增加与扩展的投票协议相比的投票出售风险,并且为此仅需要相对较弱的信任假设。它可以与各种投票协议结合使用,包括提供永久隐私的承诺基础系统。