TY - GEN
T1 - Efficient receipt-free voting based on homomorphic encryption
AU - Hirt, Martin
AU - Sako, Kazue
PY - 2000
Y1 - 2000
N2 - Voting schemes that provide receipt-freeness prevent voters from proving their cast vote, and hence thwart vote-buying and coercion. We analyze the security of the multi-authority voting protocol of Benaloh and Tuinstra and demonstrate that this protocol is not receiptfree, opposed to what was claimed in the paper and was believed before. Furthermore, we propose the first practicable receipt-free voting scheme. Its only physical assumption is the existence of secret one-way communication channels from the authorities to the voters, and due to the public verifiability of the tally, voters only join a single stage of the protocol, realizing the "vote-and-go" concept. The protocol combines the advantages of the receipt-free protocol of Sako and Kilian and of the very efficient protocol of Cramer, Gennaro, and Schoenmakers, with help of designated-verifier proofs of Jakobsson, Sako, and Impagliazzo. Compared to the receipt-free protocol of Sako and Kilian for security parameter ℓ (the number of repetitions in the non-interactive cut-andchoose proofs), the protocol described in this paper realizes an improvement of the total bit complexity by a factor ℓ.
AB - Voting schemes that provide receipt-freeness prevent voters from proving their cast vote, and hence thwart vote-buying and coercion. We analyze the security of the multi-authority voting protocol of Benaloh and Tuinstra and demonstrate that this protocol is not receiptfree, opposed to what was claimed in the paper and was believed before. Furthermore, we propose the first practicable receipt-free voting scheme. Its only physical assumption is the existence of secret one-way communication channels from the authorities to the voters, and due to the public verifiability of the tally, voters only join a single stage of the protocol, realizing the "vote-and-go" concept. The protocol combines the advantages of the receipt-free protocol of Sako and Kilian and of the very efficient protocol of Cramer, Gennaro, and Schoenmakers, with help of designated-verifier proofs of Jakobsson, Sako, and Impagliazzo. Compared to the receipt-free protocol of Sako and Kilian for security parameter ℓ (the number of repetitions in the non-interactive cut-andchoose proofs), the protocol described in this paper realizes an improvement of the total bit complexity by a factor ℓ.
UR - http://www.scopus.com/inward/record.url?scp=84948969982&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84948969982&partnerID=8YFLogxK
U2 - 10.1007/3-540-45539-6_38
DO - 10.1007/3-540-45539-6_38
M3 - Conference contribution
AN - SCOPUS:84948969982
SN - 9783540675174
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 539
EP - 556
BT - Advances in Cryptology - EUROCRYPT 2000 - International Conference on the Theory and Application of Cryptographic Techniques, Proceedings
A2 - Preneel, Bart
PB - Springer Verlag
T2 - 19th International Conference on the Theory and Application of Cryptographic Techniques, EUROCRYPT 2000
Y2 - 14 May 2000 through 18 May 2000
ER -