Coercion-Resistant Electronic Elections
Ari Juels and Markus Jakobsson
Abstract. We introduce a model for electronic election schemes that involves a more powerful adversary than in previous work. In particular, we allow the adversary to demand of coerced voters that they vote in a particular manner, abstain from voting, or even disclose their secret keys. We define a scheme to be {\em coercion-resistant} if it is infeasible for the adversary to determine whether a coerced voter complies with the demands.
A first contribution of this paper is to describe and characterize a new and strengthened adversary for coercion in elections; a second is to demonstrate a protocol that is secure against this adversary. While it is clear that a strengthening of attack models is of theoretical relevance, it is important to note that our results lie close to practicality. This is true both in that we model real-life threats (such as vote-buying and vote-cancelling), and in that our proposed protocol combines a fair degree of efficiency with an unusual lack of structural complexity. Furthermore, while previous schemes have required use of an untappable channel, ours only requires an anonymous one.
A surprising and counter-intuitive achievement of our protocol is that it combines universal verifiability -- the ability for anyone to verify the correctness of the election -- with coercion resistance.
Category / Keywords. applications /
Date: received 5 Nov 2002, last revised 10 Feb 2003
Contact author: ajuels@rsasecurity.com
Available formats: Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation