Paper 2024/915

REACTIVE: Rethinking Effective Approaches Concerning Trustees in Verifiable Elections

Josh Benaloh, Microsoft Research
Michael Naehrig, Microsoft Research
Olivier Pereira, Microsoft Research, UCLouvain
Abstract

For more than forty years, two principal questions have been asked when designing verifiable election systems: how will the integrity of the results be demonstrated and how will the privacy of votes be preserved? Many approaches have been taken towards answering the first question such as use of MixNets and homomorphic tallying. But in the academic literature, the second question has always been answered in the same way: decryption capabilities are divided amongst multiple independent “trustees” so that a collusion is required to compromise privacy. In practice, however, this approach can be fairly challenging to deploy. Human trustees rarely have a clear understanding of their responsibilities, and they typically all use identical software for their tasks. Rather than exercising independent judgment to maintain privacy, trustees are often reduced to automata who just push the buttons they are told to when they are told to, doing little towards protecting voter privacy. This paper looks at several aspects of the trustee experience. It begins by discussing various cryptographic protocols that have been used for key generation in elections, explores their impact on the role of trustees, and notes that even the theory of proper use of trustees is more challenging than it might seem. This is illustrated by showing that one of the only references defining a full threshold distributed key generation (DKG) for elections defines an insecure protocol. Belenios claims to rely on that reference for its DKG and security proof. Fortunately, it does not inherit the same vulnerability. We offer a security proof for the Belenios DKG. The paper then discusses various practical contexts, in terms of humans, software, and hardware, and their impact on the practical deployment of a trustee-based privacy model.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Preprint.
Keywords
ElectionsVotingDistributed key generation
Contact author(s)
benaloh @ microsoft com
mnaehrig @ microsoft com
olivier pereira @ uclouvain be
History
2024-08-16: revised
2024-06-07: received
See all versions
Short URL
https://ia.cr/2024/915
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/915,
      author = {Josh Benaloh and Michael Naehrig and Olivier Pereira},
      title = {{REACTIVE}: Rethinking Effective Approaches Concerning Trustees in Verifiable Elections},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/915},
      year = {2024},
      url = {https://eprint.iacr.org/2024/915}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.