A generic approach to prevent board flooding attacks in coercion-resistant electronic voting schemes

Abstract

This paper presents a generic approach to prevent board flooding attacks in remote electronic voting schemes providing coercion-resistance. A key property of these schemes is the possibility of casting invalid votes to the public bulletin board, which are indistinguishable from proper votes. Exactly this possibility is crucial for making these schemes coercion-resistant, but it also opens doors for flooding the bulletin board with an enormous amount of invalid votes, eventually spoiling the efficiency of the tallying process. To prevent such attacks, we present a generic enhancement for these schemes, in which we restrict the total amount of votes accepted by the public bulletin board. For this, voters receive a certain amount of posting tickets, each of which allowing its owner to post a single vote to the bulletin board. The list of all posting tickets is published along with the electoral register. Votes with no valid posting ticket are immediately rejected by the bulletin board. The maximum amount of postings accepted by the bulletin board is thus bounded by the total number of issued posting tickets. This prevents a massive board flooding attack with a very large number of invalid votes and thus guarantees the efficiency of the tallying phase. Except with respect to forced vote abstention, our enhancement preserves all properties of the existing scheme in use. Although coercion by forced vote abstention cannot be ruled out entirely, such attacks are at least not scalable to a considerable portion of the electorate.