Enhancing Electronic Voting Machines on the Example of Bingo Voting

Abstract

The main purpose of cryptographic voting schemes is to provide transparency while protecting ballot secrecy and to enable a fast tally. In this paper, we address three major issues of cryptographic voting schemes. First we discuss the problem of secrecy and coercion resistance in the situation of a corrupted voting machine. While hard to obtain in general, we propose and analyze a novel approach that uses encapsulated design and minimizes the information that can compromise ballot secrecy. The second issue we address is the assumption that an adversary does not know which receipts are checked and the problem of receipt stealing. Many voting schemes with receipts share this vulnerability. We provide a solution that increases protection of each vote and which can be generalized for voting schemes that use computers to form the receipt. The last issue discussed in this paper is the question of how an election can be contested. For this, an error or a manipulation must not only be detected but also proven. While the problems and solutions are described for Bingo Voting, we argue that the problems are shared by many cryptographic voting schemes and that the solutions presented in this work give insight in the prerequisites needed for a secure election.