It is immensely challenging to devise a voting system that guarantees both the correct reflection of the will of the voters and the secrecy of the ballots, based solely on compelling, objective evidence. In response to this challenge, various voting protocols have been proposed, typically using cryptography, that seek to base the assurance of accuracy on transparency and auditability. This approach is neatly captured by the maxim “verify the election results, not the voting system!”. Such protocols strive to achieve a new requirement, that of voter-verifiability: voters are able to confirm that their vote is accurately counted while maintaining ballot secrecy. This paper describes the concept of voter-verifiability, and it outlines a particular voting protocol, the Prêt à Voter protocol, for achieving voter-verifiability. A new version of the protocol that exploits some special features of the Paillier encryption algorithm is presented. This gives a more elegant and robust implementation of Prêt à Voter than the previous versions. In particular, the fact that Paillier encryption allows the secret key holder to recover the randomisation as well as the plaintext, enables a simplified auditing of the ballot receipts and avoids the need to provide Zero-Knowledge Proofs. The use of Verified Random Functions is proposed as a way to prevent any manipulation undermining the secrecy requirements. Finally, a new construction of the ballot forms used in the Prêt à Voter protocol is presented that allows the ballot forms to carry full permutations of the candidates rather than simple cyclic shifts of earlier, re-encryption mix versions of this protocol.
Read full abstract