Paper 2022/430
Is the JCJ voting system really coercion-resistant?
Abstract
Coercion-resistance is a security property of electronic voting, often considered as a must-have for high-stake elections. The JCJ voting scheme, proposed in 2005 by Juels, Catalano and Jakobsson, is still the reference paradigm when designing a coercion-resistant protocol. We highlight a weakness in JCJ that is also present in all the systems following its general structure. This comes from the procedure that precedes the tally, where the trustees remove the ballots that should not be counted. This phase leaks more information than necessary, leading to potential threats for the coerced voters. Fixing this leads to the notion of cleansing-hiding, that we apply to form a variant of JCJ that we call CHide. One reason for the problem not being seen before is the fact that the associated formal definition of coercion-resistance was too weak. We therefore propose a definition that takes into account more behaviors such as revoting or the addition of fake ballots by authorities. We then prove that CHide is coercion-resistant for this definition.
Note: This is the long version of the paper published at CSF 2024.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. Major revision. IEEE CSF 2024
- Keywords
- election schemes
- Contact author(s)
- pierrick gaudry @ loria fr
- History
- 2024-02-13: last of 2 revisions
- 2022-04-06: received
- See all versions
- Short URL
- https://ia.cr/2022/430
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2022/430, author = {Véronique Cortier and Pierrick Gaudry and Quentin Yang}, title = {Is the {JCJ} voting system really coercion-resistant?}, howpublished = {Cryptology {ePrint} Archive, Paper 2022/430}, year = {2022}, url = {https://eprint.iacr.org/2022/430} }