Paper 2024/915

REACTIVE: Rethinking Effective Approaches Concerning Trustees in Verifiable Elections

Josh Benaloh, Microsoft Research
Michael Naehrig, Microsoft Research
Olivier Pereira, Microsoft Research, UCLouvain
Abstract

For more than forty years, two principal questions have been asked when designing verifiable election systems: how will the integrity of the results be demonstrated and how will the privacy of votes be preserved? Many approaches have been taken towards answering the first question such as use of mixnets and homomorphic tallying. But, in the case of large-scale elections, the second question has always been answered in the same way: decryption capabilities are divided amongst multiple independent "trustees" so that a collusion is required to compromise privacy. In practice, however, this approach can be fairly challenging to deploy. Even if multiple human trustees are chosen, they typically use software and often also hardware provided by a single voting system supplier, with little options to verify its quality when they have the technical expertise to do so. As a result, we observe that trustees are rarely in a position to exercise independent judgment to maintain privacy. This paper looks at several aspects of the trustee experience. It begins by surveying and discussing various cryptographic protocols that have been used for key generation in elections, explores their impact on the role of trustees, and notes that even the theory of proper use of trustees is more challenging than it might seem. This is illustrated by showing that one of the only references defining a full threshold distributed key generation (DKG) for elections defines an insecure protocol. Belenios, a broadly used open-source voting system, claims to rely on that reference for its DKG and security proof. Fortunately, it does not inherit the same vulnerability, and we offer a security proof for the Belenios DKG. The paper then discusses various practical contexts, in terms of humans, software, and hardware, and their impact on the practical deployment of a trustee-based privacy model.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Preprint.
Keywords
ElectionsVotingDistributed key generation
Contact author(s)
benaloh @ microsoft com
mnaehrig @ microsoft com
olivier pereira @ uclouvain be
History
2025-05-22: last of 2 revisions
2024-06-07: received
See all versions
Short URL
https://ia.cr/2024/915
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/915,
      author = {Josh Benaloh and Michael Naehrig and Olivier Pereira},
      title = {{REACTIVE}: Rethinking Effective Approaches Concerning Trustees in Verifiable Elections},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/915},
      year = {2024},
      url = {https://eprint.iacr.org/2024/915}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.