Many voter-verifiable, coercion-resistant schemes have been proposed, but even the most carefully designed voting systems necessarily leak information via the announced result. In corner cases, this may be problematic. For example, if all the votes go to one candidate then all vote privacy evaporates. The mere possibility of candidates getting no or few votes could have implications for security in practise: if a coercer demands that a voter cast a vote for such an unpopular candidate, then the voter may feel obliged to obey, even if she is confident that the voting system satisfies the standard coercion resistance definitions. With complex ballots, there may also be a danger of "Italian" style (aka "signature") attacks: the coercer demands the voter cast a ballot with a very specific, identifying pattern of votes.
Here we propose an approach to tallying end-to-end verifiable schemes that avoids revealing all the votes but still achieves whatever confidence level in the announced result is desired. Now a coerced voter can claim that the required vote must be amongst those that remained shrouded. Our approach is based on the well-established notion of Risk-Limiting Audits (RLA), but here applied to the tally rather than to the audit. We show that this approach counters coercion threats arising in extreme tallies and ``Italian'' attacks.
The approach can be applied to most end-to-end verifiable schemes, but for the purposes of illustration I will outline the Selene scheme, that provides a particularly transparent form of voter-verification. This also allows me to describe an extension of the idea to Risk-Limiting Verification (RLV), where not all vote trackers are revealed, thereby enhancing the coercion mitigation properties of Selene.
Peter Ryan is full Professor of Applied Security at the University of Luxembourg since Feb 2009. Since joining the University of Luxembourg he has grown the APSIA (Applied Security and Information Assurance) group that is now more than 25 strong. He has around 25 years of experience in cryptography, information assurance and formal verification. He pioneered the application of process calculi to modelling and analysis of secure systems, in particular presenting the first process algebraic characterization of non-interference taking account of non-determinism (CSFW 1990). While at the Defense Research Agency, he initiated and led the ``Modelling and Analysis of Security Protocols'' project that pioneered the application of process algebra (CSP) and model-checking tools (FDR) to the analysis of security protocols.
He has published extensively on cryptography, cryptographic protocols, security policies, mathematical models of computer security and, most recently, voter-verifiable election systems. He is the creator of the (polling station) Prêt à Voter and, with V. Teague, the (internet) Pretty Good Democracy verifiable voting schemes. He was also co-designer of the vVote system, based on Prêt à Voter that was used successfully in Victoria State in November 2015. Most recently he developed the voter-friendly E2E verifiable scheme Selene. With Feng Hao, he also developed the OpenVote boardroom voting scheme and the J-PAKE password based authenticated key establishment protocol.
Prior to taking up the Chair in Luxembourg, he held a Chair at the University of Newcastle. Before that he worked at the Government Communications HQ (GCHQ), the Defense Research Agency (DRA) Malvern, the Stanford Research (SRI) Institute, Cambridge UK and the Software Engineering Institute, CMU Pittsburgh.
He was awarded a PhD in mathematical physics from the University of London in 1982. Peter Ryan sits on or has sat on the program committees of numerous, prestigious security conferences, notably: IEEE Security and Privacy, IEEE Computer Security Foundations Workshop/Symposium (CSF), the European Symposium on Research in Computer Security (ESORICS), Workshop on Issues in Security (WITS). He is General Chair of ESORICS 2019. He was (co-)chair of WITS'04 and co-chair of ESORICS'04, Frontiers of Electronic Elections (FEE) 2005 Workshop on Trustworthy Elections (WOTE) 2007, VoteId 2009 and of ESORICS 2015. In 2016 he founded the Verifiable Voting Workshops, held in association with Financial Crypto. From 1999 to 2007 he was the President of the ESORICS Steering Committee. In 2013 he was awarded the ESORICS Outstanding Service Award.
He is a Visiting Professor at Surrey University and the ENS Paris.