Making Code Voting Secure against Insider Threats using Unconditionally Secure MIX Schemes and Human PSMT Protocols

摘要

Code voting was introduced by Chaum as a solution for using a possiblyinfected-by-malware device to cast a vote in an electronic voting application.Chaum's work on code voting assumed voting codes are physically delivered tovoters using the mail system, implicitly requiring to trust the mail system.This is not necessarily a valid assumption to make - especially if the mailsystem cannot be trusted. When conspiring with the recipient of the castballots, privacy is broken. It is clear to the public that when it comes to privacy, computers and"secure" communication over the Internet cannot fully be trusted. Thisemphasizes the importance of using: (1) Unconditional security for securenetwork communication. (2) Reduce reliance on untrusted computers. In this paper we explore how to remove the mail system trust assumption incode voting. We use PSMT protocols (SCN 2012) where with the help of visualaids, humans can carry out $\mod 10$ addition correctly with a 99\% degree ofaccuracy. We introduce an unconditionally secure MIX based on the combinatoricsof set systems. Given that end users of our proposed voting scheme construction are humans we\emph{cannot use} classical Secure Multi Party Computation protocols. Our solutions are for both single and multi-seat elections achieving:\begin{enumerate}[i)] \item An anonymous and perfectly secure communication network secure againsta $t$-bounded passive adversary used to deliver voting, \item The end step of the protocol can be handled by a human to evade thethreat of malware. \end{enumerate} We do not focus on active adversaries.