Abstract
The conventional (election) voting systems, e.g., representative democracy, have many limitations and often fail to serve the best interest of the people in a collective decision-making process. To address this issue, the concept of liquid democracy has been emerging as an alternative decision-making model to make better use of “the wisdom of crowds”. However, there is no known cryptographically secure e-voting implementation that supports liquid democracy.
In this work, we propose a new voting concept called statement voting, which can be viewed as a natural extension of the conventional voting approaches. In the statement voting, instead of defining a concrete election candidate, each voter can define a statement in his/her ballot but leave the vote “undefined” during the voting phase. During the tally phase, the (conditional) actions expressed in the statement will be carried out to determine the final vote. We initiate the study of statement voting under the Universal Composability (UC) framework, and propose several construction frameworks together with their instantiations. As an application, we show how statement voting can be used to realize a UC-secure liquid democracy voting system. We remark that our statement voting can be extended to enable more complex voting and generic ledger-based non-interactive multi-party computation. We believe that the statement voting concept opens a door for constructing a new class of e-voting schemes.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Note that this is not a complete description of STV. For those readers who are unfamiliar with STV, please see its full definition to avoid misunderstanding.
- 2.
All the existing liquid democracy implementations do not consider privacy/anonymity. This drawback prevents them from being used in serious elections. Here, we note that straightforward blockchain-based solutions cannot provide good privacy in practice. Although some blockchains (e.g., Zerocash [5]) can be viewed as a global mixer, they implicitly require anonymous channels. In practice, all the implementations of anonymous channels suffer from time leakage, i.e., the user’s ID is only hidden among the other users who are also using the system at the same time. Subsequently, the adversary may easily identify the users during quiet hours.
- 3.
References
Adhocracy. Adhocracy official website. Accessed 21 Oct 2017
Adida, B.: Helios: web-based open-audit voting. In: USENIX Security (2008)
Alwen, J., Ostrovsky, R., Zhou, H.-S., Zikas, V.: Incoercible multi-party computation and universally composable receipt-free voting. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015, Part II. LNCS, vol. 9216, pp. 763–780. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48000-7_37
Baum, C., Damgård, I., Orlandi, C.: Publicly auditable secure multi-party computation. In: Abdalla, M., De Prisco, R. (eds.) SCN 2014. LNCS, vol. 8642, pp. 175–196. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10879-7_11
Ben-Sasson, E., et al.: Zerocash: decentralized anonymous payments from bitcoin. In: 2014 IEEE Symposium on Security and Privacy, pp. 459–474. IEEE Computer Society Press, May 2014
Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: 42nd FOCS, pp. 136–145. IEEE Computer Society Press, October 2001
Canetti, R.: Universally composable signatures, certification and authentication. Cryptology ePrint Archive, Report 2003/239 (2003). http://eprint.iacr.org/2003/239
Canetti, R., Fischlin, M.: Universally composable commitments. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 19–40. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_2
Canetti, R., Krawczyk, H., Nielsen, J.B.: Relaxing chosen-ciphertext security. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 565–582. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45146-4_33
Canetti, R., Kushilevitz, E., Lindell, Y.: On the limitations of universally composable two-party computation without set-up assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 68–86. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_5
Chaidos, P., Cortier, V., Fuchsbauer, G., Galindo, D.: Beleniosrf: a non-interactive receipt-free electronic voting scheme. In: CCS 2016, pp. 1614–1625. ACM, New York (2016)
Chase, M., Kohlweiss, M., Lysyanskaya, A., Meiklejohn, S.: Malleable proof systems and applications. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 281–300. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_18
Chaum, D., Ryan, P.Y.A., Schneider, S.: A practical voter-verifiable election scheme. In: di Vimercati, S.C., Syverson, P., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 118–139. Springer, Heidelberg (2005). https://doi.org/10.1007/11555827_8
Daian, P., Kell, T., Miers, I., Juels, A.: On-Chain Vote Buying and the Rise of Dark DAOs (2018). http://hackingdistributed.com/2018/07/02/on-chain-vote-buying/
Degrave, J.: Getopinionated. GitHub repository. Accessed 21 Oct 2017
Ford, B.: Delegative democracy (2002). http://www.brynosaurus.com/deleg/deleg.pdf
Froelicher, D., et al.: Unlynx: a decentralized system for privacy-conscious data sharing. Proc. Privacy Enhancing Technol. 4, 152–170 (2017)
Groth, J.: Evaluating security of voting schemes in the universal composability framework. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 46–60. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24852-1_4
Groth, J.: Rerandomizable and replayable adaptive chosen ciphertext attack secure cryptosystems. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 152–170. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24638-1_9
Hardt, S., Lopes, L.: Google votes: a liquid democracy experiment on a corporate social network. Technical Disclosure Commons (2015). http://www.tdcommons.org/dpubs_series/79
Kiayias, A., Zacharias, T., Zhang, B.: DEMOS-2: scalable E2E verifiable elections without random oracles. In: Ray, I., Li, N., Kruegel, C. (eds.) ACM CCS 2015, pp. 352–363. ACM Press, October 2015
Kiayias, A., Zacharias, T., Zhang, B.: End-to-end verifiable elections in the standard model. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part II. LNCS, vol. 9057, pp. 468–498. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_16
Kulyk, O., Marky, K., Neumann, S., Volkamer, M.: Introducing proxy voting to helios. In: ARES, pp. 98–106. IEEE Computer Society (2016)
Kulyk, O., Neumann, S., Marky, K., Budurushi, J., Volkamer, M.: Coercion-resistant proxy voting. In: ICT Systems Security and Privacy Protection (2016)
Kulyk, O., Neumann, S., Marky, K., Volkamer, M.: Enabling vote delegation for boardroom voting. In: Brenner, M., et al. (eds.) FC 2017. LNCS, vol. 10323, pp. 419–433. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70278-0_26
LiquidFeedback. LiquidFeedback official website. Accessed 21 Oct 2017
Moran, T., Naor, M.: Receipt-free universally-verifiable voting with everlasting privacy. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 373–392. Springer, Heidelberg (2006). https://doi.org/10.1007/11818175_22
Prabhakaran, M., Rosulek, M.: Rerandomizable RCCA encryption. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 517–534. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74143-5_29
Democracy Earth. The social smart contract. An open source white paper, 1 September 2017. Accessed 21 Oct 2017
Unruh, D., Müller-Quade, J.: Universally composable incoercibility. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 411–428. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14623-7_22
Zhai, E., Wolinsky, D.I., Chen, R., Syta, E., Teng, C., Ford, B.: Anonrep: towards tracking-resistant anonymous reputation. In: NSDI 2016, pp. 583–596 (2016)
Acknowledgement
We thank Jeremy Clark and the anonymous reviewers for their constructive comments. The first author was partially supported by EPSRC grant EP/P034578/1. The second author was partially supported by NSF award #1801470. This work is also supported by Ergo platform, Fractal Platform, and Blockchain institute.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Security Definition for TRE
A Security Definition for TRE
Definition 3
We say \(\mathsf {TRE}= \{\mathsf {Setup}, \mathsf {Keygen}, \mathsf {Enc}, \mathsf {Dec}, \mathsf {CombinePK}, \mathsf {CombineSK},\) \(\mathsf {ShareDec}, \mathsf {ShareCombine}, \mathsf {ReRand}\}\) is a secure threshold re-randomizable public key encryption if the following properties hold:
-
Key combination correctness: If \(\{(\mathtt {pk} _i,\mathtt {sk} _i)\}_{i\in [k]}\) are all valid key pairs,
\(\mathtt {pk}:=\mathsf {TRE}.\mathsf {CombinePK}(\{\mathtt {pk} _i\}_{i\in [k]})\) and \(\mathtt {sk}:= \mathsf {TRE}.\mathsf {CombineSK}(\{\mathtt {sk} _i\}_{i\in [k]})\), then \((\mathtt {pk},\mathtt {sk})\) is also a valid key pair. For all ciphertext \(c \in \mathcal C _\mathtt {pk} \), where \(\mathcal C _\mathtt {pk} \) is the ciphertext-space defined by \(\mathtt {pk} \), we have
$$ \mathsf {TRE}.\mathsf {Dec}(\mathtt {sk},c) = \mathsf {TRE}.\mathsf {ShareCombine}(c, \mathsf {TRE}.\mathsf {ShareDec}(\mathtt {sk} _1,c), \ldots , \mathsf {TRE}.\mathsf {ShareDec}(\mathtt {sk} _k,c)) $$ -
Ciphertext transformative indistinguishability:
There exists a \(\textsc {ppt}\) algorithm \(\mathsf {Trans}\) such that if \(\{(\mathtt {pk} _i,\mathtt {sk} _i)\}_{i\in [k]}\) are all valid key pairs, \(\mathtt {pk}:=\mathsf {TRE}.\mathsf {CombinePK}(\{\mathtt {pk} _i\}_{i\in [k]})\) and \(\mathtt {sk}:= \mathsf {TRE}.\mathsf {CombineSK}(\{\mathtt {sk} _i\}_{i\in [k]})\), then for all message m, for any \(j\in [k]\), the following holds.
$$ \big ( \mathsf {param}, \mathsf {TRE}.\mathsf {Trans}(c,\{\mathtt {sk} _i\}_{i\in [k]\setminus \{j\}})\big ) \; \approx \; \big ( \mathsf {param}, \mathsf {TRE}.\mathsf {Enc}(\mathtt {pk}, m)\big ) $$ -
IND-CPA security: We say that a \(\mathsf {TRE}\) scheme achieves indistinguishability under plaintext attacks (IND-CPA) if for any \(\textsc {ppt}\) adversary \(\mathcal A \) the following advantage \(\mathsf {AdvCPA}\) is negligible.
-
\(\underline{\textsc {Experiment}^{\mathsf {CPA}} (1^\lambda )}\)
- 1.:
-
Run \(\mathsf {param}\leftarrow \mathsf {TRE}.\mathsf {Setup}(1^\lambda )\).
- 2.:
-
Run \((\mathtt {pk},\mathtt {sk})\leftarrow \mathsf {TRE}.\mathsf {Keygen}(\mathsf {param})\);
- 4.:
-
\(\mathcal A ( \mathtt {pk})\) outputs \(m_0,m_1\) of equal length;
- 5.:
-
Pick \(b\leftarrow \big \{0,1\big \}\); Run \(c \leftarrow \mathsf {TRE}.\mathsf {Enc}(\mathtt {pk},m_b)\);
- 6.:
-
\(\mathcal A (c)\) outputs \(b^*\); It returns 1 if \(b=b^*\); else, returns 0.
We define the advantage of \(\mathcal A \) as
$$ \mathsf {AdvCPA}_{\mathcal A}(1^\lambda ) = \left| \mathrm{Pr}[\textsc {Experiment}^{\mathsf {CPA}}(1^\lambda ) = 1] - \frac{1}{2} \right| .$$ -
-
Unlinkability: We say a \(\mathsf {TRE}\) scheme is unlinkable if for any \(\textsc {ppt}\) adversary \(\mathcal A \) the following advantage \(\mathsf {AdvUnlink}\) is negligible.
-
\(\underline{\textsc {Experiment}^{\mathsf {Unlink}}_{} (1^\lambda )}\)
- 1.:
-
\(\mathcal A \) outputs a set \(\mathcal I_{} \subset \big \{1,\ldots ,k\big \}\) of up to \(k-1\) corrupted indices.
- 2.:
-
For \(i = [n]\), run \((\overline{\mathtt {pk}}_i,\overline{\mathtt {sk}}_i)\leftarrow \mathsf {TRE}.\mathsf {Keygen}(1^\lambda ;\omega _i)\);
- 3.:
-
\(\mathcal A ( \big \{\mathtt {pk} _j\big \}_{j\in [k] \setminus \mathcal I_{}} )\) outputs \(c_0,c_1\);
- 4.:
-
\(b\leftarrow \big \{0,1\big \}\); \(c'\leftarrow \mathsf {TRE}.\mathsf {ReRand}(\mathtt {pk},c_b;\omega )\);
- 5.:
-
\(\mathcal A (c')\) outputs \(b^*\); It returns 1 if \(b=b^*\); else, returns 0.
We define the advantage of \(\mathcal A \) as
$$ \mathsf {AdvUnlink}_{\mathcal A}(1^\lambda ) = \left| \mathrm{Pr}[\textsc {Experiment}^{\mathsf {Unlink}}_{}(1^\lambda ) = 1] - \frac{1}{2} \right| .$$ -
-
Share-simulation indistinguishability: We say \(\mathsf {TRE}\) scheme achieves share-simulation indistinguishability if there exists a \(\textsc {ppt}\) simulator \(\mathsf {SimShareDec} \) such that for all valid key pairs \(\{(\mathtt {pk} _i,\mathtt {sk} _i)\}_{i\in [k]}\), all subsets \(\mathcal I_{} \subsetneq [k]\), all message m, the following two distributions are computationally indistinguishable:
$$ \big ( \mathsf {param}, c, \mathsf {SimShareDec} (c, m, \{\mu _i\}_{i\in \mathcal I_{}} ) \big ) \approx \big (\mathsf {param}, c , \{\mu _j\}_{j\in [k] \setminus \mathcal I_{}} \big ) $$where \(\mathsf {param}\leftarrow \mathsf {TRE}.\mathsf {Setup}(1^\lambda )\), \(c\leftarrow \mathsf {TRE}.\mathsf {Enc}(\mathtt {pk},m)\) and \(\mu _j \leftarrow \mathsf {TRE}.\mathsf {ShareDec}(\mathtt {sk} _j, c)\) for \(j\in [k] \setminus \mathcal I_{} \).
Rights and permissions
Copyright information
© 2019 International Financial Cryptography Association
About this paper
Cite this paper
Zhang, B., Zhou, HS. (2019). Statement Voting. In: Goldberg, I., Moore, T. (eds) Financial Cryptography and Data Security. FC 2019. Lecture Notes in Computer Science(), vol 11598. Springer, Cham. https://doi.org/10.1007/978-3-030-32101-7_38
Download citation
DOI: https://doi.org/10.1007/978-3-030-32101-7_38
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-32100-0
Online ISBN: 978-3-030-32101-7
eBook Packages: Computer ScienceComputer Science (R0)