Correspondence:
[*]
Corresponding author: Ralf Küsters, University of Trier, FB IV – Informatik, Gebäude H/Campus II, D-54286 Trier, Germany. Tel.: +49 651 201 2852; Fax: +49 651 201 2832; E-mail: kuesters@uni-trier.de
Note: [1] This is the full and extended version of work previously published in [19].
Abstract: Coercion resistance is one of the most important and intricate security requirements for voting protocols. Several definitions of coercion resistance have been proposed in the literature, both in cryptographic settings and more abstract, symbolic models. However, unlike symbolic approaches, only very few voting protocols have been rigorously analyzed within the cryptographic setting. A major obstacle is that existing cryptographic definitions of coercion resistance tend to be complex and limited in scope: they are often tailored to specific classes of protocols or are too demanding. In this paper, we therefore present a simple and intuitive cryptographic definition of coercion resistance, in the style of game-based definitions. This definition allows us to precisely measure the level of coercion resistance a protocol provides. As the main technical contribution of this paper, we apply our definition to two voting systems, namely, the Bingo voting system and ThreeBallot. The results we obtain are out of the scope of existing approaches. We show that the Bingo voting system provides the same level of coercion resistance as an ideal voting system. We also precisely measure the degradation of the level of coercion resistance of the ThreeBallot voting system when the so-called short ballot assumption is not met and show that the level of coercion resistance this system provides is significantly lower than that of an ideal system even in the case of short ballots.
