The other side of privacy: surveillance in data control
Electronic voting has become one of the most popular activities over the Internet. Security and privacy are always regarded as crucial factors in electronic voting system design. Various secure voting schemes have been proposed in the past several years to ensure the safe operation of electronic voting and most of them have focused on the common <i>"one man, one vote"</i> plurality voting. In this paper, we study on the security and privacy issues in the Clarke tax voting protocol, another important social choice protocol. This protocol is important in electronic voting, especially software agent based voting, because a voter's dominant strategy is truth-telling, and consequently the overhead for counterspeculation is minimized. For the very same reason, it is essential to achieve the security and the privacy protection of voters so that voters' preferences need not be made known to the public, should this protocol be practical and popular. In this paper, we first present several cryptographic building blocks, including <i>ElGamal cryptosystem, player-resolved distributed ElGamal decryption, proof of knowledge of 1-of-k plaintext</i> and <i>player-resolved mix network.</i> Then we propose a secure Clarke tax voting protocol making use of these techniques. In the proposed protocol, we achieve privacy protection, universal verifiability as well as other security requirements, such as secrecy, eligibility, completeness, <i>etc.</i> One important feature of the proposed protocol is that the full privacy protection of voters is guaranteed, which means that all information in voting are kept secret even in the presence of any collusion of participants involved in the voting. The only information known publicly is the final voting result, <i>i.e.</i>, the winning candidate and the tax for each voter.