2.3.1 The Model

Before we move on to describe the voting protocols, we need to describe more formally the model we are using. The only common part among protocols in the literature is a known set of voters, each of whom must vote 0 or 1, with the final tally being the sum of the voters' votes. Most models also assume the existence of a public communication channel, via which authenticated messages can be reliably broadcast by all participants, such that all correct participants are guaranteed to receive the same set of messages. Many voting protocols, including ours, make use of other participants as authorities, responsible for collecting and counting votes. Several voting protocols also assume the existence of other devices, such as mechanisms for anonymous mail, or voting booths which can provide certain guarantees. One highly common device is that of a beacon, a publicly trusted source of broadcast random bits. It is generally possible to simulate this by having the participants generate random bits themselves and then XORing the bits together, but for convenience we will assume the beacon's existence when necessary.

We now define several properties we would like any voting protocol to have:

1.

Robustness: Ideally, the presence of faulty participants (including misbehaving voters and corrupt authorities) should not hinder the successful completion of the election. If the election cannot be successfully completed, the portion of the election that must be restarted should be minimized. Less ideal but still acceptable would be to make certain that misbehaving participants can be detected; we can rationalize that a dire enough punishment for bad-faith failure will prevent corruption. Barely acceptable is to be able to detect that an election has been corrupted, without knowing who is responsible. This property is also known as fault tolerance.

2.

Verifiability: Misbehaving authorities and voters should not be able to conspire to announce a false final tally. Ideally, any attempt at cheating will be detected with certainty, or very high probability, by honest participants.

3.

Privacy: Any individual's vote should be private, in that no conspiracy of malevolent authorities or voters can determine any information about it beyond what they already know from the protocol. Often, the privacy ensured by voting protocols is not absolute, but is based on the computational complexity of number theoretic problems. This property is also known as security.

4.

Uncoercibility: A voter should not be able to prove to anybody else after the vote how it voted, and no adversary should be able to force the voter to disclose its vote even after corrupting a reasonable number of other participants. This property is also known as receipt-free.

5.

Scalability: The message and computational complexity of the protocol should not increase dramatically with respect to the size of the election. Communication should be localized, and the amount of global broadcast minimized.

The series of existing protocols which we will summarize below will culminate in one which achieves all of the above except scalability. Our proposal will then add scalability to this list.