本論文探討了電子投票系統（e-voting）一個關鍵但常被忽視的方面：選民身份的可驗證性(Verifiability)。首先，我們擴大了「端對端可驗證性」(End-to-End Verifiability)的範疇以包括身份可驗證性，從而引入了「端對端身份可驗證性」。我們的研究重點放在先前研究如何結合可驗證的輸出(The Verifiable Output Approach)與一個安全的選票處理單位（SBPGE）來在提供端對端可驗證性的同時，仍然保護選民的匿名性。我們分析了以往達成身份可驗證性的標準方法，即我們所稱的「配對策略」(The Pairing Strategy)。儘管該策略將選票與選民身份相關聯來達成身分可驗證性的這個方法有效，但在保持選民匿名性方面面臨挑戰。並且由於其同時驗證選民身份和確保記錄選票的唯一性的雙重功能，因此以往很難找到此策略的替代方法。作為回應，我們首先提出了選民身分可驗證性的充分條件（SVEC），這是一個用於評估電子投票系統中的身份可驗證性的新框架。在此充分條件的基礎上，我們引入了「可驗證輸入與輸出方法」(The Verifiable I/O Approach)，用以取代傳統的配對策略來簡化了選民身分可驗證的設計。此外，本論文還討論了實施可驗證輸入與輸出方法的重要關鍵點，並概述了一個實踐此方法的電子投票方案，以促進其未來的採用。

This thesis examines a crucial but frequently overlooked aspect of electronic voting (e-voting) systems: the verifiability of voters' eligibility. We broaden the scope of "end-to-end verifiability" to include eligibility verifiability, thereby introducing "end-to-end eligibility verifiability." Our study highlights the verifiable output approach and the concept of a Secure Ballot Processing and Generation Entity (SBPGE), providing insights into how previous studies have managed to maintain end-to-end verifiability while preserving voter anonymity. We scrutinize the standard method for eligibility verifiability, referred to as the pairing strategy, which associates ballots with voter identities. Although effective, this strategy involves complex algorithms and is hard to replace due to its dual function of verifying eligibility and ensuring the uniqueness of recorded ballots. In response, we propose the Sufficient Verifiable Eligibility Conditions (SVEC), a new framework for understanding and assessing eligibility verifiability in e-voting systems. Building on the SVEC, we introduce the Verifiable I/O Approach, a novel paradigm that replaces the traditional pairing strategy to simplify eligibility verifiability. Furthermore, the thesis discusses essential factors for implementing the Verifiable I/O Approach and illustrates a practical e-voting scheme to facilitate the future adoption of the new approach.

Chapter 1. Introduction 1
Chapter 2. Related work 7
2.1 Correctness Verifiability 7
2.1.1 Tallied-as-recorded (TAR) 7
2.1.2 Cast-as-intended (CAI) 8
2.1.3 Recorded-as-cast (RAC) 8
2.1.4 Summary of Correctness Verifiability 9
2.2 Eligibility Verifiability 10
2.2.1 Obfuscated Ballots with Transparent Identities (OBTI) 11
2.2.2 Transparent Ballots with Obfuscated Identities (TBOI) 15
2.2.3 Summary of Eligibility Verifiability 17
Chapter 3. Method 19
3.1 The Sufficient Verifiable Eligibility Conditions (SVEC) 19
3.2 Proof of Sufficient Verifiable Eligibility Conditions 20
3.3 The Verifiable I/O Approach 22
3.4 The Redesigned Receipts for Recorded-as-cast 23
3.5 Coercion-resistant Design for Receipts 24
3.6 Implementation Considerations 26
3.6.1 Proof of Unique Recorded Ballots 26
3.6.2 Designs to Provide Anonymity 26
3.6.3 Identity Credentials 26
3.6.4 The Entity to Publish Voter Identity 27
Chapter 4. Implementation 28
4.1 Overview of the E-Voting Scheme 28
4.2 The Ticket-based Synchronization 29
4.3 Details of Each Step 30
4.4 The Inclusion of Signatures 31
4.5 The Satisfaction of SVEC 32
Chapter 5. Evaluation 33
5.1 The STRIDE Threat Model Against the Proposed E-Voting Scheme 33
5.1.1 Spoofing 33
5.1.2 Tampering 33
5.1.3 Repudiation 33
5.1.4 Information Disclosure 34
5.1.5 Denial of Service 34
5.1.6 Elevation of Privilege 34
5.2 Challenges of the Proposed E-Voting Scheme 35
5.2.1 Infrastructure for Ticket Transfer 35
5.2.2 The Design of a SBPGE to Provide Anonymity 35
5.2.3 Preventing Coercion and Bribery via Receipts 35
5.2.4 Trustworthy Infrastructure of Identity Systems and Verifiable Credentials 35
5.2.5 Scalable Bulletin Boards 36
Chapter 6. Conclusion 37
REFERENCES 38

[1] K.-H. Wang, S. K. Mondal, K. Chan, and X. Xie, “A Review of Contemporary E-voting: Requirements, Technology, Systems and Usability,” Ubiquitous International, vol. 1, no. 1, pp. 31–47, 2017.
[2] R. Elving, "The Florida Recount Of 2000: A Nightmare That Goes On Haunting : NPR," National Public Radio. Accessed: Mar. 25, 2021.
[3] S. Ansolabehere and A. Reeves, "Using Recounts to Measure the Accuracy of Vote Tabulations: Evidence from New Hampshire Elections 1946-2002," Caltech/MIT Voting Technology Project, 2004.
[4] R. Mercuri and S. M. Cherry, "A better ballot box?," IEEE Spectr, vol. 39, no. 10, pp. 46–50, Oct. 2002.
[5] R. G. Saltman, "Accuracy, integrity and security in computerized vote-tallying," Commun ACM, vol. 31, no. 10, pp. 1184–1191, Oct. 1988.
[6] R. WHITE, "One Washington County Plans to Speed Vote Counting with Tech," Government Technology. Accessed: Dec. 9, 2023. Available: https://www.govtech.com/civic/One-Washington-County-Plans-to-Speed-Vote-Counting-with-Tech.html
[7] S. Wolchok et al., "Security analysis of India's electronic voting machines," in Proceedings of the ACM Conference on Computer and Communications Security, New York, New York, USA: ACM Press, 2010, pp. 1–14.
[8] D. Springall et al., "Security analysis of the Estonian Internet voting system," in Proceedings of the ACM Conference on Computer and Communications Security, Association for Computing Machinery, Nov. 2014, pp. 703–715.
[9] A.-M. Oostveen and P. van den Besselaar, "Ask No Questions and Be Told No Lies: Security of Computer-Based Voting Systems, Users' Trust and Perceptions," SSRN Electronic Journal, Dec. 2011.
[10] J. Benaloh, R. Rivest, P. Y. A. Ryan, V. Teague, P. Vora, and G. Washington, "End-to-end verifiability," 2014.
[11] P. Y. A. Ryan, S. Schneider, and V. Teague, "End-to-end verifiability in voting systems, from theory to practice," IEEE Secur Priv, vol. 13, no. 3, pp. 59–62, May 2015.
[12] R. Küsters, T. Truderung, and A. Vogt, "Verifiability, privacy, and coercion-resistance: New insights from a case study," in Proceedings - IEEE Symposium on Security and Privacy, 2011, pp. 538–553.
[13] H. Jonker, S. Mauw, and J. Pang, "Privacy and verifiability in voting systems: Methods, developments, and trends," Computer Science Review, vol. 10. Elsevier, pp. 1–30, Nov. 01, 2013.
[14] P. B. Roenne, P. Y. A. Ryan, and M.-L. Zollinger, "Electryo, in-person voting with transparent voter verifiability and eligibility verifiability," May 2021.
[15] S. Taha Ali and J. Murray, "An Overview of End-to-End Verifiable Voting Systems."
[16] V. Cortier, J. Dreier, P. Gaudry, and M. Turuani, "A simple alternative to Benaloh challenge for the cast-as-intended property in Helios/Belenios," 2019.
[17] J. Benaloh, "Simple Verifiable Elections,” 2006.
[18] J. Benaloh, "Ballot Casting Assurance via Voter-Initiated Poll Station Auditing," 2007.
[19] M. Jakobsson, K. Sako, and R. Impagliazzo, "Designated verifier proofs and their applications," Lecture Notes in Computer Science, vol. 1070, pp. 143–154, 1996.
[20] C. Fontaine and F. Galand, "A Survey of Homomorphic Encryption for Nonspecialists," EURASIP Journal on Information Security 2007 2007:1, vol. 2007, no. 1, pp. 1–10, Dec. 2007.
[21] B. Schoenmakers, "A simple publicly verifiable secret sharing scheme and its application to electronic voting," Lecture Notes in Computer Science, vol. 1666, pp. 148–164, 1999
[22] R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin, "Secure Distributed Key Generation for Discrete-Log Based Cryptosystems," Journal of Cryptology, vol. 20, no. 1, pp. 51–83, May 2007, Accessed: Aug. 03, 2021.
[23] R. Cramer, I. Damgård, and J. B. Nielsen, "Multiparty computation from threshold homomorphic encryption," Lecture Notes in Computer Science, vol. 2045, pp. 280–300, 2001.
[24] F. Luo and K. Wang, "Verifiable Decryption for Fully Homomorphic Encryption," Lecture Notes in Computer Science, vol. 11060 LNCS, pp. 347–365, 2018.
[25] R. Cramer, R. Gennaro, and B. Schoenmakers, "A secure and optimally efficient multi-authority election scheme," European Transactions on Telecommunications, vol. 8, no. 5, pp. 481–490, Sep. 1997.
[26] D. L. Chaum, "Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms," Commun ACM, vol. 24, no. 2, pp. 84–90, 1981.
[27] T. Elgamal, "A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms," IEEE Trans Inf Theory, vol. 31, no. 4, pp. 469–472, 1985.
[28] M. Jakobsson, A. Juels, and R. L. Rivest, "Making Mix Nets Robust for Electronic Voting by Randomized Partial Checking," in Proceedings of the 11th USENIX Security Symposium, 2002.
[29] A. Juels, D. Catalano, and M. Jakobsson, "Coercion-Resistant Electronic Elections," Lecture Notes in Computer Science, vol. 6000 LNCS, pp. 37–63, 2010.
[30] R. L. Rivest, A. Shamir, and Y. Tauman, "How to leak a secret," in Lecture Notes in Computer Science, 2001, pp. 552–565.
[31] P. P. Tsang and V. K. Wei, "Short Linkable Ring Signatures for E-voting, E-cash, and Attestation," Lecture Notes in Computer Science, vol. 3439, pp. 48–60, 2005.
[32] G. Chen, C. Wu, W. Han, X. Chen, H. Lee, and K. Kim, "A new receipt-free voting scheme based on linkable ring signature for designated verifiers," Proceedings - The 2008 International Conference on Embedded Software and Systems Symposia, ICESS Symposia, no. August, pp. 18–23, 2008.
[33] D. Chaum, "Blind Signatures for Untraceable Payments," Advances in Cryptology: Proceedings of Crypto 82, pp. 199–203, 1983.
[34] L. López-García, L. J. Dominguez Perez, and F. Rodríguez-Henríquez, “A Pairing-Based Blind Signature E-Voting Scheme,” Computer Journal, vol. 57, no. 10, pp. 1460–1471, Oct. 2014.
[35] R. A. Fink, "Applying Trustworthy Computing to End-To-End Electronic Voting," University of Maryland, 2010.
[36] R. A. Fink, A. T. Sherman, and R. Carback, "TPM meets DRE: Reducing the trust base for electronic voting using trusted platform modules," IEEE Transactions on Information Forensics and Security, vol. 4, no. 4, pp. 628–637, Dec. 2009.
[37] O. Avellaneda et al., "Decentralized Identity: Where Did It Come from and Where Is It Going?," IEEE Communications Standards Magazine, vol. 3, no. 4, pp. 10–13, Dec. 2019.
[38] Y. Yi-Chun, "Ureka: A User Self-managed IoT Access System based on Blockchain Smart-Contract Technology and P2P Personal Network," Master Thesis, National Tsing Hua University, 2018. Available: https://hdl.handle.net/11296/k65ayj
[39] H. Yi-Hung, "A Distributed and Highly Secure Ticket-Based Self-Sovereign Access Control Approach for IoT Devices," Master Thesis, National Tsing Hua University, 2020. Available: https://hdl.handle.net/11296/5y9kx2
[40] P. Kushwaha, H. Sonkar, F. Altaf, and S. Maity, "A Brief Survey of Challenge–Response Authentication Mechanisms," Lecture Notes in Networks and Systems, vol. 154, pp. 573–581, 2021.