Natural Strategic Abilities in Voting Protocols

Abstract: Security properties are often focused on the technological side of the system. One implicitly assumes that the users will behave in the right way to preserve the property at hand. In real life, this cannot be taken for granted. In particular, security mechanisms that are difficult and costly to use are often ignored by the users, and do not really defend the system against possible attacks. Here, we propose a graded notion of security based on the complexity of the user's strategic behavior. More precisely, we… Show more

“…A good example of a specific domain is formal verification of voting procedures and elections, with a number of classical requirements, such as election integrity, ballot secrecy, receipt-freeness, and voter-verifiability [42,44]. Some recent case studies [23,25,28] have shown that practical verification of such scenarios is still outside of reach. Some tools do not support intuitive specification and validation of models; some others have limited property specification languages.…”

“…Unfortunately, model checking of agents with imperfect information is ∆ P 2 -to PSPACE-complete for memoryless strategies [9,22,43] and EXPTIME-complete to undecidable for agents with perfect recall [18,20]; also, the problem does not admit simple incremental solutions [10,16,17]. This has been confirmed in experiments [11,12,21,26,40] and case studies [23,25,28].…”

STV+AGR: Towards Verification of Strategic Ability Using Assume-Guarantee Reasoning

“…A good example of a specific domain is formal verification of voting procedures and elections, with a number of classical requirements, such as election integrity, ballot secrecy, receipt-freeness, and voter-verifiability [42,44]. Some recent case studies [23,25,28] have shown that practical verification of such scenarios is still outside of reach. Some tools do not support intuitive specification and validation of models; some others have limited property specification languages.…”

“…Unfortunately, model checking of agents with imperfect information is ∆ P 2 -to PSPACE-complete for memoryless strategies [9,22,43] and EXPTIME-complete to undecidable for agents with perfect recall [18,20]; also, the problem does not admit simple incremental solutions [10,16,17]. This has been confirmed in experiments [11,12,21,26,40] and case studies [23,25,28].…”

STV+AGR: Towards Verification of Strategic Ability Using Assume-Guarantee Reasoning