detect when portions of a ballot are copied from one ballot to another

[benadida]

to prevent certain kinds of de-anonymization attacks.

[glondu]

I have an idea of a practical implementation for this: for each ballot, pick a random number (called hereafter "nonce"), use this nonce in all challenges in NIZK proofs for this particular ballot, and add the nonce in an additional field. This means a change in the specification for ballots. On the server-side, add a model that will track all used nonces. When a new ballot is received, its nonce is checked for non-existence and then added. Therefore, it also means a change in the database backend.

Since these are quite intrusive (interface) changes, I haven't implemented them fully but I'm pretty confident they are easy to implement.

[benadida]

@glondu this sounds very elegant, I like it.

For Helios v4, I am planning on breaking backwards compatibility as there is a crypto fix that I have to apply. So it is a good opportunity to make the change you suggest!