A restricted multi-show credential system and its application on e-voting

A multi-show credential system allows a user to unlinkably and anonymously demonstrate the possession of a credential as many times as the user desires. In some applications, this could be too flexible to be useful. In this paper, we propose a restricted version of such a system. The restricted multi-show credential system only allows the user to demonstrate his possession of a credential once in a given period of time. This time period can also be quantified to a sequence of discrete events. That is, each credential can only be shown once in each event. However, the same credential can still be shown anonymously in another event without being linked. On its applications, we propose a restricted multi-show credential based e-voting system. The e-voting system has the following desirable properties. (1) Simplicity: each user only registers once when he first joins the system and no additional registration/setup phase is needed for the user before casting a vote in each subsequent voting event. (2) Flexibility: the set of eligible voters can be different for different voting events with no additional overhead. (3) Unlinkability: the voters among different voting events cannot be linked. (4) Efficiency : The system maintains the same order of efficiency no matter a voting event is "yes/no" type, "1-out-of-n" type or even "t-out-of-n" type. Furthermore, we show how to extend the e-voting system into an electronic questionnaire system.