Security properties are often focused on the technological side of the system. One implicitly assumes that the users will behave in the right way to preserve the property at hand. In real life, this cannot be taken for granted. In particular, security mechanisms that are difficult and costly to use are often ignored by the users, and do not really defend the system against possible attacks. Here, we propose a graded notion of security based on the complexity of the user's strategic behavior. More precisely, we suggest that the level to which a security property $\varphi$ is satisfied can be defined in terms of (a) the complexity of the strategy that the voter needs to execute to make $\varphi$ true, and (b) the resources that the user must employ on the way. The simpler and cheaper to obtain $\varphi$, the higher the degree of security. We demonstrate how the idea works in a case study based on an electronic voting scenario. To this end, we model the vVote implementation of the \Pret voting protocol for coercion-resistant and voter-verifiable elections. Then, we identify "natural" strategies for the voter to obtain receipt-freeness, and measure the voter's effort that they require. We also look at how hard it is for the coercer to compromise the election through a randomization attack.

翻译：安全属性通常侧重于系统的技术层面。人们往往隐含地假设用户会以正确的方式行事，从而维护当前的安全属性。然而在现实生活中，这种假设无法被视为理所当然。特别是，那些操作困难且成本高昂的安全机制常常被用户忽视，实际上无法有效保护系统免受潜在攻击。为此，本文提出了一种基于用户策略行为复杂度的分级安全概念。更确切地说，我们主张安全属性 $\varphi$ 的满足程度可以通过以下两个方面来定义：（a）投票者为使 $\varphi$ 成立而需要执行的策略的复杂度，以及（b）用户在此过程中必须投入的资源量。实现 $\varphi$ 的方式越简单、成本越低，安全等级就越高。我们通过一个电子投票场景的案例研究来展示这一思路。具体而言，我们对用于抗胁迫且可验证选举的 \Pret 投票协议的 vVote 实现进行了建模。随后，我们识别出投票者实现收据不可获取性的"自然"策略，并衡量这些策略所需的投票者努力程度。此外，我们还探讨了胁迫者通过随机化攻击破坏选举的难度。