We study the problem of simultaneously addressing both ballot stuffing and participation privacy for pollsite voting systems. Ballot stuffing is the attack where fake ballots (not cast by any eligible voter) are inserted into the system. Participation privacy is about hiding which eligible voters have actually cast their vote. So far, the combination of ballot stuffing and participation privacy has been mostly studied for internet voting, where voters are assumed to own trusted computing devices. Such approaches are inapplicable to pollsite voting where voters typically vote bare handed. We present an eligibility audit protocol to detect ballot stuffing in pollsite voting protocols. This is done while protecting participation privacy from a remote observer - one who does not physically observe voters during voting. Our protocol can be instantiated as an additional layer on top of most existing pollsite E2E-V voting protocols. To achieve our guarantees, we develop an efficient zero-knowledge proof (ZKP), that, given a value $v$ and a set $\Phi$ of commitments, proves $v$ is committed by some commitment in $\Phi$, without revealing which one. We call this a ZKP of reverse set membership because of its relationship to the popular ZKPs of set membership. This ZKP may be of independent interest.

翻译：我们研究了在投票站投票系统中同时解决选票填充攻击与参与隐私保护的问题。选票填充是指将非合格选民投出的虚假选票插入系统的攻击行为。参与隐私则关注如何隐藏哪些合格选民实际参与了投票。迄今为止，选票填充与参与隐私的结合研究主要集中于互联网投票场景——该场景假设选民拥有可信计算设备。这类方法无法适用于采用无辅助投票方式的投票站投票场景。我们提出了一种资格审计协议，用于检测投票站投票协议中的选票填充行为。该协议能够在保护参与隐私（免受远程观察者——即未在投票期间物理接触选民的观察者——窥探）的同时实现检测目标。我们的协议可作为附加层部署于现有的大部分投票站端到端验证（E2E-V）投票协议之上。为实现上述安全保证，我们开发了一种高效的零知识证明（ZKP），该证明在给定数值$v$与承诺集合$\Phi$时，能验证$v$被$\Phi$中某个承诺所绑定，但不泄露具体是哪一个。鉴于其与经典集合成员零知识证明的关联性，我们将其命名为逆向集合成员零知识证明。这一零知识证明可能具有独立的应用价值。