Private Votes on Untrusted Platforms: Models, Attacks and Provable Scheme

Modern e-voting systems deploy cryptographic protocols on a complex infrastructure involving different computing platforms and agents. It is crucial to have appropriate specification and evaluation methods to perform rigorous analysis of such systems, taking into account the corruption and computational capabilities of a potential attacker. In particular, the platform used for voting may be corrupted, e.g. infected by malware, and we need to ensure privacy and integrity of votes even in that case. We propose a new definition of vote privacy, formalized as a computational indistinguishability game, that allows to take into account such refined attacker models; we show that the definition captures both known and novel attacks against several voting schemes; and we propose a scheme that is provably secure in this setting. We moreover formalize and machine-check the proof in the EasyCrypt theorem prover.

• Publication year

  2019

• Venue

  European Symposium on Security and Privacy

• Publication date

  2019-06-01

• Fields of study

  Computer Science

• Identifiers
  DOI 10.1109/EuroSP.2019.00050
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Introduction to Modern Cryptography

  2020cited by this paper
• Voting: You Can't Have Privacy without Individual Verifiability

  2018cited by this paper
• A foundation for secret, verifiable elections

  2018influential reference
• Machine-Checked Proofs of Privacy for Electronic Voting Protocols

  2017influential reference
• To Du or Not to Du: A Security Analysis of Du-Vote

  2016cited by this paper
• BeleniosRF: A Non-interactive Receipt-Free Electronic Voting Scheme

  2016cited by this paper
• Du-Vote: Remote Electronic Voting with Untrusted Computers

  2015cited by this paper
• SoK: A Comprehensive Analysis of Game-Based Ballot Privacy Definitions

  2015influential reference
• Election Verifiability for Helios under Weaker Trust Assumptions

  2014cited by this paper
• Security Analysis of the Estonian Internet Voting System

  2014cited by this paper
• Introduction to Modern Cryptography, Second Edition

  2014cited by this paper
• Caveat Coercitor: Coercion-Evidence in Electronic Voting

  2013cited by this paper
• Using mobile device communication to strengthen e-Voting protocols

  2013cited by this paper
• Distributed ElGamal à la Pedersen: Application to Helios

  2013cited by this paper
• Proceedings of the 12th annual ACM Workshop on Privacy in the Electronic Society, WPES 2013, Berlin, Germany, November 4, 2013

  2013cited by this paper
• Ballot Secrecy and Ballot Independence Coincide

  2013cited by this paper
• Computer-Aided Cryptographic Proofs

  2012cited by this paper
• How Not to Prove Yourself: Pitfalls of the Fiat-Shamir Heuristic and Applications to Helios

  2012cited by this paper
• A Supervised Verifiable Voting Protocol for the Victorian Electoral Commission

  2012cited by this paper
• The Norwegian Internet Voting Protocol

  2011cited by this paper
• Attacking and fixing Helios: An analysis of ballot secrecy

  2011influential reference
• Usability Analysis of Helios - An Open Source Verifiable Remote Electronic Voting System

  2011cited by this paper
• Pretty Good Democracy for More Expressive Voting Schemes

  2010cited by this paper
• Election Verifiability in Electronic Voting Protocols

  2010cited by this paper
• Accountability: definition and relationship to verifiability

  2010cited by this paper
• Security

  2010cited by this paper
• On E-Vote Integrity in the Case of Malicious Voter Computers

  2010cited by this paper
• PrÊt À Voter: a Voter-Verifiable Voting System

  2009cited by this paper
• Verifying privacy-type properties of electronic voting protocols

  2009cited by this paper
• Format-Preserving Encryption

  2009cited by this paper
• Civitas: Toward a Secure Voting System

  2008cited by this paper
• Helios: Web-based Open-Audit Voting

  2008influential reference
• Ballot Casting Assurance via Voter-Initiated Poll Station Auditing

  2007cited by this paper
• Ballot Casting Assurance

  2006cited by this paper
• Prêt à Voter with Re-encryption Mixes

  2006influential reference
• Coercion-resistant electronic elections

  2005cited by this paper
• A Practical Voter-Verifiable Election Scheme

  2005influential reference
• Ciphers with Arbitrary Finite Domains

  2002cited by this paper
• This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Making Mix Nets Robust For Electronic Voting By Randomized Partial Checking

  2002cited by this paper
• A verifiable secret shuffle and its application to e-voting

  2001cited by this paper
• The Security of the Cipher Block Chaining Message Authentication Code

  2000cited by this paper
• Advances in Cryptology

  2000cited by this paper
• Efficient Receipt-Free Voting Based on Homomorphic Encryption

  2000cited by this paper
• Public-Key Cryptosystems Based on Composite Degree Residuosity Classes

  1999influential reference
• Private communication

  1999influential reference
• A secure and optimally efficient multi-authority election scheme

  1997cited by this paper
• MMH: Software Message Authentication in the Gbit/Second Rates

  1997cited by this paper
• A Threshold Cryptosystem without a Trusted Party (Extended Abstract)

  1991cited by this paper
• Verifiable secret-ballot elections

  1987influential reference
• A public key cyryptosystem and signature scheme based on discrete logarithms

  1985cited by this paper
• Probabilistic Encryption

  1984cited by this paper
• On the Cryptographic Applications of Random Functions

  1984cited by this paper
• New Hash Functions and Their Use in Authentication and Set Equality

  1981cited by this paper
• Universal Classes of Hash Functions

  1979cited by this paper

• Secure e-voting system using Schorr's zero-knowledge identification protocol

  2025cites this paper
• Anonymous voting using distributed ledger-assisted secure multi-party computation

  2024cites this paper
• How efficient are replay attacks against vote privacy? A formal quantitative analysis

  2022influential citation
• Compl´etude du ZX-Calcul

  2022cites this paper
• Fixing the Achilles Heel of E-Voting: The Bulletin Board

  2021cites this paper
• Fifty Shades of Ballot Privacy: Privacy against a Malicious Board

  2020influential citation
• A transparent referendum protocol with immutable proceedings and verifiable outcome for trustless networks

  2019cites this paper
• Vote électronique : définitions et techniques d'analyse

  2019influential citation