Cryptology ePrint Archive: Report 2002/002

Evaluating Security of Voting Schemes in the Universal Composability Framework

Jens Groth

Abstract: In the literature, voting protocols are considered secure if they satisfy requirements such as privacy, accuracy, robustness, etc. It can be time consuming to evaluate a voting protocol with respect to all these requirements and it is not clear that the list of known requirements is complete. Perhaps because of this many papers on electronic voting do not offer any security proof at all.

As a solution to this, we suggest evaluating voting schemes in the universal composability framework. We investigate the popular class of voting schemes based on homomorphic threshold encryption. It turns out that schemes in this class realize an ideal voting functionality that takes the votes as input and outputs the result. This ideal functionality corresponds closely to the well-known ballot box model used today in manual voting. Security properties such as privacy, accuracy and robustness now follow as easy corollaries. We note that some security requirements, for instance incoercibility, are not addressed by our solution.

Security holds in the random oracle model against a non-adaptive adversary. We show with a concrete example that the schemes are not secure against adaptive adversaries. We proceed to sketch how to make them secure against adaptive adversaries in the erasure model with virtually no loss of efficiency. We also sketch how to achieve security against adaptive adversaries in the erasure-free model.

Category / Keywords: Voting, homomorphic threshold encryption, universal composability.

Publication Info: ACNS 2004, this is a slightly extended version

Date: received 4 Jan 2002, last revised 6 Apr 2004

Contact author: jg at brics dk

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Note: Major revision. The obsolete version can be found as BRICS tech report RS-01-52 (www.brics.dk).

Version: 20040406:120013 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]