Paper 2010/195

On E-Vote Integrity in the Case of Malicious Voter Computers

Sven Heiberg, Helger Lipmaa, and Filip Van Laenen


Norway has started to implement e-voting (over the Internet, and by using voters' own computers) within the next few years. The vulnerability of voter's computers was identified as a serious threat to e-voting. In this paper, we study the vote integrity of e-voting when the voter computers cannot be trusted. First, we make a number of assumptions about the available infrastructure. In particular, we assume the existence of two out-of-band channels that do not depend on the voter computers. The first channel is used to transmit integrity check codes to the voters prior the election, and the second channel is used to transmit a check code, that corresponds to her vote, back to a voter just after his or her e-vote vast cast. For this we also introduce a new cryptographic protocol. We present the new protocol with enough details to facilitate an implementation, and also present the timings of an actual implementation.

Note: This is full version that corresponds to the ESORICS 2010 paper

Available format(s)
Publication info
Published elsewhere. ESORICS 2010
Implementationintegritymalicious voter computersnationwide e-votingproxy oblivious transferzero-knowledge proofs
Contact author(s)
lipmaa @ research cyber ee
2010-09-22: revised
2010-04-09: received
See all versions
Short URL
Creative Commons Attribution


      author = {Sven Heiberg and Helger Lipmaa and Filip Van Laenen},
      title = {On E-Vote Integrity in the Case of Malicious Voter Computers},
      howpublished = {Cryptology ePrint Archive, Paper 2010/195},
      year = {2010},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.