Cryptology ePrint Archive: Report 2012/185

Replay attacks that violate ballot secrecy in Helios

Ben Smyth

Abstract: Helios 2.0 is a web-based end-to-end verifiable electronic voting system, suitable for use in low-coercion environments. In this paper we identify a vulnerability in Helios which allows an adversary to compromise the privacy of voters whom cast abstention votes. The vulnerability can be attributed to the absence of ballot independence and the use of homomorphic ElGamal encryption, in particular, these properties can be exploited by an adversary to construct a ballot related to an abstention vote cast by an honest voter and this ballot can be submitted by a corrupt voter to influence the election outcome, thereby introducing information that can be used to violate privacy. We demonstrate the attack by breaking privacy in a mock election using the current Helios implementation. It is unlikely that the vulnerability will be exploited in a real-world election and therefore our results are largely theoretical. Nonetheless, we cannot expect any computational proofs of ballot secrecy without fixing this vulnerability and, moreover, the attack methodology may be of interest -- in particular, it could represent a viable threat to existing protocols in the literature -- thus providing motivation to report these results.

Category / Keywords: cryptographic protocols / attack, ballot independence, ballot secrecy, electronic voting, Helios, homomorphic encryption, malleability, privacy

Date: received 5 Apr 2012, last revised 24 May 2012

Contact author: toshiba at bensmyth com

Available format(s): PDF | BibTeX Citation

Version: 20120525:021555 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]