Paper 2013/473

The Norwegian Internet Voting Protocol

Kristian Gjøsteen


The Norwegian government ran a trial of internet remote voting during the 2011 local government elections, and will run another trial during the 2013 parliamentary elections. A new cryptographic voting protocol will be used, where so-called return codes allow voters to verify that their ballots will be counted as cast. This paper discusses this cryptographic protocol, and in particular the ballot submission phase. The security of the protocol relies on a novel hardness assumption similar to Decision Diffie-Hellman. While DDH is a claim that a random subgroup of a non-cyclic group is indistinguishable from the whole group, our assumption is related to the indistinguishability of certain special subgroups. We discuss this question in some detail.

Note: The definition of B-privacy was wrong, it has been corrected. Also, some other minor mistakes have been fixed.

Available format(s)
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Decision Diffie-Hellmanelectronic voting
Contact author(s)
kristian gjosteen @ math ntnu no
2013-08-09: revised
2013-08-03: received
See all versions
Short URL
Creative Commons Attribution


      author = {Kristian Gjøsteen},
      title = {The Norwegian Internet Voting Protocol},
      howpublished = {Cryptology ePrint Archive, Paper 2013/473},
      year = {2013},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.