Paper 2015/942

Ballot secrecy: Security definition, sufficient conditions, and analysis of Helios

Ben Smyth
Abstract

Let's formalise ballot secrecy as a game between a benign challenger, malicious adversary, and voting system, the adversary tasked to break security, make distinction between observed world and some parallel one, only the challenger knowing which world is under observation: Our formalisation improves earlier work to ensure detection of attacks when ballot collection is adversary controlled. We also formalise ballot independence (from asymmetric encryption's security game), and prove independence suffices for secrecy in voting systems with zero-knowledge tallying proofs. Using that proof simplification, we present blueprints for construction of non-malleable encryption based voting systems with certified ballot secrecy. Additionally, we analyse the Helios voting system and its mixnet variant, finding secrecy isn't satisfied by Helios, earlier techniques missing the attack because tallying algorithm inputs are assumed uncompromised, implicitly requiring all ballot processing be trusted, which we like to avoid, rather than assuming risk. Our blueprint guides construction of a variant proven to ensure secrecy.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
Published elsewhere. Minor revision. Journal of Computer Security
Keywords
anonymityelection schemesfoundationsHeliosindependencenon-malleabilityprivacypublic-key cryptographysecrecyvoting
Contact author(s)
www @ bensmyth com
History
2024-12-14: last of 16 revisions
2015-09-28: received
See all versions
Short URL
https://ia.cr/2015/942
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/942,
      author = {Ben Smyth},
      title = {Ballot secrecy: Security definition, sufficient conditions, and analysis of Helios},
      howpublished = {Cryptology {ePrint} Archive, Paper 2015/942},
      year = {2015},
      url = {https://eprint.iacr.org/2015/942}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.