Cryptology ePrint Archive: Report 2015/942

Ballot secrecy: Security definition, sufficient conditions, and analysis of Helios

Ben Smyth

Abstract: We propose a definition of ballot secrecy as an indistinguishability game in the computational model of cryptography. Our definition improves upon earlier definitions to ensure ballot secrecy is preserved in the presence of an adversary that controls ballot collection. We also propose a definition of ballot independence as an adaptation of an indistinguishability game for asymmetric encryption. We prove relations between our definitions. In particular, we prove ballot independence is sufficient for ballot secrecy in voting systems with zero-knowledge tallying proofs. Moreover, we prove that building systems from non-malleable asymmetric encryption schemes suffices for ballot secrecy, thereby eliminating the expense of ballot-secrecy proofs for a class of encryption-based voting systems. We demonstrate applicability of our results by analysing the Helios voting system and its mixnet variant. Our analysis reveals that Helios does not satisfy ballot secrecy in the presence of an adversary that controls ballot collection. The vulnerability cannot be detected by earlier definitions of ballot secrecy, because they do not consider such adversaries. We adopt non-malleable ballots as a fix and prove that the fixed system satisfies ballot secrecy.

Category / Keywords: foundations / anonymity, election schemes, foundations, Helios, independence, non-malleability, privacy, public-key cryptography, secrecy, voting

Original Publication (with minor differences): Journal of Computer Security

Date: received 26 Sep 2015, last revised 10 Jul 2021

Contact author: research at bensmyth com

Available format(s): PDF | BibTeX Citation

Version: 20210710:131027 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]