Paper 2016/690

When Are Three Voters Enough for Privacy Properties?

Myrto Arapinis, Véronique Cortier, and Steve Kremer


Protocols for secure electronic voting are of increasing societal importance. Proving rigorously their security is more challenging than many other protocols, which aim at authentication or key exchange. One of the reasons is that they need to be secure for an arbitrary number of malicious voters. In this paper we identify a class of voting protocols for which only a small number of agents needs to be considered: if there is an attack on vote privacy then there is also an attack that involves at most 3 voters (2 honest voters and 1 dishonest voter). In the case where the protocol allows a voter to cast several votes and counts, e.g., only the last one, we also reduce the number of ballots required for an attack to 10, and under some additional hypotheses, 7 ballots. Our results are formalised and proven in a symbolic model based on the applied pi calculus. We illustrate the applicability of our results on several case studies, including different versions of Helios and Prêt-à-Voter, as well as the JCJ protocol. For some of these protocols we can use the ProVerif tool to provide the first formal proofs of privacy for an unbounded number of voters

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Major revision. ESORICS 2016
secure electronic votingsecurity verificationvote privacyformal security methods
Contact author(s)
marapini @ inf ed ac uk
2016-07-13: received
Short URL
Creative Commons Attribution


      author = {Myrto Arapinis and Véronique Cortier and Steve Kremer},
      title = {When Are Three Voters Enough for Privacy Properties?},
      howpublished = {Cryptology ePrint Archive, Paper 2016/690},
      year = {2016},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.