eprint.iacr.org will be offline for approximately an hour for routine maintenance again at 10pm UTC on Wednesday, April 17.

Paper 2016/756

Adapting Helios for provable ballot privacy

David Bernhard, Véronique Cortier, Olivier Pereira, Ben Smyth, and Bogdan Warinschi


Recent results show that the current implementation of Helios, a practical e-voting protocol, does not ensure independence of the cast votes, and demonstrate the impact of this lack of independence on vote privacy. Some simple fixes seem to be available and security of the revised scheme has been studied with respect to symbolic models. In this paper we study the security of Helios using computational models. Our first contribution is a model for the property known as ballot privacy that generalizes and extends several existing ones. Using this model, we investigate an abstract voting scheme (of which the revised Helios is an instantiation) built from an arbitrary encryption scheme with certain functional properties. We prove, generically, that whenever this encryption scheme falls in the class of voting-friendly schemes that we define, the resulting voting scheme provably satisfies ballot privacy. We explain how our general result yields cryptographic security guarantees for the revised version of Helios (albeit from non-standard assumptions). Furthermore, we show (by giving two distinct constructions) that it is possible to construct voting-friendly encryption, and therefore voting schemes, using only standard cryptographic tools. We detail an instantiation based on ElGamal encryption and Fiat-Shamir non-interactive zero-knowledge proofs that closely resembles Helios and which provably satisfies ballot privacy.

Note: removed linebreaks from eprint page version of abstract

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Major revision. ESORICS 2011
Contact author(s)
csxdb @ bristol ac uk
2016-08-09: revised
2016-08-09: received
See all versions
Short URL
Creative Commons Attribution


      author = {David Bernhard and Véronique Cortier and Olivier Pereira and Ben Smyth and Bogdan Warinschi},
      title = {Adapting Helios for provable ballot privacy},
      howpublished = {Cryptology ePrint Archive, Paper 2016/756},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/756}},
      url = {https://eprint.iacr.org/2016/756}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.