Paper 2020/109

Fixing the Achilles Heel of E-Voting: The Bulletin Board

Lucca Hirschi, Lara Schmid, and David Basin


The results of electronic elections should be verifiable so that any cheating is detected. To support this, many protocols employ an electronic bulletin board (BB) for publishing data that can be read by participants and used for verifiability checks. We demonstrate that the BB is itself a security-critical component that has often been treated too casually in previous designs and analyses. In particular, we present novel attacks on the e-voting protocols Belenios, Civitas, and Helios that violate some of their central security claims under realistic system assumptions. These attacks were outside the scope of prior security analyses as their verifiability notions assume an idealized BB. To enable the analysis of protocols under realistic assumptions about the BB, we introduce a new verifiability definition applicable to arbitrary BBs. We identify a requirement, called final-agreement, and formally prove that it is sufficient and, in most cases, necessary to achieve verifiability. We then propose a BB protocol that satisfies final-agreement under weak, realistic trust assumptions and provide a machine-checked proof thereof. Our protocol can replace existing BBs, enabling verifiability under much weaker trust assumptions.

Note: For reproducibility, our machine-checked proofs are available at

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. MINOR revision.IEEE Computer Security Foundations Symposium 2021
e-votingverifiabilityformal methodsbulletin boardattacks
Contact author(s)
lucca hirschi @ inria fr
2021-02-02: last of 2 revisions
2020-02-04: received
See all versions
Short URL
Creative Commons Attribution


      author = {Lucca Hirschi and Lara Schmid and David Basin},
      title = {Fixing the Achilles Heel of E-Voting: The Bulletin Board},
      howpublished = {Cryptology ePrint Archive, Paper 2020/109},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.