Paper 2020/127

Fifty Shades of Ballot Privacy: Privacy against a Malicious Board

Véronique Cortier, Joseph Lallemand, and Bogdan Warinschi


We propose a framework for the analysis of electronic voting schemes in the presence of malicious bulletin boards. We identify a spectrum of notions where the adversary is allowed to tamper with the bulletin board in ways that reflect practical deployment and usage considerations. To clarify the security guarantees provided by the different notions we establish a relation with simulation-based security with respect to a family of ideal functionalities. The ideal functionalities make clear the set of authorised attacker capabilities which makes it easier to understand and compare the associated levels of security. We then leverage this relation to show that each distinct level of ballot privacy entails some distinct form of individual verifiability. As an application, we study three protocols of the literature (Helios, Belenios, and Civitas) and identify the different levels of privacy they offer.

Available format(s)
Cryptographic protocols
Publication info
Preprint. Minor revision.
Contact author(s)
joseph lallemand @ inf ethz ch
2020-02-06: received
Short URL
Creative Commons Attribution


      author = {Véronique Cortier and Joseph Lallemand and Bogdan Warinschi},
      title = {Fifty Shades of Ballot Privacy: Privacy against a Malicious Board},
      howpublished = {Cryptology ePrint Archive, Paper 2020/127},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.