Paper 2022/1132

Kryvos: Publicly Tally-Hiding Verifiable E-Voting

Nicolas Huber, University of Stuttgart
Ralf Kuesters, University of Stuttgart
Toomas Krips, University of Tartu
Julian Liedtke, University of Stuttgart
Johannes Mueller, University of Luxembourg
Daniel Rausch, University of Stuttgart
Pascal Reisert, University of Stuttgart
Andreas Vogt, Fachhochschule Nordwestschweiz

Elections are an important corner stone of democratic processes. In addition to publishing the final result (e.g., the overall winner), elections typically publish the full tally consisting of all (aggregated) individual votes. This causes several issues, including loss of privacy for both voters and election candidates as well as so-called Italian attacks that allow for easily coercing voters. Several e-voting systems have been proposed to address these issues by hiding (parts of) the tally. This property is called tally-hiding. Existing tally-hiding e-voting systems in the literature aim at hiding (part of) the tally from everyone, including voting authorities, while at the same time offering verifiability, an important and standard feature of modern e-voting systems which allows voters and external observers to check that the published election result indeed corresponds to how voters actually voted. In contrast, real elections often follow a different common practice for hiding the tally: the voting authorities internally compute (and learn) the full tally but publish only the final result (e.g., the winner). This practice, which we coin publicly tally-hiding, indeed solves the aforementioned issues for the public, but currently has to sacrifice verifiability due to a lack of practical systems. In this paper, we close this gap. We formalize the common notion of publicly tally-hiding and propose the first provably secure verifiable e-voting system, called Kryvos, which directly targets publicly tally-hiding elections. We instantiate our system for a wide range of both simple and complex voting methods and various result functions. We provide an extensive evaluation which shows that Kryvos is practical and able to handle a large number of candidates, complex voting methods and result functions. Altogether, Kryvos shows that the concept of publicly tally-hiding offers a new trade-off between privacy and efficiency that is different from all previous tally-hiding systems and which allows for a radically new protocol design resulting in a practical e-voting system.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. ACM CCS 2022
electronic voting publicly tally-hiding verfiability privacy zk-snark homomorphic commitments
Contact author(s)
nicolas huber @ sec uni-stuttgart de
ralf kuesters @ sec uni-stuttgart de
toomas krips @ ut ee
julian liedtke @ sec uni-stuttgart de
johannes mueller @ uni lu
daniel rausch @ sec uni-stuttgart de
pascal reisert @ sec uni-stuttgart de
andreas vogt @ fhnw ch
2022-08-31: approved
2022-08-31: received
See all versions
Short URL
Creative Commons Attribution


      author = {Nicolas Huber and Ralf Kuesters and Toomas Krips and Julian Liedtke and Johannes Mueller and Daniel Rausch and Pascal Reisert and Andreas Vogt},
      title = {Kryvos: Publicly Tally-Hiding Verifiable E-Voting},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1132},
      year = {2022},
      doi = {10.1145/3548606.3560701},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.