Paper 2022/822

Traceable Receipt-Free Encryption

Henri Devillez, UCLouvain
Olivier Pereira, UCLouvain
Thomas Peters, UCLouvain

CCA-like game-based security definitions capture confidentiality by asking an adversary to distinguish between honestly computed encryptions of chosen plaintexts. In the context of voting systems, such guarantees have been shown to be sufficient to prove ballot privacy (Asiacrypt'12). In this paper, we observe that they fall short when one seeks to obtain receipt-freeness, that is, when corrupted voters who submit chosen ciphertexts encrypting their vote must be prevented from proving how they voted to a third party. Since no known encryption security notion can lead to a receipt-free ballot submission process, we address this challenge by proposing a novel publicly verifiable encryption primitive coined Traceable Receipt-free Encryption (TREnc) and a new notion of traceable CCA security filling the definitional gap underlined above. We propose two TREnc instances, one generic achieving stronger guarantees for the purpose of relating it to existing building blocks, and a dedicated one based on SXDH. Both support the encryption of group elements in the standard model, while previously proposed encryption schemes aiming at offering receipt-freeness only support a polynomial-size message space, or security in the generic group model. Eventually, we demonstrate how a TREnc can be used to build receipt-free voting protocols, by following a standard blueprint.

Available format(s)
Public-key cryptography
Publication info
CCA security Voting Receipt-freeness
Contact author(s)
henri devillez @ uclouvain be
olivier pereira @ uclouvain be
thomas peters @ uclouvain be
2022-06-23: approved
2022-06-22: received
See all versions
Short URL
Creative Commons Attribution


      author = {Henri Devillez and Olivier Pereira and Thomas Peters},
      title = {Traceable Receipt-Free Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2022/822},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.