Formal Aspects of Computing

, Volume 26, Issue 1, pp 63–98 | Cite as

Verifying anonymity in voting systems using CSP

  • Murat Moran
  • James Heather
  • Steve Schneider
Original Article


We present formal definitions of anonymity properties for voting protocols using the process algebra CSP. We analyse a number of anonymity definitions, and give formal definitions for strong and weak anonymity, highlighting the difference between these definitions. We show that the strong anonymity definition is too strong for practical purposes; the weak anonymity definition, however, turns out to be ideal for analysing voting systems. Two case studies are presented to demonstrate the usefulness of the formal definitions: a conventional voting system, and Prêt à Voter, a paper-based, voter-verifiable scheme. In each case, we give a CSP model of the system, and analyse it against our anonymity definitions by specification checks using the Failures-Divergences Refinement (FDR2) model checker. We give a detailed discussion on the results from the analysis, emphasizing the assumptions that we made in our model as well as the challenges in modelling electronic voting systems using CSP.


Anonymity Voting systems CSP Formal verification Prêt à Voter Conventional voting system FDR2 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Adi08.
    Adida B (2008) Helios: web-based open-audit voting. In: Proceedings of the 17th USENIX security symposium, pp 335–348Google Scholar
  2. BG02.
    Boneh D, Golle P (2002) Almost entirely correct mixing with applications to voting. In: Proceedings of the 9th ACM conference on computer and communications security, CCS ’02. ACM, New York, pp 68–77Google Scholar
  3. BHM08.
    Backes M, Hritcu C, Maffei M (2008) Automated verification of remote electronic voting protocols in the applied pi-calculus. In: CSF, pp 195–209Google Scholar
  4. BP05.
    Bhargava M, Palamidessi C (2005) Probabilistic anonymity. In: Abadi M, de Alfaro L (eds) CONCUR 2005—concurrency theory. Lecture notes in computer science, vol 3653. Springer, Berlin, pp 171–185Google Scholar
  5. BRS07.
    Baskar A, Ramanujam R, Suresh SP (2007) Knowledge-based modelling of voting protocols. In: TARK, pp 62–71Google Scholar
  6. CCM08.
    Clarkson MR, Chong S, Myers AC (2008) Civitas: toward a secure voting system. In: IEEE symposium on security and privacy, pp 354–368Google Scholar
  7. CEC+08.
    Chaum D, Essex A, Carback R, Clark J, Popoveniuc S, Sherman AT, Vora PL (2008) Scantegrity: end-to-end voter-verifiable optical-scan voting. IEEE Sec Priv 6(3): 40–46CrossRefGoogle Scholar
  8. Cha81.
    Chaum D (1981) Untraceable electronic mail, return addresses, and digital pseudonyms. Commun ACM 24: 84–90CrossRefGoogle Scholar
  9. Cha04.
    Chaum D (2004) Secret-ballot receipts: true voter-verifiable elections. IEEE Sec Priv 2(1): 38–47CrossRefGoogle Scholar
  10. COPD06.
    Chothia T, Orzan S, Pang J, Dashti MT (2006) A framework for automatically checking anonymity with MuCRL. In: TGC, pp 301–318Google Scholar
  11. CPP06.
    Chatzikokolakis K, Palamidessi C, Panangaden P (2006) Anonymity protocols as noisy channels. In: (eds) In: Information and computation.. Springer, BerlinGoogle Scholar
  12. CRS05.
    Chaum D, Ryan PYA, Schneider SA (2005) A practical voter-verifiable election scheme. In: ESORICS, pp 118–139Google Scholar
  13. DKR06.
    Delaune S, Kremer S, Ryan M (2006) Coercion-resistance and receipt-freeness in electronic voting. In: CSFW, pp 28–42Google Scholar
  14. DKR09.
    Delaune S, Kremer S, Ryan M (2009) Verifying privacy-type properties of electronic voting protocols. J Comput Secur 17(4): 435–487Google Scholar
  15. DPP07.
    Deng Y, Palamidessi C, Pang J (2007) Weak probabilistic anonymity. Electron Notes Theor Comput Sci 180(1): 55–76CrossRefGoogle Scholar
  16. DY83.
    Dolev D, Yao AC (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2): 198–208CrossRefzbMATHMathSciNetGoogle Scholar
  17. ElG84.
    ElGamal T (1984) A public key cryptosystem and a signature scheme based on discrete logarithms. In: CRYPTO, pp 10–18Google Scholar
  18. FA02.
    Fournet C, Abadi M (2002) Hiding names: private authentication in the applied pi calculus. In: ISSS, pp 317–338Google Scholar
  19. FOO92.
    Fujioka A, Okamoto T, Ohta K (1992) A practical secret voting scheme for large scale elections. In: AUSCRYPT, pp 244–251Google Scholar
  20. GGH+.
    Gardiner P, Goldsmith M, Hulance J, Jackson D, Roscoe B, Scattergood B, Armstrong B. FDR2 user manualGoogle Scholar
  21. GHPv05.
    Garcia FD, Hasuo I, Pieters W, van Rossum P (2005) Provable anonymity. In: Proceedings of the 2005 ACM workshop on formal methods in security engineering, FMSE ’05. ACM, New York, pp 63–72Google Scholar
  22. Hea07.
    Heather J (2007) Implementing STV securely in Prêt à Voter. In: CSF, pp 157–169Google Scholar
  23. Hoa78.
    Hoare CAR (1978) Communicating sequential processes. Commun ACM 21: 666–677CrossRefzbMATHGoogle Scholar
  24. HS04.
    Hughes D, Shmatikov V (2004) Information hiding, anonymity and privacy: a modular approach. J Comput Secur 12(1): 3–36Google Scholar
  25. JCJ05.
    Juels A, Catalano D, Jakobsson M (2005) Coercion-resistant electronic elections. In: Proceedings of the 2005 ACM workshop on privacy in the electronic society, WPES ’05. ACM, New York, pp 61–70Google Scholar
  26. JJR02.
    Jakobsson M, Juels A, Rivest RL (2002) Making mix nets robust for electronic voting by randomized partial checking. In: USENIX security symposium, pp 339–353Google Scholar
  27. KR05.
    Kremer S, Ryan M (2005) Analysis of an electronic voting protocol in the applied pi calculus. In: ESOP, pp 186–200Google Scholar
  28. Laz99.
    Lazic RS (1999) A semantic study of data independence with applications to model checking. D. phil. thesis, Oxford University Computing LaboratoryGoogle Scholar
  29. LJP10.
    Langer BL, Jonker H, Pieters W (2010) Anonymity and verifiability in voting: understanding (un)linkability. In: ICICS, pp 296–310Google Scholar
  30. Low96.
    Lowe G (1996) Breaking and fixing the needham-schroeder public-key protocol using FDR. In: Proceedings of the second international workshop on tools and algorithms for construction and analysis of systems. Springer, Berlin, pp 147–166Google Scholar
  31. MVd04.
    Mauw S, Verschuren J, de Vink EP. (2004) A formalization of anonymity and onion routing. In ESORICS, pages 109–124Google Scholar
  32. Nef01.
    Andrew Neff C (2001) A verifiable secret shuffle and its application to e-voting. In: Proceedings of the 8th ACM conference on computer and communications security, CCS ’01. ACM, New York, pp 116–125Google Scholar
  33. Pai99.
    Paillier P (1999) Public-key cryptosystems based on composite degree residuosity classes. In: EUROCRYPT, pp 223–238Google Scholar
  34. PK00.
    Pfitzmann P, Köhntopp M (2000) Anonymity, unobservability, and pseudonymity—a proposal for terminology. In: Workshop on design issues in anonymity and unobservability, pp 1–9Google Scholar
  35. RBH+09.
    Ryan PYA, Bismark D, Heather J, Schneider SA, Xia Z (2009) Prêt à Voter: a voter-verifiable voting system. IEEE Trans Inf Theory 4(4): 662–673Google Scholar
  36. Riv06.
    Rivest RL (2006) The ThreeBallot voting system.
  37. Ros97.
    Roscoe AW (1997) The theory and practice of concurrency. Prentice Hall PTR, Upper Saddle RiverGoogle Scholar
  38. Ros10.
    Roscoe AW (2010) Understanding concurrent systems, 1st edn. Springer, New YorkCrossRefGoogle Scholar
  39. RP05.
    Ryan PYA, Peacock T (2005) Prêt à Voter: a systems perspective. Technical report, University of NewcastleGoogle Scholar
  40. RP10.
    Ryan PYA, Peacock T (2010) A threat analysis of Prêt à Voter. In: Chaum D, Jakobsson M, Rivest R, Ryan P, Benaloh J, Kutylowski M, Adida B (eds) Towards trustworthy elections. Lecture notes in computer science, vol 6000. Springer, Berlin, pp 200–215Google Scholar
  41. RS06.
    Ryan PYA, Schneider SA (2006) Prêt à Voter with re-encryption mixes. In: ESORICS, pp 313–326Google Scholar
  42. RSG+00.
    Ryan PYA, Schneider SA, Goldsmith MH, Lowe G, Roscoe AW (2000) The modelling and analysis of security protocols: the CSP approach, 1 edn. Addison-Wesley Professional, ReadingGoogle Scholar
  43. Rya05.
    Ryan PYA (2005) A variant of the Chaum voter-verifiable scheme. In: Proceedings of 2005 workshop on issues in the theory of security, pp 81–88Google Scholar
  44. Rya06.
    Ryan PYA (2006) Putting the human back in voting protocols. In: Security protocols workshop, pp 20–25Google Scholar
  45. Rya08.
    Ryan PYA (2008) Prêt à Voter with Paillier encryption. Math Comput Model 48(1): 1646–1662CrossRefzbMATHGoogle Scholar
  46. Sch99.
    Schneider SA (1999) Concurrent and real time systems: the CSP approach, 1 edn. Wiley, New YorkGoogle Scholar
  47. SS96.
    Schneider SA, Sidiropoulos A (1996) CSP and anonymity. In: ESORICS, pp 198–218Google Scholar
  48. XCH+10.
    Xia Z, Culnane C, Heather J, Jonker H, Ryan PYA, Schneider SA, Srinivasan S (2010) Versatile Prêt à Voter: handling multiple election methods with a unified interface. In: INDOCRYPT, pp 98–114Google Scholar

Copyright information

© British Computer Society 2012

Authors and Affiliations

  1. 1.Department of ComputingUniversity of SurreySurreyUK

Personalised recommendations