Skip to main content
SpringerLink
Log in

Anonymity and everlasting privacy in electronic voting

  • Regular contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Everlasting privacy protects cryptographic voting systems against the weakening of intractability assumptions on which they may be based. We find that everlasting privacy can be obtained from protocols that do not require trust in the election talliers for privacy, as long as they are accompanied by anonymous casting. To this end, we define a novel model, \(\textsf {U-BPRIV} \), to analyze such schemes. We draw inspiration from the de facto standard framework for ballot privacy, BPRIV. We then extend \(\textsf {U-BPRIV} \) to account for everlasting privacy. Our work differs from related attempts, which only consider everlasting privacy in the context of publicly available data. Our model is fine-grained, since it also considers the level of data leakage from the various components of an election system. We evaluate our definitions by applying our models to two protocols, each representing an important paradigm for building e-voting schemes.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

Notes

  1. In [38], Adi Shamir is quoted to have proclaimed that currently used cryptographic keys have a lifespan of 30 years.

  2. This property is referred to as sender anonymity in [44] or sender-message unlinkability in [33].

  3. In our case, since there is only one receiver, the \( n \times n \) matrices that model the exchange of messages between n players in [29] collapse to n element vectors.

  4. For simplicity, we denote \(\textsf {result} ((v_1,c_1), \cdots , (v_n,c_n))\) as \(\textsf {result} ({\textbf {V }}{\textbf {c }})\) where \({\textbf {V }}=(v_1, \cdots , v_n)\) and \({\textbf {c }}=(c_1,\cdots , c_n)\).

  5. While this \(\pi _{\textsf {V} _i}\) is not required in \(\textsf {FOO}\), since all votes are individually decrypted and then checked for validity we include it to also reflect properties of schemes that adopt homomorphic tallying.

  6. For Helios this was proved in [7].

References

  1. Adida, B.: Helios: web-based open-audit voting. In: Proceedings of the 17th conference on Security symposium, pp. 335–348. USENIX Association, (2008)

  2. Arapinis, M., Cortier, V., Kremer, S., Ryan, M.: Practical everlasting privacy. In: Principles of Security and Trust, pp. 21–40, (2013)

  3. Backes, M., Kate, A., Manoharan, P., Meiser, S., Mohammadi, E.: Anoa: A framework for analyzing anonymous communication protocols. J. Priv. Confidentiality, 7(2), (2016)

  4. Benaloh, J.: Verifiable Secret-Ballot Elections. PhD thesis, September (1987)

  5. Benaloh, J., Tuinstra, D.: Receipt-free secret-ballot elections (extended abstract). In Proceedings of the Twenty-Sixth Annual ACM Symposium on Theory of Computing, STOC ’94, pp. 544-553, New York, NY, USA, (1994). Association for Computing Machinery

  6. Benaloh, J., Yung, M.: Distributing the power of a government to enhance the privacy of voters. In: PODC ’86, (1986)

  7. Bernhard, D., Cortier, V., Galindo, D., Pereira, O., Warinschi, B.: Sok: A comprehensive analysis of game-based ballot privacy definitions. In: IEEE Symposium on Security and Privacy, SP 2015, pp. 499–516. IEEE Computer Society, (2015)

  8. Bernhard, D., Pereira, O., Warinschi, B.: How not to prove yourself: Pitfalls of the fiat-shamir heuristic and applications to helios. In: ASIACRYPT, volume 7658 of Lecture Notes in Computer Science, pp. 626–643. Springer, (2012)

  9. Bernhard, M., Benaloh, J., Halderman, J.A., Rivest, R.L., Peter, Y.A.R., Stark, P.B., Teague, V., Vora, P.L., Wallach, D.S.: Public evidence from secret ballots. In: E-VOTE-ID, LNCS, pp. 84–109. Springer, (2017)

  10. Buchmann, J., Demirel, D., Van De Graaf, J.: Towards a publicly-verifiable mix-net providing everlasting privacy. In: LNCS, pp. 197–204, (2013)

  11. Chaidos P., Cortier, V., Fuchsbauer, G., Galindo, D.: Beleniosrf: A non-interactive receipt-free electronic voting scheme. In: ACM Conference on Computer and Communications Security, pp. 1614–1625. ACM, (2016)

  12. David Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM, 24(2), 84–88, 1981

    Article  Google Scholar 

  13. Chaum, D.: Blind signatures for untraceable payments. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds.), Advances in cryptology: proceedings of CRYPTO ’82, Santa Barbara, California, USA, August 23-25, 1982., pp. 199–203. Plenum Press, New York (1982)

  14. Chaum, David: The dining cryptographers problem: Unconditional sender and recipient untraceability. J. Cryptol. 1(1), 65–75 (1988)

    Article  MathSciNet  MATH  Google Scholar 

  15. Clark, J., Hengartner, U.: Selections: Internet voting with over-the-shoulder coercion-resistance. In: Danezis, G., (ed.), Financial Cryptography and Data Security - 15th International Conference, FC 2011, Gros Islet, St. Lucia, February 28 - March 4, 2011, Revised Selected Papers, volume 7035 of Lecture Notes in Computer Science, pp. 47–61. Springer, (2011)

  16. Cortier, V., Smyth, B.: Attacking and fixing helios: An analysis of ballot secrecy. In: 2011 IEEE 24th Computer Security Foundations Symposium, pp. 297–311, (2011)

  17. Cramer, R., Franklin, M., Schoenmakers, B., Yung, M.: Multi-Authority Secret-Ballot Elections with Linear Work, pp. 72–83 (1996)

  18. Edouard Cuvelier, Olivier Pereira, and Thomas Peters. Election verifiability or ballot privacy: Do we need to choose? In ESORICS 2013, pages 481–498, 2013

    Google Scholar 

  19. Demirel, D., Van De Graaf, J., Araújo, R.: Improving Helios with Everlasting Privacy Towards the Public. EVT/WOTE’12, (2012)

  20. Dingledine, R., Mathewson, N., Syverson, P.: Tor: The Second-Generation onion router. In: 13th USENIX Security Symposium (USENIX Security 04), San Diego, CA, (August 2004). USENIX Association

  21. Fujioka, A., Okamoto, T., Ohta, K.: A practical secret voting scheme for large scale elections. In: Seberry, J., Zheng, Y. (eds), AUSCRYPT, LNCS, pp. 244–251. Springer (1992)

  22. El Gamal, Taher: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Information Theory 31(4), 469–472 (1985)

    Article  MathSciNet  Google Scholar 

  23. Gelernter, N., Herzberg, A.: On the limits of provable anonymity. In: Proceedings of the 12th ACM Workshop on Workshop on Privacy in the Electronic Society, WPES ’13, pp. 225-236, New York, NY, USA, (2013). Association for Computing Machinery

  24. Greenwald, G.: Nsa collecting phone records of millions of verizon customers daily. The Guardian, (Jun 2013)

  25. Grontas, P., Pagourtzis, A., Zacharakis, A.: Security models for everlasting privacy. E-Vote-ID, p. 140, (2019)

  26. Grontas, P., Pagourtzis, A., Zacharakis, A., Zhang, B.: Towards everlasting privacy and efficient coercion resistance in remote electronic voting. In: FC 2018 Workshops, BITCOIN, VOTING, and WTSC, Nieuwpoort, LNCS, pp. 210–231. Springer, (2018)

  27. Panagiotis Grontas, Aris Pagourtzis, Alexandros Zacharakis, and Bingsheng Zhang. Publicly auditable conditional blind signatures. J. Comput. Secur., 29(2):229–271, 2021

    Article  Google Scholar 

  28. Haines, T., Gritti, C.: Improvements in everlasting privacy: Efficient and secure zero knowledge proofs. In: E-VOTE-ID, volume 11759 of Lecture Notes in Computer Science, pp. 116–133. Springer, (2019)

  29. Hevia, A., Micciancio, D.: An indistinguishability-based characterization of anonymous channels. In: Nikita B., Ian G. (eds.), Privacy Enhancing Technologies, 8th International Symposium, PETS 2008, Leuven, Belgium, July 23-25, 2008, Proceedings, volume 5134 of Lecture Notes in Computer Science, pp. 24–43. Springer, (2008)

  30. Juels, A., Catalano, D., Jakobsson, M.: Coercion-resistant electronic elections. In: WPES, pp. 61–70. ACM, (2005)

  31. Juels, A., Catalano, D., Jakobsson, M.: Coercion-Resistant Electronic Elections, pp. 37–63. Springer Berlin Heidelberg, Berlin, Heidelberg, (2010)

  32. Kiayias, A., Zacharias, T., Zhang, B.: End-to-end verifiable elections in the standard model. In: Elisabeth O., Marc F. (eds.) Advances in Cryptology - EUROCRYPT 2015 - 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26-30, 2015, Proceedings, Part II, volume 9057 of Lecture Notes in Computer Science, pp. 468–498. Springer, (2015)

  33. Kuhn, Christiane, Beck, Martin, Schiffner, Stefan, Jorswieck, Eduard, Strufe, Thorsten: On privacy notions in anonymous communication. Proc. Privacy Enhancing Technol. 2, 105–125 (2019)

    Article  Google Scholar 

  34. Liu, J.K., Au, M.H., Susilo, W., Zhou, J.: Linkable ring signature with unconditional anonymity. IEEE Trans. Knowl. Data Eng., 26(1):157–165, (2014)

    Article  Google Scholar 

  35. Liu, J.K., Wei, V.K., Wong, D.S.: Linkable spontaneous anonymous group signature for ad hoc groups (extended abstract). In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.), Information Security and Privacy: 9th Australasian Conference, ACISP 2004, Sydney, Australia, July 13-15, 2004. Proceedings, volume 3108 of Lecture Notes in Computer Science, pp. 325–335. Springer, (2004)

  36. Locher, P., Haenni, R.: Verifiable internet elections with everlasting privacy and minimal trust. In: VoteID 2015, LNCS, pp. 74–91. Springer, (2015)

  37. Locher, P., Haenni, R., Koenig, R.E.: Coercion-resistant internet voting with everlasting privacy. In: FC’16 Workshops, BITCOIN,VOTING,WAHC, (2016)

  38. Moran, T., Naor, M.: Receipt-Free Universally-Verifiable Voting with Everlasting Privacy. pp. 373–392. (2006)

  39. Moran, Tal, Naor, Moni: Split-ballot voting. ACM Transactions on Information and System Security 2, 1–43 (2010)

    Article  Google Scholar 

  40. Ohkubo, M., Miura, F., Abe, M., Fujioka, A., Okamoto, T.: An improvement on a practical secret voting scheme, In: Information Security, LNCS pp. 225–234 (1999)

  41. Okamoto, T.: Provably secure and practical identification schemes and corresponding signature schemes. In: Brickell, E.F. (ed.), Advances in Cryptology — CRYPTO’ 92, pp. 31–53, Berlin, Heidelberg, (1993). Springer Berlin Heidelberg

  42. Park, C., Itoh, K., Kurosawa, K.: Efficient anonymous channel and all/nothing election scheme. In: Helleseth, T. (ed.), Advances in Cryptology — EUROCRYPT ’93, pp. 248–259, Berlin, Heidelberg, (1994). Springer Berlin Heidelberg

  43. Perera, M.N.S., Nakamura, T., Hashimoto, M., Yokoyama, H., Cheng, C.-M., Sakurai, K.: A survey on group signatures and ring signatures: Traceability vs. anonymity. Cryptography, 6(1), (2022)

  44. Pfitzmann, A., Hansen, M.: A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management. http://dud.inf.tu-dresden.de/literatur/Anon_Terminology_v0.34.pdf,August2010.v0.34

  45. Zacharakis, A., Grontas, P., Pagourtzis, A.: Conditional blind signatures. (2017). https://eprint.iacr.org/2017/682

  46. Zollinger, M.-L., Distler, V., Rønne, P.B., Ryan, P.Y.A., Lallemand, C., Koenig, V.: User experience design for e-voting: How mental models align with security mechanisms. E-Vote-ID, p 187, (2019)

Download references

Acknowledgements

This article does not contain any studies with human participants or animals performed by any of the authors.

We would like to thank Alexandros Zacharakis and the anonymous reviewers for their excellent comments and suggestions that greatly improved the paper.

Funding

The authors have received no funding.

Author information

Authors and Affiliations

  1. School of Electrical and Computer Engineering, National Technical University of Athens, Athens, Greece

    Panagiotis Grontas & Aris Pagourtzis

Authors
  1. Panagiotis Grontas
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Aris Pagourtzis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Panagiotis Grontas.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Human and animal participants

This article does not contain any studies with human participants or animals performed by any of the authors.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Grontas, P., Pagourtzis, A. Anonymity and everlasting privacy in electronic voting. Int. J. Inf. Secur. 22, 819–832 (2023). https://doi.org/10.1007/s10207-023-00666-2

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-023-00666-2

Keywords

Search

Navigation