Cronus: Everlasting Privacy with Audit and Cast

  • Thomas HainesEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11875)


We present a new online voting scheme with everlasting privacy and cast-as-intended verifiability. We follow the so called “audit-and-cast” paradigm where the voter audits the ballot before casting it. To mitigate the ability of this information to harm the voter’s privacy, we provide measures for avoiding coercion by allowing any party to create fake proofs for the content of any vote. We propose an efficient implementation and formally verify its security properties.


  1. 1.
    Abe, M., Haralambiev, K., Ohkubo, M.: Group to group commitments do not shrink. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 301–317. Springer, Heidelberg (2012). Scholar
  2. 2.
    Adida, B.: Helios: web-based open-audit voting. In: van Oorschot, P.C. (ed.) USENIX Security Symposium, pp. 335–348. USENIX Association (2008)Google Scholar
  3. 3.
    Benaloh, J.C., Yung, M.: Distributing the power of a government to enhance the privacy of voters. In: Proceedings of the Fifth Annual ACM Symposium on Principles of Distributed Computing, pp. 52–62. ACM (1986)Google Scholar
  4. 4.
    Benaloh, J.C., Tuinstra, D.: Receipt-free secret-ballot elections (extended abstract). In: Leighton, F.T., Goodrich, M.T. (eds.) STOC, pp. 544–553. ACM (1994)Google Scholar
  5. 5.
    Bernhard, D., Cortier, V., Galindo, D., Pereira, O., Warinschi, B.: SoK: a comprehensive analysis of game-based ballot privacy definitions. In: IEEE Symposium on Security and Privacy, pp. 499–516. IEEE Computer Society (2015)Google Scholar
  6. 6.
    Bernhard, D., Pereira, O., Warinschi, B.: How not to prove yourself: pitfalls of the Fiat-Shamir heuristic and applications to helios. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 626–643. Springer, Heidelberg (2012). Scholar
  7. 7.
    Chaum, D.: Untraceable mail, return addresses and digital pseudonyms. Commun. ACM 24(2), 84–88 (1981)CrossRefGoogle Scholar
  8. 8.
    Chaum, D.: Security without identification: transaction systems to make big brother obsolete. Commun. ACM 28(10), 1030–1044 (1985)CrossRefGoogle Scholar
  9. 9.
    Chaum, D.: Elections with unconditionally-secret ballots and disruption equivalent to breaking RSA. In: Barstow, D., Brauer, W., Brinch Hansen, P., Gries, D., Luckham, D., Moler, C., Pnueli, A., Seegmüller, G., Stoer, J., Wirth, N., Günther, C.G. (eds.) EUROCRYPT 1988. LNCS, vol. 330, pp. 177–182. Springer, Heidelberg (1988). Scholar
  10. 10.
    Chaum, D., et al.: Scantegrity II: end-to-end verifiability for optical scan election systems using invisible ink confirmation codes. In: EVT. USENIX Association (2008)Google Scholar
  11. 11.
    Cohen, J.D.: Improving privacy in cryptographic elections. Citeseer (1986)Google Scholar
  12. 12.
    Cohen, J.D., Fischer, M.J.: A robust and verifiable cryptographically secure election scheme. In: FOCS, vol. 85, pp. 372–382 (1985)Google Scholar
  13. 13.
    Cuvelier, É., Pereira, O., Peters, T.: Election verifiability or ballot privacy: do we need to choose? In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 481–498. Springer, Heidelberg (2013). Scholar
  14. 14.
    Demirel, D., Van De Graaf, J., Araújo, R.: Improving Helios with everlasting privacy towards the public. In: Proceedings of the 2012s international conference on Electronic Voting Technology/Workshop on Trustworthy Elections, p. 8. USENIX Association (2012)Google Scholar
  15. 15.
    Escala, A., Guasch, S., Herranz, J., Morillo, P.: Universal cast-as-intended verifiability. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 233–250. Springer, Heidelberg (2016). Scholar
  16. 16.
    FIPS, P.: 186–4: Federal information processing standards publication. digital signature standard (DSS). Information Technology Laboratory, National Institute of Standards and Technology (NIST), Gaithersburg, MD, 20899–8900 (2013)Google Scholar
  17. 17.
    Guasch, S., Morillo, P.: How to challenge and cast your e-Vote. In: Grossklags, J., Preneel, B. (eds.) FC 2016. LNCS, vol. 9603, pp. 130–145. Springer, Heidelberg (2017). Scholar
  18. 18.
    Haines, T., Gritti, C.: Improvements in everlasting privacy: efficient and secure zero knowledge proofs. Cryptology ePrint Archive, Report 2019/901 (2019)Google Scholar
  19. 19.
    Halderman, J.A., Teague, V.: The new south wales ivote system: security failures and verification flaws in a live online election. In: Haenni, R., Koenig, R.E., Wikström, D. (eds.) VOTELID 2015. LNCS, vol. 9269, pp. 35–53. Springer, Cham (2015). Scholar
  20. 20.
    Hazay, C., Mikkelsen, G.L., Rabin, T., Toft, T., Nicolosi, A.A.: Efficient RSA key generation and threshold paillier in the two-party setting. J. Cryptol. 32(2), 265–323 (2019)MathSciNetCrossRefGoogle Scholar
  21. 21.
    Karayumak, F., Olembo, M.M., Kauer, M., Volkamer, M.: Usability analysis of Helios - an open source verifiable remote electronic voting system. In: Shacham, H., Teague, V. (eds.) 2011 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections, EVT/WOTE 2011, San Francisco, CA, USA, 8–9 August 2011. USENIX Association (2011)Google Scholar
  22. 22.
    Küsters, R., Truderung, T., Vogt, A.: Accountability: definition and relationship to verifiability. In: Al-Shaer, E., Keromytis, A.D., Shmatikov, V. (eds.) Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, Chicago, Illinois, USA, 4–8 October 2010, pp. 526–535. ACM (2010)Google Scholar
  23. 23.
    Locher, P., Haenni, R., Koenig, R.E.: Coercion-resistant internet voting with everlasting privacy. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 161–175. Springer, Heidelberg (2016). Scholar
  24. 24.
    Merrit, M.: Cryptographic protocols. Ph.D. thesis (1983)Google Scholar
  25. 25.
    Moran, T., Naor, M.: Split-ballot voting: Everlasting privacy with distributed trust. ACM Trans. Inf. Syst. Secur. 13(2), 16 (2010)CrossRefGoogle Scholar
  26. 26.
    Nishide, T., Sakurai, K.: Distributed Paillier cryptosystem without trusted dealer. In: Chung, Y., Yung, M. (eds.) WISA 2010. LNCS, vol. 6513, pp. 44–60. Springer, Heidelberg (2011). Scholar
  27. 27.
    Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999). Scholar
  28. 28.
    Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992). Scholar
  29. 29.
    Ryan, P.Y.A., Rønne, P.B., Iovino, V.: Selene: voting with transparent verifiability and coercion-mitigation. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 176–192. Springer, Heidelberg (2016). Scholar
  30. 30.
    Ryan, P.: A variant of the Chaum voter-verifiable scheme. In: Proceedings of the 2005 Workshop on Issues in the Theory of Security, pp. 81–88. ACM (2005)Google Scholar
  31. 31.
    Springall, D., et al.: Security analysis of the Estonian internet voting system. In: ACM Conference on Computer and Communications Security, pp. 703–715. ACM (2014)Google Scholar
  32. 32.
    Benaloh, J. Simple verifiable elections. USENIX Association (2006)Google Scholar
  33. 33.
    Wikström, D.: A commitment-consistent proof of a shuffle. In: Boyd, C., González Nieto, J. (eds.) ACISP 2009. LNCS, vol. 5594, pp. 407–421. Springer, Heidelberg (2009). Scholar
  34. 34.
    Yang, N., Clark, J.: Practical governmental voting with unconditional integrity and privacy. In: Brenner, M., Rohloff, K., Bonneau, J., Miller, A., Ryan, P.Y.A., Teague, V., Bracciali, A., Sala, M., Pintore, F., Jakobsson, M. (eds.) FC 2017. LNCS, vol. 10323, pp. 434–449. Springer, Cham (2017). Scholar
  35. 35.
    Cramer, R., Franklin, M., Schoenmakers, B., Yung, M.: Multi-authority secret-ballot elections with linear work. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 72–83. Springer, Heidelberg (1996). Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Norwegian University of Science and TechnologyTrondheimNorway

Personalised recommendations