Towards a Formal Analysis of Information Leakage for Signature Attacks in Preferential Elections

  • Roland Wen
  • Annabelle McIver
  • Carroll Morgan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8442)


Electronic voting is rich with paradoxes. How can a voter verify that his own vote has been correctly counted, but at the same time be prevented from revealing his vote to a third party? Not only is there no generally recognised solution to those problems, it is not generally agreed how to specify precisely what the problems are, and what exact threats they pose. Such a situation is ripe for the application of Formal Methods.

In this paper we explore so-called signature attacks, where an apparently secure system can nevertheless be manipulated to reveal a voter’s choice in unexpected and subtle ways. We describe two examples in detail, and from that make proposals about where formal techniques might apply.


coercion signature attacks elections single transferable vote 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Alvim, M.S., Chatzikokolakis, K., Palamidessi, C., Smith, G.: Measuring Information Leakage Using Generalized Gain Functions. In: Chong, S. (ed.) CSF, pp. 265–279. IEEE (2012)Google Scholar
  2. 2.
    Australian Broadcasting Corporation: Antony Green’s Election Guide — Senate Calculator (2013),
  3. 3.
    Benaloh, J., Moran, T., Naish, L., Ramchen, K., Teague, V.: Shuffle-Sum: Coercion-Resistant Verifiable Tallying for STV Voting. IEEE Transactions on Information Forensics and Security 4(4), 685–698 (2009)CrossRefGoogle Scholar
  4. 4.
    Benaloh, J.C., Tuinstra, D.: Receipt-Free Secret-Ballot Elections (Extended Abstract). In: Leighton, F.T., Goodrich, M.T. (eds.) STOC, pp. 544–553. ACM (1994)Google Scholar
  5. 5.
    Delaune, S., Kremer, S., Ryan, M.: Coercion-Resistance and Receipt-Freeness in Electronic Voting. In: CSFW, pp. 28–42. IEEE Computer Society (2006)Google Scholar
  6. 6.
    Di Cosmo, R.: On Privacy and Anonymity in Electronic and Non Electronic Voting: the Ballot-As-Signature Attack (2007),
  7. 7.
    Goh, E.-J., Golle, P.: Event Driven Private Counters. In: Patrick, A.S., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 313–327. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  8. 8.
    Heather, J.: Implementing STV securely in Prêt à Voter. In: CSF, pp. 157–169. IEEE Computer Society (2007)Google Scholar
  9. 9.
    Heather, J., Schneider, S.: A Formal Framework for Modelling Coercion Resistance and Receipt Freeness. In: Giannakopoulou, D., Méry, D. (eds.) FM 2012. LNCS, vol. 7436, pp. 217–231. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  10. 10.
    Jonker, H.L., de Vink, E.P.: Formalising Receipt-Freeness. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds.) ISC 2006. LNCS, vol. 4176, pp. 476–488. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Juels, A., Catalano, D., Jakobsson, M.: Coercion-Resistant Electronic Elections. In: Atluri, V., di Vimercati, S.D.C., Dingledine, R. (eds.) WPES, pp. 61–70. ACM (2005)Google Scholar
  12. 12.
    Küsters, R., Truderung, T.: An Epistemic Approach to Coercion-Resistance for Electronic Voting Protocols. In: IEEE Symposium on Security and Privacy, pp. 251–266. IEEE Computer Society (2009)Google Scholar
  13. 13.
    McIver, A., Meinicke, L., Morgan, C.: Compositional Closure for Bayes Risk in Probabilistic Noninterference. In: Abramsky, S., Gavoille, C., Kirchner, C., Meyer auf der Heide, F., Spirakis, P.G. (eds.) ICALP 2010, part II. LNCS, vol. 6199, pp. 223–235. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  14. 14.
    McIver, A., Morgan, C., Smith, G., Espinoza, B., Meinicke, L.: Abstract Channels and Their Robust Information-Leakage Ordering. In: Abadi, M., Kremer, S. (eds.) POST 2014. LNCS, vol. 8414, pp. 83–102. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  15. 15.
    Wen, R., Buckland, R.: Minimum Disclosure Counting for the Alternative Vote. In: Ryan, P.Y.A., Schoenmakers, B. (eds.) VOTE-ID 2009. LNCS, vol. 5767, pp. 122–140. Springer, Heidelberg (2009)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Roland Wen
    • 1
    • 2
  • Annabelle McIver
    • 1
  • Carroll Morgan
    • 2
  1. 1.Department of ComputingMacquarie UniversitySydneyAustralia
  2. 2.School of Computer Science and EngineeringThe University of New South WalesSydneyAustralia

Personalised recommendations