When Are Three Voters Enough for Privacy Properties?

  • Myrto ArapinisEmail author
  • Véronique Cortier
  • Steve Kremer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9879)


Protocols for secure electronic voting are of increasing societal importance. Proving rigorously their security is more challenging than many other protocols, which aim at authentication or key exchange. One of the reasons is that they need to be secure for an arbitrary number of malicious voters. In this paper we identify a class of voting protocols for which only a small number of agents needs to be considered: if there is an attack on vote privacy then there is also an attack that involves at most 3 voters (2 honest voters and 1 dishonest voter).

In the case where the protocol allows a voter to cast several votes and counts, e.g., only the last one, we also reduce the number of ballots required for an attack to 10, and under some additional hypotheses, 7 ballots. Our results are formalised and proven in a symbolic model based on the applied pi calculus. We illustrate the applicability of our results on several case studies, including different versions of Helios and Prêt-à-Voter, as well as the JCJ protocol. For some of these protocols we can use the ProVerif tool to provide the first formal proofs of privacy for an unbounded number of voters.


Equational Theory Counting Function Symbolic Model Reduction Result Unbounded Number 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



This work has received funding from the European Research Council (ERC) under the EU’s Horizon 2020 research and innovation program (grant agreement No 645865-SPOOC) and the ANR project SEQUOIA ANR-14-CE28-0030-01.


  1. 1.
    Blanchet, B.: An efficient cryptographic protocol verifier based on Prolog rules. In: 14th Computer Security Foundations Workshop (CSFW 2001), pp. 82–96. IEEE Computer Society (2001)Google Scholar
  2. 2.
    Rusinowitch, M., Turuani, M.: Protocol insecurity with finite number of sessions is NP-complete. In: Proceedings of the 14th Computer Security Foundations Workshop (CSFW 2001), pp. 174–190. IEEE Computer Society (2001)Google Scholar
  3. 3.
    Comon-Lundh, H., Shmatikov, V.: Intruder deductions, constraint solving and insecurity decision in presence of exclusive or. In: Proceedings of the 18th Annual Symposium on Logic in Computer Science (LICS 2003), pp. 271–280. IEEE Computer Society (2003)Google Scholar
  4. 4.
    Bhargavan, K., Corin, R., Fournet, C., Zalinescu, E.: Cryptographically verified implementations for TLS. In: Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS 2008), pp. 459–468, October 2008Google Scholar
  5. 5.
    Kremer, S., Ryan, M.D.: Analysis of an electronic voting protocol in the applied pi calculus. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 186–200. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  6. 6.
    Gjøsteen, K.: Analysis of an internet voting protocol, Cryptology ePrint Archive, Report 2010/380 (2010)Google Scholar
  7. 7.
    Blanchet, B., Abadi, M., Fournet, C.: Automated verification of selected equivalences for security protocols. In: 20th Symposium on Logic in Computer Science (LICS 2005), pp. 331–340, June 2005Google Scholar
  8. 8.
    Tiu, A., Dawson, J.E.: Automating open bisimulation checking for the spi calculus. In: Proceedings of the 23rd Computer Security Foundations Symposium (CSF 2010), pp. 307–321. IEEE Computer Society (2010)Google Scholar
  9. 9.
    Cheval, V., Comon-Lundh, H., Delaune, S.: Trace equivalence decision: negative tests and non-determinism. In: Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS 2011), ACM, October 2011Google Scholar
  10. 10.
    Chadha, R., Ciobâcă, Ş., Kremer, S.: Automated verification of equivalence properties of cryptographic protocols. In: Seidl, H. (ed.) Programming Languages and Systems. LNCS, vol. 7211, pp. 108–127. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  11. 11.
    Backes, M., Hritcu, C., Maffei, M.: Automated verification of remote electronic voting protocols in the applied pi-calculus. In: 21st IEEE Computer Security Foundations Symposium (CSF 2008), pp. 195–209. IEEE Computer Society (2008)Google Scholar
  12. 12.
    Arapinis, M., Bursuc, S., Ryan, M.D.: Reduction of equational theories for verification of trace equivalence: re-encryption, associativity and commutativity. In: Degano, P., Guttman, J.D. (eds.) Principles of Security and Trust. LNCS, vol. 7215, pp. 169–188. Springer, Heidelberg (2012)Google Scholar
  13. 13.
    Cortier, V., Smyth, B.: Attacking and fixing helios: an analysis of ballot secrecy. J. Comput. Secur. 21(1), 89–148 (2013)CrossRefGoogle Scholar
  14. 14.
    Arapinis, M., Cortier, V., Kremer, S., Ryan, M.: Practical everlasting privacy. In: Basin, D., Mitchell, J.C. (eds.) POST 2013 (ETAPS 2013). LNCS, vol. 7796, pp. 21–40. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  15. 15.
    Cortier, V., Wiedling, C.: A formal analysis of the Norwegian E-voting protocol. In: Degano, P., Guttman, J.D. (eds.) Principles of Security and Trust. LNCS, vol. 7215, pp. 109–128. Springer, Heidelberg (2012)Google Scholar
  16. 16.
    Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: Proceedings of the 28th ACM Symposium on Principles of Programming Languages (POPL 2001), pp. 104–115. ACM (2001)Google Scholar
  17. 17.
    Okamoto, T.: Receipt-free electronic voting schemes for large scale elections. In: Christianson, B., Crispo, B., Lomas, M., Roe, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 25–35. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  18. 18.
    Adida, B.: Helios: web-based open-audit voting. In: 17th Conference on Security Symposium (SS 2008), pp. 335–348. USENIX Association (2008).
  19. 19.
    Cortier, V., Galindo, D., Glondu, S., Izabachène, M.: Election verifiability for helios under weaker trust assumptions. In: Kutyłowski, M., Vaidya, J. (eds.) ICAIS 2014, Part II. LNCS, vol. 8713, pp. 327–344. Springer, Heidelberg (2014)Google Scholar
  20. 20.
    Ryan, P.Y.A., Schneider, S.A.: Prêt-à-voter with re-encryption mixes. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 313–326. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  21. 21.
    Dreier, J., Lafourcade, P., Lakhnech, Y.: Defining privacy for weighted votes, single and multi-voter coercion. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 451–468. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  22. 22.
    Fujioka, A., Okamoto, T., Ohta, K.: A practical secret voting scheme for large scale elections. In: Zheng, Y., Seberry, J. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 244–251. Springer, Heidelberg (1993)Google Scholar
  23. 23.
    Comon-Lundh, H., Cortier, V.: Security properties: two agents are sufficient. Sci. Comput. Program. 50(1–3), 51–71 (2004)MathSciNetCrossRefzbMATHGoogle Scholar
  24. 24.
    Cortier, V., Dallon, A., Delaune, S.: Bounding the number of agents, for equivalence too. In: Piessens, F., Viganò, L. (eds.) POST 2016. LNCS, vol. 9635, pp. 211–232. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-49635-0_11 CrossRefGoogle Scholar
  25. 25.
    Blanchet, B., Abadi, M., Fournet, C.: Automated verification of selected equivalences for security protocols. J. Logic Algebraic Program. 75(1), 3–51 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  26. 26.
    Arapinis, M., Cortier, V., Kremer, S.: When are three voters enough for privacy properties? Cryptology ePrint Archive, Report 2016/690, (2016).
  27. 27.
    Bernhard, D., Cortier, V., Galindo, D., Pereira, O., Warinschi, B.: A comprehensive analysis of game-based ballot privacy definitions. In: Proceedings of the 36th IEEE Symposium on Security and Privacy (S&P 2015), pp. 499–516. IEEE Computer Society, May 2015Google Scholar
  28. 28.
    Bulens, P., Giry, D., Pereira, O.: Running mixnet-based elections with helios. In: 2011 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections, EVT/WOTE 2011, USENIX Association (2011)Google Scholar
  29. 29.
    Juels, A., Catalano, D., Jakobsson, M.: Coercion-resistant electronic elections. In: ACM Workshop on Privacy in the Eectronic Society (WPES 2005), pp. 61–70. ACM (2005)Google Scholar
  30. 30.
    Clarkson, M., Chong, S., Myers, A.: Civitas: toward a secure voting system. In: 29th IEEE Symposium on Security and Privacy (S&P 2008), pp. 354–368. IEEE Computer Society (2008)Google Scholar
  31. 31.
    Cheval, V., Blanchet, B.: Proving more observational equivalences with ProVerif. In: Basin, D., Mitchell, J.C. (eds.) POST 2013 (ETAPS 2013). LNCS, vol. 7796, pp. 226–246. Springer, Heidelberg (2013)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Myrto Arapinis
    • 1
    Email author
  • Véronique Cortier
    • 2
  • Steve Kremer
    • 2
  1. 1.University of EdinburghEdinburghUK
  2. 2.LORIA, CNRS & Inria Nancy & Université de LorraineNancyFrance

Personalised recommendations