On the Security Properties of e-Voting Bulletin Boards

  • Aggelos Kiayias
  • Annabell Kuldmaa
  • Helger Lipmaa
  • Janno SiimEmail author
  • Thomas Zacharias
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11035)


In state-of-the-art e-voting systems, a bulletin board (BB) is a critical component for preserving election integrity and availability. We introduce a framework for the formal security analysis of the BB functionality modeled as a distributed system. Our framework treats a secure BB as a robust public transaction ledger, defined by Garay et al. [Eurocrypt 2015], that additionally supports the generation of receipts for successful posting. Namely, in our model, a secure BB system achieves Persistence and Liveness that can be confirmable, in the sense that any malicious behavior can be detected via a verification mechanism.

As a case study for our framework, we analyze security guarantees and weaknesses of the BB system of [CSF 2014]. We demonstrate an attack revealing that the said system does not achieve Confirmable Liveness in our framework, even against covert adversaries. In addition, we show that special care should be taken for the choice of the underlying cryptographic primitives, so that the claimed fault tolerance threshold of N/3 out-of N corrupted IC peers is preserved.

Next, based on our analysis, we introduce a new BB protocol that upgrades the [CSF 2014] protocol. We prove that it tolerates any number less than N/3 out-of N corrupted IC peers both for Persistence and Confirmable Liveness, against a computationally bounded general Byzantine adversary. Furthermore, Persistence can also be Confirmable, if we distribute the AB (originally a centralized entity in [CSF 2014]) as a replicated service with honest majority.


Bulletin board E-voting Liveness Persistence 


  1. 1.
    Adida, B.: Helios: web-based open-audit voting. In: USENIX (2008)Google Scholar
  2. 2.
    Aumann, Y., Lindell, Y.: Security against covert adversaries: efficient protocols for realistic adversaries. J. Cryptol. 23(2), 281–343 (2010)MathSciNetCrossRefGoogle Scholar
  3. 3.
    Benaloh, J.: Verifiable secret-ballot elections. Ph.D. thesis. Yale University (1987)Google Scholar
  4. 4.
    Benaloh, J., et al.: STAR-Vote: a secure, transparent, auditable, and reliable voting system. In: EVT/WOTE 2013 (2013)Google Scholar
  5. 5.
    Burton, C., et al.: Using Prêt à voter in Victoria state elections. In: EVT/WOTE (2012)Google Scholar
  6. 6.
    Burton, C., Culnane, C., Schneider, S.: vVote: verifiable electronic voting in practice. IEEE Secur. Priv. 14(4), 64–73 (2016)CrossRefGoogle Scholar
  7. 7.
    Chaum, D.: SureVote: technical overview. In: WOTE (2001)Google Scholar
  8. 8.
    Chaum, D., et al.: Scantegrity: end-to-end voter-verifiable optical-scan voting. IEEE Secur. Priv. 6(3), 40–46 (2008)CrossRefGoogle Scholar
  9. 9.
    Chaum, D., Ryan, P.Y.A., Schneider, S.: A practical voter-verifiable election scheme. In: di Vimercati, S.C., Syverson, P., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 118–139. Springer, Heidelberg (2005). Scholar
  10. 10.
    Chondros, N., et al.: D-DEMOS: a distributed, end-to-end verifiable, internet voting system. In: ICDCS (2016)Google Scholar
  11. 11.
    Cramer, R., Gennaro, R., Schoenmakers, B.: A secure and optimally efficient multi-authority election scheme. In: EUROCRYPT, pp. 103–118 (1997)Google Scholar
  12. 12.
    Culnane, C., Ryan, P.Y.A., Schneider, S.A., Teague, V.: vVote: a verifiable voting system. ACM Trans. Inf. Syst. Secur. 18(1), 3:1–3:30 (2015)CrossRefGoogle Scholar
  13. 13.
    Culnane, C., Schneider, S.: A peered bulletin board for robust use in verifiable voting systems. CoRR abs/1401.4151 (2014)Google Scholar
  14. 14.
    Culnane, C., Schneider, S.A.: A peered bulletin board for robust use in verifiable voting systems. In: CSF (2014)Google Scholar
  15. 15.
    Dini, G.: A secure and available electronic voting service for a large-scale distributed system. Future Gener. Comput. Syst. 19(1), 69–85 (2003)CrossRefGoogle Scholar
  16. 16.
    Dwork, C., Lynch, N., Stockmeyer, L.: Consensus in the presence of partial synchrony. J. ACM 35(2), 288–323 (1988)MathSciNetCrossRefGoogle Scholar
  17. 17.
    Fujioka, A., Okamoto, T., Ohta, K.: A practical secret voting scheme for large scale elections. In: Seberry, J., Zheng, Y. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 244–251. Springer, Heidelberg (1993). Scholar
  18. 18.
    Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: analysis and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 281–310. Springer, Heidelberg (2015). Scholar
  19. 19.
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Robust and efficient sharing of RSA functions. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 157–172. Springer, Heidelberg (1996). Scholar
  20. 20.
    Hauser, S., Haenni, R.: A generic interface for the public bulletin board used in UniVote. In: CeDEM (2016)Google Scholar
  21. 21.
    Heather, J., Lundin, D.: The append-only web bulletin board. In: Degano, P., Guttman, J., Martinelli, F. (eds.) FAST 2008. LNCS, vol. 5491, pp. 242–256. Springer, Heidelberg (2009). Scholar
  22. 22.
    Heiberg, S., Willemson, J.: Verifiable internet voting in Estonia. In: EVOTE (2014)Google Scholar
  23. 23.
    Juels, A., Catalano, D., Jakobsson, M.: Coercion-resistant electronic elections. In: WPES (2005)Google Scholar
  24. 24.
    Kiayias, A., Kuldmaa, A., Lipmaa, H., Siim, J., Zacharias, T.: On the security properties of e-voting bulletin boards. Cryptology ePrint Archive, Report 2018/567 (2018)Google Scholar
  25. 25.
    Kiayias, A., Zacharias, T., Zhang, B.: End-to-end verifiable elections in the standard model. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 468–498. Springer, Heidelberg (2015). Scholar
  26. 26.
    Krummenacher, R.: Implementation of a web bulletin board for e-voting applications. Institute for Internet Technologies and Applications (2010)Google Scholar
  27. 27.
    Lynch, N.A.: Distributed Algorithms. Morgan Kaufmann, Burlington (1996)zbMATHGoogle Scholar
  28. 28.
    Peters, R.A.: A secure bulletin board. Master’s thesis. Eindhoven UT (2005)Google Scholar
  29. 29.
    Reiter, M.K.: The Rampart toolkit for building high-integrity services. In: Birman, K.P., Mattern, F., Schiper, A. (eds.) Theory and Practice in Distributed Systems. LNCS, vol. 938, pp. 99–110. Springer, Heidelberg (1995). Scholar
  30. 30.
    Sandler, D., Wallach, D.S.: Casting votes in the auditorium. In: EVT (2007)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Aggelos Kiayias
    • 1
    • 3
  • Annabell Kuldmaa
    • 2
  • Helger Lipmaa
    • 2
    • 4
  • Janno Siim
    • 2
    • 5
    Email author
  • Thomas Zacharias
    • 1
  1. 1.University of EdinburghEdinburghUK
  2. 2.University of TartuTartuEstonia
  3. 3.IOHKEdinburghUK
  4. 4.Cybernetica-Smartmatic CEIVTartuEstonia
  5. 5.STACCTartuEstonia

Personalised recommendations