Towards Trustworthy Elections

Volume 6000 of the series Lecture Notes in Computer Science pp 191-199

On Some Incompatible Properties of Voting Schemes

  • Benoît Chevallier-MamesAffiliated withDCSSI
  • , Pierre-Alain FouqueAffiliated withENS – CNRS – INRIA
  • , David PointchevalAffiliated withENS – CNRS – INRIA
  • , Julien SternAffiliated withCryptolog International
  • , Jacques TraoréAffiliated withOrange Labs – France Telecom R&D

* Final gross prices may vary according to local VAT.

Get Access


In this paper, we study the problem of simultaneously achieving several security properties, for voting schemes, without non-standard assumptions. More specifically, we focus on the universal verifiability of the computation of the tally, on the unconditional privacy/anonymity of the votes, and on the receipt-freeness properties, for the most classical election processes. Under usual assumptions and efficiency requirements, we show that a voting system that wants to publish the final list of the voters who actually voted, and to compute the number of times each candidate has been chosen, we cannot achieve:

  • universal verifiability of the tally (UV) and unconditional privacy of the votes (UP) simultaneously, unless all the registered voters actually vote;

  • universal verifiability of the tally (UV) and receipt- freeness (RF), unless private channels are available between the voters and/or the voting authorities.