Anonymity in Voting Revisited

  • Hugo Jonker
  • Wolter Pieters
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6000)


According to international law, anonymity of the voter is a fundamental precondition for democratic elections. In electronic voting, several aspects of voter anonymity have been identified. In this paper, we re-examine anonymity with respect to voting, and generalise existing notions of anonymity in e-voting. First, we identify and categorise the types of attack that can be a threat to anonymity of the voter, including different types of vote buying and coercion. This analysis leads to a categorisation of anonymity in voting in terms of a) the strength of the anonymity achieved and b) the extent of interaction between voter and attacker. Some of the combinations, including weak and strong receipt-freeness, are formalised in epistemic logic.


Epistemic Logic Theme Park Electronic Vote Registered Voter Vote Protocol 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    van Acker, B.: Remote e-voting and coercion: a risk-assessment model and solutions. In: Electronic Voting in Europe 2004, pp. 53–62 (2004)Google Scholar
  2. 2.
    Benaloh, J.C., Tuinstra, D.: Receipt-free secret ballot elections (extended abstract). In: Proc. 26th ACM Symposium on the Theory of Computing (STOC), pp. 544–553. ACM, New York (1994)Google Scholar
  3. 3.
    Bhargava, M., Palamidessi, C.: Probabilistic anonymity. In: Abadi, M., de Alfaro, L. (eds.) CONCUR 2005. LNCS, vol. 3653, pp. 171–185. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Brusco, V., Nazareno, M., Stokes, S.C.: Vote buying in Argentina. Latin American Research Review 39(2), 66–88 (2004)CrossRefGoogle Scholar
  5. 5.
    Delaune, S., Kremer, S., Ryan, M.D.: Receipt-freeness: Formal definition and fault attacks (extended abstract). In: Proceedings of the Workshop Frontiers in Electronic Elections (FEE 2005), Milan, Italy (September 2005)Google Scholar
  6. 6.
    Delaune, S., Kremer, S., Ryan, M.D.: Coercion-resistance and receipt-freeness in electronic voting. In: Proceedings of the 19th IEEE Computer Security Foundations Workshop (CSFW 2006), Venice, Italy, July 2006. IEEE Computer Society Press, Los Alamitos (2006)Google Scholar
  7. 7.
    Garcia, F.D., Hasuo, I., Pieters, W., van Rossum, P.: Provable anonymity. In: Küsters, R., Mitchell, J. (eds.) 3rd ACM Workshop on Formal Methods in Security Engineering (FMSE 2005), pp. 63–72. ACM Press, New York (2005)CrossRefGoogle Scholar
  8. 8.
    Hasen, R.L.: Vote buying. California Law Review 88(5), 1323–1371 (2000)CrossRefGoogle Scholar
  9. 9.
    Hirt, M., Sako, K.: Efficient receipt-free voting based on homomorphic encryption. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 539–556. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  10. 10.
    Jonker, H.L., de Vink, E.P.: Formalising receipt-freeness. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds.) ISC 2006. LNCS, vol. 4176, pp. 476–488. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Juels, A., Catalano, D., Jakobsson, M.: Coercion-resistant electronic elections. In: Proc. WPES 2005. ACM, New York (2005)Google Scholar
  12. 12.
    Kochin, M.S., Kochin, L.A.: When is buying votes wrong? Public Choice 97, 645–662 (1998)CrossRefGoogle Scholar
  13. 13.
    Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  14. 14.
    Mauw, S., Verschuren, J.H.S., de Vink, E.P.: A formalization of anonymity and onion routing. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 109–124. Springer, Heidelberg (2004)Google Scholar
  15. 15.
    Pieters, W.: What proof do we prefer? variants of verifiability in voting. In: Ryan, P., Anderson, S., Storer, T., Duncan, I., Bryans, J. (eds.) Workshop on e-Voting and e-Government in the UK, Edinburgh, February 27-28, pp. 33–39. e-Science Institute, University of St. Andrews (2006)Google Scholar
  16. 16.
    Pieters, W.: La Volonté Machinale – understanding the electronic voting controversy. PhD thesis, Radboud University, Nijmegen, The Netherlands (2007)Google Scholar
  17. 17.
    Sako, K., Kilian, J.: Receipt-free mix-type voting scheme – a practical solution to the implementation of a voting booth. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 393–403. Springer, Heidelberg (1995)Google Scholar
  18. 18.
    Schaffer, F.C., Schedler, A.: What is vote buying? In: Schaffer, F.C. (ed.) Elections for Sale: The Causes and Consequences of Vote Buying. Lynne Rienner, Boulder CO (2007)Google Scholar
  19. 19.
    Schneier, B.: Attack trees: Modeling security threats. Dr. Dobb’s journal (December 1999)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Hugo Jonker
    • 1
    • 2
  • Wolter Pieters
    • 3
  1. 1.Eindhoven University of TechnologyThe Netherlands
  2. 2.University of LuxembourgLuxembourg
  3. 3.University of TwenteThe Netherlands

Personalised recommendations