Verifying Privacy-Type Properties of Electronic Voting Protocols: A Taster

  • Stéphanie Delaune
  • Steve Kremer
  • Mark Ryan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6000)


While electronic elections promise the possibility of convenient, efficient and secure facilities for recording and tallying votes, recent studies have highlighted inadequacies in implemented systems. These inadequacies provide additional motivation for applying formal methods to the validation of electronic voting protocols.

In this paper we report on some of our recent efforts in using the applied pi calculus to model and analyse properties of electronic elections. We particularly focus on anonymity properties, namely vote-privacy and receipt-freeness. These properties are expressed using observational equivalence and we show in accordance with intuition that receipt-freeness implies vote-privacy.

We illustrate our definitions on two electronic voting protocols from the literature. Ideally, these properties should hold even if the election officials are corrupt. However, protocols that were designed to satisfy privacy or receipt-freeness may not do so in the presence of corrupt officials. Our model and definitions allow us to specify and easily change which authorities are supposed to be trustworthy.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi, M., Blanchet, B., Fournet, C.: Just fast keying in the pi calculus. In: Schmidt, D. (ed.) ESOP 2004. LNCS, vol. 2986, pp. 340–354. Springer, Heidelberg (2004)Google Scholar
  2. 2.
    Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: Proc. 28th ACM Symposium on Principles of Programming Languages (POPL 2001), London, UK, pp. 104–115. ACM, New York (2001)CrossRefGoogle Scholar
  3. 3.
    Abadi, M., Gordon, A.D.: A calculus for cryptographic protocols: The spi calculus. In: Proc. 4th ACM Conference on Computer and Communications Security (CCS 1997), pp. 36–47. ACM Press, New York (1997)CrossRefGoogle Scholar
  4. 4.
    Benaloh, J., Tuinstra, D.: Receipt-free secret-ballot elections (extended abstract). In: Proc. 26th Symposium on Theory of Computing (STOC 1994), pp. 544–553. ACM Press, New York (1994)Google Scholar
  5. 5.
    Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: Proc. 14th IEEE Computer Security Foundations Workshop (CSFW 2001), pp. 82–96. IEEE Comp. Soc. Press, Los Alamitos (2001)CrossRefGoogle Scholar
  6. 6.
    Blanchet, B., Abadi, M., Fournet, C.: Automated Verification of Selected Equivalences for Security Protocols. In: Proc. 20th IEEE Symposium on Logic in Computer Science (LICS 2005), pp. 331–340. IEEE Comp. Soc. Press, Los Alamitos (2005)CrossRefGoogle Scholar
  7. 7.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 24(2), 84–88 (1981)CrossRefGoogle Scholar
  8. 8.
    Chaum, D.: Blind signatures for untraceable payments. In: Advances in Cryptology – CRYPTO 1982, pp. 199–203. Plenum Press, New York (1983)Google Scholar
  9. 9.
    Delaune, S., Kremer, S., Ryan, M.D.: Verifying privacy-type properties of electronic voting protocols. Research report, Laboratoire Spécification et Vérification, ENS Cachan, France (January 2008)Google Scholar
  10. 10.
    Fischlin, M.: Trapdoor Commitment Schemes and Their Applications. PhD thesis, Fachbereich Mathematik Johann Wolfgang Goethe-Universität Frankfurt am Main (2001)Google Scholar
  11. 11.
    Fournet, C., Abadi, M.: Hiding names: Private authentication in the applied pi calculus. In: Okada, M., Pierce, B.C., Scedrov, A., Tokuda, H., Yonezawa, A. (eds.) ISSS 2002. LNCS, vol. 2609, pp. 317–338. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. 12.
    Fujioka, A., Okamoto, T., Ohta, K.: A practical secret voting scheme for large scale elections. In: Zheng, Y., Seberry, J. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 244–251. Springer, Heidelberg (1993)Google Scholar
  13. 13.
    Okamoto, T.: An electronic voting scheme. In: Proc. IFIP World Conference on IT Tools, pp. 21–30 (1996)Google Scholar
  14. 14.
    Okamoto, T.: Receipt-free electronic voting schemes for large scale elections. In: Christianson, B., Lomas, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 25–35. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  15. 15.
    Schneider, S., Sidiropoulos, A.: CSP and anonymity. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 198–218. Springer, Heidelberg (1996)Google Scholar
  16. 16.
    Syverson, P.F., Goldschlag, D.M., Reed, M.G.: Anonymous connections and onion routing. In: Proc. 18th IEEE Symposium on Security and Privacy (SSP 1997), pp. 44–54. IEEE Comp. Soc. Press, Los Alamitos (1997)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Stéphanie Delaune
    • 1
  • Steve Kremer
    • 1
  • Mark Ryan
    • 2
  1. 1.LSVENS Cachan & CNRS & INRIAFrance
  2. 2.School of Computer ScienceUniversity of BirminghamUK

Personalised recommendations