Election Verifiability in Electronic Voting Protocols

  • Steve Kremer
  • Mark Ryan
  • Ben Smyth
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6345)


We present a formal, symbolic definition of election verifiability for electronic voting protocols in the context of the applied pi calculus. Our definition is given in terms of boolean tests which can be performed on the data produced by an election. The definition distinguishes three aspects of verifiability: individual, universal and eligibility verifiability. It also allows us to determine precisely which aspects of the system’s hardware and software must be trusted for the purpose of election verifiability. In contrast with earlier work our definition is compatible with a large class of electronic voting schemes, including those based on blind signatures, homomorphic encryption and mixnets. We demonstrate the applicability of our formalism by analysing three protocols: FOO, Helios 2.0, and Civitas (the latter two have been deployed).


Vote System Blind Signature Bulletin Board Public Credential Homomorphic Encryption 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: POPL 2001: Proc. 28th ACM Symposium on Principles of Programming Languages, pp. 104–115. ACM, New York (2001)CrossRefGoogle Scholar
  2. 2.
    Adida, B.: Advances in Cryptographic Voting Systems. PhD thesis, MIT (2006)Google Scholar
  3. 3.
    Adida, B.: Helios: Web-based open-audit voting. In: Proc. 17th Usenix Security Symposium, pp. 335–348. USENIX Association (2008)Google Scholar
  4. 4.
    Adida, B., de Marneffe, O., Pereira, O., Quisquater, J.-J.: Electing a university president using open-audit voting: Analysis of real-world use of Helios. In: Electronic Voting Technology/Workshop on Trustworthy Elections, EVT/WOTE (2009)Google Scholar
  5. 5.
    Anderson, R., Needham, R.: Programming Satan’s Computer. In: van Leeuwen, J. (ed.) Computer Science Today. LNCS, vol. 1000, pp. 426–440. Springer, Heidelberg (1995)Google Scholar
  6. 6.
    Backes, M., Hritcu, C., Maffei, M.: Automated verification of remote electronic voting protocols in the applied pi-calculus. In: CSF 2008: Proc. 21st IEEE Computer Security Foundations Symposium, Washington, USA, pp. 195–209. IEEE, Los Alamitos (2008)Google Scholar
  7. 7.
    Baskar, A., Ramanujam, R., Suresh, S.P.: Knowledge-based modelling of voting protocols. In: TARK 2007: Proc. 11th International Conference on Theoretical Aspects of Rationality and Knowledge, pp. 62–71. ACM, New York (2007)CrossRefGoogle Scholar
  8. 8.
    Bowen, D.: Secretary of State Debra Bowen Moves to Strengthen Voter Confidence in Election Security Following Top-to-Bottom Review of Voting Systems. California Secretary of State, press release DB07:042 (August 2007),
  9. 9.
    Bundesverfassungsgericht (Germany’s Federal Constitutional Court). Use of voting computers in 2005 Bundestag election unconstitutional. Press release 19/2009 (March 2009),
  10. 10.
    Chaum, D., Ryan, P.Y.A., Schneider, S.: A practical, voter-verifiable election scheme. In: di Vimercati, S.d.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 118–139. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Chevallier-Mames, B., Fouque, P.-A., Pointcheval, D., Stern, J., Traore, J.: On Some Incompatible Properties of Voting Schemes. In: WOTE 2006: Proc. Workshop on Trustworthy Elections (2006)Google Scholar
  12. 12.
    Clarkson, M.R., Chong, S., Myers, A.C.: Civitas: Toward a secure voting system. Technical Report 2007-2081, Cornell University (May 2007), (revised March 2008)
  13. 13.
    Clarkson, M.R., Chong, S., Myers, A.C.: Civitas: Toward a secure voting system. In: S&P 2008: Proc. Symposium on Security and Privacy, pp. 354–368. IEEE, Los Alamitos (2008)Google Scholar
  14. 14.
    Delaune, S., Kremer, S., Ryan, M.D.: Verifying privacy-type properties of electronic voting protocols. Journal of Computer Security 17(4), 435–487 (2009)Google Scholar
  15. 15.
    Fujioka, A., Okamoto, T., Ohta, K.: A Practical Secret Voting Scheme for Large Scale Elections. In: ASIACRYPT 1992: Proc. Workshop on the Theory and Application of Cryptographic Techniques, pp. 244–251. Springer, Heidelberg (1992)Google Scholar
  16. 16.
    Jakobsson, M., Juels, A.: Mix and match: Secure function evaluation via ciphertexts. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 162–177. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  17. 17.
    Juels, A., Catalano, D., Jakobsson, M.: Coercion-Resistant Electronic Elections. Cryptology ePrint Archive, Report 2002/165 (2002)Google Scholar
  18. 18.
    Juels, A., Catalano, D., Jakobsson, M.: Coercion-resistant electronic elections. In: WPES 2005: Proc. Workshop on Privacy in the Electronic Society, pp. 61–70. ACM, New York (2005)CrossRefGoogle Scholar
  19. 19.
    Kremer, S., Smyth, B., Ryan, M.D.: Election verifiability in electronic voting protocols. Technical Report CSR-10-06, University of Birmingham, School of Computer Science (2010),
  20. 20.
    Ministerie van Binnenlandse Zaken en Koninkrijksrelaties (Netherland’s Ministry of the Interior and Kingdom Relations). Stemmen met potlood en papier (Voting with pencil and paper). Press release (May 2008),–en/112441/stemmen-met-potlood
  21. 21.
    Participants of the Dagstuhl Conference on Frontiers of E-Voting. Dagstuhl accord (2007),
  22. 22.
    Ryan, M.D., Smyth, B.: Applied pi calculus. In: Cortier, V., Kremer, S. (eds.) Formal Models and Techniques for Analyzing Security Protocols, ch. 6. IOS Press, Amsterdam (2010)Google Scholar
  23. 23.
    Smyth, B., Ryan, M.D., Kremer, S., Kourjieh, M.: Towards automatic analysis of election verifiability properties. In: Joint Workshop on Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security (ARSPA-WITS 2010). LNCS. Springer, Heidelberg (2010)Google Scholar
  24. 24.
    Talbi, M., Morin, B., Tong, V.V.T., Bouhoula, A., Mejri, M.: Specification of electronic voting protocol properties using ADM logic: FOO case study. In: Chen, L., Ryan, M.D., Wang, G. (eds.) ICICS 2008. LNCS, vol. 5308, pp. 403–418. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  25. 25.
    UK Electoral Commission. Key issues and conclusions: electoral pilot schemes (May 2007),

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Steve Kremer
    • 1
  • Mark Ryan
    • 2
  • Ben Smyth
    • 2
    • 3
  1. 1.LSVENS Cachan & CNRS & INRIAFrance
  2. 2.School of Computer ScienceUniversity of BirminghamUK
  3. 3.École Normale Supérieure & CNRS & INRIAFrance

Personalised recommendations