A Formal Framework for Modelling Coercion Resistance and Receipt Freeness

  • James Heather
  • Steve Schneider
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7436)


Coercion resistance and receipt freeness are critical properties for any voting system. However, many different definitions of these properties have been proposed, some formal and some informal; and there has been little attempt to tie these definitions together or identify relations between them.

We give here a general framework for specifying different coercion resistance and receipt freeness properties using the process algebra CSP. The framework is general enough to accommodate a wide range of definitions, and strong enough to cover both randomization attacks and forced abstention attacks. We provide models of some simple voting systems, and show how the framework can be used to analyze these models under different definitions of coercion resistance and receipt freeness. Our formalisation highlights the variation between the definitions, and the importance of understanding the relations between them.


secure voting CSP coercion-resistance receipt-freeness 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [Adi08]
    Adida, B.: Helios: Web-based open-audit voting. In: van Oorschot, P.C. (ed.) USENIX Security Symposium, pp. 335–348 (2008)Google Scholar
  2. [BHM08]
    Backes, M., Hritcu, C., Maffei, M.: Automated verification of remote electronic voting protocols in the applied pi-calculus. In: CSF, pp. 195–209. IEEE Computer Society (2008)Google Scholar
  3. [BT94]
    Benaloh, J.C., Tuinstra, D.: Receipt-free secret-ballot elections (extended abstract). In: STOC, pp. 544–553 (1994)Google Scholar
  4. [CRS05]
    Chaum, D., Ryan, P.Y.A., Schneider, S.: A practical voter-verifiable election scheme. In: di Vimercati, S.d.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 118–139. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. [DKR09]
    Delaune, S., Kremer, S., Ryan, M.: Verifying privacy-type properties of electronic voting protocols. Journal of Computer Security 17(4), 435–487 (2009)Google Scholar
  6. [DLL11]
    Dreier, J., Lafourcade, P., Lakhnech, Y.: A formal taxonomy of privacy in voting protocols. Technical Report TR-2011-10, Verimag (2011)Google Scholar
  7. [dMPQ07]
    de Marneffe, O., Pereira, O., Quisquater, J.-J.: Simulation-Based Analysis of E2E Voting Systems. In: Alkassar, A., Volkamer, M. (eds.) VOTE-ID 2007. LNCS, vol. 4896, pp. 137–149. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  8. [GGR09]
    Gardner, R.W., Garera, S., Rubin, A.D.: Coercion Resistant End-to-end Voting. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 344–361. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  9. [HS12]
    Heather, J., Schneider, S.A.: A formal framework for modelling coercion resistance and receipt freeness. Technical report, University of Surrey (2012)Google Scholar
  10. [JCJ05]
    Juels, A., Catalano, D., Jakobsson, M.: Coercion-resistant electronic elections. In: WPES, pp. 61–70 (2005)Google Scholar
  11. [JMP09]
    Jonker, H.L., Mauw, S., Pang, J.: A formal framework for quantifying voter-controlled privacy. J. Algorithms 64(2-3), 89–105 (2009)MathSciNetMATHCrossRefGoogle Scholar
  12. [KT09]
    Küsters, R., Truderung, T.: An epistemic approach to coercion-resistance for electronic voting protocols. In: IEEE Symposium on Security and Privacy, pp. 251–266. IEEE Computer Society (2009)Google Scholar
  13. [KTV10]
    Küsters, R., Truderung, T., Vogt, A.: A game-based definition of coercion-resistance and its applications. In: CSF, pp. 122–136. IEEE Computer Society (2010)Google Scholar
  14. [MN06]
    Moran, T., Naor, M.: Receipt-Free Universally-Verifiable Voting with Everlasting Privacy. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 373–392. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. [Oka97]
    Okamoto, T.: Receipt-Free Electronic Voting Schemes for Large Scale Elections. In: Christianson, B., Lomas, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 25–35. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  16. [Riv06]
    Rivest, R.L.: The ThreeBallot Voting System (2006), http://theory.lcs.mit.edu/~rivest/Rivest-TheThreeBallotVotingSystem.pdf
  17. [Ros98]
    Roscoe, A.W.: Theory and Practice of Concurrency. Prentice-Hall (1998)Google Scholar
  18. [Sch99]
    Schneider, S.: Concurrent and Real-time Systems. Wiley (1999)Google Scholar
  19. [UMQ10]
    Unruh, D., Müller-Quade, J.: Universally Composable Incoercibility. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 411–428. Springer, Heidelberg (2010)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • James Heather
    • 1
  • Steve Schneider
    • 1
  1. 1.University of SurreyGuildfordUK

Personalised recommendations