Defining Privacy for Weighted Votes, Single and Multi-voter Coercion

  • Jannik Dreier
  • Pascal Lafourcade
  • Yassine Lakhnech
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7459)


Most existing formal privacy definitions for voting protocols are based on observational equivalence between two situations where two voters swap their votes. These definitions are unsuitable for cases where votes are weighted. In such a case swapping two votes can result in a different outcome and both situations become trivially distinguishable. We present a definition for privacy in voting protocols in the Applied π-Calculus that addresses this problem. Using our model, we are also able to define multi-voter coercion, i.e. situations where several voters are attacked at the same time. Then we prove that under certain realistic assumptions a protocol secure against coercion of a single voter is also secure against coercion of multiple voters. This applies for Receipt-Freeness as well as Coercion-Resistance.


Secret Data Weighted Vote Vote Process Electronic Vote Vote Protocol 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Backes, M., Hritcu, C., Maffei, M.: Automated verification of remote electronic voting protocols in the applied pi-calculus. In: IEEE Computer Security Foundations Symposium, pp. 195–209 (2008)Google Scholar
  2. 2.
    Delaune, S., Kremer, S., Ryan, M.: Verifying privacy-type properties of electronic voting protocols. Journal of Computer Security 17, 435–487 (2009)Google Scholar
  3. 3.
    Delaune, S., Kremer, S., Ryan, M.D.: Verifying Privacy-Type Properties of Electronic Voting Protocols: A Taster. In: Chaum, D., Jakobsson, M., Rivest, R.L., Ryan, P.Y.A., Benaloh, J., Kutylowski, M., Adida, B. (eds.) Towards Trustworthy Elections. LNCS, vol. 6000, pp. 289–309. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  4. 4.
    Dreier, J., Lafourcade, P., Lakhnech, Y.: Vote-Independence: A Powerful Privacy Notion for Voting Protocols. In: Garcia-Alfaro, J., Lafourcade, P. (eds.) FPS 2011. LNCS, vol. 6888, pp. 164–180. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  5. 5.
    Dreier, J., Lafourcade, P., Lakhnech, Y.: A formal taxonomy of privacy in voting protocols. In: First IEEE International Workshop on Security and Forensics in Communication Systems (ICC 2012 WS - SFCS) (2012)Google Scholar
  6. 6.
    Küsters, R., Truderung, T.: An Epistemic Approach to Coercion-Resistance for Electronic Voting Protocols. In: 2009 IEEE Symposium on Security and Privacy (S&P 2009), pp. 251–266. IEEE Computer Society (2009)Google Scholar
  7. 7.
    Moran, T., Naor, M.: Receipt-Free Universally-Verifiable Voting with Everlasting Privacy. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 373–392. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Smyth, B., Cortier, V.: Attacking and fixing helios: An analysis of ballot secrecy. In: Proceedings of the 24th IEEE Computer Security Foundations Symposium (CSF 2011), pp. 297–311. IEEE (2011)Google Scholar
  9. 9.
    Kremer, S., Ryan, M., Smyth, B.: Election Verifiability in Electronic Voting Protocols. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 389–404. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  10. 10.
    Smyth, B., Ryan, M.D., Kremer, S., Kourjieh, M.: Towards Automatic Analysis of Election Verifiability Properties. In: Armando, A., Lowe, G. (eds.) ARSPA-WITS 2010. LNCS, vol. 6186, pp. 146–163. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  11. 11.
    Juels, A., Catalano, D., Jakobsson, M.: Coercion-resistant electronic elections. In: Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society. WPES 2005, pp. 61–70. ACM (2005)Google Scholar
  12. 12.
    Kremer, S., Ryan, M.: Analysis of an Electronic Voting Protocol in the Applied Pi Calculus. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 186–200. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    Eliasson, C., Zúquete, A.: An electronic voting system supporting vote weights. Internet Research 16(5), 507–518 (2006)CrossRefGoogle Scholar
  14. 14.
    Joaquim, R., Zúquete, A., Ferreira, P.: Revs - a robust electronic voting system. In: IADIS International Conference e-Society 2003, Lisboa, Portugal, June 3-6 (2003)Google Scholar
  15. 15.
    Fujioka, A., Okamoto, T., Ohta, K.: A Practical Secret Voting Scheme for Large Scale Elections. In: Zheng, Y., Seberry, J. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 244–251. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  16. 16.
    Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: Proceedings of the 28th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2001, pp. 104–115. ACM, New York (2001)CrossRefGoogle Scholar
  17. 17.
    Blanchet, B., Abadi, M., Fournet, C.: Automated verification of selected equivalences for security protocols. Journal of Logic and Algebraic Programming 75(1), 3–51 (2008)MathSciNetzbMATHCrossRefGoogle Scholar
  18. 18.
    Klus, P., Smyth, B., Ryan, M.D.: Proswapper: Improved equivalence verifier for proverif (2010),
  19. 19.
    Küsters, R., Truderung, T., Vogt, A.: A game-based definition of coercion-resistance and its applications. In: Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium. CSF 2010, pp. 122–136. IEEE Computer Society, Washington, DC (2010)CrossRefGoogle Scholar
  20. 20.
    Langer, L., Jonker, H., Pieters, W.: Anonymity and Verifiability in Voting: Understanding (Un)Linkability. In: Soriano, M., Qing, S., López, J. (eds.) ICICS 2010. LNCS, vol. 6476, pp. 296–310. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  21. 21.
    Dreier, J., Lafourcade, P., Lakhnech, Y.: On defining privacy in the presence of weighted votes and the equivalence of single and multi-voter coercion. Technical Report TR-2012-2, Verimag Research Report (March 2012),
  22. 22.
    Dreier, J.: The code and scripts used to automatically verify the examples (2011),
  23. 23.
    Bohli, J.M., Müller-Quade, J., Röhrich, S.: Bingo Voting: Secure and Coercion-Free Voting Using a Trusted Random Number Generator. In: Alkassar, A., Volkamer, M. (eds.) VOTE-ID 2007. LNCS, vol. 4896, pp. 111–124. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  24. 24.
    Okamoto, T.: An electronic voting scheme. In: Proceedings of the IFIP World Conference on IT Tools, pp. 21–30 (1996)Google Scholar
  25. 25.
    Lee, B., Boyd, C., Dawson, E., Kim, K., Yang, J., Yoo, S.: Providing Receipt-Freeness in Mixnet-Based Voting Protocols. In: Lim, J.-I., Lee, D.-H. (eds.) ICISC 2003. LNCS, vol. 2971, pp. 245–258. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  26. 26.
    Wen, R., Buckland, R.: Masked Ballot Voting for Receipt-Free Online Elections. In: Ryan, P.Y.A., Schoenmakers, B. (eds.) VOTE-ID 2009. LNCS, vol. 5767, pp. 18–36. Springer, Heidelberg (2009)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Jannik Dreier
    • 1
  • Pascal Lafourcade
    • 1
  • Yassine Lakhnech
    • 1
  1. 1.CNRSUniversité Grenoble 1VerimagFrance

Personalised recommendations