Polling with Physical Envelopes: A Rigorous Analysis of a Human-Centric Protocol

  • Tal Moran
  • Moni Naor
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4004)


We propose simple, realistic protocols for polling that allow the responder to plausibly repudiate his response, while at the same time allow accurate statistical analysis of poll results. The protocols use simple physical objects (envelopes or scratch-off cards) and can be performed without the aid of computers. One of the main innovations of this work is the use of techniques from theoretical cryptography to rigorously prove the security of a realistic, physical protocol. We show that, given a few properties of physical envelopes, the protocols are unconditionally secure in the universal composability framework.


Ideal Functionality Oblivious Transfer Visual Cryptography Honest Party Randomize Response Technique 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Ambainis, A., Jakobsson, M., Lipmaa, H.: Cryptographic randomized response techniques. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 425–438. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  2. 2.
    Benaloh, J., Tuinstra, D.: Receipt-free secret-ballot elections. In: STOC 1994, pp. 544–553 (1994)Google Scholar
  3. 3.
    Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: FOCS 2001, pp. 136–145 (2001)Google Scholar
  4. 4.
    Canetti, R., Dwork, C., Naor, M., Ostrovsky, R.: Deniable encryption. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 90–104. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  5. 5.
    Canetti, R., Gennaro, R.: Incoercible multiparty computation. In: FOCS 1996, pp. 504–513 (1996)Google Scholar
  6. 6.
    Chaudhuri, A., Mukerjee, R.: Randomized Response: Theory and Techniques, vol. 85. Marcel Dekker, New York (1988)MATHGoogle Scholar
  7. 7.
    Chaum, D.: E-voting: Secret-ballot receipts: True voter-verifiable elections. IEEE Security & Privacy 2(1), 38–47 (2004)CrossRefGoogle Scholar
  8. 8.
    Cleve, R.: Limits on the security of coin flips when half the processors are faulty. In: STOC 1986, pp. 364–369 (1986)Google Scholar
  9. 9.
    Crépeau, C., Kilian, J.: Achieving oblivious transfer using weakened security assumptions. In: FOCS 1988, pp. 42–52 (1988)Google Scholar
  10. 10.
    Crépeau, C., Kilian, J.: Discreet solitary games. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 319–330. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  11. 11.
    Damgård, I.B., Fehr, S., Morozov, K., Salvail, L.: Unfair noisy channels and oblivious transfer. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 355–373. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    Damgård, I.B., Kilian, J., Salvail, L.: On the (im)possibility of basing oblivious transfer and bit commitment on weakened security assumptions. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 56–73. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  13. 13.
    Diaconis, P., Holmes, S., Montgomery, R.: Dynamical bias in the coin toss (2004), http://www-stat.stanford.edu/~cgates/PERSI/papers/headswithJ.pdf
  14. 14.
    Droitcour, J.A., Larson, E.M., Scheuren, F.J.: The three card method: Estimating sensitive survey items–with permanent anonymity of response. In: Proceedings of the American Statistical Association, Social Statistics Section [CD-ROM] (2001)Google Scholar
  15. 15.
    Dwork, C., Naor, M., Sahai, A.: Concurrent zero knowledge. In: STOC 1998, pp. 409–418. ACM Press, New York (1998)Google Scholar
  16. 16.
    Fagin, R., Naor, M., Winkler, P.: Comparing information without leaking it. Commun. ACM 39(5), 77–85 (1996)CrossRefGoogle Scholar
  17. 17.
    Kikuchi, H., Akiyama, J., Nakamura, G., Gobioff, H.: Stochastic voting protocol to protect voters privacy. In: WIAPP 1999, pp. 102–111 (1999)Google Scholar
  18. 18.
    Moran, T., Naor, M.: Basing cryptographic protocols on tamper-evident seals. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 285–297. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  19. 19.
    Naor, M., Naor, Y., Reingold, O.: Applied kid cryptography (March 1999), http://www.wisdom.weizmann.ac.il/~naor/PAPERS/waldo.ps
  20. 20.
    Naor, M., Pinkas, B.: Visual authentication and identification. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 322–336. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  21. 21.
    Naor, M., Shamir, A.: Visual cryptography. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 1–12. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  22. 22.
    Sako, K., Kilian, J.: Receipt-free mix-type voting schemes. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 393–403. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  23. 23.
    Schneier, B.: The solitaire encryption algorithm (1999), http://www.schneier.com/solitaire.html
  24. 24.
    Stamm, S. Jakobsson, M.: Privacy-preserving polling using playing cards. Cryptology ePrint Archive, Report 2005/444 (December 2005)Google Scholar
  25. 25.
    Warner, S.: Randomized response: A survey technique for eliminating evasive answer bias. Journal of the American Statistical Association, 63–69 (1965)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Tal Moran
    • 1
  • Moni Naor
    • 1
  1. 1.Department of Computer Science and Applied Mathematics, Weizmann Institute of ScienceRehovotIsrael

Personalised recommendations