Skip to main content

Cast-as-Intended Verification in Electronic Elections Based on Oblivious Transfer

Part of the Lecture Notes in Computer Science book series (LNSC,volume 10141)


In this paper, we propose a new method for cast-as-intended verification in remote electronic voting. We consider a setting, in which voters receive personalized verification code sheets from the authorities over a secure channel. If the codes displayed after submitting a ballot correspond to the codes printed on the code sheet, a correct ballot must have been submitted with high probability. Our approach for generating such codes and transferring them to the voter is based on an existing oblivious transfer protocol. Compared to existing cast-as-intended verification methods, less cryptographic keys are involved and weaker trust and infrastructure assumptions are required. This reduces the complexity of the process and improves the performance of certain tasks. By looking at cast-as-intended verification from the perspective of an oblivious transfer, our approach also contributes to a better understanding of the problem and relates it to a well-studied cryptographic area of research.

This is a preview of subscription content, access via your institution.

Buying options

USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions


  1. 1.

    This extended vote casting process is approved by the Swiss Federal Chancellery as a possible solution for the secure platform problem [BK113a, Appendix 7]. If there is a mismatch between any of the return codes, voters are instructed to abort the online voting process and to submit a paper ballot. In case of mismatched finalization codes, voters are instructed to contact the election administration for an investigation.

  2. 2.

    The modified protocol as presented in [CT08] is slightly more efficient, but it fits less into the particular context of this paper.

  3. 3.

    In the voting protocol presented in Sect. 3, which uses this \(\text {OT}^k_n\)-scheme to transfer return codes obliviously from the authorities to the voter, sender privacy is only required during vote casting. By revealing all n return codes at the end of the vote casting process, any attempt by malicious authorities to transfer incorrect return codes will be detected.

  4. 4.

    Without such checks, malicious authorities could actively attack the vote secrecy of some voters by responding to the \(\text {OT}^k_n\) query with some incorrect return codes. If the voter then confirms the ballot as cast, the authorities learn that no candidate corresponding to an incorrect return code has been selected. A similar attack could be launched during the election preparation. If some of the random points \(P_{ij}\) are not selected from the polynomial, then responding with the correct value \(P_i\) tells the authorities that no candidate corresponding to such an incorrect point has been selected. In the covert adversary model, publishing s prevents both variants of this attack (see paragraph on vote secrecy in Sect. 4.1).

  5. 5.

    Concatenation of voting and confirmation codes is the simplest possible solution to generalize the protocol to multiple authorities. As a consequence, the lengths of \(F_i\) and \(C_i\) are multiplied by t, which may cause problems from a usability point of view. A discussion of such usability problems and proposals for more sophisticated solutions are beyond the scope of this paper.


  1. Aiello, B., Ishai, Y., Reingold, O.: Priced oblivious transfer: how to sell digital goods. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 119–135. Springer, Heidelberg (2001). doi:10.1007/3-540-44987-6_8

    CrossRef  Google Scholar 

  2. Aumann, Y., Lindell, Y.: Security against covert adversaries: efficient protocols for realistic adversaries. J. Cryptol. 23(2), 281–343 (2010)

    CrossRef  MathSciNet  MATH  Google Scholar 

  3. Ergänzende Dokumentation zum dritten Bericht des Bundesrates zu Vote électronique. Die Schweizerische Bundeskanzlei (BK) (2013)

    Google Scholar 

  4. Technische und administrative Anforderungen an die elektronischen Stimmabgabe. Die Schweizerische Bundeskanzlei (BK) (2013)

    Google Scholar 

  5. Verordnung der Bundeskanzlei über die elektronische Stimmabgabe (VEleS). Die Schweizerische Bundeskanzlei (BK) (2013)

    Google Scholar 

  6. Boldyreva, A.: Threshold signatures, multisignatures and blind signatures based on the gap-Diffie-Hellman-group signature scheme. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 31–46. Springer, Heidelberg (2003). doi:10.1007/3-540-36288-6_3

    CrossRef  Google Scholar 

  7. Chu, C.-K., Tzeng, W.-G.: Efficient k-out-of-n oblivious transfer schemes with adaptive and non-adaptive queries. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 172–183. Springer, Heidelberg (2005). doi:10.1007/978-3-540-30580-4_12

    CrossRef  Google Scholar 

  8. Chu, C.K., Tzeng, W.G.: Efficient \(k\)-out-of-\(n\) oblivious transfer schemes. J. Univ. Comput. Sci. 14(3), 397–415 (2008)

    MathSciNet  MATH  Google Scholar 

  9. Gebhardt Stenerud, I.S., Bull, C.: When reality comes knocking - Norwegian experiences with verifiable electronic voting. In: Kripp, M.J., Volkamer, M., Grimm, R. (eds.) EVOTE 2012, 5th International Workshop on Electronic Voting, Bregenz, Austria. Lecture Notes in Informatics, vol. P-205, pp. 21–33 (2012)

    Google Scholar 

  10. Galindo, D., Guasch, S., Puiggalí, J.: 2015 Neuchâtel’s cast-as-intended verification mechanism. In: Haenni, R., Koenig, R.E., Wikström, D. (eds.) VOTELID 2015. LNCS, vol. 9269, pp. 3–18. Springer, Heidelberg (2015). doi:10.1007/978-3-319-22270-7_1

    CrossRef  Google Scholar 

  11. Gjøsteen, K.: Analysis of an internet voting protocol. IACR Cryptology ePrint Archive, 2010/380 (2010)

    Google Scholar 

  12. Gjøsteen, K.: The Norwegian internet voting protocol. In: Kiayias, A., Lipmaa, H. (eds.) Vote-ID 2011. LNCS, vol. 7187, pp. 1–18. Springer, Heidelberg (2012). doi:10.1007/978-3-642-32747-6_1

    CrossRef  Google Scholar 

  13. Heiberg, S., Lipmaa, H., Laenen, F.: On E-vote integrity in the case of malicious voter computers. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 373–388. Springer, Heidelberg (2010). doi:10.1007/978-3-642-15497-3_23

    CrossRef  Google Scholar 

  14. Lipmaa, H.: Two simple code-verification voting protocols. IACR Cryptology ePrint Archive, 2011/317 (2011)

    Google Scholar 

  15. Maurer, U.: Unifying zero-knowledge proofs of knowledge. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 272–286. Springer, Heidelberg (2009). doi:10.1007/978-3-642-02384-2_17

    CrossRef  Google Scholar 

  16. Pedersen, T.P.: A threshold cryptosystem without a trusted party. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 522–526. Springer, Heidelberg (1991). doi:10.1007/3-540-46416-6_47

    Google Scholar 

  17. Allepuz, J.P., Castelló, S.G.: Internet voting system with cast as intended verification. In: Kiayias, A., Lipmaa, H. (eds.) Vote-ID 2011. LNCS, vol. 7187, pp. 36–52. Springer, Heidelberg (2012). doi:10.1007/978-3-642-32747-6_3

    CrossRef  Google Scholar 

  18. Puiggalí, J., Guasch, S.: Cast-as-intended verification in Norway. In: Kripp, M., Volkamer, M., Grimm, R. (eds.) EVOTE 2012, 5th International Workshop on Electronic Voting, Bregenz, Austria. Lecture Notes in Informatics, vol. P-205, pp. 49–63 (2012)

    Google Scholar 

  19. Schläpfer, M., Volkamer, M.: The secure platform problem: taxonomy and analysis of existing proposals to address this problem. In: ICEGOV 2012, 6th International Conference on Theory and Practice of Electronic Governance, Albany, USA (2012)

    Google Scholar 

Download references


We thank the anonymous reviewers for their reviews and appreciate their comments and suggestions. We are also grateful to Stephan Fischli, Severin Hauser, Thomas Hofer, and Philipp Locher for helpful discussions and proofreading. This research has been supported by the State of Geneva.

Author information

Authors and Affiliations


Corresponding author

Correspondence to Rolf Haenni .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Haenni, R., Koenig, R.E., Dubuis, E. (2017). Cast-as-Intended Verification in Electronic Elections Based on Oblivious Transfer. In: Krimmer, R., et al. Electronic Voting. E-Vote-ID 2016. Lecture Notes in Computer Science(), vol 10141. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-52239-5

  • Online ISBN: 978-3-319-52240-1

  • eBook Packages: Computer ScienceComputer Science (R0)