Adapting Helios for Provable Ballot Privacy

  • David Bernhard
  • Véronique Cortier
  • Olivier Pereira
  • Ben Smyth
  • Bogdan Warinschi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6879)


Recent results show that the current implementation of Helios, a practical e-voting protocol, does not ensure independence of the cast votes, and demonstrate the impact of this lack of independence on vote privacy. Some simple fixes seem to be available and security of the revised scheme has been studied with respect to symbolic models.

In this paper we study the security of Helios using computational models. Our first contribution is a model for the property known as ballot privacy that generalizes and extends several existing ones.

Using this model, we investigate an abstract voting scheme (of which the revised Helios is an instantiation) built from an arbitrary encryption scheme with certain functional properties. We prove, generically, that whenever this encryption scheme falls in the class of voting-friendly schemes that we define, the resulting voting scheme provably satisfies ballot privacy.

We explain how our general result yields cryptographic security guarantees for the revised version of Helios (albeit from non-standard assumptions).

Furthermore, we show (by giving two distinct constructions) that it is possible to construct voting-friendly encryption, and therefore voting schemes, using only standard cryptographic tools.We detail an instantiation based on ElGamal encryption and Fiat-Shamir non-interactive zero-knowledge proofs that closely resembles Helios and which provably satisfies ballot privacy.


Encryption Scheme Proof System Random Oracle Vote Scheme Random Oracle Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 31, 469–472 (1985)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Cohen, (Benaloh), J., Fischer, M.: A Robust and Verifiable Cryptographically Secure Election Scheme. In: Proceedings of the 26th Symposium on Foundations of Computer Science, pp. 372–382 (1985)Google Scholar
  3. 3.
    Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)CrossRefGoogle Scholar
  4. 4.
    Benaloh, J., Yung, M.: Distributing the Power of a Government to Enhance the Privacy of Voters. In: Proceedings of the 5th Symposium on Principles of Distributed Computing, pp. 52–62 (1986)Google Scholar
  5. 5.
    Benaloh, J.: Verifiable Secret-Ballot Elections. Yale University Department of Computer Science Technical Report number 561 (1987)Google Scholar
  6. 6.
    Blum, M., Feldman, P., Micali, S.: Non-interactive zero-knowledge and its applications. In: 20th STOC, pp. 103–112 (1988)Google Scholar
  7. 7.
    Naor, M., Yung, M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: Proceedings of the Twenty-Second Annual ACM Symposium on Theory of Computing (STOC 1990), pp. 42–437 (1990)Google Scholar
  8. 8.
    Schnorr, C.: Efficient signature generation for smart cards. Journal of cryptology 4, 161–174 (1991)CrossRefzbMATHGoogle Scholar
  9. 9.
    Damgård, I.B.: Non-interactive circuit based proofs and non-interactive perfect zero-knowledge with preprocessing. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 341–355. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  10. 10.
    Bellare, M., Rogaway, P.: Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In: Proceedings of the 1st ACM Conference on Computer and Communications Security (CCS 1993), pp. 62–73 (1993)Google Scholar
  11. 11.
    Benaloh, J., Tuinstra, D.: Receipt-Free Secret-Ballot Elections. In: Proceedings of the 26th ACM Symposium on Theory of Computing, pp. 544–553 (1994)Google Scholar
  12. 12.
    Gennaro, R.: Achieving independence efficiently and securely. In: Proceedings of the 14th Principles of Distributed Computing Symposium (PODC 1995), pp. 130–136 (1995)Google Scholar
  13. 13.
    Shoup, V.: Lower Bounds for Discrete Logarithms and Related Problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  14. 14.
    Cramer, R., Gennaro, R., Schoenmakers, B.: A Secure and Optimally Efficient Multi-authority Election Scheme. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 103–118. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  15. 15.
    Camenisch, J., Stadler, M.: Efficient group signature schemes for large groups. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410–424. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  16. 16.
    Shoup, V., Gennaro, R.: Securing Threshold Cryptosystems against Chosen Ciphertext Attack. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 1–16. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  17. 17.
    Tsiounis, Y., Yung, M.: On the security of ElGamal based encryption. In: Imai, H., Zheng, Y. (eds.) PKC 1998. LNCS, vol. 1431, pp. 117–134. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  18. 18.
    Sahai, A.: Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security. In: Proceedings of th 40th Annual Symposium on Foundations of Computer Science (FOCS 1999), pp. 543–553 (1999)Google Scholar
  19. 19.
    Schnorr, C.-P., Jakobsson, M.: Security of Signed ElGamal Encryption. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 73–89. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  20. 20.
    Bellare, M., Boldyreva, A., Staddon, J.: Multi-recipient encryption schemes: Security notions and randomness re-use. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567. Springer, Heidelberg (2002), Google Scholar
  21. 21.
    Groth, J.: Evaluating Security of Voting Schemes in the Universal Composability Framework. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 46–60. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  22. 22.
    Fischlin, M.: Communication-Efficient Non-interactive Proofs of Knowledge with Online Extractors. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 152–168. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  23. 23.
    Juels, A., Catalano, D., Jakobsson, M.: Coercion-Resistant Electronic Elections. In: Proceedings of the 4th Workshop on Privacy in the Electronic Society (WPES 2005), pp. 61–70 (2005)Google Scholar
  24. 24.
    Kremer, S., Ryan, M.D.: Analysis of an Electronic Voting Protocol in the Applied Pi Calculus. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 186–200. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  25. 25.
    Moran, T., Naor, M.: Receipt-Free Universally-Verifiable Voting with Everlasting Privacy. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 373–392. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  26. 26.
    Delaune, S., Kremer, S., Ryan, M.D.: Coercion-Resistance and Receipt-Freeness in Electronic Voting. In: 19th Computer Security Foundations Workshop (CSFW 2006), pp. 28–42 (2006)Google Scholar
  27. 27.
    Chevallier-Mames, B., Fouque, P., Pointcheval, D., Stern, J., Traoré, J.: On Some Incompatible Properties of Voting Schemes. In: Proceedings of the Workshop on Trustworthy Elections, WOTE 2006 (2006)Google Scholar
  28. 28.
    Participants of the Dagstuhl Conference on Frontiers of E-Voting. Dagstuhl Accord (2007),
  29. 29.
    Benaloh, J.: Ballot Casting Assurance via Voter-Initiated Poll Station Auditing. In: Proceedings of the Second Usenix/ACCURATE Electronic Voting Technology Workshop (2007)Google Scholar
  30. 30.
    Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  31. 31.
    Clarkson, M.R., Chong, S., Myers, A.C.: Civitas: Toward a Secure Voting System. In: Proceedings of the 29th Security and Privacy Symposium (S&P 2008), pp. 354–368 (2008)Google Scholar
  32. 32.
    Adida, B.: Helios: Web-based open-audit voting. In: 17th USENIX Security Symposium, pp. 335–348 (2008),
  33. 33.
    Backes, M., Hriţcu, C., Maffei, M.: Automated Verification of Remote Electronic Voting Protocols in the Applied Pi-calculus. In: Proceedings of the 21st IEEE Computer Security Foundations Symposium (CSF 2008), pp. 195–209 (2008)Google Scholar
  34. 34.
    Wikström, D.: Simplified Submission of Inputs to Protocols. In: Ostrovsky, R., De Prisco, R., Visconti, I. (eds.) SCN 2008. LNCS, vol. 5229, pp. 293–308. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  35. 35.
    Adida, B., de Marneffe, O., Pereira, O., Quisquater, J.-J.: Electing a university president using open-audit voting: Analysis of real-world use of Helios. In: Proceedings of the 2009 Conference on Electronic Voting Technology/Workshop on Trustworthy Elections (2009)Google Scholar
  36. 36.
    International association for cryptologic research Election page at
  37. 37.
    Cortier, V., Smyth, B.: Attacking and fixing Helios: An analysis of ballot secrecy Website with description and video at (Cryptology ePrint Archive, Report 2010/625)
  38. 38.
    Kremer, S., Ryan, M., Smyth, B.: Election verifiability in electronic voting protocols. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 389–404. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  39. 39.
    Unruh, D., Müller-Quade, J.: Universally Composable Incoercibility. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 411–428. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  40. 40.
    Küsters, R., Truderung, T., Vogt, A.: A Game-Based Definition of Coercion-Resistance and its Applications. In: Proceedings of the 23rd IEEE Computer Security Foundations Symposium (CSF 2010), pp. 122–136 (2010)Google Scholar
  41. 41.
    Loftus, J., May, A., Smart, N.P., Vercauteren, F.: On CCA-Secure Fully Homomorphic Encryption,
  42. 42.
    Cortier, V., Smyth, B.: Attacking and fixing Helios: An analysis of ballot secrecy. To appear in: Proceedings of the 24th Computer Security Foundations Symposium, CSF 2011 (2011)Google Scholar
  43. 43.
    Küsters, R., Truderung, T., Vogt, A.: Verifiability, Privacy, and Coercion-Resistance: New Insights from a Case Study. To appear at the 32nd Security and Privacy Symposium, S&P 2011 (2011) (preprint)Google Scholar
  44. 44.
    Persiano, G.: About the Existence of Trapdoors in Cryptosystems. Work in Progress,
  45. 45.
    Helios voting. Website,
  46. 46.
    Helios Headquarters, Princeton University Undergraduate Student Government,

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • David Bernhard
    • 1
  • Véronique Cortier
    • 2
  • Olivier Pereira
    • 3
  • Ben Smyth
    • 2
  • Bogdan Warinschi
    • 1
  1. 1.University of BristolEngland
  2. 2.LORIA - CNRSFrance
  3. 3.Université Catholique de LouvainBelgium

Personalised recommendations