A Formal Analysis of the Norwegian E-voting Protocol

  • Véronique Cortier
  • Cyrille Wiedling
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7215)


Norway has used e-voting in its last political election in September 2011, with more than 25 000 voters using the e-voting option. The underlying protocol is a new protocol designed by the ERGO group, involving several actors (a bulletin box but also a receipt generator, a decryption service, and an auditor). Of course, trusting the correctness and security of e-voting protocols is crucial in that context. Formal definitions of properties such as privacy, coercion-resistance or verifiability have been recently proposed, based on equivalence properties.

In this paper, we propose a formal analysis of the protocol used in Norway, w.r.t. privacy, considering several corruption scenarios. Part of this study has conducted using the ProVerif tool, on a simplified model.


e-voting privacy formal methods 


  1. 1.
  2. 2.
    Web page of the norwegian government on the deployment of e-voting,
  3. 3.
    Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: 28th ACM Symposium on Principles of Programming Languages, POPL 2001 (2001)Google Scholar
  4. 4.
    Bernhard, D., Cortier, V., Pereira, O., Smyth, B., Warinschi, B.: Adapting Helios for Provable Ballot Privacy. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 335–354. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  5. 5.
    Blanchet, B.: An automatic security protocol verifier based on resolution theorem proving (invited tutorial). In: 20th International Conference on Automated Deduction (CADE-20), Tallinn, Estonia (July 2005)Google Scholar
  6. 6.
    Blanchet, B., Abadi, M., Fournet, C.: Automated verification of selected equivalences for security protocols. In: 20th IEEE Symposium on Logic in Computer Science (LICS 2005), pp. 331–340. IEEE Computer Society (June 2005)Google Scholar
  7. 7.
    Chadha, R., Ciobâcă, Ş., Kremer, S.: Automated Verification of Equivalence Properties of Cryptographic Protocols. In: 21th European Symposium on Programming (ESOP 2012). LNCS, Springer, Heidelberg (to appear, 2012)Google Scholar
  8. 8.
    Cheval, V., Comon-Lundh, H., Delaune, S.: Trace equivalence decision: Negative tests and non-determinism. In: 18th ACM Conference on Computer and Communications Security (CCS 2011). ACM Press (October 2011)Google Scholar
  9. 9.
    Cortier, V., Delaune, S.: A method for proving observational equivalence. In: 22nd Computer Security Foundations Symposium (CSF 2009). IEEE Computer Society (2009)Google Scholar
  10. 10.
    Cortier, V., Smyth, B.: Attacking and fixing Helios: An analysis of ballot secrecy. In: 24th Computer Security Foundations Symposium (CSF 2011). IEEE Computer Society (2011)Google Scholar
  11. 11.
    Cortier, V., Wiedling, C.: A formal analysis of the Norwegian e-voting protocol. Technical Report RR-7781, INRIA (November 2011)Google Scholar
  12. 12.
    Delaune, S., Kremer, S., Ryan, M.D.: Verifying privacy-type properties of electronic voting protocols. Journal of Computer Security 17(4), 435–487 (2009)Google Scholar
  13. 13.
    Feldman, A.J., Halderman, J.A., Felten, E.W.: Security analysis of the diebold accuvote-ts voting machine (2006),
  14. 14.
    Fujioka, A., Okamoto, T., Ohta, K.: A Practical Secret Voting Scheme for Large Scale Elections. In: Zheng, Y., Seberry, J. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 244–251. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  15. 15.
    Gjøsteen, K.: Analysis of an internet voting protocol. Cryptology ePrint Archive, Report 2010/380 (2010),
  16. 16.
    Klus, P., Smyth, B., Ryan, M.D.: ProSwapper: Improved equivalence verifier for ProVerif (2010),
  17. 17.
    Kremer, S., Ryan, M., Smyth, B.: Election Verifiability in Electronic Voting Protocols. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 389–404. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  18. 18.
    Küsters, R., Truderung, T.: An Epistemic Approach to Coercion-Resistance for Electronic Voting Protocols. In: IEEE Symposium on Security and Privacy (S&P 2009), pp. 251–266. IEEE Computer Society (2009)Google Scholar
  19. 19.
    Küsters, R., Truderung, T., Vogt, A.: A Game-Based Definition of Coercion-Resistance and its Applications. In: 23nd IEEE Computer Security Foundations Symposium (CSF 2010). IEEE Computer Society (2010)Google Scholar
  20. 20.
    Küsters, R., Truderung, T., Vogt, A.: Proving Coercion-Resistance of Scantegrity II. In: Soriano, M., Qing, S., López, J. (eds.) ICICS 2010. LNCS, vol. 6476, pp. 281–295. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  21. 21.
    Lee, B., Boyd, C., Dawson, E., Kim, K., Yang, J., Yoo, S.: Providing Receipt-Freeness in Mixnet-Based Voting Protocols. In: Lim, J.-I., Lee, D.-H. (eds.) ICISC 2003. LNCS, vol. 2971, pp. 245–258. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  22. 22.
    Liu, J.: A Proof of Coincidence of Labeled Bisimilarity and Observational Equivalence in Applied Pi Calculus (2011),
  23. 23.
    Okamoto, T.: Receipt-Free Electronic Voting Schemes for Large Scale Elections. In: Christianson, B., Lomas, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 25–35. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  24. 24.
    Wolchok, S., Wustrow, E., Halderman, J.A., Prasad, H.K., Kankipati, A., Sakhamuri, S.K., Yagati, V., Gonggrijp, R.: Security analysis of india’s electronic voting machines. In: 17th ACM Conference on Computer and Communications Security, CCS 2010 (2010)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Véronique Cortier
    • 1
  • Cyrille Wiedling
    • 1
  1. 1.LORIA - CNRSNancyFrance

Personalised recommendations