Abstract
Everlasting privacy protects cryptographic voting systems against the weakening of intractability assumptions on which they may be based. We find that everlasting privacy can be obtained from protocols that do not require trust in the election talliers for privacy, as long as they are accompanied by anonymous casting. To this end, we define a novel model, \(\textsf {U-BPRIV} \), to analyze such schemes. We draw inspiration from the de facto standard framework for ballot privacy, BPRIV. We then extend \(\textsf {U-BPRIV} \) to account for everlasting privacy. Our work differs from related attempts, which only consider everlasting privacy in the context of publicly available data. Our model is fine-grained, since it also considers the level of data leakage from the various components of an election system. We evaluate our definitions by applying our models to two protocols, each representing an important paradigm for building e-voting schemes.
Similar content being viewed by others
Notes
In [38], Adi Shamir is quoted to have proclaimed that currently used cryptographic keys have a lifespan of 30 years.
In our case, since there is only one receiver, the \( n \times n \) matrices that model the exchange of messages between n players in [29] collapse to n element vectors.
For simplicity, we denote \(\textsf {result} ((v_1,c_1), \cdots , (v_n,c_n))\) as \(\textsf {result} ({\textbf {V }}{\textbf {c }})\) where \({\textbf {V }}=(v_1, \cdots , v_n)\) and \({\textbf {c }}=(c_1,\cdots , c_n)\).
While this \(\pi _{\textsf {V} _i}\) is not required in \(\textsf {FOO}\), since all votes are individually decrypted and then checked for validity we include it to also reflect properties of schemes that adopt homomorphic tallying.
For Helios this was proved in [7].
References
Adida, B.: Helios: web-based open-audit voting. In: Proceedings of the 17th conference on Security symposium, pp. 335–348. USENIX Association, (2008)
Arapinis, M., Cortier, V., Kremer, S., Ryan, M.: Practical everlasting privacy. In: Principles of Security and Trust, pp. 21–40, (2013)
Backes, M., Kate, A., Manoharan, P., Meiser, S., Mohammadi, E.: Anoa: A framework for analyzing anonymous communication protocols. J. Priv. Confidentiality, 7(2), (2016)
Benaloh, J.: Verifiable Secret-Ballot Elections. PhD thesis, September (1987)
Benaloh, J., Tuinstra, D.: Receipt-free secret-ballot elections (extended abstract). In Proceedings of the Twenty-Sixth Annual ACM Symposium on Theory of Computing, STOC ’94, pp. 544-553, New York, NY, USA, (1994). Association for Computing Machinery
Benaloh, J., Yung, M.: Distributing the power of a government to enhance the privacy of voters. In: PODC ’86, (1986)
Bernhard, D., Cortier, V., Galindo, D., Pereira, O., Warinschi, B.: Sok: A comprehensive analysis of game-based ballot privacy definitions. In: IEEE Symposium on Security and Privacy, SP 2015, pp. 499–516. IEEE Computer Society, (2015)
Bernhard, D., Pereira, O., Warinschi, B.: How not to prove yourself: Pitfalls of the fiat-shamir heuristic and applications to helios. In: ASIACRYPT, volume 7658 of Lecture Notes in Computer Science, pp. 626–643. Springer, (2012)
Bernhard, M., Benaloh, J., Halderman, J.A., Rivest, R.L., Peter, Y.A.R., Stark, P.B., Teague, V., Vora, P.L., Wallach, D.S.: Public evidence from secret ballots. In: E-VOTE-ID, LNCS, pp. 84–109. Springer, (2017)
Buchmann, J., Demirel, D., Van De Graaf, J.: Towards a publicly-verifiable mix-net providing everlasting privacy. In: LNCS, pp. 197–204, (2013)
Chaidos P., Cortier, V., Fuchsbauer, G., Galindo, D.: Beleniosrf: A non-interactive receipt-free electronic voting scheme. In: ACM Conference on Computer and Communications Security, pp. 1614–1625. ACM, (2016)
David Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM, 24(2), 84–88, 1981
Chaum, D.: Blind signatures for untraceable payments. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds.), Advances in cryptology: proceedings of CRYPTO ’82, Santa Barbara, California, USA, August 23-25, 1982., pp. 199–203. Plenum Press, New York (1982)
Chaum, David: The dining cryptographers problem: Unconditional sender and recipient untraceability. J. Cryptol. 1(1), 65–75 (1988)
Clark, J., Hengartner, U.: Selections: Internet voting with over-the-shoulder coercion-resistance. In: Danezis, G., (ed.), Financial Cryptography and Data Security - 15th International Conference, FC 2011, Gros Islet, St. Lucia, February 28 - March 4, 2011, Revised Selected Papers, volume 7035 of Lecture Notes in Computer Science, pp. 47–61. Springer, (2011)
Cortier, V., Smyth, B.: Attacking and fixing helios: An analysis of ballot secrecy. In: 2011 IEEE 24th Computer Security Foundations Symposium, pp. 297–311, (2011)
Cramer, R., Franklin, M., Schoenmakers, B., Yung, M.: Multi-Authority Secret-Ballot Elections with Linear Work, pp. 72–83 (1996)
Edouard Cuvelier, Olivier Pereira, and Thomas Peters. Election verifiability or ballot privacy: Do we need to choose? In ESORICS 2013, pages 481–498, 2013
Demirel, D., Van De Graaf, J., Araújo, R.: Improving Helios with Everlasting Privacy Towards the Public. EVT/WOTE’12, (2012)
Dingledine, R., Mathewson, N., Syverson, P.: Tor: The Second-Generation onion router. In: 13th USENIX Security Symposium (USENIX Security 04), San Diego, CA, (August 2004). USENIX Association
Fujioka, A., Okamoto, T., Ohta, K.: A practical secret voting scheme for large scale elections. In: Seberry, J., Zheng, Y. (eds), AUSCRYPT, LNCS, pp. 244–251. Springer (1992)
El Gamal, Taher: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Information Theory 31(4), 469–472 (1985)
Gelernter, N., Herzberg, A.: On the limits of provable anonymity. In: Proceedings of the 12th ACM Workshop on Workshop on Privacy in the Electronic Society, WPES ’13, pp. 225-236, New York, NY, USA, (2013). Association for Computing Machinery
Greenwald, G.: Nsa collecting phone records of millions of verizon customers daily. The Guardian, (Jun 2013)
Grontas, P., Pagourtzis, A., Zacharakis, A.: Security models for everlasting privacy. E-Vote-ID, p. 140, (2019)
Grontas, P., Pagourtzis, A., Zacharakis, A., Zhang, B.: Towards everlasting privacy and efficient coercion resistance in remote electronic voting. In: FC 2018 Workshops, BITCOIN, VOTING, and WTSC, Nieuwpoort, LNCS, pp. 210–231. Springer, (2018)
Panagiotis Grontas, Aris Pagourtzis, Alexandros Zacharakis, and Bingsheng Zhang. Publicly auditable conditional blind signatures. J. Comput. Secur., 29(2):229–271, 2021
Haines, T., Gritti, C.: Improvements in everlasting privacy: Efficient and secure zero knowledge proofs. In: E-VOTE-ID, volume 11759 of Lecture Notes in Computer Science, pp. 116–133. Springer, (2019)
Hevia, A., Micciancio, D.: An indistinguishability-based characterization of anonymous channels. In: Nikita B., Ian G. (eds.), Privacy Enhancing Technologies, 8th International Symposium, PETS 2008, Leuven, Belgium, July 23-25, 2008, Proceedings, volume 5134 of Lecture Notes in Computer Science, pp. 24–43. Springer, (2008)
Juels, A., Catalano, D., Jakobsson, M.: Coercion-resistant electronic elections. In: WPES, pp. 61–70. ACM, (2005)
Juels, A., Catalano, D., Jakobsson, M.: Coercion-Resistant Electronic Elections, pp. 37–63. Springer Berlin Heidelberg, Berlin, Heidelberg, (2010)
Kiayias, A., Zacharias, T., Zhang, B.: End-to-end verifiable elections in the standard model. In: Elisabeth O., Marc F. (eds.) Advances in Cryptology - EUROCRYPT 2015 - 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26-30, 2015, Proceedings, Part II, volume 9057 of Lecture Notes in Computer Science, pp. 468–498. Springer, (2015)
Kuhn, Christiane, Beck, Martin, Schiffner, Stefan, Jorswieck, Eduard, Strufe, Thorsten: On privacy notions in anonymous communication. Proc. Privacy Enhancing Technol. 2, 105–125 (2019)
Liu, J.K., Au, M.H., Susilo, W., Zhou, J.: Linkable ring signature with unconditional anonymity. IEEE Trans. Knowl. Data Eng., 26(1):157–165, (2014)
Liu, J.K., Wei, V.K., Wong, D.S.: Linkable spontaneous anonymous group signature for ad hoc groups (extended abstract). In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.), Information Security and Privacy: 9th Australasian Conference, ACISP 2004, Sydney, Australia, July 13-15, 2004. Proceedings, volume 3108 of Lecture Notes in Computer Science, pp. 325–335. Springer, (2004)
Locher, P., Haenni, R.: Verifiable internet elections with everlasting privacy and minimal trust. In: VoteID 2015, LNCS, pp. 74–91. Springer, (2015)
Locher, P., Haenni, R., Koenig, R.E.: Coercion-resistant internet voting with everlasting privacy. In: FC’16 Workshops, BITCOIN,VOTING,WAHC, (2016)
Moran, T., Naor, M.: Receipt-Free Universally-Verifiable Voting with Everlasting Privacy. pp. 373–392. (2006)
Moran, Tal, Naor, Moni: Split-ballot voting. ACM Transactions on Information and System Security 2, 1–43 (2010)
Ohkubo, M., Miura, F., Abe, M., Fujioka, A., Okamoto, T.: An improvement on a practical secret voting scheme, In: Information Security, LNCS pp. 225–234 (1999)
Okamoto, T.: Provably secure and practical identification schemes and corresponding signature schemes. In: Brickell, E.F. (ed.), Advances in Cryptology — CRYPTO’ 92, pp. 31–53, Berlin, Heidelberg, (1993). Springer Berlin Heidelberg
Park, C., Itoh, K., Kurosawa, K.: Efficient anonymous channel and all/nothing election scheme. In: Helleseth, T. (ed.), Advances in Cryptology — EUROCRYPT ’93, pp. 248–259, Berlin, Heidelberg, (1994). Springer Berlin Heidelberg
Perera, M.N.S., Nakamura, T., Hashimoto, M., Yokoyama, H., Cheng, C.-M., Sakurai, K.: A survey on group signatures and ring signatures: Traceability vs. anonymity. Cryptography, 6(1), (2022)
Pfitzmann, A., Hansen, M.: A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management. http://dud.inf.tu-dresden.de/literatur/Anon_Terminology_v0.34.pdf,August2010.v0.34
Zacharakis, A., Grontas, P., Pagourtzis, A.: Conditional blind signatures. (2017). https://eprint.iacr.org/2017/682
Zollinger, M.-L., Distler, V., Rønne, P.B., Ryan, P.Y.A., Lallemand, C., Koenig, V.: User experience design for e-voting: How mental models align with security mechanisms. E-Vote-ID, p 187, (2019)
Acknowledgements
This article does not contain any studies with human participants or animals performed by any of the authors.
We would like to thank Alexandros Zacharakis and the anonymous reviewers for their excellent comments and suggestions that greatly improved the paper.
Funding
The authors have received no funding.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Human and animal participants
This article does not contain any studies with human participants or animals performed by any of the authors.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Grontas, P., Pagourtzis, A. Anonymity and everlasting privacy in electronic voting. Int. J. Inf. Secur. 22, 819–832 (2023). https://doi.org/10.1007/s10207-023-00666-2
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-023-00666-2