Abstract
We study game-based definitions of individual and universal verifiability by Smyth, Frink and Clarkson. We prove that building voting systems from El Gamal coupled with proofs of correct key generation suffices for individual verifiability. We also prove that it suffices for an aspect of universal verifiability. Thereby eliminating the expense of individual-verifiability proofs and simplifying universal-verifiability proofs for a class of encryption-based voting systems. We use the definitions of individual and universal verifiability to analyse the mixnet variant of Helios. Our analysis reveals that universal verifiability is not satisfied by implementations using the weak Fiat-Shamir transformation. Moreover, we prove that individual and universal verifiability are satisfied when statements are included in hashes (i.e., when using the Fiat-Shamir transformation, rather than the weak Fiat-Shamir transformation).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Smyth, Frink and Clarkson use the syntax to model first-past-the-post voting systems and Smyth shows the syntax is sufficiently versatile to capture ranked-choice voting systems [33]. Moreover, Smyth, Frink and Clarkson extend the syntax to voting systems with eligibility verifiability, which enables anyone to check whether counted votes were cast by voters. (Quaglia and Smyth [29] define a transformation from election schemes to the extended syntax which ensures secrecy and verifiability.) Eligibility verifiability seems to require expensive infrastructures for voter credentials and some systems – including Helios and Helios Mixnet – forgo eligibility verifiability in favour of cheaper, non-verifiable ballot authentication mechanisms. Hence, we do not pursue eligibility verifiability further.
- 2.
Let \(A(x_1,\dots ,x_n; r)\) denote the output of probabilistic algorithm A on inputs \(x_1,\dots ,x_n\) and random coins r. Let \(A(x_1,\dots ,x_n)\) denote \(A(x_1,\dots ,x_n;r)\), where r is chosen uniformly at random. And let \(\leftarrow \) denote assignment.
- 3.
- 4.
Function \( correct\text {-}outcome \) uses a counting quantifier [32] denoted \(\exists ^{=}\). Predicate \((\exists ^{=\ell } x : P(x))\) holds exactly when there are \(\ell \) distinct values for x such that P(x) is satisfied. Variable x is bound by the quantifier, whereas \(\ell \) is free.
- 5.
Smyth, Frink and Clarkson [37] consider a definition of injectivity which quantifies over all public keys, rather than public keys constructed by an adversary. That definition is stronger than necessary.
- 6.
Cortier et al. [10, §8.5 & §10.1] claim that definitions by Smyth, Frink and Clarkson are flawed. Those claims were discussed with Cortier et al. (email communication, April’16) and are believed to be false [37, §9]. Moreover, Smyth, Frink and Clarkson prove that any flaw in their definitions implies flaws in the context of global verifiability, which should increase confidence in their definitions.
- 7.
Election scheme \(\mathsf {Enc2Vote}^*\) (Sect. 1) couples \(\mathsf {Enc2Vote}\) with proofs of correct key generation and proofs of correct decryption, hence, it is distinguished from schemes produced by \(\mathsf {Enc2Vote}^+\). This distinction enables \(\mathsf {Enc2Vote}^*\) to satisfy individual and universal verifiability, whereas \(\mathsf {Enc2Vote}^+\) cannot produce schemes satisfying universal verifiability.
- 8.
Election scheme \(\mathsf {Enc2Vote}^+(\varPi ,\varSigma ,\mathcal H)\) adopts the setup algorithm formalised by Smyth, Frink and Clarkson for Helios [37, Appendix C].
- 9.
Let \(\mathsf {FS}(\varSigma ,\mathcal H)\) denote the non-interactive proof system derived by application of the Fiat-Shamir transformation to sigma protocol \(\varSigma \) and hash function \(\mathcal H\).
- 10.
Correctness of asymmetric encryption schemes only ensures ciphertexts do not collide for distinct plaintexts.
- 11.
The planned implementation of Helios Mixnet (http://documentation.heliosvoting.org/verification-specs/mixnet-support, published c. 2010, accessed 19 Dec 2017, and https://web.archive.org/web/20110119223848/http://documentation.heliosvoting.org/verification-specs/helios-v3-1, published Dec 2010, accessed 15 Sep 2017) has not been released.
- 12.
https://github.com/benadida/helios-server/pull/133, published 31 May 2016, accessed 21 Sep 2017.
- 13.
Bernhard, Pereira and Warinschi show that a malicious tallier can add votes for their preferred candidate and remove votes for other candidates. Smyth, Frink and Clarkson formalise that attack and prove that soundness is not satisfied [37].
- 14.
- 15.
- 16.
Our proof of Theorem 7 uses a result by Bernhard et al. [4] that shows non-interactive proof systems derived by application of the Fiat-Shamir transformation satisfy zero-knowledge, assuming the underlying sigma protocols satisfy special soundness and special honest-verifier zero-knowledge. We will not need the details of those properties, so we omit formal definitions; see Bernhard et al. for formalisations.
- 17.
Properties such as correctness are typically required to hold with overwhelming probability. A property is perfect if the probability is 1.
- 18.
See commitments d2653d4 (9 Oct 2017), 4fddcd3 (11 Oct 2017), and aab1b6f (9 Oct 2017), accessed 20 Dec 2017.
- 19.
See commitment 9af7674 (25 Dec 2017).
References
Adida, B.: Helios: web-based open-audit voting. In: USENIX Security 2008: 17th USENIX Security Symposium, pp. 335–348. USENIX Association (2008)
Adida, B., Marneffe, O., Pereira, O., Quisquater, J.: Electing a university president using open-audit voting: analysis of real-world use of Helios. In: EVT/WOTE 2009: Electronic Voting Technology Workshop/Workshop on Trustworthy Elections. USENIX Association (2009)
Alvarez, R.M., Hall, T.E.: Electronic Elections: The Perils and Promises of Digital Democracy. Princeton University Press, Princeton (2010)
Bernhard, D., Pereira, O., Warinschi, B.: How not to prove yourself: pitfalls of the fiat-shamir heuristic and applications to Helios. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 626–643. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34961-4_38
Bowen, D.: Secretary of State Debra Bowen Moves to Strengthen Voter Confidence in Election Security Following Top-to-Bottom Review of Voting Systems. California Secretary of State, press release DB07:042, August 2007
Bulens, P., Giry, D., Pereira, O.: Running Mixnet-based elections with Helios. In: EVT/WOTE 2011: Electronic Voting Technology Workshop/Workshop on Trustworthy Elections. USENIX Association (2011)
Bundesverfassungsgericht: Use of voting computers in 2005 Bundestag election unconstitutional, press release 19 March 2009
Chang-Fong, N., Essex, A.: The cloudier side of cryptographic end-to-end verifiable voting: a security analysis of Helios. In: ACSAC 2016: 32nd Annual Conference on Computer Security Applications, pp. 324–335. ACM Press (2016)
Cortier, V., Galindo, D., Glondu, S., Izabachène, M.: Election verifiability for Helios under weaker trust assumptions. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014, Part II. LNCS, vol. 8713, pp. 327–344. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11212-1_19
Cortier, V., Galindo, D., Küsters, R., Mueller, J., Truderung, T.: SoK: verifiability notions for E-voting protocols. In: S&P 2016: 37th IEEE Symposium on Security and Privacy, pp. 779–798. IEEE Computer Society (2016)
Cortier, V., Smyth, B.: Attacking and fixing Helios: an analysis of ballot secrecy. J. Comput. Secur. 21(1), 89–148 (2013)
ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 31(4), 469–472 (1985)
Gumbel, A.: Steal This Vote: Dirty Elections and the Rotten History of Democracy in America. Nation Books, New York (2005)
Jones, D.W., Simons, B.: Broken Ballots: Will Your Vote Count?, CSLI Lecture Notes, vol. 204. Center for the Study of Language and Information, Stanford University (2012)
Juels, A., Catalano, D., Jakobsson, M.: Coercion-resistant electronic elections. In: Chaum, D., et al. (eds.) Towards Trustworthy Elections. LNCS, vol. 6000, pp. 37–63. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12980-3_2
Katz, J., Lindell, Y.: Introduction to Modern Cryptography. Chapman & Hall/CRC, Boca Raton (2007)
Kiayias, A., Zacharias, T., Zhang, B.: End-to-end verifiable elections in the standard model. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part II. LNCS, vol. 9057, pp. 468–498. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_16
Kohno, T., Stubblefield, A., Rubin, A.D., Wallach, D.S.: Analysis of an electronic voting system. In: S&P 2004: 25th Security and Privacy Symposium, pp. 27–40. IEEE Computer Society (2004)
Kremer, S., Ryan, M., Smyth, B.: Election verifiability in electronic voting protocols. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 389–404. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15497-3_24
Küsters, R., Truderung, T., Vogt, A.: Accountability: definition and relationship to verifiability. In: CCS 2010: 17th ACM Conference on Computer and Communications Security, pp. 526–535. ACM Press (2010)
Küsters, R., Truderung, T., Vogt, A.: Verifiability, privacy, and coercion-resistance: new insights from a case study. In: S&P 2011: 32nd IEEE Symposium on Security and Privacy, pp. 538–553. IEEE Computer Society (2011)
Küsters, R., Truderung, T., Vogt, A.: Clash attacks on the verifiability of e-voting systems. In: S&P 2012: 33rd IEEE Symposium on Security and Privacy, pp. 395–409. IEEE Computer Society (2012)
Küsters, R., Truderung, T., Vogt, A.: Accountability: Definition and relationship to verifiability. Cryptology ePrint Archive, Report 2010/236 (version 20150202:163211) (2015)
Lijphart, A., Grofman, B.: Choosing an Electoral System: Issues and Alternatives. Praeger, New York (1984)
Meyer, M., Smyth, B.: An attack against the Helios election system that exploits re-voting. arXiv, Report 1612.04099 (2017)
Organization for Security and Co-operation in Europe: Document of the Copenhagen Meeting of the Conference on the Human Dimension of the CSCE (1990)
Organization of American States: American Convention on Human Rights, “Pact of San Jose, Costa Rica” (1969)
Quaglia, E.A., Smyth, B.: A short introduction to secrecy and verifiability for elections. arXiv, Report 1702.03168 (2017)
Quaglia, E.A., Smyth, B.: Authentication with weaker trust assumptions for voting systems. In: Joux, A., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2018. LNCS, vol. 10831, pp. 322–343. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89339-6_18
Quaglia, E.A., Smyth, B.: Secret, verifiable auctions from elections. Theor. Comput. Sci. 730, 44–92 (2018)
Saalfeld, T.: On Dogs and Whips: Recorded Votes. In: Döring, H. (ed.) Parliaments and Majority Rule in Western Europe, chap. 16. St. Martin’s Press (1995)
Schweikardt, N.: Arithmetic, first-order logic, and counting quantifiers. ACM Trans. Comput. Logic 6(3), 634–671 (2005)
Smyth, B.: First-past-the-post suffices for ranked voting (2017). https://bensmyth.com/publications/2017-FPTP-suffices-for-ranked-voting/
Smyth, B.: Ballot secrecy: Security definition, sufficient conditions, and analysis of Helios. Cryptology ePrint Archive, Report 2015/942 (2018)
Smyth, B.: A foundation for secret, verifiable elections. Cryptology ePrint Archive, Report 2018/225 (2018)
Smyth, B.: Verifiability of Helios Mixnet. Cryptology ePrint Archive, Report 2018/017 (2018)
Smyth, B., Frink, S., Clarkson, M.R.: Election Verifiability: Cryptographic Definitions and an Analysis of Helios and JCJ. Cryptology ePrint Archive, Report 2015/233 (version 20170111:122701) (2017)
Smyth, B., Ryan, M., Kremer, S., Kourjieh, M.: Towards automatic analysis of election verifiability properties. In: Armando, A., Lowe, G. (eds.) ARSPA-WITS 2010. LNCS, vol. 6186, pp. 146–163. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-16074-5_11
Tsoukalas, G., Papadimitriou, K., Louridas, P., Tsanakas, P.: From Helios to Zeus. J. Election Technol. Syst. 1(1) (2013). https://urldefense.proofpoint.com/v2/url?u=https-3A__www.usenix.org_jets_issues_0101_tsoukalas&d=DwIFaQ&c=vh6FgFnduejNhPPD0fl_yRaSfZy8CWbWnIf4XJhSqx8&r=UyK1_569d50MjVlUSODJYRW2epEY0RveVNq0YCmePcDz4DQHW-CkWcttrwneZ0md&m=6EAFPmFSNE5qoSAwI-hDvmdi5W1Y7BmKHjhYQo8nTNU&s=IXGRxucaGDKopsMW-my9O271R16qfbDPYE2rcbjuiyI&e=--
UK Electoral Commission: Key issues and conclusions: May 2007 electoral pilot schemes, May 2007
United Nations: Universal Declaration of Human Rights (1948)
Acknowledgements
I am grateful to Steve Kremer and the anonymous reviewers for useful feedback that helped improve this paper. I am also grateful to Yingtong Li (developer of helios-server-mixnet) and to Georgios Tsoukalas and Panos Louridas (developers of Zeus) for discussions about their voting systems.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 International Financial Cryptography Association
About this paper
Cite this paper
Smyth, B. (2019). Verifiability of Helios Mixnet. In: Zohar, A., et al. Financial Cryptography and Data Security. FC 2018. Lecture Notes in Computer Science(), vol 10958. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-58820-8_17
Download citation
DOI: https://doi.org/10.1007/978-3-662-58820-8_17
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-58819-2
Online ISBN: 978-3-662-58820-8
eBook Packages: Computer ScienceComputer Science (R0)