Skip to main content
SpringerLink
Log in

Verifiability of Helios Mixnet

  • Conference paper
  • First Online:
Financial Cryptography and Data Security (FC 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10958))

Included in the following conference series:

Abstract

We study game-based definitions of individual and universal verifiability by Smyth, Frink and Clarkson. We prove that building voting systems from El Gamal coupled with proofs of correct key generation suffices for individual verifiability. We also prove that it suffices for an aspect of universal verifiability. Thereby eliminating the expense of individual-verifiability proofs and simplifying universal-verifiability proofs for a class of encryption-based voting systems. We use the definitions of individual and universal verifiability to analyse the mixnet variant of Helios. Our analysis reveals that universal verifiability is not satisfied by implementations using the weak Fiat-Shamir transformation. Moreover, we prove that individual and universal verifiability are satisfied when statements are included in hashes (i.e., when using the Fiat-Shamir transformation, rather than the weak Fiat-Shamir transformation).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Smyth, Frink and Clarkson use the syntax to model first-past-the-post voting systems and Smyth shows the syntax is sufficiently versatile to capture ranked-choice voting systems [33]. Moreover, Smyth, Frink and Clarkson extend the syntax to voting systems with eligibility verifiability, which enables anyone to check whether counted votes were cast by voters. (Quaglia and Smyth [29] define a transformation from election schemes to the extended syntax which ensures secrecy and verifiability.) Eligibility verifiability seems to require expensive infrastructures for voter credentials and some systems – including Helios and Helios Mixnet – forgo eligibility verifiability in favour of cheaper, non-verifiable ballot authentication mechanisms. Hence, we do not pursue eligibility verifiability further.

  2. 2.

    Let \(A(x_1,\dots ,x_n; r)\) denote the output of probabilistic algorithm A on inputs \(x_1,\dots ,x_n\) and random coins r. Let \(A(x_1,\dots ,x_n)\) denote \(A(x_1,\dots ,x_n;r)\), where r is chosen uniformly at random. And let \(\leftarrow \) denote assignment.

  3. 3.

    Quaglia and Smyth [28] provide a tutorial-style introduction to the individual and universal verifiability definitions by Smyth, Frink and Clarkson and Smyth [35] provides a detailed technical introduction.

  4. 4.

    Function \( correct\text {-}outcome \) uses a counting quantifier [32] denoted \(\exists ^{=}\). Predicate \((\exists ^{=\ell } x : P(x))\) holds exactly when there are \(\ell \) distinct values for x such that P(x) is satisfied. Variable x is bound by the quantifier, whereas \(\ell \) is free.

  5. 5.

    Smyth, Frink and Clarkson [37] consider a definition of injectivity which quantifies over all public keys, rather than public keys constructed by an adversary. That definition is stronger than necessary.

  6. 6.

    Cortier et al. [10, §8.5 & §10.1] claim that definitions by Smyth, Frink and Clarkson are flawed. Those claims were discussed with Cortier et al. (email communication, April’16) and are believed to be false [37, §9]. Moreover, Smyth, Frink and Clarkson prove that any flaw in their definitions implies flaws in the context of global verifiability, which should increase confidence in their definitions.

  7. 7.

    Election scheme \(\mathsf {Enc2Vote}^*\) (Sect. 1) couples \(\mathsf {Enc2Vote}\) with proofs of correct key generation and proofs of correct decryption, hence, it is distinguished from schemes produced by \(\mathsf {Enc2Vote}^+\). This distinction enables \(\mathsf {Enc2Vote}^*\) to satisfy individual and universal verifiability, whereas \(\mathsf {Enc2Vote}^+\) cannot produce schemes satisfying universal verifiability.

  8. 8.

    Election scheme \(\mathsf {Enc2Vote}^+(\varPi ,\varSigma ,\mathcal H)\) adopts the setup algorithm formalised by Smyth, Frink and Clarkson for Helios [37, Appendix C].

  9. 9.

    Let \(\mathsf {FS}(\varSigma ,\mathcal H)\) denote the non-interactive proof system derived by application of the Fiat-Shamir transformation to sigma protocol \(\varSigma \) and hash function \(\mathcal H\).

  10. 10.

    Correctness of asymmetric encryption schemes only ensures ciphertexts do not collide for distinct plaintexts.

  11. 11.

    The planned implementation of Helios Mixnet (http://documentation.heliosvoting.org/verification-specs/mixnet-support, published c. 2010, accessed 19 Dec 2017, and https://web.archive.org/web/20110119223848/http://documentation.heliosvoting.org/verification-specs/helios-v3-1, published Dec 2010, accessed 15 Sep 2017) has not been released.

  12. 12.

    https://github.com/benadida/helios-server/pull/133, published 31 May 2016, accessed 21 Sep 2017.

  13. 13.

    Bernhard, Pereira and Warinschi show that a malicious tallier can add votes for their preferred candidate and remove votes for other candidates. Smyth, Frink and Clarkson formalise that attack and prove that soundness is not satisfied [37].

  14. 14.

    A further soundness vulnerability is known [37], as are secrecy [11] and eligibility [25] vulnerabilities.

  15. 15.

    The tallying and verification algorithms in Definition 9 adapt (unpublished) algorithms prepared by Quaglia and Smyth in the context of  [30]. Quaglia and Smyth have since incorporated these adaptations into their work to take advantage of the results presented in this manuscript.

  16. 16.

    Our proof of Theorem 7 uses a result by Bernhard et al. [4] that shows non-interactive proof systems derived by application of the Fiat-Shamir transformation satisfy zero-knowledge, assuming the underlying sigma protocols satisfy special soundness and special honest-verifier zero-knowledge. We will not need the details of those properties, so we omit formal definitions; see Bernhard et al. for formalisations.

  17. 17.

    Properties such as correctness are typically required to hold with overwhelming probability. A property is perfect if the probability is 1.

  18. 18.

    See commitments d2653d4 (9 Oct 2017), 4fddcd3 (11 Oct 2017), and aab1b6f (9 Oct 2017), accessed 20 Dec 2017.

  19. 19.

    See commitment 9af7674 (25 Dec 2017).

References

  1. Adida, B.: Helios: web-based open-audit voting. In: USENIX Security 2008: 17th USENIX Security Symposium, pp. 335–348. USENIX Association (2008)

    Google Scholar 

  2. Adida, B., Marneffe, O., Pereira, O., Quisquater, J.: Electing a university president using open-audit voting: analysis of real-world use of Helios. In: EVT/WOTE 2009: Electronic Voting Technology Workshop/Workshop on Trustworthy Elections. USENIX Association (2009)

    Google Scholar 

  3. Alvarez, R.M., Hall, T.E.: Electronic Elections: The Perils and Promises of Digital Democracy. Princeton University Press, Princeton (2010)

    Book  Google Scholar 

  4. Bernhard, D., Pereira, O., Warinschi, B.: How not to prove yourself: pitfalls of the fiat-shamir heuristic and applications to Helios. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 626–643. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34961-4_38

    Chapter  Google Scholar 

  5. Bowen, D.: Secretary of State Debra Bowen Moves to Strengthen Voter Confidence in Election Security Following Top-to-Bottom Review of Voting Systems. California Secretary of State, press release DB07:042, August 2007

    Google Scholar 

  6. Bulens, P., Giry, D., Pereira, O.: Running Mixnet-based elections with Helios. In: EVT/WOTE 2011: Electronic Voting Technology Workshop/Workshop on Trustworthy Elections. USENIX Association (2011)

    Google Scholar 

  7. Bundesverfassungsgericht: Use of voting computers in 2005 Bundestag election unconstitutional, press release 19 March 2009

    Google Scholar 

  8. Chang-Fong, N., Essex, A.: The cloudier side of cryptographic end-to-end verifiable voting: a security analysis of Helios. In: ACSAC 2016: 32nd Annual Conference on Computer Security Applications, pp. 324–335. ACM Press (2016)

    Google Scholar 

  9. Cortier, V., Galindo, D., Glondu, S., Izabachène, M.: Election verifiability for Helios under weaker trust assumptions. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014, Part II. LNCS, vol. 8713, pp. 327–344. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11212-1_19

    Chapter  Google Scholar 

  10. Cortier, V., Galindo, D., Küsters, R., Mueller, J., Truderung, T.: SoK: verifiability notions for E-voting protocols. In: S&P 2016: 37th IEEE Symposium on Security and Privacy, pp. 779–798. IEEE Computer Society (2016)

    Google Scholar 

  11. Cortier, V., Smyth, B.: Attacking and fixing Helios: an analysis of ballot secrecy. J. Comput. Secur. 21(1), 89–148 (2013)

    Article  Google Scholar 

  12. ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 31(4), 469–472 (1985)

    Article  MathSciNet  Google Scholar 

  13. Gumbel, A.: Steal This Vote: Dirty Elections and the Rotten History of Democracy in America. Nation Books, New York (2005)

    Google Scholar 

  14. Jones, D.W., Simons, B.: Broken Ballots: Will Your Vote Count?, CSLI Lecture Notes, vol. 204. Center for the Study of Language and Information, Stanford University (2012)

    Google Scholar 

  15. Juels, A., Catalano, D., Jakobsson, M.: Coercion-resistant electronic elections. In: Chaum, D., et al. (eds.) Towards Trustworthy Elections. LNCS, vol. 6000, pp. 37–63. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12980-3_2

    Chapter  MATH  Google Scholar 

  16. Katz, J., Lindell, Y.: Introduction to Modern Cryptography. Chapman & Hall/CRC, Boca Raton (2007)

    Book  Google Scholar 

  17. Kiayias, A., Zacharias, T., Zhang, B.: End-to-end verifiable elections in the standard model. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part II. LNCS, vol. 9057, pp. 468–498. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_16

    Chapter  MATH  Google Scholar 

  18. Kohno, T., Stubblefield, A., Rubin, A.D., Wallach, D.S.: Analysis of an electronic voting system. In: S&P 2004: 25th Security and Privacy Symposium, pp. 27–40. IEEE Computer Society (2004)

    Google Scholar 

  19. Kremer, S., Ryan, M., Smyth, B.: Election verifiability in electronic voting protocols. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 389–404. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15497-3_24

    Chapter  Google Scholar 

  20. Küsters, R., Truderung, T., Vogt, A.: Accountability: definition and relationship to verifiability. In: CCS 2010: 17th ACM Conference on Computer and Communications Security, pp. 526–535. ACM Press (2010)

    Google Scholar 

  21. Küsters, R., Truderung, T., Vogt, A.: Verifiability, privacy, and coercion-resistance: new insights from a case study. In: S&P 2011: 32nd IEEE Symposium on Security and Privacy, pp. 538–553. IEEE Computer Society (2011)

    Google Scholar 

  22. Küsters, R., Truderung, T., Vogt, A.: Clash attacks on the verifiability of e-voting systems. In: S&P 2012: 33rd IEEE Symposium on Security and Privacy, pp. 395–409. IEEE Computer Society (2012)

    Google Scholar 

  23. Küsters, R., Truderung, T., Vogt, A.: Accountability: Definition and relationship to verifiability. Cryptology ePrint Archive, Report 2010/236 (version 20150202:163211) (2015)

    Google Scholar 

  24. Lijphart, A., Grofman, B.: Choosing an Electoral System: Issues and Alternatives. Praeger, New York (1984)

    Google Scholar 

  25. Meyer, M., Smyth, B.: An attack against the Helios election system that exploits re-voting. arXiv, Report 1612.04099 (2017)

    Google Scholar 

  26. Organization for Security and Co-operation in Europe: Document of the Copenhagen Meeting of the Conference on the Human Dimension of the CSCE (1990)

    Google Scholar 

  27. Organization of American States: American Convention on Human Rights, “Pact of San Jose, Costa Rica” (1969)

    Google Scholar 

  28. Quaglia, E.A., Smyth, B.: A short introduction to secrecy and verifiability for elections. arXiv, Report 1702.03168 (2017)

    Google Scholar 

  29. Quaglia, E.A., Smyth, B.: Authentication with weaker trust assumptions for voting systems. In: Joux, A., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2018. LNCS, vol. 10831, pp. 322–343. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89339-6_18

    Chapter  Google Scholar 

  30. Quaglia, E.A., Smyth, B.: Secret, verifiable auctions from elections. Theor. Comput. Sci. 730, 44–92 (2018)

    Article  MathSciNet  Google Scholar 

  31. Saalfeld, T.: On Dogs and Whips: Recorded Votes. In: Döring, H. (ed.) Parliaments and Majority Rule in Western Europe, chap. 16. St. Martin’s Press (1995)

    Google Scholar 

  32. Schweikardt, N.: Arithmetic, first-order logic, and counting quantifiers. ACM Trans. Comput. Logic 6(3), 634–671 (2005)

    Article  MathSciNet  Google Scholar 

  33. Smyth, B.: First-past-the-post suffices for ranked voting (2017). https://bensmyth.com/publications/2017-FPTP-suffices-for-ranked-voting/

  34. Smyth, B.: Ballot secrecy: Security definition, sufficient conditions, and analysis of Helios. Cryptology ePrint Archive, Report 2015/942 (2018)

    Google Scholar 

  35. Smyth, B.: A foundation for secret, verifiable elections. Cryptology ePrint Archive, Report 2018/225 (2018)

    Google Scholar 

  36. Smyth, B.: Verifiability of Helios Mixnet. Cryptology ePrint Archive, Report 2018/017 (2018)

    Google Scholar 

  37. Smyth, B., Frink, S., Clarkson, M.R.: Election Verifiability: Cryptographic Definitions and an Analysis of Helios and JCJ. Cryptology ePrint Archive, Report 2015/233 (version 20170111:122701) (2017)

    Google Scholar 

  38. Smyth, B., Ryan, M., Kremer, S., Kourjieh, M.: Towards automatic analysis of election verifiability properties. In: Armando, A., Lowe, G. (eds.) ARSPA-WITS 2010. LNCS, vol. 6186, pp. 146–163. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-16074-5_11

    Chapter  Google Scholar 

  39. Tsoukalas, G., Papadimitriou, K., Louridas, P., Tsanakas, P.: From Helios to Zeus. J. Election Technol. Syst. 1(1) (2013). https://urldefense.proofpoint.com/v2/url?u=https-3A__www.usenix.org_jets_issues_0101_tsoukalas&d=DwIFaQ&c=vh6FgFnduejNhPPD0fl_yRaSfZy8CWbWnIf4XJhSqx8&r=UyK1_569d50MjVlUSODJYRW2epEY0RveVNq0YCmePcDz4DQHW-CkWcttrwneZ0md&m=6EAFPmFSNE5qoSAwI-hDvmdi5W1Y7BmKHjhYQo8nTNU&s=IXGRxucaGDKopsMW-my9O271R16qfbDPYE2rcbjuiyI&e=--

  40. UK Electoral Commission: Key issues and conclusions: May 2007 electoral pilot schemes, May 2007

    Google Scholar 

  41. United Nations: Universal Declaration of Human Rights (1948)

    Google Scholar 

Download references

Acknowledgements

I am grateful to Steve Kremer and the anonymous reviewers for useful feedback that helped improve this paper. I am also grateful to Yingtong Li (developer of helios-server-mixnet) and to Georgios Tsoukalas and Panos Louridas (developers of Zeus) for discussions about their voting systems.

Author information

Authors and Affiliations

  1. Interdisciplinary Centre for Security, Reliability and Trust, University of Luxembourg, Esch-sur-Alzette, Luxembourg

    Ben Smyth

Authors
  1. Ben Smyth
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ben Smyth .

Editor information

Editors and Affiliations

  1. Hebrew University, Jerusalem, Israel

    Aviv Zohar

  2. Technion – Israel Institute of Technology, Haifa, Israel

    Ittay Eyal

  3. University of Melbourne, Parkville, VIC, Australia

    Vanessa Teague

  4. Concordia University, Beaconsfield, QC, Canada

    Jeremy Clark

  5. Computer Science and Mathematics, Stirling University, Stirling, UK

    Andrea Bracciali

  6. Mathematical Institute, University of Oxford, Oxford, UK

    Federico Pintore

  7. Department of Mathematics, University of Trento, Trento, Italy

    Massimiliano Sala

Rights and permissions

Reprints and permissions

Copyright information

© 2019 International Financial Cryptography Association

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Smyth, B. (2019). Verifiability of Helios Mixnet. In: Zohar, A., et al. Financial Cryptography and Data Security. FC 2018. Lecture Notes in Computer Science(), vol 10958. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-58820-8_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-58820-8_17

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-58819-2

  • Online ISBN: 978-3-662-58820-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation