Verifiability of Helios Mixnet

We study game-based definitions of individual and universal verifiability by Smyth, Frink and Clarkson. We prove that building voting systems from El Gamal coupled with proofs of correct key generation suffices for individual verifiability. We also prove that it suffices for an aspect of universal verifiability. Thereby eliminating the expense of individual-verifiability proofs and simplifying universal-verifiability proofs for a class of encryption-based voting systems. We use the definitions of individual and universal verifiability to analyse the mixnet variant of Helios. Our analysis reveals that universal verifiability is not satisfied by implementations using the weak Fiat-Shamir transformation. Moreover, we prove that individual and universal verifiability are satisfied when statements are included in hashes (i.e., when using the Fiat-Shamir transformation, rather than the weak Fiat-Shamir transformation).

[1]  Panayiotis Tsanakas,et al.  From Helios to Zeus , 2013, EVT/WOTE.

[2]  Ben Adida,et al.  Helios: Web-based Open-Audit Voting , 2008, USENIX Security Symposium.

[3]  Jens Groth,et al.  Simulation-Sound NIZK Proofs for a Practical Language and Constant Size Group Signatures , 2006, ASIACRYPT.

[4]  Jonathan Katz,et al.  Introduction to Modern Cryptography: Principles and Protocols , 2007 .

[5]  Ben Smyth,et al.  Attacking and Fixing Helios: An Analysis of Ballot Secrecy , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[6]  B. Grofman,et al.  Choosing an Electoral System: Issues and Alternatives , 1984 .

[7]  Ben Smyth,et al.  Election Verifiability: Cryptographic Definitions and an Analysis of Helios and JCJ , 2015 .

[8]  Yehuda Lindell,et al.  Introduction to Modern Cryptography (Chapman & Hall/Crc Cryptography and Network Security Series) , 2007 .

[9]  Ben Smyth First-past-the-post suffices for ranked voting , 2017 .

[10]  Ben Smyth,et al.  Secret, verifiable auctions from elections , 2018, Theor. Comput. Sci..

[11]  Véronique Cortier,et al.  SoK: Verifiability Notions for E-Voting Protocols , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[12]  Ben Smyth,et al.  A foundation for secret, verifiable elections , 2018, IACR Cryptol. ePrint Arch..

[13]  Olivier Pereira,et al.  Running Mixnet-Based Elections with Helios , 2011, EVT/WOTE.

[14]  Véronique Cortier,et al.  Voting: You Can't Have Privacy without Individual Verifiability , 2018, CCS.

[15]  Ralf Küsters,et al.  Verifiability, Privacy, and Coercion-Resistance: New Insights from a Case Study , 2011, 2011 IEEE Symposium on Security and Privacy.

[16]  Ralf Küsters,et al.  Clash Attacks on the Verifiability of E-Voting Systems , 2012, 2012 IEEE Symposium on Security and Privacy.

[17]  Mark Ryan,et al.  Election Verifiability in Electronic Voting Protocols , 2010, ESORICS.

[18]  Bogdan Warinschi,et al.  How Not to Prove Yourself: Pitfalls of the Fiat-Shamir Heuristic and Applications to Helios , 2012, ASIACRYPT.

[19]  Ben Smyth,et al.  A short introduction to secrecy and verifiability for elections , 2017, ArXiv.

[20]  Douglas W. Jones,et al.  Broken Ballots: Will Your Vote Count? , 2012 .

[21]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[22]  Amit Sahai,et al.  Non-malleable Encryption: Equivalence between Two Notions, and an Indistinguishability-Based Characterization , 1999, CRYPTO.

[23]  Jean-Jacques Quisquater,et al.  Electing a University President Using Open-Audit Voting: Analysis of Real-World Use of Helios , 2009, EVT/WOTE.

[24]  Thomas Saalfeld,et al.  On Dogs and Whips: Recorded Votes , 1995 .

[25]  Michael R. Clarkson,et al.  Civitas: Toward a Secure Voting System , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[26]  Ben Smyth,et al.  Authentication with weaker trust assumptions for voting systems , 2018, IACR Cryptol. ePrint Arch..

[27]  Markus Jakobsson,et al.  Coercion-resistant electronic elections , 2005, WPES '05.

[28]  Véronique Cortier,et al.  Election Verifiability for Helios under Weaker Trust Assumptions , 2014, ESORICS.

[29]  Markus Jakobsson,et al.  Security of Signed ElGamal Encryption , 2000, ASIACRYPT.

[30]  R. Michael Alvarez,et al.  Electronic elections - the perils and promises of digital democracy , 2008 .

[31]  Mark Ryan,et al.  Towards Automatic Analysis of Election Verifiability Properties , 2010, ARSPA-WITS.

[32]  Nicole Schweikardt,et al.  Arithmetic, first-order logic, and counting quantifiers , 2002, TOCL.

[33]  Aleksander Essex,et al.  The cloudier side of cryptographic end-to-end verifiable voting: a security analysis of Helios , 2016, ACSAC.

[34]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[35]  Ben Smyth,et al.  Ballot secrecy: Security definition, sufficient conditions, and analysis of Helios , 2021, J. Comput. Secur..

[36]  Ralf Küsters,et al.  Accountability: definition and relationship to verifiability , 2010, CCS '10.

[37]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[38]  Aggelos Kiayias,et al.  End-to-End Verifiable Elections in the Standard Model , 2015, EUROCRYPT.

[39]  Dan S. Wallach,et al.  Analysis of an electronic voting system , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.