End-to-End Verifiable Elections in the Standard Model

  • Aggelos KiayiasEmail author
  • Thomas Zacharias
  • Bingsheng Zhang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9057)


We present the cryptographic implementation of “DEMOS”, a new e-voting system that is end-to-end verifiable in the standard model, i.e., without any additional “setup” assumption or access to a random oracle (RO). Previously known end-to-end verifiable e-voting systems required such additional assumptions (specifically, either the existence of a “randomness beacon” or were only shown secure in the RO model). In order to analyze our scheme, we also provide a modeling of end-to-end verifiability as well as privacy and receipt-freeness that encompasses previous definitions in the form of two concise attack games.

Our scheme satisfies end-to-end verifiability information theoretically in the standard model and privacy/receipt-freeness under a computational assumption (subexponential Decisional Diffie Helman). In our construction, we utilize a number of techniques used for the first time in the context of e-voting schemes that include utilizing randomness from bit-fixing sources, zero-knowledge proofs with imperfect verifier randomness and complexity leveraging.


Random Oracle Bulletin Board Candidate Selection Commitment Scheme Random Oracle Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Adida, B.: Helios: Web-based open-audit voting. In: USENIX Security (2008)Google Scholar
  2. 2.
    Barak, B., Kindler, G., Shaltiel, R., Sudakov, B., Wigderson, A.: Simulating independence: New constructions of condensers, ramsey graphs, dispersers, and extractors. J. ACM 57(4), 20:1–20:52 (2010)Google Scholar
  3. 3.
    Baum, C., Damgård, I., Orlandi, C.: Publicly auditable secure multi-party computation. In: Abdalla, M., De Prisco, R. (eds.) SCN 2014. LNCS, vol. 8642, pp. 175–196. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  4. 4.
    Beaver, D.: Plug and play encryption. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 75–89. Springer, Heidelberg (1997)Google Scholar
  5. 5.
    Benaloh, J.: Simple verifiable elections. USENIX (2006)Google Scholar
  6. 6.
    Benaloh, J.C., Tuinstra, D.: Receipt-free secret-ballot elections (extended abstract). In STOC (1994)Google Scholar
  7. 7.
    Benaloh, J.C., Yung, M.: Distributing the power of a government to enhance the privacy of voters (extended abstract). In: PODC (1986)Google Scholar
  8. 8.
    Bernhard, D., Cortier, V., Pereira, O., Smyth, B., Warinschi, B.: Adapting helios for provable ballot privacy. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 335–354. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  9. 9.
    Bernhard, D., Pereira, O., Warinschi, B.: How not to prove yourself: pitfalls of the fiat-shamir heuristic and applications to helios. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 626–643. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  10. 10.
    Blum, M., Feldman, P., Micali, S.: Non-interactive zero-knowledge and its applications (extended abstract). In: STOC (1988)Google Scholar
  11. 11.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84–88 (1981)Google Scholar
  12. 12.
    Chaum, D.: Surevote: technical overview. In: Proceedings of the Workshop on Trustworthy Elections, WOTE (2001)Google Scholar
  13. 13.
    Chaum, D.: Secret-ballot receipts: True voter-verifiable elections. IEEE Security & Privacy 2(1), 38–47 (2004)CrossRefGoogle Scholar
  14. 14.
    Chaum, D., Carback, R., Clark, J., Essex, A., Popoveniuc, S., Rivest, R.L., Ryan, P.Y.A., Shen, E., Sherman, A.T., Vora, P.L.: Scantegrity II: end-to-end verifiability by voters of optical scan elections through confirmation codes. IEEE TIFS 4(4), 611–627 (2009)Google Scholar
  15. 15.
    Chevallier-Mames, B., Fouque, P.-A., Pointcheval, D., Stern, J., Traoré, J.: On some incompatible properties of voting schemes. In: Chaum, D., Jakobsson, M., Rivest, R.L., Ryan, P.Y.A., Benaloh, J., Kutylowski, M., Adida, B. (eds.) Towards Trustworthy Elections. LNCS, vol. 6000, pp. 191–199. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  16. 16.
    Clarkson, M.R., Chong, S., Myers, A.C.: Civitas: Toward a secure voting system. In: IEEE Symposium on Security and Privacy (2008)Google Scholar
  17. 17.
    Cohen, J.D., Fischer, M.J.: A robust and verifiable cryptographically secure election scheme (extended abstract). In: FOCS (1985)Google Scholar
  18. 18.
    United States Election Assistance Commission. Voluntary voting systems guidelines (2005)Google Scholar
  19. 19.
    Cramer, R., Damgård, I.B., Schoenmakers, B.: Proof of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994) Google Scholar
  20. 20.
    Cramer, R., Franklin, M.K., Schoenmakers, B., Yung, M.: Multi-authority secret-ballot elections with linear work. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 72–83. Springer, Heidelberg (1996) CrossRefGoogle Scholar
  21. 21.
    Cramer, R., Gennaro, R., Schoenmakers, B.: A secure and optimally efficient multi-authority election scheme. ETT 8(5), 481–490 (1997)Google Scholar
  22. 22.
    de Marneffe, O., Pereira, O., Quisquater, J.-J.: Simulation-Based analysis of E2E voting systems. In: Frontiers of Electronic Voting (2007)Google Scholar
  23. 23.
    Delaune, S., Kremer, S., Ryan, M.: Verifying privacy-type properties of electronic voting protocols. J. of Computer Security 17(4), 435–487 (2009)Google Scholar
  24. 24.
    Dolev, D., Fischer, M.J., Rob Fowler, T., Lynch, N.A., Raymond Strong, H.: An efficient algorithm for byzantine agreement without authentication. Information and Control 52, 257–274 (1982)Google Scholar
  25. 25.
    Garay, J.A., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: analysis and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part II. LNCS, pp. 281–310. Springer, Heidelberg (2015)Google Scholar
  26. 26.
    Groth, J.: Evaluating security of voting schemes in the universal composability framework. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 46–60. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  27. 27.
    Gurari, E.M.: Introduction to the theory of computation. Computer Science Press (1989)Google Scholar
  28. 28.
    Juels, A., Catalano, D., Jakobsson, M.: Coercion-resistant electronic elections. IACR Cryptology ePrint Archive 2002, 165 (2002)Google Scholar
  29. 29.
    Kamp, J., Zuckerman, D.: Deterministic extractors for bit-fixing sources and exposure-resilient cryptography. SIAM J. Comput. 36(5), 1231–1247 (2006)CrossRefzbMATHMathSciNetGoogle Scholar
  30. 30.
    Kremer, S., Ryan, M., Smyth, B.: Election verifiability in electronic voting protocols. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 389–404. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  31. 31.
    Küsters, R., Truderung, T., Vogt, A.: Accountability: Definition and relationship to verifiability. IACR Cryptology ePrint Archive 2010, 236 (2010)Google Scholar
  32. 32.
    Küsters, R., Truderung, T., Vogt, A.: A game-based definition of coercion-resistance and its applications. In: CSF, pp. 122–136 (2010)Google Scholar
  33. 33.
    Küsters, R., Truderung, T., Vogt, A.: Verifiability, privacy, and coercion-resistance: new insights from a case study. In: IEEE Symposium on Security and Privacy, pp. 538–553. IEEE Computer Society (2011)Google Scholar
  34. 34.
    Lichtenstein, D., Linial, N., Saks, M.E.: Imperfect random sources and discrete controlled processes. In: STOC, pp. 169–177 (1987)Google Scholar
  35. 35.
    Micali, S., Pass, R., Rosen, A.: Input-indistinguishable computation. In: FOCS, pp. 367–378. IEEE Computer Society (2006)Google Scholar
  36. 36.
    Moran, T., Naor, M.: Receipt-Free universally-verifiable voting with everlasting privacy. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 373–392. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  37. 37.
    Andrew Neff, C.: Practical high certainty intent verification for encrypted votes. Votehere, Inc., whitepaper (2004)Google Scholar
  38. 38.
    Popoveniuc, S., Kelsey, J., Regenscheid, A., Voral, P.: Performance requirements for end-to-end verifiable elections. EVT/WOTE (2010)Google Scholar
  39. 39.
    Raz, R.: Extractors with weak random seeds. STOC (2005)Google Scholar
  40. 40.
    Sako, K., Kilian, J.: Receipt-Free mix-type voting scheme. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 393–403. Springer, Heidelberg (1995) CrossRefGoogle Scholar
  41. 41.
    Schwartz, J.T.: Fast probabilistic algorithms for verification of polynomial identities. J. ACM 27(4), 701–717 (1980)CrossRefzbMATHGoogle Scholar
  42. 42.
    Unruh, D., Müller-Quade, J.: Universally composable incoercibility. IACR Cryptology ePrint Archive 2009, 520 (2009)Google Scholar
  43. 43.
    Zagórski, F., Carback, R.T., Chaum, D., Clark, J., Essex, A., Vora, P.L.: Remotegrity: design and use of an end-to-end verifiable remote voting system. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 441–457. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  44. 44.
    Zippel, R.: Probabilistic algorithms for sparse polynomials. In: Ng, E.W. (ed.) EUROSAM 1979. LNCS, pp. 216–226. Springer, Heidelberg (1979) Google Scholar

Copyright information

© International Association for Cryptologic Research 2015

Authors and Affiliations

  • Aggelos Kiayias
    • 1
    Email author
  • Thomas Zacharias
    • 1
  • Bingsheng Zhang
    • 1
  1. 1.Department of Informatics and TelecommunicationsNational and Kapodistrian University of AthensAthensGreece

Personalised recommendations