Self-tallying Elections and Perfect Ballot Secrecy

  • Aggelos Kiayias
  • Moti Yung
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2274)


Strong voter privacy, although an important property of an election scheme, is usually compromised in election protocol design in favor of other (desirable) properties. In this work we introduce a new election paradigm with strong voter privacy as its primary objective. Our paradigm is built around three useful properties of voting schemes we define: (1) Perfect Ballot Secrecy, ensures that knowledge about the partial tally of the ballots of any set of voters is only computable by the coalition of all the remaining voters (this property captures strong voter privacy as understood in real world elections). (2) Self-tallying, suggests that the post-ballot-casting phase is an open procedure that can be performed by any interested (casual) third party. Finally, (3) Dispute-freeness, suggests that disputes between active parties are prevented altogether, which is an important efficient integrity component.

We investigate conditions for the properties to exist, and their implications. We present a novel voting scheme which is the first system that is dispute-free, self-tallying and supports perfect ballot secrecy. Previously, any scheme which supports (or can be modified to support) perfect ballot secrecy suffers from at least one of the following two deficiencies: it involves voter-to-voter interactions and/or lacks fault tolerance (one faulty participant would fail the election). In contrast, our design paradigm obviates the need for voter-to-voter interaction (due to its dispute-freeness and publicly verifiable messages), and in addition our paradigm suggests a novel “corrective fault tolerant” mechanism. This mechanism neutralizes faults occurring before and after ballot casting, while self-tallying prevents further faults. Additionally, the mechanism is secrecy-preserving and “adaptive” in the sense that its cost is proportional to the number of faulty participants. As a result, our protocol is more efficient and robust than previous schemes that operate (or can be modified to operate) in the perfect ballot secrecy setting.


Random Oracle Vote Scheme Bulletin Board Homomorphic Encryption Election Scheme 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. Abe99.
    Masayuki Abe, Mix-Networks on Permutation Networks, ASIACRYPT 1999.Google Scholar
  2. BFPPS01.
    Olivier Baudron, Pierre-Alain Fouque, David Pointcheval, Guillaume Poupard and Jacques Stern, Practical Multi-Candidate Election system, In the Proceedings of PODC 2001.Google Scholar
  3. Ben87.
    Josh Benaloh, Verifiable Secret-Ballot Elections, PhD Thesis, Yale University, 1987.Google Scholar
  4. BY86.
    Josh Benaloh and Moti Yung, Distributing the Power of a Government to Enhance the Privacy of Voters, PODC 1986.Google Scholar
  5. BT94.
    Josh Benaloh and Dwight Tuinstra, Receipt-Free Secret-Ballot Elections, STOC 1994.Google Scholar
  6. B89.
    Colin Boyd, A New Multiple Key Cipher and an Improved Voting Scheme, EUROCRYPT 1989.Google Scholar
  7. Bra99.
    Stefan Brands, Rethinking Privacy, Ph.D. thesis, pages 230–231.Google Scholar
  8. Cha81.
    David Chaum, Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms, Communications of the ACM 24(2): 84–88, 1981.CrossRefGoogle Scholar
  9. Cha88.
    David Chaum, Elections with Unconditionally-Secret Ballots and Disruption Equivalent to Breaking RSA EUROCRYPT 1988.Google Scholar
  10. CP93.
    David Chaum and Torben P. Pedersen, Wallet Databases with Observers, CRYPTO 1992.Google Scholar
  11. CF85.
    Josh D. Cohen (Benaloh) and Michael J. Fischer, A Robust and Verifiable Cryptographically Secure Election Scheme, FOCS 1985.Google Scholar
  12. CGS97.
    Ronald Cramer, Rosario Gennaro and Berry Schoenmakers, A Secure and Optimally Efficient Multi-Authority Election Scheme, EUROCRYPT 1997.Google Scholar
  13. CDS94.
    Ronald Cramer, Ivan Damgård and Berry Schoenmakers, Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols, CRYPTO 1994.Google Scholar
  14. CFSY96.
    Ronald Cramer, Matthew K. Franklin, Berry Schoenmakers and Moti Yung, Multi-Autority Secret-Ballot Elections with Linear Work, EUROCRYPT 1996.Google Scholar
  15. DJ00.
    Ivan Damgård and Mats Jurik, A Generalisation, a Simplification and Some Applications of Paillier’s Probabilistic Public-Key System, Public Key Cryptography 2001, pp. 119–136.Google Scholar
  16. DLM82.
    Richard A. DeMillo, Nancy A. Lynch, Michael Merritt, Cryptographic Protocols, STOC 1982: pp. 383–400.Google Scholar
  17. DDPY94.
    Alfredo De Santis, Giovanni Di Crescenzo, Giuseppe Persiano, Moti Yung, On Monotone Formula Closure of SZK, FOCS 1994.Google Scholar
  18. FS90.
    Uriel Feige and Adi Shamir, Witness Indistinguishable and Witness Hiding Protocols, STOC 1990.Google Scholar
  19. FS87.
    Amos Fiat and Adi Shamir, How to Prove Yourself: Practical Solutions to Identification and Signature Problems, CRYPTO 1986.Google Scholar
  20. FPS00.
    Pierre-Alain Fouque, Guillaume Poupard and Jacques Stern, Sharing Decryption in the Context of Voting or Lotteries, In the Proceedings of Financial Cryptography 2000.Google Scholar
  21. FOO92.
    Atsushi Fujioka, Tatsuaki Okamoto and Kazuo Ohta: A Practical Secret Voting Scheme for Large Scale Elections, ASIACRYPT 1992.Google Scholar
  22. GJKR99.
    Rosario Gennaro, Stanislaw Jarecki, Hugo Krawczyk and Tal Rabin, Secure Distributed Key Generation for Discrete-Log Based Cryptosystems EUROCRYPT 1999.Google Scholar
  23. HS00.
    Martin Hirt and Kazue Sako, Efficient Receipt-Free Voting Based on Homomorphic Encryption, EUROCRYPT 2000.Google Scholar
  24. Jak99.
    Markus Jakobsson, Flash Mixing, Principles of Distributed Computing (PODC), 1999.Google Scholar
  25. KMO01.
    Jonathan Katz, Steven Myers, and Rafail Ostrovsky, Cryptographic Counters and Applications to Electronic Voting, EUROCRYPT 2001.Google Scholar
  26. Mer83.
    Michael Merrit, Cryptographic Protocols, Ph.D. Thesis, Georgia Institute of Technology 1983.Google Scholar
  27. NSS91.
    Hannu Nurmi, Arto Salomaa, and Lila Santean, Secret Ballot Elections in Computer Networks., Computers & Security 36, 10 (1991), 553–560.CrossRefGoogle Scholar
  28. OKST97.
    Wakaha Ogata, Kaoru Kurosawa, Kazue Sako and Kazunori Takatani, Fault tolerant anonymous channel, In the Proceedings of ICICS’ 97, LNCS No. 1334, pp. 440–444, 1997.Google Scholar
  29. Oka97.
    Tatsuaki Okamoto, Receipt-Free Electronic Voting Schemes for Large Scale Elections, Workshop on Security Protocols, 1997.Google Scholar
  30. OY91.
    R. Ostrovsky and M. Yung, How to withstand mobile virus attacks, ACM Symposium on Principles of Distributed Computing (PODC), 1991, pp. 51–61.Google Scholar
  31. Pai99.
    Pascal Paillier, Public-Key Cryptosystems Based on Composite Degree Residuosity Classes, EUROCRYPT 1999.Google Scholar
  32. PIK94.
    Choonsik Park, Kazutomo Itoh and Kaoru Kurosawa, Efficient Anonymous Channel and All/Nothing Election Scheme, EUROCRYPT 1993.Google Scholar
  33. PW92.
    Birgit Pfitzmann and Michael Waidner, Unconditionally Untraceable and Fault-tolerant Broadcast and Secret Ballot Election, Hildesheimer Informatik-Berichte, Institut für Informatik, Universität Hildesheim, 1992.Google Scholar
  34. Sak94.
    Kazue Sako, Electronic Voting Schemes, Allowing Open Objection to the Tally, In the Transactions of the Institue of Electronics, Information, and Communication Engineers, volume E77-A, n. 1, pp. 24–30, 1994.Google Scholar
  35. SK94.
    Kazue Sako and Joe Kilian, Secure Voting Using Partially Compatible Homomorphisms, CRYPTO 1994.Google Scholar
  36. SK95.
    Kazue Sako and Joe Kilian, Receipt-Free Mix-Type Voting Scheme-A Practical Solution to the Implementation of a Voting Booth, EUROCRYPT 1995.Google Scholar
  37. Sch99.
    Berry Schoenmakers, A Simple Publicly Verifiable Secret Sharing Scheme and its Applications to Electronic Voting, CRYPTO 1999.Google Scholar
  38. Yao82.
    Andrew C. Yao, Protocols for Secure Computations, Proc. 23rd IEEE Symp. on Foundations of Computer Science, Chicago, IL (Nov. 1982), 160–164. 17.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Aggelos Kiayias
    • 1
  • Moti Yung
    • 2
  1. 1.Graduate CenterCUNYUSA
  2. 2.CertCoUSA

Personalised recommendations