Making Code Voting Secure Against Insider Threats Using Unconditionally Secure MIX Schemes and Human PSMT Protocols

  • Yvo DesmedtEmail author
  • Stelios Erotokritou
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9269)


It is clear to the public that when it comes to privacy, computers and “secure” communication over the Internet cannot fully be trusted. Chaum introduced code voting as a solution for using a possibly infected-by-malware device to cast a vote in an electronic voting application. He trusted the mail system. However, a conspiracy between the mail system and the recipient of the cast ballots breaks privacy. Considering a t-bounded passive adversary, we remove the trust in the mail. We propose both single and multi-seat elections, using PSMT protocols (SCN 2012) where with the help of visual aids, humans can carry out mod10 addition correctly with a 99 % degree of accuracy. We introduce an unconditionally secure MIX based on the combinatorics of set systems.


Voting systems Internet voting Information theoretic anonymity Private and secure message transmission Computer system diversity 



The authors would like to thank the anonymous referees for their valuable comments on improving the presentation and clarity of this paper. We thank Rebecca Wright for having co-invented the concept of having anonymous communication allowing a receiver to reply anonymously to the sender. The authors would also like to thank Juan Garay and Amos Beimel for expressing their interests in PSMT in which one cannot trust the equipment used by the receiver.


  1. 1.
  2. 2.
    Four Grand Challenges in Trustworthy Computing. In: CRA Conference on Grand Research Challenges in Information Security and Assurance, Warrenton, Virginia, 16–19 November 2003Google Scholar
  3. 3.
    Abe, M.: Universally verifiable mix-net with verification work independent of the number of mix-servers. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 437–447. Springer, Heidelberg (1998) CrossRefGoogle Scholar
  4. 4.
    Blocki, J., Blum, M., Datta, A.: Human computable passwords. CoRR (2014)Google Scholar
  5. 5.
    Buchmann, J., Demirel, D., van de Graaf, J.: Towards a publicly-verifiable mix-net providing everlasting privacy. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 197–204. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  6. 6.
    Chaum, D.: SureVote: technical overview. In: Proceedings of the Workshop on Trustworthy Elections, Tomales Bay, CA, USA, 26–29 August 2001Google Scholar
  7. 7.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84–88 (1981)CrossRefGoogle Scholar
  8. 8.
    Chaum, D., Essex, A., Carback, R., Clark, J., Popoveniuc, S., Sherman, A.T., Vora, P.L.: Scantegrity: end-to-end voter-verifiable optical-scan voting. IEEE Secur. Priv. 6(3), 40–46 (2008)CrossRefGoogle Scholar
  9. 9.
    Cohen, G., Damgård, I.B., Ishai, Y., Kölker, J., Miltersen, P.B., Raz, R., Rothblum, R.D.: Efficient multiparty protocols via log-depth threshold formulae. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 185–202. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  10. 10.
    Colbourn, C.J., Dinitz, J.H.: Handbook of Combinatorial Designs. Discrete Mathematics and Its Applications, 2nd edn. Chapman & Hall/CRC, Boca Raton (2006) CrossRefGoogle Scholar
  11. 11.
    Cramer, R., Franklin, M.K., Schoenmakers, B., Yung, M.: Multi-authority secret-ballot elections with linear work. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 72–83. Springer, Heidelberg (1996) CrossRefGoogle Scholar
  12. 12.
    Desmedt, Y., Jajodia, S.: Redistributing secret shares to new access structures and its applications. Technical Report ISSE-TR-97-01, George Mason UniversityGoogle Scholar
  13. 13.
    Desmedt, Y., Pieprzyk, J., Steinfeld, R., Sun, X., Tartary, C., Wang, H., Yao, A.C.-C.: Graph coloring applied to secure computation in non-abelian groups. J. Cryptol. 25(4), 557–600 (2012)MathSciNetCrossRefGoogle Scholar
  14. 14.
    Desmedta, Y., Erotokritou, S.: Making Code Voting Secure against Insider Threats using Unconditionally Secure MIX Schemes and Human PSMT Protocols. Short.pdf
  15. 15.
    Desmedt, Y.G., Kurosawa, K.: How to break a practical MIX and design a new one. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 557–572. Springer, Heidelberg (2000) CrossRefGoogle Scholar
  16. 16.
    Desmedt, Y.G., Wang, Y., Burmester, M.: A complete characterization of tolerable adversary structures for secure point-to-point transmissions without feedback. In: Deng, X., Du, D.-Z. (eds.) ISAAC 2005. LNCS, vol. 3827, pp. 277–287. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  17. 17.
    Dolev, D., Dwork, C., Waarts, O., Yung, M.: Perfectly secure message transmission. J. ACM 40(1), 17–47 (1993)MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    Erotokritou, S., Desmedt, Y.: Human perfectly secure message transmission protocols and their applications. In: Visconti, I., De Prisco, R. (eds.) SCN 2012. LNCS, vol. 7485, pp. 540–558. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  19. 19.
    Estehghari, S., Desmedt, Y.: Exploiting the client vulnerabilities in internet e-voting systems: Hacking Helios 2.0 as an example. In: EVT/WOTE 2010 (2010)Google Scholar
  20. 20.
    Franklin, M.K., Yung, M.: Secure hypergraphs: privacy from partial broadcast. SIAM J. Discrete Math. 18(3), 437–450 (2004)MathSciNetCrossRefGoogle Scholar
  21. 21.
    Furukawa, J.: Efficient and verifiable shuffling and shuffle-decryption. IEICE Trans. 88–A(1), 172–188 (2005)CrossRefGoogle Scholar
  22. 22.
    Gerck, E., Neff, C.A., Rivest, R.L., Rubin, A.D., Yung, M.: The business of electronic voting. In: Syverson, P.F. (ed.) FC 2001. LNCS, vol. 2339, p. 234. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  23. 23.
    Groth, J., Ishai, Y.: Sub-linear zero-knowledge argument for correctness of a shuffle. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 379–396. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  24. 24.
    Helios. Helios Voting.
  25. 25.
    Katti, S., Cohen, J., Katabi, D.: Information slicing: anonymity using unreliable overlays. In: Proceedings of the 4th USENIX Symposium on NSDI, Cambridge, Massachusetts, U.S.A., 11–13 April 2007, pp. 43–56 (2007)Google Scholar
  26. 26.
    Khazaei, S., Moran, T., Wikström, D.: A mix-net from any CCA2 secure cryptosystem. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 607–625. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  27. 27.
    Maaten, E.: Towards remote e-voting: Estonian case. In: Electronic Voting in Europe - Technology, Law, Politics and Society, 7th-9th July 2004. LNI, vol. 47, pp. 83–100. GI, Bregenz (2004)Google Scholar
  28. 28.
    Malkopoulou, A.: Lost voters: participation in eu elections and the case for compulsory voting. CEPS Working Document No. 317, 24 July 2009Google Scholar
  29. 29.
    Moran, T., Naor, M.: Split-ballot voting: everlasting privacy with distributed trust. ACM Trans. Inf. Syst. Secur. 13(2), 16:1–16:43 (2010)CrossRefGoogle Scholar
  30. 30.
    Rabin, M.O., Rivest, R.L.: Efficient end to end verifiable electronic voting employing split value representations. In: EVOTE 2014, Bregenz, Austria (to appear)Google Scholar
  31. 31.
    Sako, K., Kilian, J.: Secure voting using partially compatible homomorphisms. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 411–424. Springer, Heidelberg (1994) Google Scholar
  32. 32.
    Sampigethaya, K., Poovendran, R.: A survey on mix networks and their secure applications. Proc. IEEE 94, 2142–2181 (2006)CrossRefGoogle Scholar
  33. 33.
    Tran, A., Hopper, N., Kim, Y.: Hashing it out in public: common failure modes of DHT-based anonymity schemes. In: Proceedings of WPES 2009, Chicago, Illinois, USA, 9 November, pp. 71–80 (2009)Google Scholar
  34. 34.
    Wikipedia. Returning officer.
  35. 35.
    Wikström, D.: The security of a mix-center based on a semantically secure cryptosystem. In: Menezes, A., Sarkar, P. (eds.) INDOCRYPT 2002. LNCS, vol. 2551, pp. 368–381. Springer, Heidelberg (2002) CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Department of Computer ScienceThe University of Texas at DallasRichardsonUSA
  2. 2.Department of Computer ScienceUniversity College LondonLondonUK
  3. 3.CaSToRCThe Cyprus InstituteNicosiaCyprus

Personalised recommendations