Distributing the power of a government to enhance the privacy of voters
PODC '86 Proceedings of the fifth annual ACM symposium on Principles of distributed computing
Demonstrating possession of a discrete logarithm without revealing it
Proceedings on Advances in cryptology---CRYPTO '86
Achieving independence in logarithmic number of rounds
PODC '87 Proceedings of the sixth annual ACM Symposium on Principles of distributed computing
Public-key cryptosystems provably secure against chosen ciphertext attacks
STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
STOC '91 Proceedings of the twenty-third annual ACM symposium on Theory of computing
How to break the direct RSA-implementation of mixes
EUROCRYPT '89 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
Handbook of theoretical computer science (vol. A)
Achieving independence efficiently and securely
Proceedings of the fourteenth annual ACM symposium on Principles of distributed computing
An attack on a recursive authentication protocol. A cautionary tale
Information Processing Letters
A Protocol to Achieve Independence in Constant Rounds
IEEE Transactions on Parallel and Distributed Systems
Mobile values, new names, and secure communication
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
SIAM Journal on Computing
A Simple Publicly Verifiable Secret Sharing Scheme and Its Application to Electronic
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Efficient Identification and Signatures for Smart Cards
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Wallet Databases with Observers
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Secure Voting Using Partially Compatible Homomorphisms
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Relations Among Notions of Security for Public-Key Encryption Schemes
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
A Practical Secret Voting Scheme for Large Scale Elections
ASIACRYPT '92 Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Security of Signed ElGamal Encryption
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Receipt-Free Electronic Voting Schemes for Large Scale Elections
Proceedings of the 5th International Workshop on Security Protocols
Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption)
TCS '00 Proceedings of the International Conference IFIP on Theoretical Computer Science, Exploring New Frontiers of Theoretical Informatics
On the Security of ElGamal Based Encryption
PKC '98 Proceedings of the First International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
PKC '01 Proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
Verifiable secret-ballot elections
Verifiable secret-ballot elections
Coercion-resistant electronic elections
Proceedings of the 2005 ACM workshop on Privacy in the electronic society
A computational analysis of the Needham-Schroeder-(Lowe) protocol
Journal of Computer Security
Coercion-Resistance and Receipt-Freeness in Electronic Voting
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
EVT'06 Proceedings of the USENIX/Accurate Electronic Voting Technology Workshop 2006 on Electronic Voting Technology Workshop
Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption)
Journal of Cryptology
Advances in cryptographic voting systems
Advances in cryptographic voting systems
Ballot casting assurance via voter-initiated poll station auditing
EVT'07 Proceedings of the USENIX Workshop on Accurate Electronic Voting Technology
Automated Verification of Remote Electronic Voting Protocols in the Applied Pi-Calculus
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Verifiable secret sharing and achieving simultaneity in the presence of faults
SFCS '85 Proceedings of the 26th Annual Symposium on Foundations of Computer Science
Civitas: Toward a Secure Voting System
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
On a Possible Privacy Flaw in Direct Anonymous Attestation (DAA)
Trust '08 Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies: Trusted Computing - Challenges and Applications
Simplified Submission of Inputs to Protocols
SCN '08 Proceedings of the 6th international conference on Security and Cryptography for Networks
Helios: web-based open-audit voting
SS'08 Proceedings of the 17th conference on Security symposium
Evaluation of Electronic Voting: Requirements and Evaluation Procedures to Support Responsible Election Authorities
Verifying privacy-type properties of electronic voting protocols
Journal of Computer Security
An Epistemic Approach to Coercion-Resistance for Electronic Voting Protocols
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Multi-authority secret-ballot elections with linear work
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
A secure and optimally efficient multi-authority election scheme
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
A threshold cryptosystem without a trusted party
EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
An improved protocol for demonstrating possession of discrete logarithms and some generalizations
EUROCRYPT'87 Proceedings of the 6th annual international conference on Theory and application of cryptographic techniques
Determine the Resilience of Evaluated Internet Voting Systems
RE-VOTE '09 Proceedings of the 2009 First International Workshop on Requirements Engineering for e-Voting Systems
Towards a Framework on the Security Requirements for Electronic Voting Protocols
RE-VOTE '09 Proceedings of the 2009 First International Workshop on Requirements Engineering for e-Voting Systems
Electing a university president using open-audit voting: analysis of real-world use of Helios
EVT/WOTE'09 Proceedings of the 2009 conference on Electronic voting technology/workshop on trustworthy elections
Algorithms and theory of computation handbook
Election verifiability in electronic voting protocols
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
A generalization of Paillier’s public-key system with applications to electronic voting
International Journal of Information Security - Special Issue on Special Purpose Protocols;Guest Editor:Moti Yung
Exploiting the client vulnerabilities in internet E-voting systems: hacking Helios 2.0 as an example
EVT/WOTE'10 Proceedings of the 2010 international conference on Electronic voting technology/workshop on trustworthy elections
Towards automatic analysis of election verifiability properties
ARSPA-WITS'10 Proceedings of the 2010 joint conference on Automated reasoning for security protocol analysis and issues in the theory of security
Running mixnet-based elections with Helios
EVT/WOTE'11 Proceedings of the 2011 conference on Electronic voting technology/workshop on trustworthy elections
Adapting helios for provable ballot privacy
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Attacking and Fixing Helios: An Analysis of Ballot Secrecy
CSF '11 Proceedings of the 2011 IEEE 24th Computer Security Foundations Symposium
Analysis of an electronic voting protocol in the applied pi calculus
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
A practical voter-verifiable election scheme
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Coercion-resistant electronic elections
Towards Trustworthy Elections
Verifying privacy-type properties of electronic voting protocols: a taster
Towards Trustworthy Elections
Vote-independence: a powerful privacy notion for voting protocols
FPS'11 Proceedings of the 4th Canada-France MITACS conference on Foundations and Practice of Security
Verification of security protocols with lists: from length one to unbounded length
POST'12 Proceedings of the First international conference on Principles of Security and Trust
A public key cryptosystem and a signature scheme based on discrete logarithms
IEEE Transactions on Information Theory
Hi-index | 0.00 |
Helios 2.0 is an open-source web-based end-to-end verifiable electronic voting system, suitable for use in low-coercion environments. In this article, we analyse ballot secrecy in Helios and discover a vulnerability which allows an adversary to compromise the privacy of voters. The vulnerability exploits the absence of ballot independence in Helios and works by replaying a voter's ballot or a variant of it, the replayed ballot magnifies the voter's contribution to the election outcome and this magnification can be used to violated privacy. We demonstrate the practicality of the attack by violating a voter's privacy in a mock election using the software implementation of Helios. Moreover, the feasibility of an attack is considered in the context of French legislative elections and, based upon our findings, we believe it constitutes a real threat to ballot secrecy. We present a fix and show that our solution satisfies a formal definition of ballot secrecy using the applied pi calculus. Furthermore, we present similar vulnerabilities in other electronic voting protocols --namely, the schemes by Lee et al., Sako and Kilian and Schoenmakers --which do not assure ballot independence. Finally, we argue that independence and privacy properties are unrelated, and non-malleability is stronger than independence.