Fifty Shades of Ballot Privacy: Privacy against a Malicious Board

Fifty Shades of Ballot Privacy: Privacy against a Malicious Board. Véronique Cortier, Joseph Lallemand, and Bogdan Warinschi. In 33rd IEEE Computer Security Foundations Symposium (CSF'20), Boston / virtual, USA, June 2020. CSF distinguished paper award.

Download

[PDF] [HTML] 

Abstract

We propose a framework for the analysis of electronic voting schemes in the presence of malicious bulletin boards. We identify a spectrum of notions where the adversary is allowed to tamper with the bulletin board in ways that reflect practical deployment and usage considerations. To clarify the security guarantees provided by the different notions we establish a relation with simulation-based security with respect to a family of ideal functionalities. The ideal functionalities make clear the set of authorised attacker capabilities which makes it easier to understand and compare the associated levels of security. We then leverage this relation to show that each distinct level of ballot privacy entails some distinct form of individual verifiability. As an application, we study three protocols of the literature (Helios, Belenios, and Civitas) and identify the different levels of privacy they offer.

BibTeX

@InProceedings{FiftyShades-CSF20,
  author = 	 {V\'eronique Cortier and Joseph Lallemand and Bogdan Warinschi},
  title = 	 {Fifty Shades of Ballot Privacy: Privacy against a Malicious Board},
  OPTcrossref =  {},
  OPTkey = 	 {},
  booktitle = {33rd IEEE Computer Security Foundations Symposium (CSF'20)},
  year = 	 {2020},
  OPTeditor = 	 {},
  OPTvolume = 	 {},
  OPTnumber = 	 {},
  OPTseries = 	 {},
  OPTpages = 	 {},
  abstract = {We propose a framework for the analysis of electronic voting schemes in the presence of malicious bulletin boards. We identify a spectrum of notions where the adversary is allowed to tamper with the bulletin board in ways that reflect practical deployment and usage considerations. To clarify the security guarantees provided by the different notions we establish a relation with simulation-based security with respect to a family of ideal functionalities. The ideal functionalities make clear the set of authorised attacker capabilities which makes it easier to understand and compare the associated levels of security. We then leverage this relation to show that each distinct level of ballot privacy entails some distinct form of individual verifiability. As an application, we study three protocols of the literature (Helios, Belenios, and Civitas) and identify the different levels of privacy they offer.},
  month = 	 {June},
  address = 	 {Boston / virtual, USA},
  doi = {10.1109/CSF49147.2020.00010},
  note = {{\bf CSF distinguished paper award}},
}