Fifty Shades of Ballot Privacy: Privacy against a Malicious Board

Véronique Cortier, Joseph Lallemand, and Bogdan Warinschi. Fifty Shades of Ballot Privacy: Privacy against a Malicious Board. In 33rd IEEE Computer Security Foundations Symposium (CSF'20), Boston, USA, June 2020. Distinguished paper award.
doi:10.1109/CSF49147.2020.00010

Download

[PDF] [PDF (long version)] [HTML] 

Abstract

We propose a framework for the analysis of electronic voting schemes in the presence of malicious bulletin boards. We identify a spectrum of notions where the adversary is allowed to tamper with the bulletin board in ways that reflect practical deployment and usage considerations. To clarify the security guarantees provided by the different notions we establish a relation with simulation-based security with respect to a family of ideal functionalities. The ideal functionalities make clear the set of authorised attacker capabilities which makes it easier to understand and compare the associated levels of security. We then leverage this relation to show that each distinct level of ballot privacy entails some distinct form of individual verifiability. As an application, we study three protocols of the literature (Helios, Belenios, and Civitas) and identify the different levels of privacy they offer.

BibTeX

@InProceedings{FiftyShades-CSF20,
  author =	 {V\'eronique Cortier and Joseph Lallemand and Bogdan
                  Warinschi},
  title =	 {Fifty Shades of Ballot Privacy: Privacy against a
                  Malicious Board},
  booktitle =	 {33rd IEEE Computer Security Foundations Symposium
                  (CSF'20)},
  year =	 2020,
  abstract =	 {We propose a framework for the analysis of
                  electronic voting schemes in the presence of
                  malicious bulletin boards. We identify a spectrum of
                  notions where the adversary is allowed to tamper
                  with the bulletin board in ways that reflect
                  practical deployment and usage considerations. To
                  clarify the security guarantees provided by the
                  different notions we establish a relation with
                  simulation-based security with respect to a family
                  of ideal functionalities. The ideal functionalities
                  make clear the set of authorised attacker
                  capabilities which makes it easier to understand and
                  compare the associated levels of security. We then
                  leverage this relation to show that each distinct
                  level of ballot privacy entails some distinct form
                  of individual verifiability. As an application, we
                  study three protocols of the literature (Helios,
                  Belenios, and Civitas) and identify the different
                  levels of privacy they offer.},
  month =	 {June},
  address =	 {Boston, USA},
  doi =		 {10.1109/CSF49147.2020.00010},
  note =	 {{\bf Distinguished paper award}},
                  ={https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9155128},
}