SPOOC: Voting: You Can't Have Privacy without Individual Verifiability

Voting: You Can't Have Privacy without Individual Verifiability

Véronique Cortier and Joseph Lallemand. Voting: You Can't Have Privacy without Individual Verifiability. In 25th ACM Conference on Computer and Communications Security (CCS'18), pp. 53–66, ACM, 2018.
doi:10.1145/3243734.3243762

Download

[PDF] [HTML]

Abstract

Electronic voting typically aims at two main security goals: vote privacy and verifiability. These two goals are often seen as antagonistic and some national agencies even impose a hierarchy between them: first privacy, and then verifiability as an additional feature. Verifiability typically includes individual verifiability (a voter can check that her ballot is counted); universal verifiability (anyone can check that the result corresponds to the published ballots); and eligibility verifiability (only legitimate voters may vote).
We show that actually, privacy implies individual verifiability. In other words, systems without individual verifiability cannot achieve privacy (under the same trust assumptions). To demonstrate the generality of our result, we show this implication in two different settings, namely cryptographic and symbolic models, for standard notions of privacy and individual verifiability. Our findings also highlight limitations in existing privacy definitions in cryptographic settings.

BibTeX

@InProceedings{CL-CCS18,
  author =	 {V\'eronique Cortier and Joseph Lallemand},
  title =	 {Voting: You Can't Have Privacy without Individual
                  Verifiability},
  booktitle =	 {25th ACM Conference on Computer and Communications
                  Security (CCS'18)},
  year =	 2018,
  abstract =	 {Electronic voting typically aims at two main
                  security goals: vote privacy and
                  verifiability. These two goals are often seen as
                  antagonistic and some national agencies even impose
                  a hierarchy between them: first privacy, and then
                  verifiability as an additional feature.
                  Verifiability typically includes individual
                  verifiability (a voter can check that her ballot is
                  counted); universal verifiability (anyone can check
                  that the result corresponds to the published
                  ballots); and eligibility verifiability (only
                  legitimate voters may vote).  \par We show that
                  actually, privacy implies individual
                  verifiability. In other words, systems without
                  individual verifiability cannot achieve privacy
                  (under the same trust assumptions). To demonstrate
                  the generality of our result, we show this
                  implication in two different settings, namely
                  cryptographic and symbolic models, for standard
                  notions of privacy and individual verifiability.
                  Our findings also highlight limitations in existing
                  privacy definitions in cryptographic settings.  },
  pages =	 {53--66},
  publisher =	 {ACM},
  doi =		 {10.1145/3243734.3243762},
                  ={https://members.loria.fr/VCortier/files/Papers/CCS2018.pdf},
}