Automated Verification of Remote Electronic Voting Protocols in the Applied Pi-Calculus

Backes, Michael; Hriţcu, Cătălin; Maffei, Matteo

doi:10.1109/csf.2008.26

Cited by 108 publications

(122 citation statements)

References 31 publications

Supporting

Mentioning

121

Contrasting

Order By: Relevance

“…A protocol satisfies Swap-Coercion-Resistance (SwCR) if for any context S corresponding to a voting process with a hole for two voters and for all votes σ v A and σ v B there exists a process V such that for any context C with C = νc 1 …”

Section: Definition 9 (Swap-privacy (Swp) [2])mentioning

confidence: 99%

See 1 more Smart Citation

Defining Privacy for Weighted Votes, Single and Multi-voter Coercion

Dreier

Lafourcade

Lakhnech

2012

Computer Security – ESORICS 2012

View full text Add to dashboard Cite

Abstract. Most existing formal privacy definitions for voting protocols are based on observational equivalence between two situations where two voters swap their votes. These definitions are unsuitable for cases where votes are weighted. In such a case swapping two votes can result in a different outcome and both situations become trivially distinguishable. We present a definition for privacy in voting protocols in the applied π-calculus that addresses this problem. Using our model, we are also able to define multi-voter coercion, i.e. situations where several voters are attacked at the same time. Then we prove that under certain realistic assumptions a protocol secure against coercion of a single voter is also secure against coercion of multiple voters. This applies for ReceiptFreeness as well as Coercion-Resistance.

show abstract

Section: Definition 9 (Swap-privacy (Swp) [2])mentioning

confidence: 99%

“…Related Work: Previous research on formal verification of voting protocols concerned privacy properties (privacy, receipt-freeness and coercion-resistance) [1][2][3][4][5][6][7][8], election verifiability [9,10], or both [11][12][13].…”

Section: Introductionmentioning

confidence: 99%

Defining Privacy for Weighted Votes, Single and Multi-voter Coercion

Dreier

Lafourcade

Lakhnech

2012

Computer Security – ESORICS 2012

View full text Add to dashboard Cite

show abstract

“…Some other voting systems have been at least partially verified automatically against privacy-related properties (for example, Civitas [3] in [8] with handproofs, FOO [2] in [9] with a compiler, and Prêtà Voter [10] in [11]); but the ThreeBallot voting system has not yet been subjected to automated formal verification.…”

Section: Introductionmentioning

confidence: 99%

Automated Anonymity Verification of the ThreeBallot Voting System

Moran

Heather

Schneider

2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. In recent years, a large number of secure voting protocols have been proposed in the literature. Often these protocols contain flaws, but because they are complex protocols, rigorous formal analysis has proven hard to come by. Rivest's ThreeBallot voting system is important because it aims to provide security (voter anonymity and voter verifiability) without requiring cryptography. In this paper, we construct a CSP model of ThreeBallot, and use it to produce the first automated formal analysis of its anonymity property. Along the way, we discover that one of the crucial assumptions under which ThreeBallot (and many other voting systems) operates-the Short Ballot Assumption-is highly ambiguous in the literature. We give various plausible precise interpretations, and discover that in each case, the interpretation either is unrealistically strong, or else fails to ensure anonymity. Therefore, we give a version of the Short Ballot Assumption for ThreeBallot that is realistic but still provides a guarantee of anonymity.

show abstract

“…We work in the applied pi calculus [2], and we use the ProVerif software tool [8] to automate verification. (The calculus and the tool have already been successful in analysing other properties of electronic voting systems [14,4].) Our approach puts significant emphasis on the automatic analysis of the verifiability property, using ProVerif.…”

Section: Introductionmentioning

confidence: 99%

“…This distinction is made for compatibility with protocols which do not offer eligibility verifiability.) These three aspects of verifiability are related to the following correctness properties [4], defined with respect to honest protocol executions:…”

Section: Introductionmentioning

confidence: 99%

Towards Automatic Analysis of Election Verifiability Properties

Smyth

Ryan

Kremer

et al. 2010

Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security

View full text Add to dashboard Cite

Abstract. We present a symbolic definition that captures some cases of election verifiability for electronic voting protocols. Our definition is given in terms of reachability assertions in the applied pi calculus and is amenable to automated reasoning using the software tool ProVerif. The definition distinguishes three aspects of verifiability, which we call individual, universal, and eligibility verifiability. We demonstrate the applicability of our formalism by analysing the protocols due to Fujioka, Okamoto & Ohta and a variant of the one by Juels, Catalano & Jakobsson (implemented as Civitas by Clarkson, Chong & Myers).

show abstract

Automated Verification of Remote Electronic Voting Protocols in the Applied Pi-Calculus

Cited by 108 publications

References 31 publications

Defining Privacy for Weighted Votes, Single and Multi-voter Coercion

Defining Privacy for Weighted Votes, Single and Multi-voter Coercion

Automated Anonymity Verification of the ThreeBallot Voting System

Towards Automatic Analysis of Election Verifiability Properties

Contact Info

Product

Resources

About