BeleniosRF

Chaidos, Pyrros; Cortier, Véronique; Fuchsbauer, Georg; Galindo, David

doi:10.1145/2976749.2978337

Cited by 48 publications

(13 citation statements)

References 47 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…8 Observe that n repl ≪ n h V covers the interesting cases because the privacy loss is obviously close to 1 for large n repl . e.g., [5,13,26,10]-reduce to the entropy-based approach, as proven in [5]). In this section we will show that a simple extension of the KTV definition, which we term 'strong vote privacy', is equivalent to a computational version of a strong entropy-based definition.…”

Section: Strong Vote Privacymentioning

confidence: 90%

“…In what follows, we explain the general idea of such homomorphic replay attacks. Several e-voting schemes are vulnerable to such homomorphic replay attacks, for example the one by Lee et al [34] (pointed out by Dreier, Lafourcade and Lakhnech [19]), or the one by Blazy, Fuchsbauer, Pointcheval, and Vergnaud [8] (pointed out by Chaidos, Cortier, Fuchsbauer, and Galindo [13]) which is the predecessor of BeleniosRF [13].…”

Section: Homomorphic Replay Attacksmentioning

confidence: 99%

“…Designing secure e-voting systems is very challenging, with a long and rich history going back to the 1980's [4]. Since then, numerous e-voting systems have been proposed which aim to provide both verifiability and privacy (see, e.g., [1,39,40,16,34,13,15,14]), sometimes with additional security properties such as receipt-freeness [13] or coercion-resistance [16]. Some of these e-voting systems have been and are used in practice, for example for political elections in Australia [11], Estonia [41], Switzerland [43], and the US [12], or for non-political ones, such as IACR elections [25], to name just a few.…”

Section: Introductionmentioning

confidence: 99%

“…One of the most prominent classes of attacks against privacy-if not the most prominent one-are replay attacks (see, e.g., [18,24,19,13,7]) to which many e-voting systems have been proven vulnerable (e.g., [1,39,40,16,34,8]). Roughly speaking, a replay attack works as follows.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

How efficient are replay attacks against vote privacy? A formal quantitative analysis1

Mestel

Müller

Reisert

2023

JCS

View full text Add to dashboard Cite

Replay attacks are among the most well-known attacks against vote privacy. Many e-voting systems have been proven vulnerable to replay attacks, including systems like Helios that are used in real practical elections. Despite their popularity, it is commonly believed that replay attacks are inefficient but the actual threat that they pose to vote privacy has never been studied formally. Therefore, in this paper, we precisely analyze for the first time how efficient replay attacks really are. We study this question from commonly used and complementary perspectives on vote privacy, showing as an independent contribution that a simple extension of a popular game-based privacy definition corresponds to a strong entropy-based notion. Our results demonstrate that replay attacks can be devastating for a voter’s privacy even when an adversary’s resources are very limited. We illustrate our formal findings by applying them to a number of real-world elections, showing that a modest number of replays can result in significant privacy loss. Overall, our work reveals that, contrary to a common belief, replay attacks can be very efficient and must therefore be considered a serious threat.

show abstract

Section: Strong Vote Privacymentioning

confidence: 90%

Section: Homomorphic Replay Attacksmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

How efficient are replay attacks against vote privacy? A formal quantitative analysis1

Mestel

Müller

Reisert

2023

JCS

View full text Add to dashboard Cite

show abstract

“…Since, realistically, the risk of being penalized may not be sufficient to deter possible coercers, the threat of coercion must also be counteracted at a technical level. To this end, numerous e-voting systems have been designed that aim to protect against coercion (see, e.g., [1,2,6,7,12,17,22,32]), or to mitigate its risk (see, e.g., [5,14,20,28,29]), by technical means. This property is called coercion-resistance.…”

Section: Introductionmentioning

confidence: 99%

Scalable Coercion-Resistant E-Voting under Weaker Trust Assumptions

Haines

Müller

Querejeta-Azurmendi

2023

Proceedings of the 38th ACM/SIGAPP Symposium on Applied Computing

View full text Add to dashboard Cite

Electronic voting (e-voting) is regularly used in many countries and organizations for legally binding elections. In order to conduct such elections securely, numerous e-voting systems have been proposed over the last few decades. Notably, some of these systems were designed to provide coercion-resistance. This property protects against potential adversaries trying to swing an election by coercing voters.Despite the multitude of existing coercion-resistant e-voting systems, to date, only few of them can handle large-scale Internet elections efficiently. One of these systems, VoteAgain (USENIX Security 2020), was originally claimed secure under similar trust assumptions to state-of-the-art e-voting systems without coercionresistance.In this work, we review VoteAgain's security properties. We discover that, unlike originally claimed, VoteAgain is no more secure than a trivial voting system with a completely trusted election authority. In order to mitigate this issue, we propose a variant of VoteAgain which effectively mitigates trust on the election authorities and, at the same time, preserves VoteAgain's usability and efficiency.Altogether, our findings bring the state of science one step closer to the goal of scalable coercion-resistant e-voting being secure under reasonable trust assumptions. CCS CONCEPTS• Security and privacy → Formal security models; Privacypreserving protocols;

show abstract

Selective comparison of verifiable online voting systems

Finogina,

Cucurull Juan,

Costa

2024

Security and Privacy

View full text Add to dashboard Cite

This paper aims to provide a guideline for identifying the most suitable online voting system under the given requirements and acceptable tradeoffs. We have selected twelve (more or less) well‐known online voting systems that rely on distinct cryptographic mechanisms for achieving security. For each of the systems, we summarized the key architectural and cryptographic ideas behind their design. Then, we analyzed the required trust assumptions for achieving the three most important security properties (i.e., verifiability, divided between cast‐as‐intended, recorded‐as‐cast, and tallied‐as‐recorded verifiabilities, privacy, and receipt‐freeness). To make a fair comparison, we did our analysis based on identical security definitions. Note that we selected wildly known and well‐accepted definitions, which are scheme‐neutral, to avoid any biases. Also, we discussed some of the most critical practical aspects of those systems, such as–the necessity for secure or anonymous channels, reliance on secure printer facilities and so forth. To facilitate the comparison, we suggested a unified naming convention for system elements based on their roles and functions. Then, based on the unified naming convention, we compared all twelve online voting systems for both the security properties and practical aspects. Finally, we summarized our observations regarding patterns and dependencies we observed, provided guidelines for selecting the online voting system, and gave recommendations regarding system design. We hope our work contributes to the online literature and facilitates the process of selecting the most suitable e‐voting system depending on the requirements of a specific election.

show abstract

BeleniosRF

Cited by 48 publications

References 47 publications

How efficient are replay attacks against vote privacy? A formal quantitative analysis1

How efficient are replay attacks against vote privacy? A formal quantitative analysis1

Scalable Coercion-Resistant E-Voting under Weaker Trust Assumptions

Selective comparison of verifiable online voting systems

Contact Info

Product

Resources

About