Anonymity and Verifiability in Voting: Understanding (Un)Linkability

Lucie Langer, Hugo Jonker, Wolter Pieters

  • 7 Citations

Abstract

Anonymity and verifiability are crucial security requirements for voting. Still, they seem to be contradictory, and confusion exists about their precise meanings and compatibility. In this paper, we resolve the confusion by showing that both can be expressed in terms of (un)linkability: while anonymity requires unlinkability of voter and vote, verifiability requires linkability of voters and election result. We first provide a conceptual model which captures anonymity as well as verifiability. Second, we express the semantics of (un)linkability in terms of (in)distinguishability. Third, we provide an adversary model that describes which capabilities the attacker has for establishing links. These components form a comprehensive model for describing and analyzing voting system security. In a case study we use our model to analyze the security of the voting scheme Prêt à Voter. Our work contributes to a deeper understanding of anonymity and verifiability and their correlation in voting.
Original languageUndefined
Title of host publication12th International Conference Information and Communications Security, ICICS 2010
EditorsMiguel Soriano, Sihan Qing, Javier López
Place of PublicationBerlin
PublisherSpringer Verlag
Pages296-310
Number of pages15
ISBN (Print)978-3-642-17649-4
DOIs
StatePublished - 2010
Event12th International Conference on Information and Communications Security, ICICS 2010 - Barcelona, Spain

Publication series

NameLecture Notes in Computer Science
PublisherSpringer Verlag
Volume6476
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference12th International Conference on Information and Communications Security, ICICS 2010
Abbreviated titleICICS
CountrySpain
CityBarcelona
Period15/12/1017/12/10

Fingerprint

Security systems
Semantics

Keywords

  • IR-75062
  • METIS-276726
  • Anonymity
  • E-voting
  • EWI-19020
  • Unlinkability
  • verifiability
  • SCS-Cybersecurity
  • adversary model

Cite this

Langer, L., Jonker, H., & Pieters, W. (2010). Anonymity and Verifiability in Voting: Understanding (Un)Linkability. In M. Soriano, S. Qing, & J. López (Eds.), 12th International Conference Information and Communications Security, ICICS 2010 (pp. 296-310). (Lecture Notes in Computer Science; Vol. 6476). Berlin: Springer Verlag. DOI: 10.1007/978-3-642-17650-0_21

Langer, Lucie; Jonker, Hugo; Pieters, Wolter / Anonymity and Verifiability in Voting: Understanding (Un)Linkability.

12th International Conference Information and Communications Security, ICICS 2010. ed. / Miguel Soriano; Sihan Qing; Javier López. Berlin : Springer Verlag, 2010. p. 296-310 (Lecture Notes in Computer Science; Vol. 6476).

Research output: Scientific - peer-reviewConference contribution

@inbook{a5f999ebdc8f444e826dd97fa8515664,
title = "Anonymity and Verifiability in Voting: Understanding (Un)Linkability",
abstract = "Anonymity and verifiability are crucial security requirements for voting. Still, they seem to be contradictory, and confusion exists about their precise meanings and compatibility. In this paper, we resolve the confusion by showing that both can be expressed in terms of (un)linkability: while anonymity requires unlinkability of voter and vote, verifiability requires linkability of voters and election result. We first provide a conceptual model which captures anonymity as well as verifiability. Second, we express the semantics of (un)linkability in terms of (in)distinguishability. Third, we provide an adversary model that describes which capabilities the attacker has for establishing links. These components form a comprehensive model for describing and analyzing voting system security. In a case study we use our model to analyze the security of the voting scheme Prêt à Voter. Our work contributes to a deeper understanding of anonymity and verifiability and their correlation in voting.",
keywords = "IR-75062, METIS-276726, Anonymity, E-voting, EWI-19020, Unlinkability, verifiability, SCS-Cybersecurity, adversary model",
author = "Lucie Langer and Hugo Jonker and Wolter Pieters",
note = "10.1007/978-3-642-17650-0_21",
year = "2010",
doi = "10.1007/978-3-642-17650-0_21",
isbn = "978-3-642-17649-4",
series = "Lecture Notes in Computer Science",
publisher = "Springer Verlag",
pages = "296--310",
editor = "Miguel Soriano and Sihan Qing and Javier López",
booktitle = "12th International Conference Information and Communications Security, ICICS 2010",

}

Langer, L, Jonker, H & Pieters, W 2010, Anonymity and Verifiability in Voting: Understanding (Un)Linkability. in M Soriano, S Qing & J López (eds), 12th International Conference Information and Communications Security, ICICS 2010. Lecture Notes in Computer Science, vol. 6476, Springer Verlag, Berlin, pp. 296-310, 12th International Conference on Information and Communications Security, ICICS 2010, Barcelona, Spain, 15-17 December. DOI: 10.1007/978-3-642-17650-0_21

Anonymity and Verifiability in Voting: Understanding (Un)Linkability. / Langer, Lucie; Jonker, Hugo; Pieters, Wolter.

12th International Conference Information and Communications Security, ICICS 2010. ed. / Miguel Soriano; Sihan Qing; Javier López. Berlin : Springer Verlag, 2010. p. 296-310 (Lecture Notes in Computer Science; Vol. 6476).

Research output: Scientific - peer-reviewConference contribution

TY - CHAP

T1 - Anonymity and Verifiability in Voting: Understanding (Un)Linkability

AU - Langer,Lucie

AU - Jonker,Hugo

AU - Pieters,Wolter

N1 - 10.1007/978-3-642-17650-0_21

PY - 2010

Y1 - 2010

N2 - Anonymity and verifiability are crucial security requirements for voting. Still, they seem to be contradictory, and confusion exists about their precise meanings and compatibility. In this paper, we resolve the confusion by showing that both can be expressed in terms of (un)linkability: while anonymity requires unlinkability of voter and vote, verifiability requires linkability of voters and election result. We first provide a conceptual model which captures anonymity as well as verifiability. Second, we express the semantics of (un)linkability in terms of (in)distinguishability. Third, we provide an adversary model that describes which capabilities the attacker has for establishing links. These components form a comprehensive model for describing and analyzing voting system security. In a case study we use our model to analyze the security of the voting scheme Prêt à Voter. Our work contributes to a deeper understanding of anonymity and verifiability and their correlation in voting.

AB - Anonymity and verifiability are crucial security requirements for voting. Still, they seem to be contradictory, and confusion exists about their precise meanings and compatibility. In this paper, we resolve the confusion by showing that both can be expressed in terms of (un)linkability: while anonymity requires unlinkability of voter and vote, verifiability requires linkability of voters and election result. We first provide a conceptual model which captures anonymity as well as verifiability. Second, we express the semantics of (un)linkability in terms of (in)distinguishability. Third, we provide an adversary model that describes which capabilities the attacker has for establishing links. These components form a comprehensive model for describing and analyzing voting system security. In a case study we use our model to analyze the security of the voting scheme Prêt à Voter. Our work contributes to a deeper understanding of anonymity and verifiability and their correlation in voting.

KW - IR-75062

KW - METIS-276726

KW - Anonymity

KW - E-voting

KW - EWI-19020

KW - Unlinkability

KW - verifiability

KW - SCS-Cybersecurity

KW - adversary model

U2 - 10.1007/978-3-642-17650-0_21

DO - 10.1007/978-3-642-17650-0_21

M3 - Conference contribution

SN - 978-3-642-17649-4

T3 - Lecture Notes in Computer Science

SP - 296

EP - 310

BT - 12th International Conference Information and Communications Security, ICICS 2010

PB - Springer Verlag

ER -

Langer L, Jonker H, Pieters W. Anonymity and Verifiability in Voting: Understanding (Un)Linkability. In Soriano M, Qing S, López J, editors, 12th International Conference Information and Communications Security, ICICS 2010. Berlin: Springer Verlag. 2010. p. 296-310. (Lecture Notes in Computer Science). Available from, DOI: 10.1007/978-3-642-17650-0_21