{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,5]],"date-time":"2025-11-05T21:22:00Z","timestamp":1762377720219,"version":"3.44.0"},"publisher-location":"Cham","reference-count":39,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032050359","type":"print"},{"value":"9783032050366","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,9,11]],"date-time":"2025-09-11T00:00:00Z","timestamp":1757548800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2025,9,11]],"date-time":"2025-09-11T00:00:00Z","timestamp":1757548800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"abstract":"<jats:title>Abstract<\/jats:title>\n          <jats:p>For more than forty years, two principal questions have been asked when designing verifiable election systems: how will the integrity of the results be demonstrated and how will the privacy of votes be preserved? Many approaches have been taken towards answering the first question such as use of mixnets and homomorphic tallying. But, in the case of large-scale elections, the second question has always been answered in the same way: decryption capabilities are divided amongst multiple independent \u201ctrustees\u201d so that a collusion is required to compromise privacy.<\/jats:p>\n          <jats:p>In practice, however, this approach can be fairly challenging to deploy. Even if multiple human trustees are chosen, they typically use software and often also hardware provided by a single voting system supplier, and they rarely have any real opportunity to confirm its correctness. As a result, we observe that trustees are generally not in a position to exercise the independent judgment necessary to ensure privacy.<\/jats:p>\n          <jats:p>This Systematization of Knowledge (SoK) paper looks at several aspects of the trustee experience. It begins by surveying and discussing various cryptographic protocols that have been used for key generation in elections, explores their impact on the role of trustees, and notes that even the theory of proper use of trustees is more challenging than it might seem. This is illustrated by showing that one of the only references defining a full threshold distributed key generation (DKG) for elections defines an insecure protocol. Belenios, a broadly used open-source voting system, claims to rely on that reference for its DKG and security proof. Fortunately, it does not inherit the same vulnerability, and we offer a security proof for the Belenios DKG.<\/jats:p>\n          <jats:p>The paper then discusses various practical contexts, in terms of humans, software, and hardware, and their impact on the practical deployment of a trustee-based privacy model.<\/jats:p>","DOI":"10.1007\/978-3-032-05036-6_2","type":"book-chapter","created":{"date-parts":[[2025,9,10]],"date-time":"2025-09-10T07:22:22Z","timestamp":1757488942000},"page":"17-37","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["REACTIVE: Rethinking Effective Approaches Concerning Trustees in\u00a0Verifiable Elections"],"prefix":"10.1007","author":[{"given":"Josh","family":"Benaloh","sequence":"first","affiliation":[]},{"given":"Michael","family":"Naehrig","sequence":"additional","affiliation":[]},{"given":"Olivier","family":"Pereira","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,9,11]]},"reference":[{"key":"2_CR1","unstructured":"Adida, B.: Helios: web-based open-audit voting. In: Proceedings of the 17th USENIX Security Symposium, pp. 335\u2013348. USENIX Association (2008)"},{"key":"2_CR2","unstructured":"Adida, B., de\u00a0Marneffe, O., Pereira, O., Quisquater, J.: Electing a university president using open-audit voting: analysis of real-world use of Helios. In: EVT\/WOTE 2009. USENIX Association (2009)"},{"key":"2_CR3","unstructured":"Angel, S., et al.: Nimble: rollback protection for confidential cloud services. In: 17th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2023, pp. 193\u2013208. USENIX (2023)"},{"key":"2_CR4","unstructured":"Bedrune, J.B., Campana, G.: Everybody be cool, this is a robbery! In: IACR Real World Crypto (2020)"},{"key":"2_CR5","unstructured":"Benaloh, J., et al.: STAR-Vote: a secure, transparent, auditable, and reliable voting system. In: EVT\/WOTE 2013. USENIX Association (2013)"},{"key":"2_CR6","unstructured":"Benaloh, J., Naehrig, M., Pereira, O.: ElectionGuard design specification version 2.1.0 (2024). https:\/\/www.electionguard.vote\/spec\/"},{"key":"2_CR7","unstructured":"Benaloh, J., Naehrig, M., Pereira, O., Wallach, D.S.: ElectionGuard: a cryptographic toolkit to enable verifiable elections. In: 33rd USENIX Security Symposium, USENIX Security 2024. USENIX Association (2024)"},{"key":"2_CR8","doi-asserted-by":"crossref","unstructured":"Benaloh, J.C., Yung, M.: Distributing the power of a government to enhance the privacy of voters (extended abstract). In: Proceedings of the Fifth Annual ACM Symposium on Principles of Distributed Computing, pp. 52\u201362. ACM (1986)","DOI":"10.1145\/10590.10595"},{"key":"2_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"626","DOI":"10.1007\/978-3-642-34961-4_38","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2012","author":"D Bernhard","year":"2012","unstructured":"Bernhard, D., Pereira, O., Warinschi, B.: How not to prove yourself: pitfalls of the Fiat-Shamir heuristic and applications to Helios. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 626\u2013643. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-34961-4_38"},{"key":"2_CR10","unstructured":"Bulens, P., Giry, D., Pereira, O.: Running mixnet-based elections with Helios. In: 2011 Electronic Voting Technology Workshop \/ Workshop on Trustworthy Elections, EVT\/WOTE 2011. USENIX Association (2011)"},{"issue":"4","key":"2_CR11","doi-asserted-by":"publisher","first-page":"64","DOI":"10.1109\/MSP.2016.69","volume":"14","author":"C Burton","year":"2016","unstructured":"Burton, C., Culnane, C., Schneider, S.A.: vVote: verifiable electronic voting in practice. IEEE Secur. Priv. 14(4), 64\u201373 (2016)","journal-title":"IEEE Secur. Priv."},{"key":"2_CR12","unstructured":"Carback, R., et al.: Scantegrity II municipal election at Takoma park: the first E2E binding governmental election with ballot privacy. In: 19th USENIX Security Symposium, pp. 291\u2013306. USENIX Association (2010)"},{"key":"2_CR13","doi-asserted-by":"crossref","unstructured":"Chen, Y.H., Lindell, Y.: Feldman\u2019s verifiable secret sharing for a dishonest majority. Cryptology ePrint Archive, Paper 2024\/031 (2024). https:\/\/eprint.iacr.org\/2024\/031","DOI":"10.62056\/ak2isgvtw"},{"key":"2_CR14","unstructured":"Clarke, D., Martens, T.: Real-World Electronic Voting: Design, Analysis and Deployment, chap. E-Voting in Estonia, pp. 129\u2013141. CRC Press (2017)"},{"key":"2_CR15","doi-asserted-by":"crossref","unstructured":"Cortier, V., Galindo, D., Glondu, S., Izabach\u00e8ne, M.: Distributed ElGamal \u00e0 la Pedersen: Application to Helios. In: Proceedings of the 12th annual ACM Workshop on Privacy in the Electronic Society, WPES 2013, pp. 131\u2013142. ACM (2013)","DOI":"10.1145\/2517840.2517852"},{"key":"2_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"214","DOI":"10.1007\/978-3-030-19052-1_14","volume-title":"Foundations of Security, Protocols, and Equational Reasoning","author":"V Cortier","year":"2019","unstructured":"Cortier, V., Gaudry, P., Glondu, S.: Belenios: a simple private and verifiable electronic voting system. In: Guttman, J.D., Landwehr, C.E., Meseguer, J., Pavlovic, D. (eds.) Foundations of Security, Protocols, and Equational Reasoning. LNCS, vol. 11565, pp. 214\u2013238. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-19052-1_14"},{"key":"2_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"103","DOI":"10.1007\/3-540-69053-0_9","volume-title":"Advances in Cryptology \u2014 EUROCRYPT \u201997","author":"R Cramer","year":"1997","unstructured":"Cramer, R., Gennaro, R., Schoenmakers, B.: A secure and optimally efficient multi-authority election scheme. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 103\u2013118. Springer, Heidelberg (1997). https:\/\/doi.org\/10.1007\/3-540-69053-0_9"},{"key":"2_CR18","doi-asserted-by":"crossref","unstructured":"Culnane, C., Schneider, S.A.: A peered bulletin board for robust use in verifiable voting systems. In: IEEE 27th Computer Security Foundations Symposium, CSF 2014, pp. 169\u2013183. IEEE Computer Society (2014)","DOI":"10.1109\/CSF.2014.20"},{"key":"2_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"307","DOI":"10.1007\/0-387-34805-0_28","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 89 Proceedings","author":"Y Desmedt","year":"1990","unstructured":"Desmedt, Y., Frankel, Y.: Threshold cryptosystems. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 307\u2013315. Springer, New York (1990). https:\/\/doi.org\/10.1007\/0-387-34805-0_28"},{"issue":"4","key":"2_CR20","doi-asserted-by":"publisher","first-page":"469","DOI":"10.1109\/TIT.1985.1057074","volume":"31","author":"T ElGamal","year":"1985","unstructured":"ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 31(4), 469\u2013472 (1985)","journal-title":"IEEE Trans. Inf. Theory"},{"key":"2_CR21","doi-asserted-by":"crossref","unstructured":"Feldman, P.: A practical scheme for non-interactive verifiable secret sharing. In: 28th Annual Symposium on Foundations of Computer Science, pp. 427\u2013437. IEEE Computer Society (1987)","DOI":"10.1109\/SFCS.1987.4"},{"issue":"1","key":"2_CR22","doi-asserted-by":"publisher","first-page":"51","DOI":"10.1007\/s00145-006-0347-3","volume":"20","author":"R Gennaro","year":"2007","unstructured":"Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure distributed key generation for discrete-log based cryptosystems. J. Cryptol. 20(1), 51\u201383 (2007)","journal-title":"J. Cryptol."},{"key":"2_CR23","unstructured":"Glondu, S.: Belenios specification. https:\/\/github.com\/glondu\/belenios\/blob\/2.5\/doc\/specification.tex, version 2.5"},{"key":"2_CR24","unstructured":"Glondu, S.: Belenios specification. https:\/\/github.com\/glondu\/belenios\/blob\/3.0\/doc\/specification.tex, version 3.0"},{"key":"2_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"339","DOI":"10.1007\/3-540-44750-4_27","volume-title":"Advances in Cryptology \u2014 CRYPT0 1995","author":"A Herzberg","year":"1995","unstructured":"Herzberg, A., Jarecki, S., Krawczyk, H., Yung, M.: Proactive secret sharing or: how to cope with perpetual leakage. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 339\u2013352. Springer, Heidelberg (1995). https:\/\/doi.org\/10.1007\/3-540-44750-4_27"},{"key":"2_CR26","doi-asserted-by":"crossref","unstructured":"Hirschi, L., Schmid, L., Basin, D.A.: Fixing the achilles heel of e-voting: the bulletin board. In: 34th IEEE Computer Security Foundations Symposium, CSF 2021, pp. 1\u201317. IEEE (2021)","DOI":"10.1109\/CSF51468.2021.00016"},{"key":"2_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"34","DOI":"10.1007\/978-3-030-81652-0_2","volume-title":"Selected Areas in Cryptography","author":"C Komlo","year":"2021","unstructured":"Komlo, C., Goldberg, I.: FROST: flexible round-optimized Schnorr threshold signatures. In: Dunkelman, O., Jacobson, Jr., M.J., O\u2019Flynn, C. (eds.) SAC 2020. LNCS, vol. 12804, pp. 34\u201365. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-81652-0_2"},{"key":"2_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"74","DOI":"10.1007\/3-540-68697-5_6","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201996","author":"SK Langford","year":"1996","unstructured":"Langford, S.K.: Weaknesses in some threshold cryptosystems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 74\u201382. Springer, Heidelberg (1996). https:\/\/doi.org\/10.1007\/3-540-68697-5_6"},{"key":"2_CR29","unstructured":"Microsoft: end-to-end verifiability in real-world elections (2023). https:\/\/www.electionguard.vote\/images\/EAC%20Report%20Final.pdf"},{"key":"2_CR30","doi-asserted-by":"publisher","unstructured":"Moran, T., Naor, M.: Receipt-free universally-verifiable voting with everlasting privacy. In: Advances in Cryptology - CRYPTO 2006. LNCS, vol.\u00a04117, pp. 373\u2013392. Springer (2006). https:\/\/doi.org\/10.1007\/11818175_22","DOI":"10.1007\/11818175_22"},{"key":"2_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"522","DOI":"10.1007\/3-540-46416-6_47","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 1991","author":"TP Pedersen","year":"1991","unstructured":"Pedersen, T.P.: A threshold cryptosystem without a trusted party. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 522\u2013526. Springer, Heidelberg (1991). https:\/\/doi.org\/10.1007\/3-540-46416-6_47"},{"key":"2_CR32","unstructured":"Swiss Post: Cryptographic primitives of the swiss post voting system (2024). https:\/\/gitlab.com\/swisspost-evoting\/crypto-primitives\/crypto-primitives"},{"key":"2_CR33","unstructured":"Swiss Post: E-voting architecturedocument (2024). https:\/\/gitlab.com\/swisspost-evoting\/e-voting\/e-voting-documentation\/-\/raw\/master\/System\/SwissPost_Voting_System_architecture_document.pdf"},{"key":"2_CR34","doi-asserted-by":"crossref","unstructured":"van Schaik, S., et al.: SoK: SGX.Fail: how stuff get eXposed. In: IEEE S &P Symposium (2024)","DOI":"10.1109\/SP54263.2024.00260"},{"key":"2_CR35","unstructured":"Verificatum: user manual for the verificatum mix-net (2022). https:\/\/www.verificatum.org\/files\/vmnum-3.1.0.pdf"},{"key":"2_CR36","unstructured":"VotingWorks: Install.md (2022). https:\/\/github.com\/votingworks\/vxsuite-complete-system\/blob\/main\/INSTALL.md"},{"key":"2_CR37","unstructured":"Wikstr\u00f6m, D.: Verificatum (2022). https:\/\/www.verificatum.org\/"},{"key":"2_CR38","doi-asserted-by":"crossref","unstructured":"Willemson, J.: Creating a decryption proof verifier for the Estonian internet voting system. In: Proceedings of the 18th International Conference on Availability, Reliability and Security, ARES 2023, pp. 58:1\u201358:7. ACM (2023)","DOI":"10.1145\/3600160.3605467"},{"key":"2_CR39","doi-asserted-by":"crossref","unstructured":"Zhang, F., Cecchetti, E., Croman, K., Juels, A., Shi, E.: Town crier: an authenticated data feed for smart contracts. In: Proceedings of the 2016 ACM CCS, pp. 270\u2013282. ACM (2016)","DOI":"10.1145\/2976749.2978326"}],"container-title":["Lecture Notes in Computer Science","Electronic Voting"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-05036-6_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,10]],"date-time":"2025-09-10T08:02:18Z","timestamp":1757491338000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-05036-6_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,9,11]]},"ISBN":["9783032050359","9783032050366"],"references-count":39,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-05036-6_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,9,11]]},"assertion":[{"value":"11 September 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"E-Vote-ID","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Joint Conference on Electronic Voting","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Nancy","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"1 October 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3 October 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"10","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"evoteid2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/e-vote-id-2025.inria.fr\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}