{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T18:19:29Z","timestamp":1754158769902,"version":"3.41.2"},"reference-count":38,"publisher":"Emerald","issue":"1","license":[{"start":{"date-parts":[[2017,3,13]],"date-time":"2017-03-13T00:00:00Z","timestamp":1489363200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2017,3,13]]},"abstract":"<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title>\n<jats:p>This paper aims to investigate the importance of auditing for election privacy via issues that appear in the state-of-the-art implementations of e-voting systems that apply threshold public key encryption (TPKE) in the client such as Helios and use a bulletin board (BB).<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title>\n<jats:p>Argumentation builds upon a formal description of a typical TPKE-based e-voting system where the election authority (EA) is the central node in a star network topology. The paper points out the weaknesses of the said topology with respect to privacy and analyzes how these weaknesses affect the security of several instances of TPKE-based e-voting systems. Overall, it studies the importance of auditing from a privacy aspect.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Findings<\/jats:title>\n<jats:p>The paper shows that without public key infrastructure (PKI) support or \u2013 more generally \u2013 authenticated BB \u201cappend\u201d operations, TPKE-based e-voting systems are vulnerable to attacks where the malicious EA can act as a man-in-the-middle between the election trustees and the voters; hence, it can learn how the voters have voted. As a countermeasure for such attacks, this work suggests compulsory trustee auditing. Furthermore, it analyzes how lack of cryptographic proof verification affects the level of privacy that can be provably guaranteed in a typical TPKE e-voting system.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title>\n<jats:p>As opposed to the extensively studied importance of auditing to ensure election integrity, the necessity of auditing to protect privacy in an e-voting system has been mostly overlooked. This paper reveals design weaknesses present in noticeable TPKE-based e-voting systems that can lead to a total breach of voters\u2019 privacy and shows how auditing can be applied for providing strong provable privacy guarantees.<\/jats:p>\n<\/jats:sec>","DOI":"10.1108\/ics-07-2016-0056","type":"journal-article","created":{"date-parts":[[2017,3,1]],"date-time":"2017-03-01T08:28:36Z","timestamp":1488356916000},"page":"100-116","source":"Crossref","is-referenced-by-count":0,"title":["Auditing for privacy in threshold PKE e-voting"],"prefix":"10.1108","volume":"25","author":[{"given":"Aggelos","family":"Kiayias","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Thomas","family":"Zacharias","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bingsheng","family":"Zhang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","reference":[{"key":"key2020120812083091700_ref001","first-page":"335","article-title":"Helios: web-based open-audit voting","volume-title":"Proceedings of the 17th USENIX Security Symposium, San Jose, CA","year":"2008"},{"issue":"2","key":"key2020120812083091700_ref002","doi-asserted-by":"crossref","first-page":"281","DOI":"10.1007\/s00145-009-9040-7","article-title":"Security against covert adversaries: efficient protocols for realistic adversaries","volume":"23","year":"2010","journal-title":"Journal of Cryptology"},{"key":"key2020120812083091700_ref003","first-page":"52","article-title":"Distributing the power of a government to enhance the privacy of voters (extended abstract)","volume-title":"Proceedings of the Fifth Annual ACM Symposium on Principles of Distributed Computing, Calgary, Alberta","year":"1986"},{"year":"2013","key":"key2020120812083091700_ref004","article-title":"Star-vote: a secure, transparent, auditable, and reliable voting system"},{"key":"key2020120812083091700_ref005","first-page":"335","article-title":"Adapting helios for provable ballot privacy","volume-title":"Proceedings of the 16th European Symposium on Research in Computer Security, Leuven, Belgium, 12-14 September, Vol. 6879 of Lecture Notes in Computer Science","year":"2011"},{"key":"key2020120812083091700_ref006","first-page":"626","article-title":"How not to prove yourself: pitfalls of the Fiat-Shamir heuristic and applications to Helios","volume-title":"Proceedings of the Advances in Cryptology \u2013 ASIACRYPT 2012 \u2013 18th International Conference on the Theory and Application of Cryptology and Information Security, Beijing, China","year":"2012"},{"issue":"2","key":"key2020120812083091700_ref007","doi-asserted-by":"crossref","first-page":"84","DOI":"10.1145\/358549.358563","article-title":"Untraceable electronic mail, return addresses, and digital pseudonyms","volume":"24","year":"1981","journal-title":"Communication of the ACM"},{"article-title":"Surevote: technical overview","volume-title":"Proceedings of the Workshop on Trustworthy Elections","year":"2001","key":"key2020120812083091700_ref008"},{"key":"key2020120812083091700_ref009","first-page":"118","article-title":"A practical voter-verifiable election scheme","volume-title":"Proceedings of the 10th European Symposium on Research in Computer Security, Milan, Italy","year":"2005"},{"issue":"3","key":"key2020120812083091700_ref010","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1109\/MSP.2008.70","article-title":"Scantegrity: end-to-end voter-verifiable optical-scan voting","volume":"6","year":"2008","journal-title":"IEEE Security & Privacy"},{"key":"key2020120812083091700_ref011","first-page":"354","article-title":"Civitas: toward a secure voting system","volume-title":"2008 IEEE Symposium on Security and Privacy (S&P 2008), Oakland, CA","year":"2008"},{"key":"key2020120812083091700_ref012","first-page":"372","article-title":"A robust and verifiable cryptographically secure election scheme (extended abstract)","volume-title":"26th Annual Symposium on Foundations of Computer Science, Portland, OR, 21-23 October","year":"1985"},{"first-page":"297","article-title":"Attacking and fixing Helios: an analysis of ballot secrecy","year":"2011","key":"key2020120812083091700_ref013"},{"key":"key2020120812083091700_ref014","first-page":"103","article-title":"A secure and optimally efficient multi-authority election scheme","volume-title":"Proceeding of the Advances in Cryptology \u2013 EUROCRYPT 97, International Conference on the Theory and Application of Cryptographic Techniques, Konstanz, Germany","year":"1997"},{"article-title":"Exploiting the client vulnerabilities in internet e-voting systems: Hacking Helios 2.0 as an example","volume-title":"2010 Electronic Voting Technology Workshop \/ Workshop on Trustworthy Elections, EVT\/WOTE\u201910, Washington, DC","year":"2010","key":"key2020120812083091700_ref016"},{"key":"key2020120812083091700_ref017","unstructured":"Estonia (2017), available at: www.valimised.ee\/eng\/"},{"key":"key2020120812083091700_ref018","first-page":"186","article-title":"How to prove yourself: practical solutions to identification and signature problems","volume-title":"Proceeding of the Advances in Cryptology \u2013 CRYPTO \u201d86, Santa Barbara, CA","year":"1986"},{"key":"key2020120812083091700_ref019","first-page":"380","article-title":"Analysis of an internet voting protocol","volume":"2010","year":"2010","journal-title":"IACR Cryptology ePrint Archive"},{"key":"key2020120812083091700_ref020","first-page":"473","article-title":"The Norwegian internet voting protocol","volume":"2013","year":"2013","journal-title":"IACR Cryptology ePrint Archive"},{"key":"key2020120812083091700_ref021","first-page":"291","article-title":"The knowledge complexity of interactive proof-systems (extended abstract)","volume-title":"Proceedings of the 17th Annual ACM Symposium on Theory of Computing, Providence, RI","year":"1985"},{"first-page":"89","article-title":"The bug that made me president: a browser- and web-security case study on Helios voting","year":"2011","key":"key2020120812083091700_ref022"},{"key":"key2020120812083091700_ref023","unstructured":"Helios (2017), \u201cHelios privacy claims\u201d, available at: https:\/\/vote.heliosvoting.org\/privacy (accessed 31 July 2014)."},{"issue":"10","key":"key2020120812083091700_ref024","doi-asserted-by":"crossref","first-page":"59","DOI":"10.1145\/1022594.1022624","article-title":"Analyzing internet voting security","volume":"47","year":"2004","journal-title":"Communication of ACM"},{"key":"key2020120812083091700_ref025","first-page":"61","article-title":"Coercion-resistant electronic elections","volume-title":"Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society, WPES 2005, Alexandria","year":"2005"},{"first-page":"165","article-title":"An internet voting system supporting user privacy","year":"2006","key":"key2020120812083091700_ref026"},{"first-page":"352","article-title":"DEMOS-2: scalable E2E verifiable elections without random oracles","year":"2015","key":"key2020120812083091700_ref027"},{"first-page":"468","article-title":"End-to-end verifiable elections in the standard model","year":"2015","key":"key2020120812083091700_ref028"},{"first-page":"3","article-title":"On the necessity of auditing for election privacy in e-voting systems","year":"2015","key":"key2020120812083091700_ref029"},{"key":"key2020120812083091700_ref030","first-page":"389","article-title":"Election verifiability in electronic voting protocols","volume-title":"Proceedings of the Computer Security \u2013 ESORICS 2010, 15th European Symposium on Research in Computer Security, Athens, Greece","year":"2010"},{"first-page":"395","article-title":"Clash attacks on the verifiability of e-voting systems","year":"2012","key":"key2020120812083091700_ref031"},{"key":"key2020120812083091700_ref032","first-page":"343","article-title":"Scratch, click & vote: E2E voting over the internet","volume-title":"Towards Trustworthy Elections, New Directions in Electronic Voting","year":"2010"},{"key":"key2020120812083091700_ref033","first-page":"522","article-title":"A threshold cryptosystem without a trusted party (extended abstract)","volume-title":"Proceedings of the Advances in Cryptology \u2013 EUROCRYPT \u201991, Workshop on the Theory and Application of Cryptographic Techniques, Brighton, UK","year":"1991"},{"key":"key2020120812083091700_ref034","first-page":"233","article-title":"Computational election verifiability: definitions and an analysis of Helios and JCJ","volume":"2015","year":"2015","journal-title":"IACR Cryptology ePrint Archive"},{"first-page":"703","article-title":"Security analysis of the Estonian internet voting system","year":"2014","key":"key2020120812083091700_ref035"},{"year":"2013","key":"key2020120812083091700_ref036","article-title":"From Helios to Zeus"},{"key":"key2020120812083091700_ref037","unstructured":"Adida, B. (2017), \u201cHelios github repository\u201d, available at: https:\/\/github.com\/benadida\/helios-server (accessed 31 July 2014)."},{"key":"key2020120812083091700_ref038","first-page":"441","article-title":"Remotegrity: design and use of an end-to-end verifiable remote voting system","volume-title":"Proceedings of the Applied Cryptography and Network Security \u2013 11th International Conference, ACNS 2013, Banff, AB, 25-28 June, Vol. 7954 of Lecture Notes in Computer Science","year":"2013"},{"key":"key2020120812083091700_ref039","unstructured":"(2013), 2013 Electronic Voting Technology Workshop\/Workshop on Trustworthy Elections, EVT\/WOTE \u201913, Washington, DC, 12-13 August, USENIX Association, Berkeley, CA."}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-07-2016-0056\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-07-2016-0056\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:23:02Z","timestamp":1753406582000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/25\/1\/100-116\/109744"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,3,13]]},"references-count":38,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2017,3,13]]}},"alternative-id":["10.1108\/ICS-07-2016-0056"],"URL":"https:\/\/doi.org\/10.1108\/ics-07-2016-0056","relation":{},"ISSN":["2056-4961"],"issn-type":[{"type":"print","value":"2056-4961"}],"subject":[],"published":{"date-parts":[[2017,3,13]]}}}