E-Voting; End to end; End-to-end verifiable voting; Hyperion; Large scale election; Prototype implementations; Verifiability; Voting schemes; Theoretical Computer Science; Computer Science (all)
Abstract :
[en] We present Hyperion, an end-to-end verifiable e-voting scheme that allows the voters to identify their votes in cleartext in the final tally. In contrast to schemes like Selene or sElect, identification is not via (private) tracker numbers but via cryptographic commitment terms. After publishing the tally, the Election Authority provides each voter with an individual dual key. Voters identify their votes by raising their dual key to their secret trapdoor key and finding the matching commitment term in the tally. The dual keys are self-certifying in that, without the voter’s trapdoor key, it is intractable to forge a dual key that, when raised to the trapdoor key, will match an alternative commitment. On the other hand, a voter can use their own trapdoor key to forge a dual key to fool any would-be coercer. We provide new improved definitions of privacy and verifiability for e-voting schemes and prove the scheme secure against these, as well as proving security with respect to earlier definitions in the literature. We provide a prototype implementation and provide measurements which demonstrate that our scheme is practical for large scale elections.
Disciplines :
Computer science
Author, co-author :
Damodaran, Aditya ; SnT, University of Luxembourg, Esch-sur-Alzette, Luxembourg
Rastikian, Simon; Near One Limited, London, United Kingdom
ROENNE, Peter ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > APSIA
RYAN, Peter Y A ; University of Luxembourg > Faculty of Science, Technology and Medicine > Department of Computer Science > Team Peter RYAN
External co-authors :
yes
Language :
English
Title :
Hyperion: Transparent End-to-End Verifiable Voting with Coercion Mitigation
Publication date :
2025
Event name :
ESORICS 2025 - 30th European Symposium on Research in Computer Security
Event place :
Toulouse, France
Event date :
22-09-2025 => 24-09-2025
Audience :
International
Main work title :
Computer Security - ESORICS 2025 - 30th European Symposium on Research in Computer Security, 2025, Proceedings
Editor :
Nicomette, Vincent
Publisher :
Springer Science and Business Media Deutschland GmbH
FNR13643617 - EquiVox - Secure, Quantum-safe, Practical Voting Technologies, 2019 (01/04/2020-31/03/2023) - Peter Y. A. Ryan FNR16221219 - ImPAKT - Real-world Implementation And Human-centered Design Of Pake Technologies, 2021 (01/06/2022-31/05/2025) - Peter Y. A. Ryan
Adida, B., De Marneffe, O., Pereira, O., Quisquater, J.J., et al.: Electing a university president using open-audit voting: analysis of real-world use of Helios. EVT/WOTE 9(10) (2009)
Alsadi, M., Schneider, S.: Verify my vote: voter experience. E-Vote-ID 2020, 280 (2020)
Arnaud, M., Cortier, V., Wiedling, C.: Analysis of an electronic boardroom voting system. In: International Conference on E-Voting and Identity, pp. 109–126. Springer (2013)
Benaloh, J.D.C.: Verifiable secret-ballot elections, Ph.D. thesis, Yale University (1987)
Bernhard, D., Cortier, V., Galindo, D., Pereira, O., Warinschi, B.: Sok: a comprehensive analysis of game-based ballot privacy definitions. In: 2015 IEEE Symposium on Security and Privacy, pp. 499–516. IEEE (2015)
Bernhard, D., Pereira, O., Warinschi, B.: How not to prove yourself: pitfalls of the Fiat-Shamir heuristic and applications to Helios. In: International Conference on the Theory and Application of Cryptology and Information Security, pp. 626–643. Springer (2012)
Bruni, A., Drewsen, E., Schürmann, C.: Towards a mechanized proof of Selene receipt-freeness and vote-privacy. In: International Joint Conference on Electronic Voting, pp. 110–126. Springer (2017)
Camenisch, J.: Group signature schemes and payment systems based on the discrete logarithm problem, Ph.D. thesis, ETH Zurich (1998)
Chaidos, P., Cortier, V., Fuchsbauer, G., Galindo, D.: Beleniosrf: a non-interactive receipt-free electronic voting scheme. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1614–1625 (2016)
Cortier, V., Galindo, D., Glondu, S., Izabachene, M.: Election verifiability for Helios under weaker trust assumptions. In: European Symposium on Research in Computer Security, pp. 327–344. Springer (2014)
Cortier, V., Galindo, D., Küsters, R., Müller, J., Truderung, T.: Sok: verifiability notions for e-voting protocols. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 779–798. IEEE (2016)
Cortier, V., Lallemand, J., Warinschi, B.: Fifty shades of ballot privacy: privacy against a malicious board. In: 2020 IEEE 33rd Computer Security Foundations Symposium (CSF), pp. 17–32. IEEE (2020)
Cortier, V., Smyth, B.: Attacking and fixing Helios: an analysis of ballot secrecy. J. Comput. Secur. 21(1), 89–148 (2013)
Damodaran, A., Rastikian, S., Rønne, P.B., Ryan, P.Y.: Hyperion: transparent end-to-end verifiable voting with coercion mitigation. Cryptology ePrint Archive (2024)
Distler, V., Zollinger, M.L., Lallemand, C., Roenne, P.B., Ryan, P.Y., Koenig, V.: Security-visible, yet unseen? In: Proceedings of the 2019 CHI conference on human factors in computing systems, pp. 1–13 (2019)
Dragan, C.C., et al.: Machine-checked proofs of privacy against malicious boards for Selene & co. In: 35th IEEE Computer Security Foundations Symposium, CSF 2022, pp. 335–347. IEEE (2022)
ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 31(4), 469–472 (1985)
Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Conference on the Theory and Application of Cryptographic Techniques, pp. 186–194. Springer (1986)
Groth, J.: Simulation-sound NIZK proofs for a practical language and constant size group signatures. In: International Conference on the Theory and Application of Cryptology and Information Security, pp. 444–459. Springer (2006)
Haenni, R., Locher, P., Koenig, R., Dubuis, E.: Pseudo-code algorithms for verifiable re-encryption mix-nets. In: Financial Cryptography and Data Security, pp. 370–384. Springer (2017)
Iovino, V., Rial, A., Rønne, P.B., Ryan, P.Y.: Using Selene to verify your vote in JCJ. In: International Conference on Financial Cryptography and Data Security, pp. 385–403. Springer (2017)
Jamroga, W., Roenne, P.B., Ryan, P.Y., Stark, P.B.: Risk-limiting tallies. In: International Joint Conference on Electronic Voting, pp. 183–199. Springer (2019)
Juels, A., Catalano, D., Jakobsson, M.: Coercion-resistant electronic elections. In: Towards Trustworthy Elections, pp. 37–63. Springer (2010)
Küsters, R., Müller, J., Scapin, E., Truderung, T.: sElect: a lightweight verifiable remote voting system. In: Computer Security Foundations Symposium (CSF), 2016 IEEE 29th, pp. 341–354. IEEE (2016)
Mosaheb, R., Rønne, P.B., Ryan, P.Y., Sarfaraz, S.: Direct and transparent voter verification with everlasting receipt-freeness. In: International Joint Conference on Electronic Voting, pp. 124–140. Springer, Cham (2024)
Pfitzmann, B.P., Sadeghi, A.R.: Anonymous fingerprinting with direct non-repudiation. In: International Conference on the Theory and Application of Cryptology and Information Security, pp. 401–414. Springer (2000)
Rivest, R.L.: On the notion of ‘software independence’ in voting systems. Philos. Trans. Roy. Soc. A Math. Phys. Eng. Sci. 366(1881), 3759–3767 (2008)
Rønne, P.B., Ryan, P.Y., Zollinger, M.L.: Electryo, in-person voting with transparent voter verifiability and eligibility verifiability. arXiv preprint arXiv:2105.14783 (2021)
Ryan, P.Y.A., Rønne, P.B., Iovino, V.: Selene: voting with transparent verifiability and coercion-mitigation. In: International Conference on Financial Cryptography and Data Security, pp. 176–192. Springer (2016)
Ryan, P.Y., Roenne, P.B., Ostrev, D., Orche, F.E.E., Soroush, N., Stark, P.B.: Who was that masked voter? The tally won’t tell! In: International Joint Conference on Electronic Voting, pp. 106–123. Springer (2021)
Sallal, M., et al.: Augmenting an internet voting system with Selene verifiability using permissioned distributed ledger. In: 2020 IEEE 40th International Conference on Distributed Computing Systems (ICDCS), pp. 1167–1168. IEEE (2020)
Schneier, B.: Applied Cryptography: Protocols, Algorithms, and Source Code in C. Wiley (2007)
Schnorr, C.P.: Efficient signature generation by smart cards. J. Cryptol. 4(3), 161– 174 (1991). https://doi.org/10.1007/BF00196725
Terelius, B., Wikström, D.: Proofs of restricted shuffles. In: Bernstein, D.J., Lange, T. (eds.) AFRICACRYPT 2010. LNCS, vol. 6055, pp. 100–113. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12678-9 7
Wikström, D.: User Manual for the Verificatum Mix-Net Version 1.4.0. Verificatum AB, Stockholm, Sweden (2013)
Zollinger, M.L., Distler, V., Roenne, P.B., Ryan, P.Y., Lallemand, C., Koenig, V.: User experience design for e-voting: how mental models align with security mechanisms. arXiv preprint arXiv:2105.14901 (2021)
Zollinger, M.L., Rønne, P.B., Ryan, P.Y.: Short paper: mechanized proofs of verifiability and privacy in a paper-based e-voting scheme. In: International Conference on Financial Cryptography and Data Security, pp. 310–318. Springer (2020)
