To read this content please select one of the options below:

Auditing for privacy in threshold PKE e-voting

Aggelos Kiayias (School of Informatics, University of Edinburgh, Edinburgh, UK)
Thomas Zacharias (School of Informatics, University of Edinburgh, Edinburgh, UK)
Bingsheng Zhang (School of Computing and Communications, University of Lancaster, Lancaster, UK)

Information and Computer Security

ISSN: 2056-4961

Article publication date: 13 March 2017




This paper aims to investigate the importance of auditing for election privacy via issues that appear in the state-of-the-art implementations of e-voting systems that apply threshold public key encryption (TPKE) in the client such as Helios and use a bulletin board (BB).


Argumentation builds upon a formal description of a typical TPKE-based e-voting system where the election authority (EA) is the central node in a star network topology. The paper points out the weaknesses of the said topology with respect to privacy and analyzes how these weaknesses affect the security of several instances of TPKE-based e-voting systems. Overall, it studies the importance of auditing from a privacy aspect.


The paper shows that without public key infrastructure (PKI) support or – more generally – authenticated BB “append” operations, TPKE-based e-voting systems are vulnerable to attacks where the malicious EA can act as a man-in-the-middle between the election trustees and the voters; hence, it can learn how the voters have voted. As a countermeasure for such attacks, this work suggests compulsory trustee auditing. Furthermore, it analyzes how lack of cryptographic proof verification affects the level of privacy that can be provably guaranteed in a typical TPKE e-voting system.


As opposed to the extensively studied importance of auditing to ensure election integrity, the necessity of auditing to protect privacy in an e-voting system has been mostly overlooked. This paper reveals design weaknesses present in noticeable TPKE-based e-voting systems that can lead to a total breach of voters’ privacy and shows how auditing can be applied for providing strong provable privacy guarantees.



This research was partly supported by ERC project #259152 (CODAMODA), Horizon 2020 project #653497 (PANORAMIX) and project FINER, Greek Secretariat of Research and Technology, funded under action ARISTEIA 1.


Kiayias, A., Zacharias, T. and Zhang, B. (2017), "Auditing for privacy in threshold PKE e-voting", Information and Computer Security, Vol. 25 No. 1, pp. 100-116.



Emerald Publishing Limited

Copyright © 2017, Emerald Publishing Limited

Related articles