How Efficient are Replay Attacks against Vote Privacy? A Formal Quantitative Analysis

Mestel, David; Müller, Johannes; Reisert, Pascal

doi:10.1109/csf54842.2022.9979167

Cited by 3 publications

(3 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Tallying phase. The tallier T takes all submitted ballots as input, removes possible duplicates (to protect against replay attacks [42] that violate vote privacy) and all ballots with invalid proofs, and extracts the ciphertexts (𝑒 𝑖 ) 𝑖 of the remaining ballots.…”

Section: Basic Secure E-votingmentioning

confidence: 99%

DeVoS: Deniable Yet Verifiable Vote Updating

Müller,

Pejó,

Pryvalov

2024

PoPETs

View full text Add to dashboard Cite

Internet voting systems are supposed to meet the same high standards as traditional paper-based systems when used in real political elections: freedom of choice, universal and equal suffrage, secrecy of the ballot, and independent verifiability of the election result. Although numerous Internet voting systems have been proposed to achieve these challenging goals simultaneously, few come close in reality. We propose a novel publicly verifiable and practically efficient Internet voting system, DeVoS, that advances the state of the art. The main feature of DeVoS is its ability to protect voters' freedom of choice in several dimensions. First, voters in DeVoS can intuitively update their votes in a way that is deniable to observers but verifiable by the voters; in this way voters can secretly overwrite potentially coerced votes. Second, in addition to (basic) vote privacy, DeVoS also guarantees strong participation privacy by end-to-end hiding which voters have submitted ballots and which have not. Finally, DeVoS is fully compatible with Perfectly Private Audit Trail, a state-of-the-art Internet voting protocol with practical everlasting privacy. In combination, DeVoS offers a new way to secure free Internet elections with strong and long-term privacy properties.

show abstract

Section: Basic Secure E-votingmentioning

confidence: 99%

DeVoS: Deniable Yet Verifiable Vote Updating

Müller,

Pejó,

Pryvalov

2024

PoPETs

View full text Add to dashboard Cite

show abstract

“…This is, for instance, the case when voters can choose between many different candidates or when voters can rank candidates (e.g., in instant-runoff voting). On the contrary, in B-ID-MIX, voters only need to prove knowledge of their secret votes in order to ensure that they created their ballots independently; this measure protects, in particular, against replay attacks that violate vote privacy[54]. The NIZKPs employed for this purpose are typically independent of the number of choices.…”

mentioning

confidence: 99%

SoK: Secure E-Voting with Everlasting Privacy

Haines

Mosaheb

Müller

et al. 2023

PoPETs

View full text Add to dashboard Cite

Vote privacy is a fundamental right, which needs to be protected not only during an election, or for a limited time afterwards, but for the foreseeable future. Numerous electronic voting (e-voting) protocols have been proposed to address this challenge, striving for everlasting privacy. This property guarantees that even computationally unbounded adversaries cannot break privacy of past elections. The broad interest in secure e-voting with everlasting privacy has spawned a large variety of protocols over the last three decades. These protocols differ in many aspects, in particular the precise security properties they aim for, the threat scenarios they consider, and the privacy-preserving techniques they employ. Unfortunately, these differences are often opaque, making analysis and comparison cumbersome. In order to overcome this non-transparent state of affairs, we systematically analyze all e-voting protocols designed to provide everlasting privacy. First, we illustrate the relations and dependencies between all these different protocols. Next, we analyze in depth which protocols do provide secure and efficient approaches to e-voting with everlasting privacy under realistic assumptions, and which ones do not. Eventually, based on our extensive and detailed treatment, we identify which research problems in this field have already been solved, and which ones are still open. Altogether, our work offers a well - founded reference point for conducting research on secure e - voting with everlasting privacy as well as for future - proofing privacy in real - world electronic elections.

show abstract

“…We presented the first four contributions in the conference paper[37], whereas our fifth contribution (efficiency analysis of replay attacks under the assumption of approximate prior knowledge) is novel.…”

mentioning

confidence: 99%

How efficient are replay attacks against vote privacy? A formal quantitative analysis1

Mestel

Müller

Reisert

2023

JCS

Self Cite

View full text Add to dashboard Cite

Replay attacks are among the most well-known attacks against vote privacy. Many e-voting systems have been proven vulnerable to replay attacks, including systems like Helios that are used in real practical elections. Despite their popularity, it is commonly believed that replay attacks are inefficient but the actual threat that they pose to vote privacy has never been studied formally. Therefore, in this paper, we precisely analyze for the first time how efficient replay attacks really are. We study this question from commonly used and complementary perspectives on vote privacy, showing as an independent contribution that a simple extension of a popular game-based privacy definition corresponds to a strong entropy-based notion. Our results demonstrate that replay attacks can be devastating for a voter’s privacy even when an adversary’s resources are very limited. We illustrate our formal findings by applying them to a number of real-world elections, showing that a modest number of replays can result in significant privacy loss. Overall, our work reveals that, contrary to a common belief, replay attacks can be very efficient and must therefore be considered a serious threat.

show abstract

How Efficient are Replay Attacks against Vote Privacy? A Formal Quantitative Analysis

Cited by 3 publications

References 27 publications

DeVoS: Deniable Yet Verifiable Vote Updating

DeVoS: Deniable Yet Verifiable Vote Updating

SoK: Secure E-Voting with Everlasting Privacy

How efficient are replay attacks against vote privacy? A formal quantitative analysis1

Contact Info

Product

Resources

About