Paper Info
Title
Automated anonymity verification of the ThreeBallot and VAV voting systems
Abstract
In recent years, a large number of secure voting protocols have been proposed in the literature. Often these protocols contain flaws, but because they are complex protocols, rigorous formal analysis has proven hard to come by. Rivest’s ThreeBallot and Vote/Anti-Vote/Vote (VAV) voting systems are important because they aim to provide security (voter anonymity and voter verifiability) without requiring cryptography. In this paper, we construct CSP models of ThreeBallot and VAV, and use them to produce the first automated formal analysis of their anonymity properties. Along the way, we discover that one of the crucial assumptions under which ThreeBallot and VAV (and many other voting systems) operate—the short ballot assumption—is highly ambiguous in the literature. We give various plausible precise interpretations and discover that in each case, the interpretation either is unrealistically strong or else fails to ensure anonymity. We give a revised version of the short ballot assumption for ThreeBallot and VAV that is realistic but still provides a guarantee of anonymity.
Year
DOI
Venue
2016
10.1007/s10270-014-0445-x
Software and System Modeling
Keywords
Field
DocType
Formal methods, Voting systems, Anonymity, Automatic verification, ThreeBallot, VAV
Voting,Computer security,Cryptography,Computer science,ThreeBallot,Theoretical computer science,Ballot,Formal methods,Anonymity
Journal
Volume
Issue
ISSN
15
4
1619-1374
Citations 
PageRank 
References 
2
0.36
12
Authors
3
Name
Order
Citations
PageRank
Murat Moran192.20
James Heather229722.19
Steve Schneider31425116.55