Conference Paper

Anonymity in Voting Revisited.

DOI: 10.1007/978-3-642-12980-3_13 Conference: Towards Trustworthy Elections, New Directions in Electronic Voting
Source: DBLP


According to international law, anonymity of the voter is a fundamental
precondition for democratic elections. In electronic voting, several
aspects of voter anonymity have been identified. In this paper, we
re-examine anonymity with respect to voting, and generalise existing
notions of anonymity in e-voting. First, we identify and categorise the
types of attack that can be a threat to anonymity of the voter,
including different types of vote buying and coercion. This analysis
leads to a categorisation of anonymity in voting in terms of a) the
strength of the anonymity achieved and b) the extent of interaction
between voter and attacker. Some of the combinations, including weak and
strong receipt-freeness, are formalised in epistemic logic.

Download full-text


Available from: Hugo Jonker, Mar 12, 2014
9 Reads
  • Source
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: The use of formal methods to verify security protocols with respect to secrecy and authentication has become standard practice. In contrast, the formalization of other security goals, such as privacy, has received less attention. Due to the increasing importance of privacy in the current society, formal methods will also become indispensable in this area. Therefore, we propose a formal denition of the notion of anonymity in presence of an observing intruder. We validate this def- inition by analyzing a well-known anonymity preserving protocol, viz. onion routing.
    Computer Security - ESORICS 2004, 9th European Symposium on Research Computer Security, Sophia Antipolis, France, September 13-15, 2004, Proceedings; 01/2004
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Attack trees have found their way to practice because they have proved to be an intuitive aid in threat analysis. Despite, or perhaps thanks to, their apparent simplicity, they have not yet been provided with an unambiguous semantics. We argue that such a formal interpretation is indispensable to precisely understand how attack trees can be manipulated during construction and analysis. We provide a denotational semantics, based on a mapping to attack suites, which abstracts from the internal structure of an attack tree, we study transformations between attack trees, and we study the attribution and projection of an attack tree. Keywordsattack trees-semantics-threat analysis
    Information Security and Cryptology - ICISC 2005, 07/2006: pages 186-198;
Show more