Minimal assumptions to achieve privacy in e-voting protocols

Abstract

Chevallier-Mames et al, proved that in a specific condition (such as the lack of untappable channels and trusted-third parties), the universal verifiability and privacy-preserving properties of e-voting protocols are incompatible (WOTE'06 and TTE'10). In this paper, we first show a flaw in their proof. Then, we prove that even with more assumptions, such as the existence of TTPs and untappable channels between the authorities, an e-voting protocol is unable to preserve privacy, regardless of verifiability. Finally, we demonstrate that preserving privacy in e-voting protocols requires the provision of at least one of the following assumptions: limited computational power of adversary, existence of an untappable/anonymous channel between voters and the authorities, or physical assumptions.