You can clone with
HTTPS or Subversion.
discover a vulnerability which allows an adversary to compromise voters' privacy. This vulnerability has been successfully exploited to break privacy in a small election using the current Helios implementation. Moreover, the feasibility of an attack is considered in the context of French legislative elections and, based upon our findings, we believe it constitutes a threat to ballot secrecy in real-world elections. Finally, a fix is proposed.
This is an interesting attack which we definitely plan to address. That said, in practical Helios elections to date, it is unlikely to have an impact: either the number of voters must be small or one must be willing to give up many votes in order to compromise the privacy of one voter. Importantly, one has to target an election to attack during the election process. Past elections cannot be compromised.
A solution seems to do a check that there is no duplicate vote (cyphers are probabilistics).
The link is now at http://www.di.ens.fr/CryptoSeminaire2010-2011.html.en#Attacking_ballot_secrecy_in_Heli ... a better link is http://eprint.iacr.org/2010/625
@benadida What's the status here? It doesn't look very assuring that an attack is open for a couple years.
@betelgeuse thanks for pinging on this.
I haven't prioritized a fix because I don't believe the practical impact of this attack is very big. You would need to give up a lot of votes to violate a voter's privacy. I documented this here:
In an ideal world, I would have time to address every issue no matter how low probability of impact. But since time is limited, I can't address the ones that seem more theoretical than practical.
I am now tracking, for Helios v4, the detection of duplicate vote components in #35. So I'm closing this issue.
Let’s throw some YSL Rouge Volupte #8 on this thing