Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP


Attacking ballot secrecy in Helios #8

Cyrille37 opened this Issue · 6 comments

4 participants


discover a vulnerability which allows an adversary to compromise voters' privacy. This vulnerability has been successfully exploited to break privacy in a small election using the current Helios implementation. Moreover, the feasibility of an attack is considered in the context of French legislative elections and, based upon our findings, we believe it constitutes a threat to ballot secrecy in real-world elections. Finally, a fix is proposed.


This is an interesting attack which we definitely plan to address. That said, in practical Helios elections to date, it is unlikely to have an impact: either the number of voters must be small or one must be willing to give up many votes in order to compromise the privacy of one voter. Importantly, one has to target an election to attack during the election process. Past elections cannot be compromised.


A solution seems to do a check that there is no duplicate vote (cyphers are probabilistics).


@benadida What's the status here? It doesn't look very assuring that an attack is open for a couple years.


@betelgeuse thanks for pinging on this.

I haven't prioritized a fix because I don't believe the practical impact of this attack is very big. You would need to give up a lot of votes to violate a voter's privacy. I documented this here:

In an ideal world, I would have time to address every issue no matter how low probability of impact. But since time is limited, I can't address the ones that seem more theoretical than practical.


I am now tracking, for Helios v4, the detection of duplicate vote components in #35. So I'm closing this issue.

@benadida benadida closed this
@emmacfennell emmacfennell referenced this issue from a commit
emmacfennell Lipstick 3
Let’s throw some YSL Rouge Volupte #8 on this thing
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.