Exact, Efficient and Information-Theoretically Secure Voting with an Arbitrary Number of Cheaters

We present three voting protocols with unconditional privacy and correctness, without assuming any bound on the number of corrupt participants. All protocols have polynomial complexity and require private channels and a simultaneous broadcast channel. Unlike previously proposed protocols in this model, the protocols that we present deterministically output the exact tally. Our first protocol is a basic voting scheme which allows voters to interact in order to compute the tally. Privacy of the ballot is unconditional in the sense that regardless of the behavior of the dishonest participants nothing can be learned through the protocol that could not be learned in an ideal realisation. Unfortunately, a single dishonest participant can make the protocol abort, in which case the dishonest participants can nevertheless learn the outcome of the tally. Our second protocol introduces voting authorities which improves the communication complexity by limiting interaction to be only between voters and authorities and among the authorities themselves; the simultaneous broadcast is also limited to the authorities. In the second protocol, as long as a single authority is honest, the privacy is unconditional, however, a single corrupt authority or a single corrupt voter can cause the protocol to abort. Our final protocol provides a safeguard against corrupt voters by enabling a verification technique to allow the authorities to revoke incorrect votes without aborting the protocol. Finally, we discuss the implementation of a simultaneous broadcast channel with the use of temporary computational assumptions, yielding versions of our protocols that achieve everlasting security.

💡 Research Summary

This paper tackles the long‑standing challenge of constructing an information‑theoretically secure voting system that tolerates an arbitrary number of dishonest participants. The authors work in a model that assumes only two primitive communication facilities: private point‑to‑point channels between any pair of participants and a simultaneous broadcast channel that allows all parties to broadcast a message at the same logical time. No bound on the number of corrupt voters or authorities is imposed, and the security guarantees are unconditional—meaning that even an all‑powerful adversary cannot learn more than it could in an ideal execution.

The contribution consists of three protocols, each improving on the previous one in terms of communication efficiency, robustness, and practicality, while preserving exact tallying and unconditional privacy.

Protocol 1 – Basic Voting Scheme
Every voter encodes his/her choice as a secret‑share (e.g., Shamir’s scheme) and sends the share to every other voter. Because secret‑sharing is linear, the shares can be summed locally to obtain the exact tally. The protocol is polynomial‑time and uses only private channels. Privacy is unconditional: the adversary’s view consists solely of the shares it receives, which reveal no additional information beyond what is revealed in an ideal trusted‑third‑party execution. However, a single malicious participant can refuse to send a required share or send a malformed one, causing the whole protocol to abort. In an abort scenario the adversary may still infer the final tally from the shares already exchanged, but the privacy of individual ballots remains intact.

Protocol 2 – Authority‑Based Voting
To reduce the communication overhead, the authors introduce a set of voting authorities. Voters transmit their secret‑shares only to the authorities; the authorities then interact among themselves, using the simultaneous broadcast channel to aggregate the shares. This eliminates the all‑to‑all communication among voters and confines the broadcast to a small, fixed set of parties. The privacy guarantee now hinges on the presence of at least one honest authority: any honest authority’s correct share guarantees that the final sum cannot be altered by dishonest authorities. As before, the tally is exact and the protocol runs in polynomial time. Nevertheless, a single dishonest authority or voter can still force an abort by disrupting the broadcast or by sending invalid shares.

Protocol 3 – Verifiable and Revocable Voting
The third protocol augments the authority‑based design with a verification mechanism. Each voter also supplies a publicly verifiable proof (e.g., a hash or a zero‑knowledge proof) that his/her share is correctly formed. Authorities check these proofs before inclusion in the aggregate. If a share fails verification, the corresponding vote is revoked and excluded from the tally, preventing a malicious voter from causing a denial‑of‑service. Consequently, the protocol no longer aborts in the presence of dishonest voters; it simply discards their malformed votes. Privacy remains unconditional, and the presence of a single honest authority still suffices to thwart any colluding dishonest authorities.

Implementation of the Simultaneous Broadcast
A true simultaneous broadcast is notoriously difficult to realize in practice. The authors propose a “temporary computational assumption” approach: during the execution they emulate a simultaneous broadcast using standard cryptographic tools such as public‑key encryption and commitment schemes, possibly reinforced by zero‑knowledge proofs. Once the protocol terminates, the cryptographic keys are destroyed, erasing any computational advantage the adversary might have retained. This yields “everlasting security”: after the execution, the transcript offers no computationally exploitable information, and the protocol’s information‑theoretic guarantees hold indefinitely.

Security and Complexity Analysis
All three protocols achieve exact tallying, unconditional privacy, and polynomial‑time execution. Protocol 1 is the most straightforward but suffers from high communication cost (O(n²) messages) and vulnerability to aborts by any single participant. Protocol 2 reduces communication to O(n·k) where k is the number of authorities, and confines the broadcast to the authorities, but still aborts under a single dishonest authority. Protocol 3 adds a verification step that eliminates aborts caused by malicious voters, at the cost of modest extra computation for proof generation and verification. The authors provide rigorous proofs that any coalition of corrupt participants learns no more than in an ideal trusted‑third‑party model, and that the presence of at least one honest authority guarantees correctness of the final tally.

Conclusion and Outlook
The paper demonstrates that unconditional, exact, and efficient voting is achievable without any a priori bound on the number of cheaters, provided that private channels and a simultaneous broadcast primitive are available. By progressively introducing authorities and verifiable revocation, the authors balance communication efficiency, robustness, and practicality. The discussion on implementing the simultaneous broadcast with temporary computational assumptions opens a realistic pathway toward “everlasting” secure elections. Future work suggested includes fully physical implementations of simultaneous broadcast, extensions to multi‑candidate or ranked‑choice elections, and latency‑optimised protocols for real‑time voting environments.