Modern electronic voting systems (e-voting systems) are designed to provide not only vote privacy but also (end-to-end) verifiability. Several verifiable e-voting systems have been proposed in the literature, with Helios being one of the most prominent ones. Almost all such systems, however, reveal the full result, consisting of the exact number of votes per candidate or even all single votes. This is sometimes undesirable for various reasons. For example, in elections with only a few voters (e.g., boardroom or jury votings), revealing the complete result leads to a low privacy level, possibly deterring voters from voting for their actual preference. In other cases, revealing the complete result might unnecessarily embarrass some candidates. Instead, merely revealing the winner or a ranking of candidates is often sufficient. This property is called tally-hiding. Although tally-hiding offers completely new options for verifiable e-voting, it so far has not received much attention in the literature. In this paper, we propose the first provably secure end-to-end verifiable tally-hiding e-voting system, called Ordinos. We implemented our system and evaluated its performance. Our work, moreover, provides a deeper understanding of tally-hiding in general, in particular in how far tally-hiding affects the levels of privacy and verifiability of e-voting systems.
Are you a student and want to write a thesis / carry out a project at the SEC?