Auctions and elections are seemingly disjoint research fields. Never-theless, we observe that similar cryptographic primitives are used in both fields. For instance, mixnets, homomorphic encryption, and trapdoor bit-commitments, have been used by state-of-the-art schemes in both fields. These developments have appeared independently. For example, the adop-tion of mixnets in elections preceded a similar adoption in auctions by over two decades. In this paper, we demonstrate a relation between auctions and elections: we present a generic construction for auctions from election schemes. Moreover, we show that the construction guarantees secrecy and verifiability, assuming the underlying election scheme satisfies secrecy and verifiability. We demonstrate the applicability of our work by deriving an auction scheme from the Helios election scheme. Our results inaugurate the unification of auctions and elections, thereby facilitating the advance-ment of both fields.

Definitions of election verifiability in the computational model of cryptography are proposed. The definitions formalize notions of voters verifying their own votes, auditors verifying the tally of votes, and auditors verifying that only eligible voters vote. The Helios (Adida et al., 2009) and JCJ (Juels et al., 2010) election schemes are analyzed using these definitions. Helios 4.0 satisfies the definitions, but Helios 2.0 does not because of previously known attacks. JCJ does not satisfy the definitions because of a trust assumption it makes, but it does satisfy a weakened definition. Two previous definitions of verifiability (Juels et al., 2010; Cortier et al., 2014) are shown to permit election schemes vulnerable to attacks, whereas the new definitions prohibit those schemes.

We study ballot secrecy and ballot independence for election schemes. First, we propose a definition of ballot secrecy as an indistinguishability game in the computational model of cryptography. Our definition builds upon and strengthens earlier definitions to ensure that ballot secrecy is preserved in the presence of an adversary that controls the bulletin board and communication channel. Secondly, we propose a definition of ballot independence as a straightforward adaptation of a non-malleability defi-nition for asymmetric encryption. We also provide a simpler, equivalent definition as an indistinguishability game. Thirdly, we prove that ballot independence is necessary in election schemes satisfying ballot secrecy. Finally, we demonstrate the applicability of our results by analysing He-lios. Our analysis identifies a new attack against Helios, which enables an adversary to determine if a voter did not vote for the adversary’s cho-sen candidate. The attack requires the adversary to control the bulletin board or communication channel, thus, it could not have been detected by earlier definitions of ballot secrecy.