E-Voting and Identify

Volume 7985 of the series Lecture Notes in Computer Science pp 176-192

Towards a Practical Cryptographic Voting Scheme Based on Malleable Proofs

  • David BernhardAffiliated withUniversity of Bristol
  • , Stephan NeumannAffiliated withCASED, TU Darmstadt
  • , Melanie VolkamerAffiliated withCASED, TU Darmstadt

* Final gross prices may vary according to local VAT.

Get Access


Mixnets are one of the main approaches to deploy secret and verifiable electronic elections. General-purpose verifiable mixnets however suffer from the drawback that the amount of data to be verified by observers increases linearly with the number of involved mix nodes, the number of decryptors, and the number of voters. Chase et al. proposed a verifiable mixnet at Eurocrypt 2012 based on so-called malleable proofs - proofs that do not increase with the number of mix nodes. In work published at PKC 2013, the same authors adapted malleable proofs to verifiable distributed decryption, resulting in a cryptographic voting scheme. As a result, the amount of data to be verified only increases linearly with the number of voters. However, their scheme leaves several questions open which we address in this paper: As a first contribution, we adapt a multi-party computation protocol to build a distributed key generation protocol for the encryption scheme underlying their voting scheme. As a second contribution, we decompress their abstract scheme description, identify elementary operations, and count the number of such operations required for mixing and verification. Based on timings for elementary operations, we extrapolate the running times of the mixing and verification processes, allowing us to assess the feasibility of their scheme. For the German case, we conclude that the replacement of postal voting by cryptographic voting based on malleable proofs is feasible on an electoral district level.


Malleable Proofs Distributed Key Generation Performance