Abstract
This paper presents a new cryptographic Internet voting protocol based on a set membership proof and a proof of knowledge of the representation of a committed value. When casting a vote, the voter provides a zero-knowledge proof of knowledge of the representation of one of the registered voter credentials. In this way, votes are anonymized without the need of trusted authorities. The absence of such authorities reduces the trust assumptions to a minimum and makes our protocol remarkably simple. Since computational intractability assumptions are only necessary to prevent the creation of invalid votes during the voting period, but not to protect the secrecy of the vote, the protocol even offers a solution to the everlasting privacy problem.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
To ensure that generators are independent, they need to be generated in some publicly reproducible way, for example by deriving them from a common reference string.
- 2.
The number of exponentiations given in [3, Table 2] is incorrect for the verification. The correct result of \(6\lfloor \log M\rfloor \) exponentiations is obtained by counting \(c_j^x\) in Step 2 and \(c_{j+1}^x\) in Step 3 as one exponentiation only. This remark together with the correct result can be found in [3, Page 11], i.e., only the table entry is incorrect. Furthermore, we cannot reproduce the result of \(2M\) multiplications for the verification reported in [3, Table 2]. According to our analysis, at least \(3M\) multiplications are needed.
- 3.
The bandwidth requirements given in [2, Table 4] are clearly incorrect. It seems that the \(K\) elements of \(\mathbb {G}_q\) have been counted falsely as elements of \(\mathcal {G}_p\).
- 4.
We are aware that requiring a secure platform is a strong assumption. We do not explicitly address this problem in this paper, but our protocol allows voters at least to detect a compromised platform as long as they can read the bulletin board in a secure way.
- 5.
To ensure that u has been computed from fresh values \((\alpha ,\beta )\), the voter could be asked to prove knowledge of \((\alpha ,\beta )\) by computing \( NIZKP [(\alpha ,\beta ):u = h_1^{\alpha }h_2^{\beta }]\). As this is not an essential step for our protocol, we omit it in our presentation.
- 6.
UniCrypt is publicly available on GitHub under a dual AGPLv3/commercial licence, see https://github.com/bfh-evg/unicrypt.
References
Arapinis, M., Cortier, V., Kremer, S., Ryan, M.: Practical everlasting privacy. In: Basin, D., Mitchell, J.C. (eds.) POST 2013 (ETAPS 2013). LNCS, vol. 7796, pp. 21–40. Springer, Heidelberg (2013)
Au, M.H., Susilo, W., Mu, Y.: Proof-of-knowledge of representation of committed value and its applications. In: Steinfeld, R., Hawkes, P. (eds.) ACISP 2010. LNCS, vol. 6168, pp. 352–369. Springer, Heidelberg (2010)
Bayer, S., Groth, J.: Zero-knowledge argument for polynomial evaluation with application to blacklists. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 646–663. Springer, Heidelberg (2013)
Brands, S.: Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, Cambridge (2000)
Brands, S., Demuynck, L., De Decker, B.: A practical system for globally revoking the unlinkable pseudonyms of unknown users. In: Pieprzyk, J., Ghodosi, H., Dawson, E. (eds.) ACISP 2007. LNCS, vol. 4586, pp. 400–415. Springer, Heidelberg (2007)
Buchmann, J., Demirel, D., van de Graaf, J.: Towards a publicly-verifiable mix-net providing everlasting privacy. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 197–204. Springer, Heidelberg (2013)
Camenisch, J.L., Chaabouni, R., Shelat, A.: Efficient protocols for set membership and range proofs. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 234–252. Springer, Heidelberg (2008)
Camenisch, J.L., Stadler, M.A.: Efficient group signature schemes for large groups. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410–424. Springer, Heidelberg (1997)
Canard, S., Traoré, J.: List signature schemes and application to electronic voting. In: Augot, D., Charpin, P., Kabatianski, G. (eds.) WCC’03, 3rd International Workshop on Coding and Cryptography, Versailles, France, pp. 81–90 (2003)
Chaum, D.: The dining cryptographers problem: unconditional sender and recipient untraceability. J. Cryptol. 1(1), 65–75 (1988)
Demirel, D., Henning, M., van de Graaf, J., Ryan, P.Y.A., Buchmann, J.: Prêt à voter providing everlasting privacy. In: Heather, J., Schneider, S., Teague, V. (eds.) Vote-ID 2013. LNCS, vol. 7985, pp. 156–175. Springer, Heidelberg (2013)
Demirel, D., van de Graaf, J., Araújo, R.: Improving Helios with everlasting privacy towards the public. In: Halderman, J.A., Pereira, O. (eds.) Electronic Voting Technology Workshop/Workshop on Trustworthy Elections, EVT/WOTE 2012, Bellevue, USA (2012)
Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)
Fujioka, A., Okamoto, T., Ohta, K.: A practical secret voting scheme for large scale elections. In: Seberry, J., Zheng, Y. (eds.) ASIACRYPT 1992. LNCS, vol. 718, pp. 244–251. Springer, Heidelberg (1992)
Groth, J.: Efficient maximal privacy in boardroom voting and anonymous broadcast. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 90–104. Springer, Heidelberg (2004)
Kiayias, A., Yung, M.: Self-tallying Elections and Perfect Ballot Secrecy. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 141–158. Springer, Heidelberg (2002)
Locher, P., Haenni, R.: A lightweight implementation of a shuffle proof for electronic voting systems. In: Plödereder, E., Grunske, L., Schneider, E., Ull, D. (eds.) INFORMATIK 2014. Lecture Notes in Informatics, Stuttgart, Germany, pp. 1391–1400. Gesellschaft für Informatik, Bonn (2014)
Moran, T., Naor, M.: Receipt-free universally-verifiable voting with everlasting privacy. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 373–392. Springer, Heidelberg (2006)
Moran, T., Naor, M.: Split-ballot voting: everlasting privacy with distributed trust. In: Ning, P., de Capitani di Vimercati, S., Syverson, P. (eds.) CC 2007, 14th ACM Conference on Computer and Communications Security, Alexandria, USA, pp. 246–255 (2007)
Moran, T., Naor, M.: Split-ballot voting: everlasting privacy with distributed trust. ACM Trans. Inf. Syst. Secur. 13(2), 16:1–16:43 (2010)
van de Graaf, J.: Voting with unconditional privacy by merging Prêt à Voter and PunchScan. IEEE Trans. Info. Forensics Secur. 4(4), 674–684 (2009)
Acknowledgments
We thank the anonymous reviewers for their thorough reviews and appreciate their comments and suggestions. This research has been supported by the Swiss National Science Foundation (project No. 200021L_140650).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Locher, P., Haenni, R. (2015). Verifiable Internet Elections with Everlasting Privacy and Minimal Trust. In: Haenni, R., Koenig, R., Wikström, D. (eds) E-Voting and Identity. Vote-ID 2015. Lecture Notes in Computer Science(), vol 9269. Springer, Cham. https://doi.org/10.1007/978-3-319-22270-7_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-22270-7_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-22269-1
Online ISBN: 978-3-319-22270-7
eBook Packages: Computer ScienceComputer Science (R0)