TY - GEN
T1 - Linearly-Homomorphic Signatures and Scalable Mix-Nets
AU - Hébant, Chloé
AU - Phan, Duong Hieu
AU - Pointcheval, David
N1 - Publisher Copyright:
© 2020, International Association for Cryptologic Research.
PY - 2020/1/1
Y1 - 2020/1/1
N2 - Anonymity is a primary ingredient for our digital life. Several tools have been designed to address it such as, for authentication, blind signatures, group signatures or anonymous credentials and, for confidentiality, randomizable encryption or mix-nets. When it comes to complex electronic voting schemes, random shuffling of authenticated ciphertexts with mix-nets is the only known tool. However, it requires huge and complex zero-knowledge proofs to guarantee the actual permutation of the initial ciphertexts in a privacy-preserving way. In this paper, we propose a new approach for proving correct shuffling of signed ElGamal ciphertexts: the mix-servers can simply randomize individual ballots, which means the ciphertexts, the signatures, and the verification keys, with an additional global proof of constant size, and the output will be publicly verifiable. The security proof is in the generic bilinear group model. The computational complexity for the each mix-server is linear in the number of ballots. Verification is also linear in the number of ballots, but independent of the number of rounds of mixing. This leads to a new highly scalable technique. Our construction makes use of linearly-homomorphic signatures, with new features, that are of independent interest.
AB - Anonymity is a primary ingredient for our digital life. Several tools have been designed to address it such as, for authentication, blind signatures, group signatures or anonymous credentials and, for confidentiality, randomizable encryption or mix-nets. When it comes to complex electronic voting schemes, random shuffling of authenticated ciphertexts with mix-nets is the only known tool. However, it requires huge and complex zero-knowledge proofs to guarantee the actual permutation of the initial ciphertexts in a privacy-preserving way. In this paper, we propose a new approach for proving correct shuffling of signed ElGamal ciphertexts: the mix-servers can simply randomize individual ballots, which means the ciphertexts, the signatures, and the verification keys, with an additional global proof of constant size, and the output will be publicly verifiable. The security proof is in the generic bilinear group model. The computational complexity for the each mix-server is linear in the number of ballots. Verification is also linear in the number of ballots, but independent of the number of rounds of mixing. This leads to a new highly scalable technique. Our construction makes use of linearly-homomorphic signatures, with new features, that are of independent interest.
KW - Anonymity
KW - Linearly-homomorphic signatures
KW - Random shuffling
UR - https://www.scopus.com/pages/publications/85090016510
U2 - 10.1007/978-3-030-45388-6_21
DO - 10.1007/978-3-030-45388-6_21
M3 - Conference contribution
AN - SCOPUS:85090016510
SN - 9783030453879
T3 - Lecture Notes in Computer Science
SP - 597
EP - 627
BT - Public-Key Cryptography - PKC 2020 - 23rd IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings
A2 - Kiayias, Aggelos
A2 - Kohlweiss, Markulf
A2 - Wallden, Petros
A2 - Zikas, Vassilis
PB - Springer Science and Business Media Deutschland GmbH
T2 - 23rd IACR International Conference on the Practice and Theory of Public-Key Cryptography, PKC 2020
Y2 - 4 May 2020 through 7 May 2020
ER -