A Commitment-Consistent Proof of a Shuffle

Wikström, Douglas

doi:10.1007/978-3-642-02620-1_28

Cited by 40 publications

(64 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In order to provide robustness against faulty mix nodes, a reencryption mix net scheme is used, and for ensuring that the ciphertexts are shuffled correctly and not replaced by manipulated votes, the proof of shuffle is attached by each mix node. We chose to include the proof of shuffle suggested by [20,22] due to it being to our knowledge the most efficient algorithm, the implementation and detailed specification of which is available for open usage [23]. For the mix net scheme, the efficiency of calculating the proof of shuffle for C ciphertexts in terms of exponentiations is (C + 2)RExp + 2C · M Exp(2) + M Exp(C + 1) for the offline phase (i.e.…”

Section: Netmentioning

confidence: 99%

“…Thus, we denote the time needed to prove the validity of shuffling C ciphertexts as M ixP rove(C), and the time needed to verify such proof as M ixV erif y(C). In our calculations we assume, due to considerations outlined earlier, that the scheme in [22] is used. However, the calculations are slightly different: first, there is no offline phase; second, due to the fact that the voting system has to verify a large amount of shuffles of the same ciphertexts.…”

Section: Homomorphic Tallyingmentioning

confidence: 99%

“…For the calculations we used the formulas for homomorphic tallying approaches mentioned in Section 3.2, mix net scheme from [20,22], as mentioned in Section 3.1, and verifiable decryption scheme mentioned in Section 3.3. Upon entering the input (see Figure 1), the tool computes the execution time needed for each one of the available schemes, as explained in Section 2.…”

Section: Softwarementioning

confidence: 99%

See 2 more Smart Citations

Efficiency Comparison of Various Approaches in E-Voting Protocols

Kulyk

Volkamer

2016

Financial Cryptography and Data Security

View full text Add to dashboard Cite

Abstract. In order to ensure the security of remote Internet voting, the systems that are currently proposed make use of complex cryptographic techniques. Since these techniques are often computationally extensive, efficiency becomes an issue. Identifying the most efficient Internet voting system is a non-trivial task -in particular for someone who does not have a sufficient knowledge on the systems that currently exist, and on the cryptographic components that constitute those systems. Aside from these components, the efficiency of Internet voting also depends on various parameters, such as expected number of participating voters and ballot complexity. In this paper we propose a tool for evaluating the efficiency of different approaches for an input scenario, that could be of use to election organizers deciding how to implement the voting system.

show abstract

Section: Netmentioning

confidence: 99%

Section: Homomorphic Tallyingmentioning

confidence: 99%

Section: Softwarementioning

confidence: 99%

See 1 more Smart Citation

Efficiency Comparison of Various Approaches in E-Voting Protocols

Kulyk

Volkamer

2016

Financial Cryptography and Data Security

View full text Add to dashboard Cite

show abstract

“…The commitment consistent shuffle approach proposed by Terelius and Wikström [36,35] seems particularly natural for that purpose. This approach splits the proof of shuffle in two stages.…”

Section: Ccva Encryption For Elections With Complex Ballotsmentioning

confidence: 99%

Election Verifiability or Ballot Privacy: Do We Need to Choose?

Cuvelier

Pereira

Peters

2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We propose a new encryption primitive, commitment consistent encryption (CCE), and instances of this primitive that enable building the first universally verifiable voting schemes with a perfectly private audit trail (PPAT) and practical complexity. That is:-the audit trail that is published for verifying elections guarantees everlasting privacy, and -the computational load required from the participants is only increased by a small constant factor compared to traditional voting schemes, and is optimal in the sense of Cramer, Gennaro and Schoenmakers [16]. These properties make it possible to introduce election verifiability in large scale elections as a pure benefit, that is, without loss of privacy compared to a non-verifiable scheme and at a similar level of efficiency. We propose different approaches for constructing voting schemes with PPAT from CCE, as well as two efficient CCE constructions: one is tailored for elections with a small number of candidates, while the second is suitable for elections with complex ballots.

show abstract

“…If no duplicates are removed (worst case), n+s is the input size for both the re-encryption mix-net and the final procedure for eliminating fake votes. In the literature of verifiable mix-nets, we find techniques with proofs of linear size [4,10,18], but all of them involve relatively high constant factors. The final elimination of fake votes again requires O(n 2 +n·s) expensive PETs.…”

Section: How Should the Public Board Store The Encrypted Dummy Credenmentioning

confidence: 99%

Preventing Board Flooding Attacks in Coercion-Resistant Electronic Voting Schemes

Koenig

Haenni

Fischli

2011

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Abstract. This paper addresses the board flooding problem of Juels et al.'s coercion-resistant electronic voting scheme. A key property of this scheme is the possibility of casting invalid votes to the public board, which are indistinguishable from proper votes. Exactly this possibility is crucial for making the scheme coercion-resistant, but it also opens doors for flooding the board with an enormous amount of invalid votes, therefore spoiling the efficiency of the tallying process. To prevent such attacks, we present an adaption of the scheme in which each voter receives -in addition to the proper credential-some dummy credentials from the election registrars. Dummy credentials may be used to deceive possible coercers. The list of all dummy credentials is published along with the electoral register. Based on the electoral register and the list of dummy credentials, the system is now capable of making a distinction between invalid votes generated from dummy credentials and invalid votes generated from fake credentials. While the former are kept until the tallying phase, the latter are immediately rejected by the public board. If the public board additionally rejects all incoming duplicate votes, then its maximum size is bounded by the total number of issued credentials. This guarantees an efficient linear-time tallying phase even in case of a massive board flooding attack with a very large number of invalid votes. Although the solution presented in this paper does not yet entirely rule out vote selling or coercion, it makes it at least unbearable for the vast majority of voters.

show abstract

A Commitment-Consistent Proof of a Shuffle

Cited by 40 publications

References 29 publications

Efficiency Comparison of Various Approaches in E-Voting Protocols

Efficiency Comparison of Various Approaches in E-Voting Protocols

Election Verifiability or Ballot Privacy: Do We Need to Choose?

Preventing Board Flooding Attacks in Coercion-Resistant Electronic Voting Schemes

Contact Info

Product

Resources

About