Verifiable Mix-Nets and Distributed Decryption for Voting from Lattice-Based Assumptions

Diego F. Aranha; Kristian Gjøsteen; Carsten Baum; Tjerand Silde

doi:10.1145/3576915.3616683

Verifiable Mix-Nets and Distributed Decryption for Voting from Lattice-Based Assumptions

Diego F. Aranha, Kristian Gjøsteen, Carsten Baum, Tjerand Silde

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

8 Scopus citations

Abstract

Cryptographic voting protocols have recently seen much interest from practitioners due to their (planned) use in countries such as Estonia, Switzerland, France, and Australia. Practical protocols usually rely on tested designs such as the mixing-and-decryption paradigm. There, multiple servers verifiably shuffle encrypted ballots, which are then decrypted in a distributed manner. While several efficient protocols implementing this paradigm exist from discrete log-type assumptions, the situation is less clear for post-quantum alternatives such as lattices. This is because the design ideas of the discrete log-based voting protocols do not carry over easily to the lattice setting, due to specific problems such as noise growth and approximate relations. This work proposes a new verifiable secret shuffle for BGV ciphertexts and a compatible verifiable distributed decryption protocol. The shuffle is based on an extension of a shuffle of commitments to known values which is combined with an amortized proof of correct re-randomization. The verifiable distributed decryption protocol uses noise drowning, proving the correctness of decryption steps in zero-knowledge. Both primitives are then used to instantiate the mixing-and-decryption electronic voting paradigm from lattice-based assumptions. We give concrete parameters for our system, estimate the size of each component and provide implementations of all important sub-protocols. Our experiments show that the shuffle and decryption protocol is suitable for use in real-world e-voting schemes.

Original language	English
Title of host publication	CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security
Publisher	Association for Computing Machinery, Inc
Pages	1467-1481
Number of pages	15
ISBN (Electronic)	9798400700507
DOIs	https://doi.org/10.1145/3576915.3616683
State	Published - 15 Nov 2023
Externally published	Yes
Event	30th ACM SIGSAC Conference on Computer and Communications Security, CCS 2023 - Copenhagen, Denmark Duration: 26 Nov 2023 → 30 Nov 2023

Publication series

Name	CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

Conference

Conference	30th ACM SIGSAC Conference on Computer and Communications Security, CCS 2023
Country/Territory	Denmark
City	Copenhagen
Period	26/11/23 → 30/11/23

Bibliographical note

Publisher Copyright:
© 2023 Copyright held by the owner/author(s).

Keywords

Electronic Voting
Implementation
Lattice-Based Cryptography

Access to Document

10.1145/3576915.3616683

Cite this

Aranha, D. F., Gjøsteen, K., Baum, C., & Silde, T. (2023). Verifiable Mix-Nets and Distributed Decryption for Voting from Lattice-Based Assumptions. In CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security (pp. 1467-1481). (CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security). Association for Computing Machinery, Inc. https://doi.org/10.1145/3576915.3616683

Aranha, Diego F. ; Gjøsteen, Kristian ; Baum, Carsten et al. / Verifiable Mix-Nets and Distributed Decryption for Voting from Lattice-Based Assumptions. CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, Inc, 2023. pp. 1467-1481 (CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security).

@inproceedings{f54920eca1c14952b9cb3eabd3dbbfbf,

title = "Verifiable Mix-Nets and Distributed Decryption for Voting from Lattice-Based Assumptions",

abstract = "Cryptographic voting protocols have recently seen much interest from practitioners due to their (planned) use in countries such as Estonia, Switzerland, France, and Australia. Practical protocols usually rely on tested designs such as the mixing-and-decryption paradigm. There, multiple servers verifiably shuffle encrypted ballots, which are then decrypted in a distributed manner. While several efficient protocols implementing this paradigm exist from discrete log-type assumptions, the situation is less clear for post-quantum alternatives such as lattices. This is because the design ideas of the discrete log-based voting protocols do not carry over easily to the lattice setting, due to specific problems such as noise growth and approximate relations. This work proposes a new verifiable secret shuffle for BGV ciphertexts and a compatible verifiable distributed decryption protocol. The shuffle is based on an extension of a shuffle of commitments to known values which is combined with an amortized proof of correct re-randomization. The verifiable distributed decryption protocol uses noise drowning, proving the correctness of decryption steps in zero-knowledge. Both primitives are then used to instantiate the mixing-and-decryption electronic voting paradigm from lattice-based assumptions. We give concrete parameters for our system, estimate the size of each component and provide implementations of all important sub-protocols. Our experiments show that the shuffle and decryption protocol is suitable for use in real-world e-voting schemes.",

keywords = "Electronic Voting, Implementation, Lattice-Based Cryptography",

author = "Aranha, {Diego F.} and Kristian Gj{\o}steen and Carsten Baum and Tjerand Silde",

note = "Publisher Copyright: {\textcopyright} 2023 Copyright held by the owner/author(s).; 30th ACM SIGSAC Conference on Computer and Communications Security, CCS 2023 ; Conference date: 26-11-2023 Through 30-11-2023",

year = "2023",

month = nov,

day = "15",

doi = "10.1145/3576915.3616683",

language = "אנגלית",

series = "CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery, Inc",

pages = "1467--1481",

booktitle = "CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security",

}

Aranha, DF, Gjøsteen, K, Baum, C & Silde, T 2023, Verifiable Mix-Nets and Distributed Decryption for Voting from Lattice-Based Assumptions. in CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, Association for Computing Machinery, Inc, pp. 1467-1481, 30th ACM SIGSAC Conference on Computer and Communications Security, CCS 2023, Copenhagen, Denmark, 26/11/23. https://doi.org/10.1145/3576915.3616683

Verifiable Mix-Nets and Distributed Decryption for Voting from Lattice-Based Assumptions. / Aranha, Diego F.; Gjøsteen, Kristian; Baum, Carsten et al.
CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, Inc, 2023. p. 1467-1481 (CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Verifiable Mix-Nets and Distributed Decryption for Voting from Lattice-Based Assumptions

AU - Aranha, Diego F.

AU - Gjøsteen, Kristian

AU - Baum, Carsten

AU - Silde, Tjerand

PY - 2023/11/15

Y1 - 2023/11/15

N2 - Cryptographic voting protocols have recently seen much interest from practitioners due to their (planned) use in countries such as Estonia, Switzerland, France, and Australia. Practical protocols usually rely on tested designs such as the mixing-and-decryption paradigm. There, multiple servers verifiably shuffle encrypted ballots, which are then decrypted in a distributed manner. While several efficient protocols implementing this paradigm exist from discrete log-type assumptions, the situation is less clear for post-quantum alternatives such as lattices. This is because the design ideas of the discrete log-based voting protocols do not carry over easily to the lattice setting, due to specific problems such as noise growth and approximate relations. This work proposes a new verifiable secret shuffle for BGV ciphertexts and a compatible verifiable distributed decryption protocol. The shuffle is based on an extension of a shuffle of commitments to known values which is combined with an amortized proof of correct re-randomization. The verifiable distributed decryption protocol uses noise drowning, proving the correctness of decryption steps in zero-knowledge. Both primitives are then used to instantiate the mixing-and-decryption electronic voting paradigm from lattice-based assumptions. We give concrete parameters for our system, estimate the size of each component and provide implementations of all important sub-protocols. Our experiments show that the shuffle and decryption protocol is suitable for use in real-world e-voting schemes.

AB - Cryptographic voting protocols have recently seen much interest from practitioners due to their (planned) use in countries such as Estonia, Switzerland, France, and Australia. Practical protocols usually rely on tested designs such as the mixing-and-decryption paradigm. There, multiple servers verifiably shuffle encrypted ballots, which are then decrypted in a distributed manner. While several efficient protocols implementing this paradigm exist from discrete log-type assumptions, the situation is less clear for post-quantum alternatives such as lattices. This is because the design ideas of the discrete log-based voting protocols do not carry over easily to the lattice setting, due to specific problems such as noise growth and approximate relations. This work proposes a new verifiable secret shuffle for BGV ciphertexts and a compatible verifiable distributed decryption protocol. The shuffle is based on an extension of a shuffle of commitments to known values which is combined with an amortized proof of correct re-randomization. The verifiable distributed decryption protocol uses noise drowning, proving the correctness of decryption steps in zero-knowledge. Both primitives are then used to instantiate the mixing-and-decryption electronic voting paradigm from lattice-based assumptions. We give concrete parameters for our system, estimate the size of each component and provide implementations of all important sub-protocols. Our experiments show that the shuffle and decryption protocol is suitable for use in real-world e-voting schemes.

KW - Electronic Voting

KW - Implementation

KW - Lattice-Based Cryptography

UR - http://www.scopus.com/inward/record.url?scp=85179838853&partnerID=8YFLogxK

U2 - 10.1145/3576915.3616683

DO - 10.1145/3576915.3616683

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:85179838853

T3 - CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

SP - 1467

EP - 1481

BT - CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery, Inc

T2 - 30th ACM SIGSAC Conference on Computer and Communications Security, CCS 2023

Y2 - 26 November 2023 through 30 November 2023

ER -

Aranha DF, Gjøsteen K, Baum C, Silde T. Verifiable Mix-Nets and Distributed Decryption for Voting from Lattice-Based Assumptions. In CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, Inc. 2023. p. 1467-1481. (CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security). doi: 10.1145/3576915.3616683

Verifiable Mix-Nets and Distributed Decryption for Voting from Lattice-Based Assumptions

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this