ALMASTY
Linearly-Homomorphic Signatures and Scalable Mix-Nets
Thursday, January 23, 2020Chloé Hébant
Anonymity is a primary ingredient for our digital life. Several tools have been designed
to address it such as, for authentication, blind signatures, group signatures or anonymous credentials
and, for confidentiality, randomizable encryption or mix-nets. When it comes to complex electronic
voting schemes, random shuffling of authenticated ciphertexts with mix-nets is the only known tool.
However, it requires huge and complex zero-knowledge proofs to guarantee the actual permutation
of the initial ciphertexts in a privacy-preserving way.
In this paper, we propose a new approach for proving correct shuffling: the mix-servers can simply
randomize individual ballots, which means the ciphertexts, the signatures, and the verification keys,
with an additional global proof of constant size, and the output will be publicly verifiable. The
security proof is in the generic bilinear group model. The computational complexity for the each
mix-server is linear in the number of ballots. Verification is also linear in the number of ballots,
but independent of the number of rounds of mixing. This leads to a new highly scalable technique.
Our construction makes use of linearly-homomorphic signatures, with new features, that are of
independent interest.
damien.vergnaud (at)
nulllip6.fr