In e-voting protocols, cryptographers must balance usability with strong security guarantees, such as privacy and verifiability. In traditional e-voting protocols, privacy is often provided by a trusted authority that learns the votes and computes the tally. Some protocols replace the trusted authority by a set of authorities, and privacy is guaranteed if less than a threshold number of authorities are corrupt. For verifiability, stronger security is demanded. Typically, corrupt authorities that try to fake the tally result must always be detected.To provide verifiability, many e-voting protocols use Non-Interactive Zero-Knowledge proofs (NIZK). Thanks to their non-interactive nature, NIZK allow anybody, including third parties that do not participate in the protocol, to verify the correctness of the tally. Therefore, NIZK can be used to obtain universal verifiability. Additionally, NIZK also improve usability because they allow voters to cast a vote non-interactively.The disadvantage of NIZK is that their security is based on setup assumptions such as the common reference string (CRS) or the random oracle model. The former requires a trusted party to generate a CRS. The latter, though a popular model for secure protocol design, has been shown to be unsound.We address the design of e-voting protocols that provide verifiability without any trust assumptions. We show that Non-Interactive Witness-Indistinguishable proofs can be used for this purpose. Our e-voting protocols are private under the Decision Linear assumption, while perfect individual verifiability, i.e. a fake tally is detected with probability 1, holds unconditionally. Perfect universal verifiability requires a trusted public bulletin board. We remark that our definition of verifiability does not consider eligibility or end-to-end verifiability. First, we present a general construction that supports any tally function. Then, we show how to efficiently instantiate it for specific types of elections through Groth-Sahai proofs.
Universal Unconditional Verifiability in E-Voting without Trusted Parties
Iovino V.;
2020-01-01
Abstract
In e-voting protocols, cryptographers must balance usability with strong security guarantees, such as privacy and verifiability. In traditional e-voting protocols, privacy is often provided by a trusted authority that learns the votes and computes the tally. Some protocols replace the trusted authority by a set of authorities, and privacy is guaranteed if less than a threshold number of authorities are corrupt. For verifiability, stronger security is demanded. Typically, corrupt authorities that try to fake the tally result must always be detected.To provide verifiability, many e-voting protocols use Non-Interactive Zero-Knowledge proofs (NIZK). Thanks to their non-interactive nature, NIZK allow anybody, including third parties that do not participate in the protocol, to verify the correctness of the tally. Therefore, NIZK can be used to obtain universal verifiability. Additionally, NIZK also improve usability because they allow voters to cast a vote non-interactively.The disadvantage of NIZK is that their security is based on setup assumptions such as the common reference string (CRS) or the random oracle model. The former requires a trusted party to generate a CRS. The latter, though a popular model for secure protocol design, has been shown to be unsound.We address the design of e-voting protocols that provide verifiability without any trust assumptions. We show that Non-Interactive Witness-Indistinguishable proofs can be used for this purpose. Our e-voting protocols are private under the Decision Linear assumption, while perfect individual verifiability, i.e. a fake tally is detected with probability 1, holds unconditionally. Perfect universal verifiability requires a trusted public bulletin board. We remark that our definition of verifiability does not consider eligibility or end-to-end verifiability. First, we present a general construction that supports any tally function. Then, we show how to efficiently instantiate it for specific types of elections through Groth-Sahai proofs.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.