Computationally efficient mix-nets

The current online voting system used in Estonia has not employed mathematically secure verifiable proofs of correctness for ensuring the honesty of the tabulation server [Com13a]. The auditing is based on observation of the procedures and if the procedures are done according to the protocol. Even though the protocol was not followed, as the cast votes were transferred from ballot storing server to tabulation server on a USB memory card [Com13b], while they were supposed to be transmitted on a DVD, the audit claimed that this incident did not have any evident and permanent consequences to the procedure. On the other hand, there are many examples which suggest that USB memory sticks should not be considered secure [Hua13]. As the voting process is a required part (but not sufficient, as we have seen lately) of a democratic society, then this should not be based on ad-hoc methods and unverified hardware. As hardware verification is nearly infeasible considering the costs and skills required, then the trust model could be based on mathematically verifiable proofs of correctness. Secrecy of a ballot is one of the most fundamental requirements of the elections. For example, using unverified hardware the tallying server may leak some information about the content of a specific ballot. The leak could occur through side-channel attacks [Meh14] [GST13] or by assistance of a malicious adversary. If the attacker has also access to signed ballots, then the voter’s choice could be revealed. If the connection between the tallied vote and signed vote could be obfuscated then the success of this specific attack would be negligible. But this obfuscation raises other problems. For example, how to ensure that the votes are not modified in favour of some third party? One solution is to use mix-nets which permutes and re-encrypts the ballots, while giving a proof that the actions are performed correctly. The mix-net may be a larger system which can also perform threshold decryption, key distribution etc. The basis of the mix-net is the shuffle, which is used for permuting and re-encryption. In the case of elections, the number of votes is usually large and this has lead to optimizing the computation to construct the proofs and perform the mixing. If the mix-net is combined with tabulation on ciphertexts and a proof of ballot inclusion, then the voter can be highly confident that his vote is correctly counted towards the result and that his vote is anonymous. Furthermore, the mixing could be performed by independent parties (for example, by political parties). In this survey, we will observe some mix-net constructions and give a hint on the optimization techniques. We will not inspect the full details as the optimization methods