Lattice-Based Proof of Shuffle and Applications to Electronic Voting

A verifiable shuffle of known values is a method for proving that a collection of commitments opens to a given collection of known messages, without revealing a correspondence between commitments and messages. We propose the first practical verifiable shuffle of known values for lattice-based commitments. Shuffles of known values have many applications in cryptography, and in particular in electronic voting. We use our verifiable shuffle of known values to build a practical lattice-based cryptographic voting system that supports complex ballots. Our scheme is also the first construction from candidate post-quantum secure assumptions to defend against compromise of the voter’s computer using return codes. We implemented our protocol and present benchmarks of its computational runtime. The size of the verifiable shuffle is 22τ KB and takes time 33τ ms for τ voters. This is around 5 times faster and 40 % smaller per vote than the lattice-based voting scheme by del Pino et al. (ACM CCS 2017), which can only handle yes/no-elections.

[1]  Kristian Gjøsteen,et al.  An experiment on the security of the Norwegian electronic voting protocol , 2016, Ann. des Télécommunications.

[2]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[3]  Paz Morillo,et al.  Lattice-based proof of a shuffle , 2019, IACR Cryptol. ePrint Arch..

[4]  Nicolas Gama,et al.  An Homomorphic LWE based E-voting Scheme , 2015 .

[5]  Ben Adida,et al.  Helios: Web-based Open-Audit Voting , 2008, USENIX Security Symposium.

[6]  Véronique Cortier,et al.  SoK: A Comprehensive Analysis of Game-Based Ballot Privacy Definitions , 2015, 2015 IEEE Symposium on Security and Privacy.

[7]  Ivan Damgård,et al.  More Efficient Commitments from Structured Lattice Assumptions , 2018, SCN.

[8]  Shi Bai,et al.  An Improved Compression Technique for Signatures Based on Learning with Errors , 2014, CT-RSA.

[9]  Vadim Lyubashevsky,et al.  Practical Product Proofs for Lattice Commitments , 2020, IACR Cryptol. ePrint Arch..

[10]  Ron Steinfeld,et al.  Compact and Scalable Arbitrary-centered Discrete Gaussian Sampling over Integers , 2019, IACR Cryptol. ePrint Arch..

[11]  William B. Hart,et al.  FLINT : Fast library for number theory , 2013 .

[12]  Martin R. Albrecht,et al.  On the concrete hardness of Learning with Errors , 2015, J. Math. Cryptol..

[13]  Vadim Lyubashevsky,et al.  Lattice Signatures Without Trapdoors , 2012, IACR Cryptol. ePrint Arch..

[14]  Vadim Lyubashevsky,et al.  Short, Invertible Elements in Partially Splitting Cyclotomic Rings and Applications to Lattice-Based Zero-Knowledge Proofs , 2018, EUROCRYPT.

[15]  Martin Strand,et al.  A verifiable shuffle for the GSW cryptosystem , 2018, IACR Cryptol. ePrint Arch..

[16]  Craig Gentry,et al.  (Leveled) fully homomorphic encryption without bootstrapping , 2012, ITCS '12.

[17]  Gregory Neven,et al.  Practical Quantum-Safe Voting from Lattices , 2017, IACR Cryptol. ePrint Arch..

[18]  Tim Güneysu,et al.  Practical Lattice-Based Cryptography: A Signature Scheme for Embedded Systems , 2012, CHES.

[19]  Vadim Lyubashevsky,et al.  Fiat-Shamir with Aborts: Applications to Lattice and Factoring-Based Signatures , 2009, ASIACRYPT.

[20]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[21]  Xavier Boyen,et al.  A Verifiable and Practical Lattice-Based Decryption Mix Net with External Auditing , 2020, IACR Cryptol. ePrint Arch..

[22]  Chris Peikert,et al.  A Toolkit for Ring-LWE Cryptography , 2013, IACR Cryptol. ePrint Arch..

[23]  Gregory Neven,et al.  One-Shot Verifiable Encryption from Lattices , 2017, EUROCRYPT.

[24]  Kristian Gjøsteen,et al.  A Roadmap to Fully Homomorphic Elections: Stronger Security, Better Verifiability , 2017, Financial Cryptography Workshops.

[25]  C. Andrew Neff,et al.  A verifiable secret shuffle and its application to e-voting , 2001, CCS '01.

[26]  Jens Groth,et al.  Sub-Linear Lattice-Based Zero-Knowledge Arguments for Arithmetic Circuits , 2018, IACR Cryptol. ePrint Arch..