Making Mix Nets Robust for Electronic Voting by Randomized Partial Checking

We propose a new technique for making mix nets robust, called randomized partial checking (RPC). The basic idea is that rather than providing a proof of completely correct operation, each server provides strong evidence of its correct operation by revealing a pseudo-randomly selected subset of its input/output relations. Randomized partial checking is exceptionally efficient compared to previous proposals for providing robustness; the evidence provided at each layer is shorter than the output of that layer, and producing the evidence is easier than doing the mixing. It works with mix nets based on any encryption scheme (i.e., on public-key alone, and on hybrid schemes using public-key/symmetric-key combinations). It also works both with Chaumian mix nets where the messages are successively encrypted with each servers’ key, and with mix nets based on a single public key with randomized re-encryption at each layer. Randomized partial checking is particularly well suited for voting systems, as it ensures voter privacy and provides assurance of correct operation. Voter privacy is ensured (either probabilistically or cryptographically) with appropriate design and paRSA Laboratories, Bedford, MA 01730, mjakobsson@rsasecurity.com RSA Laboratories, Bedford, MA 01730, ajuels@rsasecurity.com Laboratory for Computer Science, Massachusetts Institute of Technology, Cambridge, MA 02139, rivest@mit.edu Support provided by the Carnegie Foundation. rameter selection. Unlike previous work, our work provides voter privacy as a global property of the mix net rather than as a property ensured by a single honest server. RPC-based mix nets also provide very high assurance of a correct election result, since a corrupt server is very likely to be caught if it attempts to tamper with even a couple of ballots.

[1]  Masayuki Abe,et al.  A Length-Invariant Hybrid Mix , 2000, ASIACRYPT.

[2]  Markus Jakobsson,et al.  Flash mixing , 1999, PODC '99.

[3]  Yiannis Tsiounis,et al.  On the Security of ElGamal Based Encryption , 1998, Public Key Cryptography.

[4]  Yvo Desmedt,et al.  How to Break a Practical MIX and Design a New One , 2000, EUROCRYPT.

[5]  Mihir Bellare,et al.  Optimal Asymmetric Encryption , 1994, EUROCRYPT.

[6]  Kaoru Kurosawa,et al.  Attack for Flash MIX , 2000, ASIACRYPT.

[7]  Markus Jakobsson,et al.  Security of Signed ElGamal Encryption , 2000, ASIACRYPT.

[8]  Amit Sahai,et al.  Non-malleable Encryption: Equivalence between Two Notions, and an Indistinguishability-Based Characterization , 1999, CRYPTO.

[9]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[10]  Kazue Sako,et al.  An Efficient Scheme for Proving a Shuffle , 2001, CRYPTO.

[11]  J. Markus,et al.  Millimix: Mixing in Small Batches , 1999 .

[12]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[13]  Kazue Sako,et al.  An Ecient Scheme for Proving a Shue , 2001 .

[14]  C. Andrew Neff,et al.  A verifiable secret shuffle and its application to e-voting , 2001, CCS '01.

[15]  Markus Jakobsson,et al.  A Practical Mix , 1998, EUROCRYPT.

[16]  Markus Jakobsson,et al.  An optimally robust hybrid mix network , 2001, PODC '01.

[17]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[18]  Masayuki Abe,et al.  Universally Verifiable Mix-net with Verification Work Indendent of the Number of Mix-servers , 1998, EUROCRYPT.

[19]  Kazue Sako,et al.  Fault tolerant anonymous channel , 1997, ICICS.

[20]  Masayuki Abe,et al.  Mix-Networks on Permutation Networks , 1999, ASIACRYPT.