Homomorphic Signatures on Randomizable Ciphertexts

Anonymity is a primary ingredient for our digital life. Several tools have been designed to address it such as, for authentication, blind signatures, group signatures or anonymous credentials and, for confidentiality, randomizable encryption or mix-nets.<br/> When it comes to complex electronic voting schemes, random shuffling of ciphertexts with mix-nets is the only known tool. Such mix-nets are also an essential tool for anonymous routing. However, it requires huge and complex zero-knowledge proofs to guarantee the actual permutation of the initial ciphertexts. In this talk, we propose a new approach for proving correct shuffling: the mix-servers can simply randomize individual ballots, which means the ciphertexts, the signatures, and the verification keys, with an additional global proof of constant size, and the output will be publicly verifiable. The computational complexity for the mix-servers is linear in the number of ciphertexts. Verification is also linear in the number of ciphertexts, independently of the number of rounds of mixing. This leads to the most efficient technique, that is highly scalable. This is joint work with Chloé Hébant and Duong Hieu Phan.<br/> lien: http://desktop.visio.renater.fr/scopia?ID=726372***9089&autojoin