Paper 2019/547

Linearly-Homomorphic Signatures and Scalable Mix-Nets

Chloé Hébant, Duong Hieu Phan, and David Pointcheval


Anonymity is a primary ingredient for our digital life. Several tools have been designed to address it such as, for authentication, blind signatures, group signatures or anonymous credentials and, for confidentiality, randomizable encryption or mix-nets. When it comes to complex electronic voting schemes, random shuffling of ciphertexts with mix-nets is the only known tool. However, it requires huge and complex zero-knowledge proofs to guarantee the actual permutation of the initial ciphertexts. In this paper, we propose a new approach for proving correct shuffling: the mix-servers can simply randomize individual ballots, which means the ciphertexts, the signatures, and the verification keys, with an additional global proof of constant size, and the output will be publicly verifiable. The computational complexity for the mix-servers is linear in the number of ciphertexts. Verification is also linear in the number of ciphertexts, independently of the number of rounds of mixing. This leads to the most efficient technique, that is highly scalable. Our constructions make use of linearly-homomorphic signatures, with new features, that are of independent interest.

Available format(s)
Cryptographic protocols
Publication info
Published by the IACR in PKC 2020
Anonymityrandom shufflinglinearly-homomorphic signatures
Contact author(s)
chloe hebant @ ens fr
2020-07-22: last of 2 revisions
2019-05-23: received
See all versions
Short URL
Creative Commons Attribution


      author = {Chloé Hébant and Duong Hieu Phan and David Pointcheval},
      title = {Linearly-Homomorphic Signatures and Scalable Mix-Nets},
      howpublished = {Cryptology ePrint Archive, Paper 2019/547},
      year = {2019},
      doi = {10.1007/978-3-030-45388-6_21},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.