Paper 2020/1114
Did you mix me? Formally Verifying Verifiable Mix Nets in Electronic Voting
Thomas Haines, Rajeev Gore, and Bhavesh Sharma
Abstract
Verifiable mix nets, and specifically proofs of (correct) shuffle, are a fundamental building block in numerous applications: these zero-knowledge proofs allow the prover to produce a public transcript which can be perused by the verifier to confirm the purported shuffle. They are particularly vital to verifiable electronic voting, where they underpin almost all voting schemes with non-trivial tallying methods. These complicated pieces of cryptography are a prime location for critical errors which might allow undetected modification of the outcome. The best solution to preventing these errors is to machine-check the cryptographic properties of the design and implementation of the mix net. Particularly crucial for the integrity of the outcome is the soundness of the design and implementation of the verifier (software). Unfortunately, several different encryption schemes are used in many different slight variations which makes t infeasible to machine-check every single case individually. However, a particular optimized variant of the Terelius-Wikstrom mix net is, and has been, widely deployed in elections including national elections in Norway, Estonia and Switzerland, albeit with many slight variations and several different encryption schemes. In this work, we develop the logical theory and formal methods tools to machine-check the design and implementation of all these variants of Terelius-Wikstrom mix nets, for all the different encryption schemes used; resulting in provably correct mix nets for all these different variations. We do this carefully to ensure that we can extract a formally verified implementation of the verifier (software) which is compatible with existing deployed implementations of the Terelius-Wikstrom mix net. This gives us provably correct implementations of the verifiers for more than half of the national elections which have used verifiable mix nets. Our implementation of a proof of correct shuffle is the first to be machine-checked to be cryptographically correct and able to verify proof transcripts from national elections. We demonstrate the practicality of our implementation by verifying transcripts produced by the Verificatum mix net system and the CHVote evoting system from Switzerland.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Preprint. MINOR revision.
- Keywords
- mix netsecure votingmachine checked
- Contact author(s)
- thomas haines @ ntnu no
- History
- 2020-09-15: revised
- 2020-09-15: received
- See all versions
- Short URL
- https://ia.cr/2020/1114
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2020/1114, author = {Thomas Haines and Rajeev Gore and Bhavesh Sharma}, title = {Did you mix me? Formally Verifying Verifiable Mix Nets in Electronic Voting}, howpublished = {Cryptology {ePrint} Archive, Paper 2020/1114}, year = {2020}, url = {https://eprint.iacr.org/2020/1114} }