Paper 2020/1331

Efficient mixing of arbitrary ballots with everlasting privacy: How to verifiably mix the PPATC scheme

Kristian Gjøsteen, Thomas Haines, and Morten Rotvold Solberg


The long term privacy of voting systems is of increasing concern as quantum computers come closer to reality. Everlasting privacy schemes offer the best way to manage these risks at present. While homomorphic tallying schemes with everlasting privacy are well developed, most national elections, using electronic voting, use mixnets. Currently the best candidate encryption scheme for making these kinds of elections everlastingly private is PPATC, but it has not been shown to work with any mixnet of comparable efficiency to the current ElGamal mixnets. In this work we give a paper proof, and a machine checked proof, that the variant of Wikstrom's mixnet commonly in use is safe for use with the PPATC encryption scheme.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Minor revision. The 25th Nordic Conference on Secure IT Systems (Nordsec 2020)
mix netsecure votingmachine checked
Contact author(s)
thomas haines @ ntnu no
2020-10-23: revised
2020-10-23: received
See all versions
Short URL
Creative Commons Attribution


      author = {Kristian Gjøsteen and Thomas Haines and Morten Rotvold Solberg},
      title = {Efficient mixing of arbitrary ballots with everlasting privacy: How to verifiably mix the {PPATC} scheme},
      howpublished = {Cryptology ePrint Archive, Paper 2020/1331},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.