Paper 2020/909
When is a test not a proof?
Eleanor McMurtry and Olivier Pereira and Vanessa Teague
Abstract
A common primitive in election and auction protocols is plaintext equivalence test (PET) in which two ciphertexts are tested for equality of their plaintexts, and a verifiable proof of the test's outcome is provided. The most commonly-cited PETs require at least one honest party, but many applications claim universal verifiability, at odds with this requirement. If a test that relies on at least one honest participant is mistakenly used in a place where universally verifiable proof is needed, then a collusion by all participants can insert a forged proof of equality into the tallying transcript. We show this breaks universal verifiability for the JCJ/Civitas scheme among others, because the only PETs they reference are not universally verifiable. We then demonstrate how to fix the problem.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Preprint. MINOR revision.
- Keywords
- election schemescryptographic protocolszero knowledge
- Contact author(s)
- emcmurtry @ student unimelb edu au
- History
- 2020-09-03: revised
- 2020-07-18: received
- See all versions
- Short URL
- https://ia.cr/2020/909
- License
-
CC BY