## Cryptology ePrint Archive: Report 2021/338

Lattice-Based Proof of Shuffle and Applications to Electronic Voting

Diego F. Aranha and Carsten Baum and Kristian Gjøsteen and Tjerand Silde and Thor Tunge

Abstract: A verifiable shuffle of known values is a method for proving that a collection of commitments opens to a given collection of known messages, without revealing a correspondence between commitments and messages. We propose the first practical verifiable shuffle of known values for lattice-based commitments.

Shuffles of known values have many applications in cryptography, and in particular in electronic voting. We use our verifiable shuffle of known values to build a practical lattice-based cryptographic voting system that supports complex ballots. Our scheme is also the first construction from candidate post-quantum secure assumptions to defend against compromise of the voter's computer using return codes.

We implemented our protocol and present benchmarks of its computational runtime. The size of the verifiable shuffle is $22 \tau$ KB and takes time $33 \tau$ ms for $\tau$ voters. This is around $5$ times faster and $40$ % smaller per vote than the lattice-based voting scheme by del Pino et al. (ACM CCS 2017), which can only handle yes/no-elections.

Category / Keywords: cryptographic protocols / Lattice-Based Cryptography, Proof of Shuffle, Verifiable Encryption, Return Codes, Electronic Voting, Implementation

Original Publication (with major differences): CT-RSA 2021
DOI:
10.1007/978-3-030-75539-3_10

Date: received 15 Mar 2021, last revised 18 May 2021

Contact author: tjerand silde at ntnu no

Available format(s): PDF | BibTeX Citation

Note: This is the full version of the paper being published at CT-RSA 2021.

Short URL: ia.cr/2021/338

[ Cryptology ePrint archive ]