Lecture 18: Mix-net Voting Systems

In the previous lecture, we defined the notion of an electronic voting system, and specified the requirements from such a system. In particular, we required an electronic voting system to be verifiable and robust. Loosely speaking, a voting system is said to be verifiable if any individual can verify that his vote was counted. A voting system is said to be robust if there does not exist any small set of servers that can disrupt the election. The voting systems that appear in the literature can be roughly categorized into three groups: one based on mix­nets, one based on homomorphic encryptions, and one based on blind signatures. In this lecture we concentrate on mix­net protocols. We describe two types of mix­net protocols: decryption mix­nets and re­encryption mix­nets. The general structure of mix­nets was illustrated in the previous lecture. They begin with an initial encryption phase E, whose outputs are posted on a bulletin board, in order to achieve verifiability. The initial encryption phase is followed by several mix phases mix1, . . . , mixk . The reason we need several of them is to achieve robustness. In decryption mix­nets, the mix phases mix and partially decrypt, whereas in re­encryption mix­nets, the mix phases mix and re­encrypt. In re­encryption mix­nets a final decryption phase D is added.