Description
Background and motivation
I am working on an french electronic voting system (excluding political election) and the ANSSI (French CyberSecurity Agency) now recommend to use a "new" type of algoritthm to encrypt and manipulate ballot: homomorphic encryption with zero-knowlegde proofs.
The goals are to be able to prove that the expression of the vote is secret, free (without coercion), and its integrity is respected.
To do that, they recommend to use algorithm that allow to prove that:
- the members of the polling station "know" the secret key (to prove they are the initiator of the poll),
- the voters "knows" the hazard/salt included in the encrypted ballot (to prove its ballot is in the ballot box),
- the ballot contains valid values without having to decrypt it (they list two cases: answer is 0 or 1 and answer is inside a range),
- the decrypted ballot is really the decrypted ballot (no alteration has been done on it during the decryption),
In complement, they recommend accumulating or securely mix ballot (for exemple with mixnet) to ensure no one can link the attendance list (that are ordonned by signature timestamp) and the order of the ballots in the ballot box. And of course, we should generate proof of these operations.
In practice, they recommend using El Gamal algorithm, with the "classic encryption" when we want to mix ballots and "exponential encryption" when we want to accumulate ballots.
API Proposal
No idea for now :)
API Usage
No idea for now :)
Alternative Designs
No response
Risks
No response