This is a proof of concept in Go which demonstrates the use of zero-knowledge range proofs to prove the encryption of a message within an integer range. In turn, this can be used in elections to prove that an encrypted ballot is for a valid candidate, without leaking who the vote is for.
Note: as this is a proof of concept, it should under no circumstances be used as-is in a production system! The code lacks testing, error handling, and is not side-channel safe on the client side (no sensitive data on the server side).
For black box use of the proofs:
voter.gosimulates a voter, who encrypts their choice and generates the ZKRPsserver.gosimulates the vote collector, who receives an encrypted vote and the ZKRPs and must verify their validity
For implementation details:
voteproof/contains the implementation of the custom protocol for proving and verifying ballot correctnessbulletproofs/contains the modified implementation of ING Bank's Bulletproofs
This code makes use of the Bulletproofs range proof implementation by ING Bank which is modified to work with an abstract interface for algebraic groups. The interface is inspired by that of CIRCL, and is currently instantiated with NIST's P-256 and P-384 curves.