Elections are an important corner stone of democratic processes. In recent years, remote electronic voting (e-voting) has gained a lot of popularity for both major political elections and small to medium-sized elections in companies and associations. A key security property of modern e-voting systems is verifiability: voters should be able to verify that their votes were actually counted and everyone should be able to verify whether the election outcome corresponds to the submitted votes, even if election servers have programming errors or are outright malicious. To achieve verifiability, most e-voting systems publish the full tally, i.e., the set of all ballots or an aggregation thereof (number of votes per candidate), along with some additional information, such as zero-knowledge proofs, which prove that the tally is correct. From the tally, everyone can then compute the election result, e.g., the winning candidate(s). Publishing the full tally as an intermediate step comes, however, with several downsides such as biasing voters, weakening mandates, and enabling so-called Italian attacks. These issues are addressed by tally-hiding e-voting systems that only publish the actual election result, say, the winning candidate, while keeping intermediate information, such as the full tally, hidden. In the predecessor project, we made several major contributions to tally-hiding e-voting. Among others, we proposed the first provably secure verifiable and tally-hiding systems. However, none of the existing tally-hiding systems provide post-quantum security, and hence, they break down in presence of quantum attackers. Guaranteeing security also in presence of such attackers is pressing already today as future attackers with access to quantum computers could retroactively break vote privacy of today's elections using data stored about such elections. The goal of this follow-up project is therefore to fill this research gap by lifting verifiable tally-hiding voting to the post-quantum setting. As part of this project we will, among others, build the first provably post-quantum secure tally-hiding and verifiable e-voting systems. To achieve post-quantum security and also obtain practical performance for these systems, we will make use of, adapt, and devise new post-quantum secure cryptographic schemes and techniques, including general purpose non-interactive zero-knowledge proofs, homomorphic encryption schemes, and publicly verifiable multi-party computation protocols.

DFG Programme Research Grants