Ceci n’est pas une preuve
Published: 12 March 2019
The use of trapdoor commitments in Bayer-Groth proofsand the implications for the verifiabilty of the Scytl-SwissPost Internet voting system
- Sarah Jamie Lewis - Open Privacy Research Society
- Olivier Pereira - UCLouvain – ICTeam, B-1348 Louvain-la-Neuve, Belgium
- Vanessa Teague - The University of Melbourne, Parkville, Australia
The implementation of the commitment scheme in the SwissPost-Scytl mixnet uses a trapdoor commitment scheme, which allows an authority whoknows the trapdoor values to generate a shuffle proof transcript that passesverification but actually alters votes. We give two examples of details of howthis could be used.
The first example allows the first mix to use the trapdoors to substitute votes for which it knows the randomness used to generate theencrypted vote. The second example does not even require knowledge of therandom factors used to generate the votes, and could be used by the last mixin the sequence.
Since the above abstract was written SwissPost & Scytl have confirmed our analysis, and the entire evoting program was suspended after we reported a 3rd critical flaw which impacted Individual Verifiability.