Teague, VanessaThinking Cybersecurity Pty. Ltd. and the Australian National University
Author
Abstract
A common primitive in election and auction protocols is a plaintext equivalence test (PET) in which two ciphertexts are tested for equality of their plaintexts, and a verifiable proof of the test’s outcome is provided. The most commonly-cited PETs require at least one honest party, but many applications claim universal verifiability, at odds with this requirement. If a test that relies on at least one honest participant is mistakenly used in a place where a universally verifiable proof is needed, then a collusion by all participants can insert a forged proof of equality into the tallying transcript. We show this breaks universal verifiability for the JCJ/Civitas scheme among others, because the only PETs they reference are not universally verifiable. We then demonstrate how to fix the problem.
McMurtry, E., Pereira, O., & Teague, V. (2020). When Is a Test Not a Proof? In Liqun Chen, Ninghui Li, Kaitai Liang, Steve A. Schneider (ed.), Proceedings of the 25th European Symposium on Research in Computer Security, (ESORICS 2020) (p. p. 23-41). Springer. https://hdl.handle.net/2078.5/256616