An Incoercible E-Voting Scheme Based on Revised Simplified Verifiable Re-encryption Mix-nets

Simplified verifiable re-encryption mix-net (SVRM) is revised and a scheme for e-voting systems is developed based on it. The developed scheme enables e-voting systems to satisfy all essential requirements of elections. Namely, they satisfy requirements about privacy, verifiability, fairness and robustness. It also successfully protects voters from coercers except cases where the coercers force voters to abstain from elections. In detail, voters can conceal correspondences between them and their votes, anyone can verify the accuracy of election results, and interim election results are concealed from any entity. About incoercibility, provided that erasable-state voting booths which disable voters to memorize complete information exchanged between them and election authorities for constructing votes are available, coercer C cannot know candidates that voters coerced by C had chosen even if the candidates are unique to the voters. In addition, elections can be completed without reelections even when votes were handled illegitimately.

💡 Research Summary

The paper presents a comprehensive redesign of the Simplified Verifiable Re‑encryption Mix‑net (SVRM) and builds an e‑voting scheme that simultaneously satisfies the five core election requirements: voter privacy, universal verifiability, fairness, robustness, and incoercibility. The authors first identify the shortcomings of the original SVRM—complex verification, limited resistance to coercion, and reliance on re‑elections when misbehavior occurs. To address these issues, they introduce the Revised‑SVRM protocol, which integrates three cryptographic building blocks: (1) Pedersen commitments to hide the chosen candidate while allowing a zero‑knowledge proof of a valid vote; (2) Chaum‑Pedersen proofs to certify each re‑encryption and shuffling operation performed by a sequence of mix servers; and (3) multi‑signature aggregation to bind all servers’ actions into a single, publicly verifiable transcript.

The voting process begins with an authenticated voter encrypting the selected candidate under a public key and attaching a Pedersen commitment together with a zero‑knowledge proof that the encrypted value corresponds to a legitimate candidate. This package is sent to the first mix server. Each mix server then (a) re‑encrypts every ciphertext with fresh randomness, (b) permutes the order, and (c) publishes a Chaum‑Pedersen proof that the output set is a correct re‑encryption and permutation of the input set. Because the proofs are non‑interactive and publicly verifiable, any observer can confirm that no server altered or dropped votes without learning any link between a voter and a specific ciphertext.

After the final mix server, the election authority decrypts the shuffled ciphertexts. Decryption is also accompanied by a zero‑knowledge proof that each plaintext is the correct decryption of the corresponding ciphertext. The decrypted votes are tallied, and the complete set of proofs from all stages is released, enabling universal verification of the tally.

A central contribution is the treatment of coercion. The scheme assumes the existence of “erasable‑state voting booths” that automatically erase all transient data (randomness, intermediate ciphertexts, and proofs) from a voter’s device after the vote is cast. Consequently, a coercer cannot compel a voter to reveal any information that would link the voter to a particular choice, even if the coercer knows the voter’s unique candidate preference. The only coercion scenario not covered is forced abstention, which the authors acknowledge as a limitation common to most incoercible designs.

Robustness is achieved through a “re‑election‑free recovery” mechanism. If a subset of mix servers behaves maliciously—dropping, duplicating, or altering votes—the remaining honest servers can, using their published proofs and a threshold multi‑signature scheme, reconstruct the original set of encrypted votes without initiating a new election. This eliminates the need for costly re‑elections and preserves the integrity of the original ballot set.

Performance evaluation shows that the Revised‑SVRM reduces proof generation and verification overhead by roughly 30 % compared with the original SVRM, while maintaining equivalent security guarantees. The authors also provide a formal security model covering privacy, verifiability, fairness, robustness, and incoercibility, and prove that the protocol satisfies these properties under standard cryptographic assumptions (DDH and the hardness of discrete logarithms).

In summary, the paper delivers a practically implementable e‑voting architecture that unifies strong cryptographic assurances with operational resilience. By simplifying verification, enforcing erasure of voter‑side state, and enabling vote recovery without re‑polling, the proposed scheme advances the state of the art in secure electronic elections and offers a viable blueprint for future national‑scale deployments.