Abstract

Electronic voting (e-voting), compared with article voting, has advantages in several aspects. Among those benefits, the ability to audit the electoral process at every stage is one of the most desired features of an e-voting system. In Eurocrypt 2015, Kiayias, Zacharias, and Zhang proposed a new E2E verifiable e-voting system that for the first time provides E2E verifiability without relying on external sources of randomness or the random oracle model; the main advantage of such system is in the fact that election auditors need only the election transcript and the feedback from the voters to pronounce the election process unequivocally valid. Unfortunately, their system comes with a huge performance and storage penalty for the election authority (EA) compared to other e-voting systems such as Helios. The main reason is that due to the way the EA forms the proof of the tally result, it is required to precompute a number of ciphertexts for each voter and each possible choice of the voter. The performance penalty on the EA appears to be intrinsic to the approach: voters cannot compute an enciphered ballot themselves because there seems to be no way for them to prove that it is a valid ciphertext. In this work, we construct a new e-voting system that retains similar strong E2E characteristics (but against computational adversaries) while completely eliminating the performance and storage penalty of the EA. Our construction has similar performance to Helios and is practical. The privacy of our construction relies on the SXDH assumption over bilinear groups via complexity leveraging.