Lattice-Based Proof of Shuffle and Applications to Electronic Voting

Diego F. Aranha, Carsten Baum, Kristian Gjøsteen, Tjerand Silde, Thor Tunge

Research output: Contribution to book/anthology/report/proceedingArticle in proceedingsResearchpeer-review


A verifiable shuffle of known values is a method for proving that a collection of commitments opens to a given collection of known messages, without revealing a correspondence between commitments and messages. We propose the first practical verifiable shuffle of known values for lattice-based commitments. Shuffles of known values have many applications in cryptography, and in particular in electronic voting. We use our verifiable shuffle of known values to build a practical lattice-based cryptographic voting system that supports complex ballots. Our scheme is also the first construction from candidate post-quantum secure assumptions to defend against compromise of the voter’s computer using return codes. We implemented our protocol and present benchmarks of its computational runtime. The size of the verifiable shuffle is 17 τ KB and takes time 33 τ ms for τ voters. This is around 5 times faster and at least 50% smaller per vote than the lattice-based voting scheme by del Pino et al. (ACM CCS 2017), which can only handle yes/no-elections.

Original languageEnglish
Title of host publicationTopics in Cryptology-CT-RSA 2021 - Cryptographers’ Track at the RSA Conference, Proceedings
EditorsKenneth G. Paterson
Number of pages25
Place of publicationCham
Publication date2021
ISBN (Print)978-3-030-75538-6
ISBN (Electronic)978-3-030-75539-3
Publication statusPublished - 2021
EventThe Cryptographer's Track at the RSA Conference 2021 - San Francisco, United States
Duration: 17 May 202121 May 2021


ConferenceThe Cryptographer's Track at the RSA Conference 2021
Country/TerritoryUnited States
CitySan Francisco
Internet address
SeriesLecture Notes in Computer Science


  • Electronic voting
  • Implementation
  • Lattice-based cryptography
  • Proof of shuffle
  • Return codes
  • Verifiable encryption


Dive into the research topics of 'Lattice-Based Proof of Shuffle and Applications to Electronic Voting'. Together they form a unique fingerprint.

Cite this