33 lines
1.8 KiB
Plaintext
33 lines
1.8 KiB
Plaintext
This folder contains proof transcripts that demonstrate a
|
|
flaw in the decryption proof method implemented in the
|
|
SwissVote-Scytl mixnet. It was generated by Sarah Jamie Lewis, Olivier
|
|
Pereira and Vanessa Teague, using techniques described in our report.
|
|
|
|
It is completely distinct from our earlier paper, which described
|
|
trapdoors in the shuffle mechanism. Even if that issue were corrected,
|
|
this problem would remain.
|
|
|
|
In order to verify the proof transcripts, you will need to have a running
|
|
copy of the Swisspost-Scytl voting system.
|
|
|
|
Copy the function deserializeProofFromJSONAndCheckOk() from
|
|
DecryptionProofTest_Insert.java into
|
|
/scytl-cryptolib/cryptolib-proofs/src/test/java/com/scytl/cryptolib/proofs/service/DecryptionProofTest.java
|
|
and run it.
|
|
|
|
You can see two different cheating decryption proofs hardcoded into the
|
|
function. The first one contains a nonsense value, which it proves to decrypt to 7.
|
|
The second one contains a 3, but proves that it decrypts to a nonsense value.
|
|
|
|
When you run the function, you should get the following output:
|
|
|
|
Verifying Proof 1
|
|
Claimed plaintext = ZpGroupElement [_value=7, _p=15294034768093677312256663166625633354362303, _q=7647017384046838656128331583312816677181151]
|
|
True decryption = [ZpGroupElement [_value=12209177965119662820522312937377420599612363, _p=15294034768093677312256663166625633354362303, _q=7647017384046838656128331583312816677181151]]
|
|
Proof verified.
|
|
|
|
Verifying Proof 2
|
|
Claimed plaintext = ZpGroupElement [_value=2750132861347711778626352267580572009032361, _p=15294034768093677312256663166625633354362303, _q=7647017384046838656128331583312816677181151]
|
|
True decryption = [ZpGroupElement [_value=3, _p=15294034768093677312256663166625633354362303, _q=7647017384046838656128331583312816677181151]]
|
|
Proof verified.
|