Search papers, labs, and topics across Lattice.
This paper introduces NARAD, a novel electronic voting architecture that ensures ballot privacy while allowing for verifiable tallies without a trusted key dealer. Voters encrypt their ballots using self-generated keys under the Paillier homomorphic cryptosystem, and a dual-server model separates the roles of collecting and aggregating votes to maintain privacy. The system achieves significant efficiency, supporting up to 335 million ballots while ensuring tamper-resistance and preventing collusion through the use of secure enclaves.
Voters can now securely cast and verify their ballots without relying on a trusted key dealer, dramatically enhancing the integrity of electronic voting systems.
Electronic voting must keep individual ballots private while letting anyone verify the final tally. This paper presents an architecture that meets both goals without a trusted key dealer: each voter encrypts a ballot in the browser with a self-generated secret key under the Paillier additive homomorphic cryptosystem, and no party ever holds every key. Two server roles divide the tally. A collector combines the voters'per-ballot auxiliary values into a single group element; an aggregator uses that element to cancel the voters'random masks inside the homomorphic product and recover the exact vote sum, learning the result but no individual ballot. The Solana blockchain records every ciphertext immutably and enforces the election lifecycle, while a native C library (libtommath) performs the heavy modular arithmetic. We state six assumptions under which the protocol is correct and prove product homomorphism, mask cancellation, and sum recovery; privacy rests on the Decisional Composite Residuosity (DCR) assumption for the additive layer together with a Diffie-Hellman-style assumption on the masking base. A bit-packing scheme places an entire multi-candidate ballot in one ciphertext, cutting client work, on-chain transactions, storage, and tally cost by a factor of k (the candidate count); the slot width b is free, with only k*b bounded by log_2(N). With b = 25 and a 255-bit modulus the scheme supports ten candidates and up to 2^25 - 1 = 33,554,431 votes per candidate, about 335 million ballots, and tallies 50,000 ballots in under one second. Finally, running the collector and aggregator inside attested secure enclaves makes the tally tamper-resistant and prevents cross-role collusion to deanonymize voters. The proof-of-concept implementation is open-source; a worked numerical example in the appendix reproduces the full pipeline.