User Tools

Site Tools


The verification process for an RPC style mix requires 5 things to be checked. An extra step is required in the case of Ximix to accomodate the mapping of EC points to actual candidate numbers that are represented in the CSV files representing the ballot. This extra step may appear to be more complicated than it needs to be as Ximix is designed to accomodate packed ballots, which allow several preferences to be represented by one EC point, as well as a simple bijection from points to candidate numbers.

The verification tool currently performs the following checks:

  1. verifies that the transcript and proof files were produced by a valid MixNet.
  2. verifies the initial ballot files and the audit log of the initial state of the board matches.
  3. verifies that the commitments opened matches what would be predicted by the random seed calculated at the end of the shuffle.
  4. verifies that the opened commitments are valid and match the known witness values.
  5. verifies that the proofs of decryption (ie. the proof that the result of decryption for a specific node could only have been calculated using the private key corresponding to the published public key for the specific node).
  6. verifies that the CSV represents a correct representation of the final decrypted result, taking into account packed ballots where required.

The source for an example controlling main for the verifier can be found in org.cryptoworkshop.ximix.tool.Verifier. For the curious, it may help to know that the extra 6th step is encapsulated in a nested private class CSVVerifier contained in the Verifier class.

The verifier requires 9 arguments:

  1. the trust anchor for the signatures provided
  2. the public key used to encrypt the ballots
  3. a boolean (true if pairing has been used on shuffling on same nodes, false otherwise).
  4. the location of the directory of the initial encrypted ballots
  5. the file representing the properties for the ballot (this provides data on how to unpack packed ballots)
  6. the location of the transcript files created over the course of the shuffle and decryption.
  7. the region of interest
  8. the type of ballot in the region of interest
  9. a meta-data associated with the type.

Region, type, and meta-data are assumed to correspond to the format used in vVote. For example:


Indicates region number 8159599f-5150-4e0c-a694-9c2a5e4abba6, type ATL and meta-data E.

We would welcome further input, clean room attempts, or comments, on the subject of verification.

verification_step.txt · Last modified: 2014/09/16 17:07 (external edit)