Homomorphic secret sharing

[1] Homomorphic secret sharing is used to transmit a secret to several recipients as follows: Suppose a community wants to perform an election, using a decentralized voting protocol, but they want to ensure that the vote-counters won't lie about the results.

Using a type of homomorphic secret sharing known as Shamir's secret sharing, each member of the community can add their vote to a form that is split into pieces, each piece is then submitted to a different vote-counter.

When all votes have been received, the vote-counters combine them, allowing them to recover the aggregate election results.

In detail, suppose we have an election with: This protocol works as long as not all of the k authorities are corrupt — if they were, then they could collaborate to reconstruct P(x) for each voter and also subsequently alter the votes.

Under the assumptions on t: The protocol implicitly prevents corruption of ballots.

A table illustrating the voting protocol
An illustration of the voting protocol. Each column represents the pieces of a particular voter's vote. Each row represents the pieces received by a particular authority.