In this post we describe a concrete design enabling privacy for e-participation platforms falling under the category of social information filtering systems. This is an extension of work presented in the User Anonymization for Decidim Barcelona report. Although this report was written in the context of the Decidim e-participation tool, the techniques generalize to any platform with similar characteristics and intent. We cite the report, beginning with the introduction:

Information technology and the Internet have opened up many possibilities for citizen participation. One of the most sensitive issues that must be addressed is privacy. Decidim, driven by the city council of Barcelona, is one such example of experiments in citizen participation. Because Decidim is an instrument with the potential for political decision making, it is important to attain the right privacy, trust and transparency properties.

The nature of Decidim as a tool with an already existing feature set narrows down the spectrum of technical methods that can be applied. Specifically, these constraints lead to solutions centered around the use of pseudonyms and the anonymization of existing users. These solutions must be made compatible with integrity requirements (leading to authentication). In order to achieve these two requirements simultaneously it is necessary to employ cryptographic techniques. The result are schemes offering strong privacy guarantees, where even the operators of the system cannot access user’s real identities, while ensuring that only authenticated users can participate.

The main points above can be generalized into

  • E-participation tools with the potential for political decision making must have the correct privacy trust and transparency properties. In particular, not even the administrators of such systems should be able to determine user’s real identities.
  • E-participation tools whose nature is best described as social information filtering[6], consultation and ideation co-production[15], reputation[16], or deliberation systems require pseudonymity[36] as the privacy protecting mechanism. The notion of users with linkable contributions is fundamental to these platforms.
  • E-participation tools with the potential for political decision making must maintain integrity; only authorized and properly validated citizens can participate.
  • The requirements for privacy and integrity can only be simultaneously satisfied by employing cryptographic techniques.

The report proposes several crypto schemes in order to provide authenticated, privacy preserving pseudonyms via user anonymization. Here we focus on the M-schemes, in particular

7.3.7 M1
Anonymization is achieved with a re-encryption mixnet. The scheme supports variable privileges and deactivation groups. In contrast to partially blind signatures, these groups can be formed dynamically (in partially blind signature schemes these groups must be determined at signature time) by collecting arbitrary ciphertexts. This scheme supports individual deactivation through joint decryption of distributed ElGamal encrypted tokens sent by users. It is unconditionally reversibly anonymous.

Note that the M schemes require the following cryptographic components

6.7 Distributed ElGamal [68]
6.9 ElGamal re-encryption mixnet [72][73] with Terelius-Wikstrom proofs of shuffle TU[74]

which are the core of the user anonymization mechanism. This brings us to nMix, which is a project we have been working hard on

nMix is an open source backend for a mixnet-based, cryptographically secure voting system, featuring strong privacy and verifiability properties. It is a reactive implementation of the core univote crypto specification, with a few changes.

nMix implements the following cryptography

  • ElGamal homomorphic distributed cryptosystem
  • Verifiable re-encryption mixnet with Terelius-Wikstrom shuffles
  • Joint key-generation / decryption with zero knowledge correctness proofs
  • Tamper-resistant bulletin board hash-chain
  • RSA message signing and trustee authentication

Because nMix includes a re-encryption mixnet and a distributed ElGamal cryptosystem it can serve as an implementation of components 6.7 and 6.9. The proposed design is therefore to construct scheme 7.3.7 using nMix as its core component. This implementation is quite simple, as the rest of the participating components are relatively easy to write. The resulting protocols for user registration and de-activation can be seen below

where nMix takes over the core cryptography, at the right of the diagram. The sequence of operations remains unchanged as nMix is simply a drop-in for the core components:

  1. The trustees jointly generate a token encryption public key
  2. The user logs in with existing credentials (password)
  3. The user is checked for an existing encrypted token, if so the process terminates
  4. The user’s browser generates a random number which is concatenated with user id and then hashed producing a token
  5. The user encrypts the token with the public key
  6. The encrypted token is stored at the anonymizer
  7. When the registration periods ends, the anonymizer requests a mix from the trustees
  8. The trustees mix and jointly decrypt the tokens
  9. A user is created for each decrypted token
  10. The user completes registry by anonymously submitting their token

Similarly, for deactivation we have

Again, the sequence of operations remains unchanged:

  1. User requests deactivation
  2. User request is validated (eg email or physical id)
  3. Trustees jointly decrypt token stored during registration
  4. User is deactivated


The Decidim report analyzed the issue of citizen privacy in the context of e-participation platforms that fall under the social information filtering category. Several solutions where suggested in the form of schemes and protocols that satisfied privacy as well as integrity (authentication). These schemes were composed of generic crypto components that together performed user anonymization. In this post we have seen how nMix can be used as an implementation of the core components in the recommended “M-schemes”. With this design it should be substantially easier for implementers to support privacy in their e-participation platforms.


Please refer to the User Anonymization for Decidim Barcelona report to follow the references cited in this post.