Backend for a mixnet-based, cryptographically secure voting system.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

alt text Build Status

nMix: Mixnet-based secure voting

nMix is an open source backend for a mixnet-based, cryptographically secure voting system, featuring strong privacy and verifiability properties. It is a reactive implementation of the core univote crypto specification, with a few changes.

Cryptographic scheme

The main elements of the cryptographic scheme are

  • ElGamal homomorphic distributed cryptosystem[1][5]
  • Verifiable re-encryption mixnet with Terelius-Wikstrom shuffles[2][3][6]
  • Joint key-generation / decryption with zero knowledge correctness proofs[5]
  • Tamper-resistant bulletin board hash-chain[7]
  • RSA message signing and trustee authentication[8]

Together with suitable cryptographic mechanisms at the voting booth this produces an end-to-end verifiable voting system. More details of the scheme can be found here.

Software architecture

nMix follows a minimal design, composed of

  • An append-only bulletin board backed by Git
  • A reactive, data-driven election protocol specified declaratively
  • A minimal rule engine for boolean expression conditions
  • libmix (including unicrypt) library for multicore support

which allows for

  • Fault tolerance through stateless and idempotent trustees
  • Auditability and tamper resistance via Git's hashchain
  • Simple network toplogy: centralized communication on a single ssh port
  • Simple software deployment: Java8 (+ Git on the bulletin board server)


The best place to start is to follow the tutorial. You can run an election demo on a single machine without having to do a real world distributed deployment.


Getting help



nMix is licensed under the terms of the GNU Affero General Public License (GNU AGPLv3).

Crypto references

[1] T. Elgamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 1985.

[2] B. Terelius and D. Wikstrom. Proofs of Restricted Shuffles. In D. J. Bernstein and T. Lange, editors, AFRICACRYPT’10, 3rd International Conference on Cryptology in Africa, LNCS 6055, pages 100–113, Stellenbosch, South Africa, 2010.

[3] D. Wikstrom. A Commitment-Consistent Proof of a Shuffle. In C. Boyd and J. Gonzalez Nieto, editors, ACISP’09, 14th Australasian Conference on Information Security and Privacy, LNCS 5594, pages 407–421, Brisbane, Australia, 2009.

[4] P. Locher, R. Haenni. A lightweight implementation of a shuffle proof for electronic voting systems. 2014


[6] David Chaum, Untraceable electronic mail, return addresses, and digital pseudonyms, Comm. ACM, 24, 2, 1981.


[8] R. Rivest, A. Shamir, L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. 1978.