Editing Quantum voting based on conjugate coding

This example protocol implements the task of E-voting. The participants in this family of protocols are one or more election authorities, the tallier, and the voters. The election authorities are only trusted for the purpose of eligibility and the voters do not share any entangled states with neither EA nor T in order to cast their ballots.

==Assumptions==
* The election authorities need to be trusted only for the purpose of eligibility; privacy should be guaranteed by the protocol against malicious parties.
* Existence of anonymous channel and authenticated channel.


==Outline==
In the beginning, the election authority chooses a vector for encoding ballots which will be kept secret from the tallier until the end of the ballot casting phase. Then the EA prepares w=polynomial(n) fragments that constitute a blank ballot and sends them to voters by an authenticated channel. After reception of the blank ballot, each voter re randomizes it and then applies a unitary to the blank ballot fragment and encodes the candidate of choice in the (n + 1)th-qubit of the last blank ballot fragments.

Finally, she sends the ballot to the tallier over an anonymous channel.
Once the ballot casting phase ends, the election authority announces the vector to the tallier so the tallier can decode each cast ballot by measuring it in the correct basis and announces the election result.

==Notations==
* <math>V_{i}: i^{th}</math> voter
* c: number of possible candidates
* N: number of voters
* <math>v_{i}:</math> vote of <math>i^{th}</math> voter
* T: tallier
* n: security parameter
* EA: election authority

==Properties==
'''Verifiability''': An adversary can change the vote of an eligible voter when the corresponding ballot is cast over the anonymous channel.
'''Privacy''': EA can introduce a “serial number” in a blank ballot to identify a voter and therefore violate privacy.
The security of the protocol relies on a quantum problem, named one-more-unforgeability, and the assumption that it is computationally hard for a quantum adversary.


== Requirements ==
* a quantum anonymous channel between voters and tallier
* an authenticated channel between voters and the election authority.
* Measurement Device for the tallier.

==Knowledge Graph==

==Protocol Description==
*'''Setup phase''':
#EA picks a vector <math> \bar{b} = (b_1, . . . , b_{n+1}) \in \{0, 1\}^{n+1}</math> that will be kept secret from T until the end of the ballot casting phase.
#For each <math>V_k</math>, EA prepares w = poly(n) blank ballot fragments each of the form <math>|\phi_{\bar{a}_j,\bar{b}}\rangle=|\psi_{a_j^1,b_1}\rangle \otimes ...\otimes |\psi_{a_j^{n+1},b_{n+1}}\rangle,j \in \{1,...,w\}</math> where <math>\bar{a}_j=(a_j^1,...,a_j^{n+1}) </math> such that <math>(a_j^1,...,a_j^{n})\in \{0,1\}^n,a_j^{n+1}=a_j^1 \oplus ...\oplus a_j^{n}</math> and <math> |\psi_{0,0}\rangle=|0\rangle,|\psi_{1,0}\rangle=|1\rangle,|\psi_{0,1}\rangle=\dfrac{1}{\sqrt{2}}(|0\rangle+|1\rangle),|\psi_{1,1}\rangle=\dfrac{1}{\sqrt{2}}(|0\rangle-|1\rangle)  </math>
#EA sends one blank ballot to each <math> V_k </math> over an authenticated channel.
*'''Casting phase''':
#Each <math> V_k</math> picks for each blank ballot fragment a vector <math>\bar{d_j} = (d^1_j , . . . , d^{n+1}_j )</math> such that: <math>(d_j^1,...,d_j^{n})\in \{0,1\}^n,d_j^{n+1}=d_j^1 \oplus ...\oplus d_j^{n}</math><p><math> \forall j \in \{1,...,w\},V_k </math>applies the unitary <math>U^{\bar{d}_j}_j=Y^{d_j^1}\otimes ... \otimes Y^{d_j^{n+1}}</math> to the blank ballot fragment <math>|\phi_{\bar{a}_j,\bar{b}}\rangle</math> where <math display="block"> Y^1=\begin{bmatrix}
    0 & -1  \\
    1 & 0 
\end{bmatrix} ,Y^0=I </math> <math>V_k</math> encodes the candidate of choice in the (n + 1)th-qubit of the last blank ballot fragments.</p>
#<p><math> V_k</math> sends the ballot to T over an anonymous channel.
</p>
*'''Tally phase''':
#EA announces <math>\bar{b}</math> to T. 
#T decodes each ballot fragment by measuring it in the basis described by vector <math>\bar{b}</math> and XORs the resulting bits and does this to each ballot fragment ending up with a string, which is the actual vote cast.
#T announces the election result.

==Further Information==

<div style='text-align: right;'>''*contributed by Sara Sarfaraz''</div>