Abstract—The ultimate goal in modern secure e-voting is
to enable everyone to verify whether the final election
result correctly reflects the votes chosen by the (human)
voters, without exposing how each individual voted. These
fundamental security properties are called end-to-end veri-
fiability and voter privacy. Unfortunately, it turns out to be
very challenging to pursue these properties simultaneously,
especially when the latter must be future-proofed against the
rise of quantum computers. In this work, we show, for the
first time, a practical approach to do this.
We present Epoque, the first end-to-end verifiable, voterprivate, post-quantum-secure homomorphic e-voting protocol. It achieves its properties through the combination
of practical lattice-based cryptographic primitives only, in
a novel way. We formally prove all our security claims
under common trust and hardness assumptions. At the
core of Epoque lies an efficient identity-based encryption
(IBE) scheme with blazingly fast master-key decryption.
It is the component that makes the efficient tallying of
thousands or millions of ballots a practical possibility. In
order to demonstrate its practicality, we fully implemented
it and provide detailed benchmarks; we believe this latter
contribution is of independent interest beyond the specific
e-voting application.