Crypto Wiki

In cryptography, the Anonymous Veto Network (or AV-net) is a multi-party secure computation protocol to compute the boolean-OR function[1]. It presents an efficient solution to the Dining cryptographers problem.


All participants agree on a group with a generator of prime order in which the discrete logarithm problem is hard. For example, a Schnorr group can be used. For a group of participants, the protocol executes in two rounds.

Round 1: each participant selects a random value and publishes the ephemeral public key together with a Zero-knowledge proof for the proof of the exponent .

After this round, each participant computes:


Round 2: each participant publishes and a Zero-knowledge proof for the proof of the exponent . Here, the participants chose if they want to send a "0" bit (no veto), or a random value if they want to send a "1" bit (veto).

After round 2, each participant computes . If no one vetoed, each will obtain . On the other hand, if one or more participants vetoed, each will have .

The protocol design[]

The protocol is designed by combining random public keys in such a structured way to achieve a vanishing effect. In this case, . For example, if there are three participants, then . A similar idea - though in a non-public-key context - can be traced back to David Chaum's original solution to the Dining cryptographers problem[2].


  1. F. Hao, P. Zieliński. A 2-round anonymous veto protocol. Proceedings of the 14th International Workshop on Security Protocols, 2006.
  2. David Chaum. The Dining Cryptographers Problem: Unconditional Sender and Recipient Untraceability Journal of Cryptology, vol. 1, No, 1, pp. 65-75, 1988