Secure Digital Voting System Based On Blockchain Technology: Kashif Mehboob Khan, Junaid Arshad, Muhammad Mubashir Khan
Secure Digital Voting System Based On Blockchain Technology: Kashif Mehboob Khan, Junaid Arshad, Muhammad Mubashir Khan
Secure Digital Voting System Based On Blockchain Technology: Kashif Mehboob Khan, Junaid Arshad, Muhammad Mubashir Khan
uk
Provided by UWL Repository
ABSTRACT
Abstract: Electronic voting or e-voting has been used in varying forms since 1970s with fundamental
benefits over paper based systems such as increased efficiency and reduced errors. However, there
remain challenges to achieve wide spread adoption of such systems especially with respect to improving
their resilience against potential faults. Blockchain is a disruptive technology of current era and promises
to improve the overall resilience of e-voting systems. This paper presents an effort to leverage benefits of
blockchain such as cryptographic foundations and transparency to achieve an effective scheme for e-
voting. The proposed scheme conforms to the fundamental requirements for e-voting schemes and
achieves end-to-end verifiability. The paper presents details of the proposed e-voting scheme along with
its implementation using Multichain platform. The paper presents in-depth evaluation of the scheme
which successfully demonstrates its effectiveness to achieve an end-to-end verifiable e-voting scheme.
INTRODUCTION
Elections are fundamental pillar of a democratic system enabling the general public to express their views
in the form of a vote. Due to their significance to our society, the election process should be transparent
and reliable so as to ensure participants of its credibility. Within this context, the approach to voting has
been an ever evolving domain. This evolution is primarily driven by the efforts to make the system
secure, verifiable and transparent. In view of its significance, continuous efforts have been made to
improve overall efficiency and resilience of the voting system. Electronic voting or e-voting has a
profound role in this. Since its first use as punched-card ballots in 1960’s, e-voting systems have achieved
remarkable progress with its adaption using the internet technologies (Gobel et al, 2015). However, e-
voting systems must adhere to specific benchmark parameters so as to facilitate its widespread adoption.
These parameters include anonymity of the voter, integrity of the vote and non-repudiation among others.
Blockchain is one of the emerging technologies with strong cryptographic foundations enabling
applications to leverage these abilities to achieve resilient security solutions. A Blockchain resembles a
data structure which maintains and shares all the transactions being executed through its genesis. It is
primarily a distributed decentralized database that maintains a complete list of constantly germinating and
growing data records secured from unauthorized manipulating, tampering and revision. Blockchain
allows every user to connect to the network, send new transactions to it, verify transactions and create
new blocks (Rosenfeld, 2017; Kadam et al, 2015; Nakamoto, 2009). Each block is assigned a
cryptographic hash (which may also be treated as a finger print of the block) that remains valid as long as
the data in the block is not altered. If any changes are made in the block, the cryptographic hash would
change immediately indicating the change in the data which may be due to a malicious activity.
Therefore, due to its strong foundations in cryptography, blockchain has been increasingly used to
mitigate against unauthorized transactions across various domains (Nakamoto, 2009; Kraft, 2015;
Narayanan et al, 2015).
Bitcoin remains the most distinguished application of blockchain however researchers are keen to explore
the use of blockchain technology to facilitate applications across different domains leveraging benefits
such as non-repudiation, integrity and anonymity. In this paper, we explore the use of blockchain to
facilitate e-voting applications with the ability to assure voter anonymity, vote integrity and end-to-
verification. We believe e-voting can leverage from fundamental blockchain features such as self-
cryptographic validation structure among transactions (through hashes) and public availability of
distributed ledger of records. The blockchain technology can play key role in the domain of electronic
voting due to inherent nature of preserving anonymity, maintaining decentralized and publicly distributed
ledger of transactions across all the nodes. This makes blockchain technology very efficient to deal with
the threat of utilizing a voting token more than once and the attempt to influence the transparency of the
result.
The focus of our research is to investigate the key issues such as voter anonymity, vote confidentiality and
end-to-end verification. These challenges form the foundation of an efficient voting system preserving the
integrity of the voting process. In this paper, we present our efforts to explore the use of the blockchain
technology to seek solutions to these challenges. In particular, our system is based on the Prêt à Voter
approach (Ryan, 2008) and uses an open source blockchain platform, Multichain (Multichain, 2017) as
the underlying technology to develop our system. In order to protect the anonymity and integrity of a
vote, the system generates strong cryptographic hash for each vote transaction based on information
specific to a voter. This hash is also communicated to the voter using encrypted channels to facilitate
verification. The system therefore conforms with the fundamental requirements of an e-voting system as
identified by (Rura et al, 2016). More discussion around this is presented in section 2.
The rest of the paper is organized as follows: the next section presents the requirements for an e-voting
system as identified by (Rura et al, 2016) and explains how our proposed system fulfils them. Section 3
presents the state-of-the-art with respect to e-voting and how we contribute to it followed by a detailed
description of the system design in section 4. Section 5 presents the implementation of our proposed
system with Multichain and user interface along with evaluation of the system highlighting how it
achieves the requirements presented in section 2. Section 6 concludes the paper identifying current
progress and plans for further work.
E-VOTING BACKGROUND AND REQUIREMENTS
Electronic voting has been an area of research focus for many years by using computing machines and
equipment for casting votes and producing high quality and precise results in accordance with the
sentiments of the participating voters. Various attempts have been adopted in practice to support election
process. Initially computer counting system allowed the voter to cast vote on papers. Later on, those cards
went through the process of scanning and tallying at every polling cell on a central server (Kadam et al,
2015; Rockwell, 2017; Hao et al, 2010). Direct Recording Electronic (DRE) voting systems were put in
place later on which were admired and acknowledged greatly by the voters in-spite of the resistance from
computer scientists. If the voting system is well understood by the voters, the system’s usability can be
increased remarkably. DRE systems in particular have gathered a lot of successes in bringing the voters
to use this technology. These systems work more or less in the same way as any conventional election
system does. In the case of DRE, a voter begins his journey by going to their polling place and get their
token to vote where he utilizes his token at the voting terminal to vote for his candidate. When the
candidate selection procedure is completed, DRE systems present the final selection to the voter before
actually casting it (in case if the voter wants to change his opinion) and after the final selection, the ballot
casting is completed (Multichain, 2017; Dalia et al, 2012).
More recently, distributed ledger technologies such as blockchain have been used to achieve e-voting
systems primarily due to their advantages in terms of end-to-end verifiability. With properties such as
anonymity, privacy protection and non-repudiation, blockchain is a very attractive alternative to
contemporary e-voting systems. The research presented in this paper also attempts to leverage these
properties of blockchain to achieve an efficient e-voting system. A detailed analysis of such systems is
presented in the next section along with the identification of comparison with these approaches.
The generic requirements for a typical e-voting system have been defined in (Rura et al, 2016). We
present a brief description of each requirement along with an explanation of how the proposed system
fulfils it.
The system leverages cryptographic properties of blockchain to achieve privacy of a voter. More
specifically, as voter is registered into the system, a voter hash is generated by blockchain which is the
unique identifier of a voter into the blockchain, and is protected from misuse due to collision resistance
property of the cryptographic hash. Due to this, the traceability of a vote is also non-trivial thereby
protecting the voter when under duress.
Eligibility - Allowing only registered voters to vote, with each such voter voting only once
All eligible users are required to register using unique identifiers such as government-issued documents to
assert their eligibility. In addition to this, our system implements strong authentication mechanism using
finger printing technology to assert that only authorized voters can access the system. Furthermore, the
use of biometrics also enables the system to protect against double voting.
Receipt Freeness - Voters should be unable to prove to a third party that they voted in a
particular way
The proposed system enables a voter to vote as per their choice and creates a cryptographic hash for each
such event (transaction). This is important to achieve verifiability i.e. to verify if a certain vote was
included in the count. However, possession of this hash does not allow to extract information about the
way voter has voted.
Convenience - Voters must be able to vote easily, and everyone who is eligible must be
able to vote
The system has been implemented using a user friendly web based interface with the voting process
requiring minimal input from the user. For instance, fingerprinting is implemented for authentication
mechanism to avoid the requirement to remember username/passwords. Furthermore, the overall process
is integrated which enables the user to interact with it in a seamless manner.
Upon casting their vote successfully, a user is provided with their unique transaction ID in the form of a
cryptographic hash. A user can use this transaction ID to track if their vote was included in the tallying
process. However, this process does not enable a user to view how they voted which has been adopted to
mitigate threats when under duress.
The analysis presented above highlights the performance of the proposed system with respect to the
specific requirements of e-voting. It also highlights the significance of defining characteristics of
blockchain and their profound role in achieving the cornerstones of an efficient e-voting system.
Therefore, we believe the work presented here makes significant contribution to the existing knowledge
with respect to the application of blockchain technology to achieve a secure digital voting system.
RELATED WORKS
In (Kiayias & Yung, 2002), a self-tallying voting system is proposed that does not require any trusted
third parties for vote aggregation and any private channel for voter-to-voter privacy. The proposed
protocol involves extensive computation. In (Hao et al, 2010) a two round protocol is proposed that
computes the tally in two rounds without using a private channel or a trusted third party. The protocol is
efficient in terms of amputation and bandwidth consumption but is neither robust nor fair in certain
conditions (Dalia et al, 2012). In (Dalia et al, 2012) a protocol is proposed to improve the robustness and
fairness of the two round protocol (Hao et al, 2010). In (Shahandashti & Hao, 2016), authors propose E2E
verifiable voting system named DRE-ip (DRE-i with enhanced privacy), that overcomes limitations of
DRE-i (Chaum et al, 2008). Instead of pre-computing ciphertexts, DRE-ip encrypts the vote on the fly
during voting process. DRE-ip achieves E2E verifiability without TAs, but at the same time provides a
significantly stronger privacy guarantee than DRE-i. In (Chaum, 2004) end-to-end verifiability is
achieved through the Mixnet protocol (Chaum, 1981) that recovers the plaintext ballot in an unlikable
manner by randomizing the ciphertext through a chain of mix servers.
Scantegrity is proposed in (Chaum et al, 2008) that achieves end-to-end (E2E) verifiability with
confirmation codes that allow voters to prove to themselves that their ballots are included in the final tally
as they really are. Another scheme Prêt à Voter based on (Chaum, 2004) is proposed in (Chaum et al,
2005) that ensures privacy by constructing the ballot with two columns i.e. voting options are listed in one
column and the voter's choice is entered in an adjacent column. The work in (Adida & Rivest, 2006) is
based on Prêt à Voter but using homomorphic tabulation and it uses scratch stripes to allow off-line
auditing of ballots. Other systems that have been proposed for electronic voting include: Bingo Voting
(Bohli et al, 2007), Helios (Adida, 2008), DRE-i (Hao et al, 2014 ) and DRE-ip (Shahandashti & Hao,
2016), Star-Vote (Bell et al, 2013) and (Sandler et al, 2008) to name a few.
The existing approaches perform well for end-to-end verifiability without compromising the privacy of
voters. In (McCorry et al, 2017), authors presented the implementation of decentralized and self-tallying
internet voting protocol over the blockchain using Ethereum. Authors used the openvote (Chaum et al,
2008) e-voting approach as their baseline.
The focus of our research is to explore the exciting opportunities presented by blockchain technologies by
investigating their application in diverse application domains. Within this context, this paper presents our
efforts to develop an e-voting system by leveraging blockchain technology. To this end, our proposed
scheme fulfils the specific requirements for e-voting as discussed in section 2 and illustrated further in the
following sections.
REFERENCES
Adida, B.; ‘Helios (2008). Web-based open-audit voting, in Proceedings of the 17th Conference on
Security Symposium, ser. SS'08. Berkeley, CA, USA: USENIX Association, 2008, pp. 335{348.
Adida B. and Rivest, R. L. (2006). Scratch & vote: Self-contained paper-based cryptographic voting, in
Proceedings of the 5th ACM Workshop on Privacy in Electronic Society, ser. WPES '06. New York, NY,
USA: ACM, 2006, pp. 29-40.
Bell, S., Benaloh, J., Byrne, M. D., Debeauvoir, D., Eakin, B., Kortum, P., McBurnett, N., Pereira, O.,
Stark, P. B., Wallach, D. S., Fisher, G., Montoya, J., Parker, M. and Winn, M. (2013). Star-vote: A
secure, transparent, auditable, and reliable voting system, in 2013 Electronic Voting Technology
Workshop/Workshop on Trustworthy Elections (EVT/WOTE 13). Washington, D.C.: USENIX
Association, 2013.
Bohli, J. M., Muller-Quade, J. and Rohrich, S. (2007). Bingo voting: Secure and coercion- free voting
using a trusted random number generator, in Proceedings of the 1st International Conference on E-voting
and Identity, ser. VOTE-ID'07. Berlin, Heidelberg: Springer-Verlag, 2007, pp. 111-124.
Chaum, D., Essex, A., Carback, R., Clark, J., Popoveniuc, S., Sherman, A. and Vora, P. (2008)
Scantegrity: End-to-end voter-veri_able optical- scan voting, IEEE Security Privacy, vol. 6, no. 3, pp. 40-
46, May 2008.
Chaum, D. (2004) Secret-ballot receipts: True voter-verifiable elections, IEEE Security Privacy, vol. 2,
no. 1, pp. 38{47, Jan 2004.
Chaum, D. (1981) Untraceable electronic mail, return addresses, and digital pseudonym’, Commun.
ACM, vol. 24, no. 2, pp. 84{90, Feb. 1981.
Chaum, D., Ryan, P. Y. A. and Schneider, P. Y. A. (2005). A practical voter-verifiable election scheme,
in Proceedings of the 10th European Conference on Research in Computer Security, ser. ESORICS'05.
Berlin, Heidelberg: Springer-Verlag, 2005, pp. 118- 139.
Dalia, K., Ben, R. , Peter Y. A, and Feng, H. (2012) A fair and robust voting system by broadcast, 5th
International Conference on E-voting, 2012.
Hao, F., Kreeger, M. N., Randell, B., Clarke, D., Shahandashti, S. F. and Lee, P. H.-J. (2014). Every vote
counts: Ensuring integrity in large-scale electronic voting, in 2014 Electronic Voting Technology
Workshop/Workshop on Trustworthy Elections (EVT/WOTE 14). San Diego, CA: USENIX Association,
2014.
Hao, F., Ryan, P. Y. A., and Zielinski, P. (2010) Anonymous voting by two-round public discussion, IET
Information Security, vol. 4, no. 2, pp. 62-67, June 2010.
Gobel, J., Keeler, H. P., Krzesinski, A.E. and Taylor, P.G. (2015). Bitcoin Blockchain Dynamics: the
Selfish-Mine Strategy in the Presence of Propagation Delay, May 2015.
Kadam, M., Jha, P. Jaiswal, S. (2015) Double Spending Prevention in Bitcoins Network, International
Journal of Computer Engineering and Applications, August 2015.
Kiayias, A. and Yung, M. (2002) Self-tallying Elections and Perfect Ballot Secrecy. Berlin, Heidelberg:
Springer Berlin Heidelberg, 2002, pp. 141{158.
Kraft, D. (2015) Difficulty Control for Blockchain-Based Consensus System, Peer-to-Peer Networking
and Applications by Springer, March 2015.
McCorry, P., Shahandashti, S. F. and Hao. F. (2017) A smart contract for boardroom voting with
maximum voter privacy in the proceedings of FC 2017.
Multichain (2017) Open platform for blockchain applications. Available at: www.multichain.com last
accessed: December 2017.
Nakamoto., S. (2009) Bitcoin: A peer-to-peer electronic cash system, 2009 [Online]. Available:
http://bitcoins.info/bitcoin-a-peer-to-peer-electroniccash-system-satoshi-nakamoto. Last accessed:
December 2017.
Narayanan, A., Bonneau, J., Felten, E., Miller, A. and Gold, S. (2015) Bitcoin and Cryptocurrency
Technologies, Chapter 2 and 3, Draft October 2015.
Rockwell, M. (2017) Bitcongress – Process for block voting and law, http://bitcongress.org/ last
accessed: December 2017
Rosenfeld. M. (2017). Analysis of hashrate-based double-spending. [Online]. Available:
http://arxiv.org/abs/1402.2009 last accessed: December 2017.
Rura L., Issac B., and Haldar M. K. (2016) Implementation and evaluation of steganography based online
voting, International Journal of Electronic Government Research.
Ryan, P. Y. A, (2008) Prêt à Voter with Paillier Encryption, in the Mathematical and Computer
Modelling, in Vol. 48, issue 9-10,1646-1662, 2008.
Shahandashti, F. S. and Hao, F. (2016) DRE-ip: A Verifiable E-Voting Scheme without Tallying
Authorities, the 21st European Symposium on Research in Computer Security (ESORICS), 2016.
Shahandashti S. F. and Hao, F. (2016). DRE-ip: A Verifiable E-Voting Scheme Without Tallying
Authorities. Cham: Springer International Publishing, 2016, pp. 223-240.
Sandler, D., Derr, K. and Wallach, D. S. (2008) Votebox: A tamper-evident, verifiable electronic voting
system, in Proceedings of the 17th Conference on Security Symposium, ser. SS'08. Berkeley, CA, USA:
USENIX Association, 2008, pp. 349{364}.
AUTHOR BIOGRAPHIES
Kashif Mehboob Khan is a PhD student in information security at the N.E.D. University
Karachi, Pakistan. Kashif graduated in Computer Engineering from Sir Syed University of Engineering &
Technology in 2005-2006 followed by Master in C.S. & I.T. from N.E.D University of Engineering &
Technology in 2009.
Junaid Arshad is a Senior Lecturer in cyber security emphasising impact of novel and emerging
technological paradigms such as blockchain, distributed systems, cloud computing and big data.. He has
worked as distributed systems security specialist for a number of EU funded projects focusing on mitigating
specific security threats to the project partners. Dr. Junaid Arshad has been actively involved in publishing
high quality research within this field and has a number of publications at high quality venues including
journals, book chapter, conferences and workshops. Dr. Junaid Arshad has served on Program and Review
Committee of a number of journals and conferences.