Secure Voting

Download as pdf or txt
Download as pdf or txt
You are on page 1of 9

The International Arab Journal of Information Technology, Vol. 20, No.

2, March 2023 253

Secure Blockchain-Based Electronic Voting


Mechanism
Pin-Chang Su Tai-Chang Su
Department of Information Management, National Department of Information Management, National Defense
Defense University, Taiwan University, Taiwan
[email protected] [email protected]

Abstract: Many countries have strived to popularise electronic voting (e-voting), but owing to various security concerns, large-
scale elections are still invariably held using paper ballots. Electronic voting systems must find solutions to various issues with
authentication, data privacy and integrity, transparency, and verifiability. On the other hand, Blockchain technology offers an
innovative solution to many of these problems. In this study, we constructed a private blockchain network with a large number
of nodes, which is only accessible to the relevant voters. Because of its decentralised design, the system is robust against attacks
by malicious actors. The security of the system was enhanced using an elliptic curve discrete logarithm problem-based blind
multi-document signcryption mechanism. As this mechanism can be used to blindly sign and encrypt multiple voting documents
in a single pass, it will minimise redundant signing processes and thus improve efficiency. Furthermore, a self-certification
mechanism was used in lieu of centralised certificate servers, so that the voters can participate in the computation of public and
private keys. In summary, we designed an electronic voting mechanism that is sufficiently secure for practical purposes, which
will improve trust in e-voting, and reduce the costs associated with vote checking.

Keywords: Blockchain, e-voting, blind multi-document signcryption, self-certification.

Received July 21, 2021; accepted November 7, 2022


https://doi.org/10.34028/iajit/20/2/12

1. Introduction nature of blockchains can be used to ensure


transparency in voting processes. A blockchain can be
Owing to advances in digital and Internet technologies, categorised as a public, private, or consortium chain,
it is now possible to conduct conversations, discussions, depending on its level of centralisation. Because the
and even voting through the Internet to make group proposed e-voting mechanism is only meant for voters
decisions. However, most large-scale elections are still and the objective of this study was to create a relatively
conducted using paper ballots. In addition to being cost-efficient, safe, and fast blockchain mechanism,
labour-intensive, paper voting makes it difficult for private blockchains were deemed to be optimal for our
voters who are working or studying overseas to purposes.
participate in voting processes. These problems can be Blind Signatures was first proposed by Chaum [4],
solved using electronic voting (e-voting). For instance, who presented a blind Rivest Shamir Adleman (RSA)
the 2020 U.S. presidential election was conducted using signing scheme that allows a signer to sign a message
paper ballots and e-voting machines. Although these from a message author without revealing its contents,
machines are more cost- and labour-efficient than paper ensuring privacy. However, this scheme has security
ballots, voters were required to submit their votes in problems pertaining to message integrity, untraceability,
person. [17] Furthermore, e-voting machines are costly and non-repudiation. Camenisch et al. [3] proposed a
to purchase and maintain. Therefore, an Internet-based blind signing framework based on the Discrete
e-voting mechanism would be far more convenient for Logarithm Problem (DLP), whose security lies in the
voters. difficulty of solving the DLP. However, Harn [10]
Any e-voting system that is being used to replace showed that the framework of Camenisch et al. cannot
paper ballots will inevitably attract concerns regarding be used to achieve untraceability. Horster et al. [11] then
security. To address these, blockchain technology, argued that the proof of Harn is incorrect. Lee et al. [14]
which is the basis of the Bitcoin cryptocurrency [16], showed that the comments of Horster et al. [11] were
can be employed. In essence, blockchains are improper; they also designed another DLP-based blind
decentralised databases that use a consensus mechanism signature scheme that ensures untraceability. Jeng et al.
to record a ledger of the data they store. Because a [12] proposed a blind signature scheme based on
blockchain is collectively stored in multiple nodes, any Elliptic-Curve Cryptography (ECC), which is capable
attempt to manipulate its data will be immediately of achieving untraceability while being computationally
detected. The decentralised, immutable, and anonymous efficient. In a departure from conventional e-signature
254 The International Arab Journal of Information Technology, Vol. 20, No. 2, March 2023

algorithms, Zheng [25] proposed a cryptographic calculate the public and private keys by themselves to
technique called signcryption, which combines the alleviate the concerns of impersonation by the
functions of digital signatures and symmetric certificate authority as a trusted third party. For
encryption. This approach provides the security verifying such a design, the BAN-Logic and several
functions of signatures and encryption while being security features are used to prove that it serves as a
significantly more efficient than DLP-based signature- mechanism with sufficient security, and that it enhances
then-encryption approaches. Yu [24] proposed a blind the voters’ level of trust in electronic voting. The extra
signcryption scheme combining encryption with blind costs for re-verifying the voting results due to voters’
signatures, which allows documents to be transferred in distrust are therefore reduced. The paper is organized as
a secure and untraceable manner. However, this scheme follows. In the next section, we briefly introduce
does not exhibit the avalanche effect, which limits its blockchain technology, electronic voting mechanism
security and efficiency. To address this weakness, Su et and electronic signatures. In section 3, we propose an
al. created an ECC-based blind multi-document original essay to construct an electronic voting scheme
signcryption mechanism [20] that scrambles all for blind digital signatures. In section 4, we evaluate the
documents into ciphertext using a knapsack problem- performance of the proposed solution and prove its
based signcryption algorithm, giving rise to the security features. Finally, section 5 describes concluding
avalanche effect without increasing the computational the paper.
complexity. This scheme also significantly reduces the
number of signing instances, thus improving the 2. Literature Review
efficiency while ensuring security.
Self-certified public-key cryptography was In this section, we present an extensive review of the
introduced by Girault [9], with the aim of allowing users research literature on blockchain, e-voting, and e-
to participate in the computation of public and private signature technologies, to establish a foundation for this
keys during the authorisation stage. Thus, the users can study.
independently certify their identities without identity
verification by a certificate authority, which addresses 2.1. Blockchain Technology
the weaknesses of other identity-verification methods. In recent years, blockchain technology has become very
This provides a high level of security, reduces the key- popular and been used in different domains, such as
management burden, and allows for fast identity healthcare, IoT, supply chain, etc., [5, 8, 18]. The
verification. In the present work, an ECC-based self- concept of a smart contract was proposed by prolific
certification mechanism (instead of the RSA-based cross-disciplinary legal scholar Nick Szabo, who
scheme of Su et al. [21]) was used to design an identity- defined it as follows: ‘A smart contract is a set of
verification scheme for all the roles in our e-voting promises defined in digital form, including agreements
system. A formal logic analysis was then performed on which contract participants can execute these
using the Burrows–Abadi–Needham logic (BAN logic) commitments’. Smart contracts are specified in
method [1] to validate the completeness of the proposed algorithmic form and executed using computers; thus,
mechanism. they can be safer than conventional contracts. Therefore,
Electronic voting is becoming a more essential and smart contracts reduce contract-related transaction costs
widespread issue in the context of blockchain and [22]. In 2013 Buterin [2] the inventor of Ethereum-
information systems. The unique characteristics of this published a white paper about Ethereum called ‘A Next-
technology, such as decentralization and immutability, Generation Smart Contract and Decentralized
were crucial in ensuring that the voting system followed Application Platform’. This paper states that Ethereum
the same norms as more conventional elections and allows users to write smart contracts and decentralized
voting fields. Democracy is founded on voting and will applications where they can create their own arbitrary
not work well if people do not trust the voting system rules for ownership, transaction formats and state
[15]. This analysis gives our rise to an alternative kind transition functions. Wood [23] further noted that
of cryptosystem. In this work, our aim is to highlight the Ethereum is a decentralised blockchain-based
security concerns of the existing blockchain electronic cryptocurrency that can be used to execute any code
voting protocol. Relying on its transparency, within a smart contract. In the Ethereum system, the
decentralization, verifiability and other characteristics, Ethereum Virtual Machine (EVM) is a closed
the trusted third parties become replaceable, and the environment where all contract code is executed in
voters’ level of trust in the mechanism can be enhanced. isolation from the outside world. In this environment, it
In addition, the blind signature mechanism with the is possible to restrict access rights between different
complexity as the elliptic curve discrete logarithmic smart contracts. In Ethereum blockchains, smart
problem is used to strengthen the security features contracts are written using the Solidity language and
related to electronic voting. Last but not least, the self- then compiled into code that can be executed by the
certification mechanism is introduced to replace the EVM. In summary, Ethereum is a full-featured
centralized certificate authority, so that the voters can blockchain application platform that can be fully
Secure Blockchain-Based Electronic Voting Mechanism 255

isolated from the outside world, which has well-rounded 2.3. Electronic Signatures
development tools. For these reasons, we chose to
design our secure e-voting mechanism using Ethereum Su et al. [20] proposed an ECC-based blind multi-
private blockchains and smart contracts. document signcryption mechanism that is
computationally efficient owing to the short length of
the ECC keys. In the blinding phase, the data are divided
2.2. E-Voting
into multiple blocks, and each document is divided in
As its name suggests, e-voting is defined as the use of half before being hashed. The plaintext is then
electronic devices (instead of paper ballots) for voting. converted into points via plaintext-to-point mapping.
According to Khan et al. [13], e-voting refers to the use Finally, a blinding factor is used to blind the messages,
of e-voting machines for voting. As this approach uses followed by the signing, unblinding, and verification
expensive voting machines and requires the voter to cast stages. This approach significantly reduces the
their votes in person, it is not relevant to the present computational costs and outperforms encryption
study. In contrast, Internet voting (I-voting) refers to the algorithms such as RSA and ElGamal with regard to the
use of the Internet to facilitate voting processes. I-voting execution efficiency.
does not require voters to be present at polling stations.
Instead, the voter uses a suitable electronic device (a 3. System Design
personal computer, tablet, or smartphone) to connect to
the voting system, verify his/her identity by inputting The proposed system is based on blind signcryption and
their ID and password, and then submit his/her vote blockchain technology. First, an Ethereum private chain
once the system has confirmed eligibility (e.g., the voter is used to create a secure electronic voting mechanism.
is not attempting to vote twice). The vote is then On this private chain, the smart contracts for the voting
transmitted in encrypted form to a vote-tallying centre, and vote-tallying processes are published to ensure
where a computer system is used to tally all the votes at transparency in the voting process. An Elliptic Curve
the end of the voting period. Here, we describe the Discrete Logarithm Problem (ECDLP)-based blind
electronic voting systems proposed by Song and Cui [19] multi-document signcryption scheme is then used to
and Zhou and Yan [26]. enhance the security of the system. This also improves
the efficiency by eliminating redundant signing
2.2.1. E-Voting Mechanism of Song and Cui processes. A self-certification mechanism with Girault’s
Level-3 security is used instead of a centralised trust
Song and Cui [19] proposed an e-voting mechanism that server, so that the voters can participate in the
uses a blind signature scheme based on RSA and computation of public and private keys. This
ElGamal encryption. The ElGamal encryption system mechanism prevents voter impersonation by
was proposed by ElGamal [7], and the security of this untrustworthy certificate authorities, reduces the
scheme is based on the difficulty of the DLP. The e- computational and storage burdens of the certificate
voting scheme of Song and Cui consists of five stages: server, and improves the execution efficiency. The
key generation, identity verification, ballot blinding, architecture and processes of the proposed e-voting
voting, and vote tallying. Key generation is performed system are described below.
using the RSA scheme, followed by ballot blinding
using the ElGamal blind signature scheme. Finally, 3.1. System Architecture
voting and vote tallying are performed via the
transmission of XML files. The architecture of the proposed system is shown in
Figure 1. The voters and smart contracts are registered
2.2.2. Blockchain-Based Anonymous E-Voting by the certificate authority through the blockchain
Protocol network, and they participate in the computation of
Zhou and Yan [26] proposed an e-voting protocol based public/private keys and signatures. The voter and voting
smart contract then mutually authenticate each other,
on blind signatures and timed-release encryption that
while the ballots are encrypted by a one-time encryption
operates using Ethereum smart contracts. In this system,
blind signatures are used to authenticate voter identities, scheme. When the ballot ciphertext is passed to the vote-
protect their privacy, and prevent losses of anonymity tallying smart contract, a ciphertext digest is generated,
due to external attacks. The timed-release encryption which is blinded and then sent to the voting smart
contract. Next, the voting smart contract passes the
algorithm is used for simultaneous vote tallying at the
digest (signature) of the blinded ciphertext to the vote-
end of the election, which ensures uniqueness and
fairness. Smart contracts are used to replace trusted third tallying smart contract. Finally, the vote-tallying smart
parties; in effect, this creates a trust-free system that contract unblinds, verifies, and decrypts the votes.
guarantees the integrity and security of the voting
process.
256 The International Arab Journal of Information Technology, Vol. 20, No. 2, March 2023

E(Fq) such that

𝑑‧𝐺 = 𝑂 (1)

Where O represents the infinity point of the elliptic


curve. Two collision-free one-way hash functions, i.e.,
h1() and h2(), are then chosen to compute the key and
message.
𝑆 = 𝑛 ‧𝐺
𝐷 𝐷
(2)

E, G, q, SD, h1(), and h2() are then publicised.


2. Registration of voters and smart contracts (using
voter A as exemplar)
Figure 1. Operational architecture of the system. The voter A selects a random encryption parameter 𝑟𝐴 ∈
[2, 𝑛 − 2] to generate the signature file VA and then
3.2. Procedures and Algorithms of System passes idA (the ID of the voter) and VA to the certificate
authority D. VA is calculated as Equation (3):
The procedures of the system can be divided into eight
stages: initialisation, identity verification, encryption, 𝑉𝐴 = ℎ1 (𝑟𝐴 || 𝑖𝑑𝐴 )𝐺 (3)
blinding, signing, unblinding, signature verification,
The certificate authority D then selects a secret
and decryption.
parameter 𝑟𝐷 ∈ [2, 𝑛 − 2] to calculate the verification
3.2.1. Initialisation key and signature of voter A, i.e., PKA and WA,
respectively, and passes them back to the voter A. PKA
During initialisation, the election centre configures the and WA are given as Equations (4) and (5):
parameters of the encryption system and the smart (4)
𝑃𝐾𝐴 = 𝑉𝐴 + (𝑟𝐷 − ℎ1 (𝑖𝑑𝐴 ))𝐺 = (𝑞𝐴𝑥 , 𝑞𝐴𝑦 )
contracts on the private blockchain (Table 1).
𝑊𝐴 = 𝑟𝐷 + 𝑛𝐷 (𝑞𝐴𝑥 + ℎ1 (𝑖𝑑𝐴 )) (5)
Table 1. System parameters.
The voter A uses the parameters returned by the
Item Symbol Description
certificate authority (verification key PKA and signature
Participants of the system, i.e., the voter, voting
WA) to generate his/her own private key nA and uses WA
1 A, B, C, D smart contract, vote-tallying smart contract, and to validate PKA. nA is given as Equation (6)
certificate authority, respectively
ID information of z, with z being the identity of 𝑛𝐴 = [ 𝑊𝐴 + ℎ1 (𝑟𝐴 || 𝑖𝑑𝐴 ) ] (6)
2 𝑖𝑑𝑧
the participant
The voter A then calculates his/her public key SA as
3 𝑆𝑧 , 𝑛𝑧 Public and private keys of z
Equation (7):
4 𝑟𝑧
Value randomly selected when calculating the 𝑆𝐴 = 𝑛𝐴 𝐺 (7)
correlation value of z
5 𝑉𝑧 Signature for the registration application of z The same procedures are used to register the voting and
Verification key obtained by z after registration vote-counting smart contracts with the certificate
6 𝑃𝐾𝑧 authority D. Once all the participants have registered
with the certificate authority
Signature calculated by the certificate authority with the certificate authority and thus obtained their
7 𝑊𝑧
and z
Hash function (value to value), hash function verification keys and signatures (PKz and Wz), they can
8 ℎ1 ( ), ℎ2 ( )
(point series to value) independently calculate their public and private keys
Function for converting the message into elliptic- and verify the correctness. Additionally, they can
9 𝑓𝑚2𝑝 ( )
curve points
Function for converting elliptic-curve points into authenticate their identities with parties that require
10 𝑓𝑝2𝑚 ( )
a message identity validation using (idz, PKz, Sz) without relying on
11 w 0–1 knapsack value of the vote information the certificate authority D.
12 b Blinding factor
3.2.2. Identity Verification
13 m Vote information At this point, the voter A and voting smart contract B
14 M Hash of the vote information have obtained valid identity certificates from the
Set the start- and end-time nodes of the voting certificate authority D. If the voting smart contract B
15
and vote-tallying smart contracts receives (idA, PKA, SA) from the voter A, it authenticates
the voter A via the Equations (8 and 9):
1. Key generation by certificate authority
𝑆𝐴 ′ = 𝑃𝐾𝐴 + ℎ1 (𝑖𝑑𝐴 ) 𝐺 + [(𝑞𝐴𝑥 + ℎ1 (𝑖𝑑𝐴 ))].𝑆𝐷 (8)
The certificate selects a secure elliptic curve E(Fq) in the
finite domain Fq, where q represents a prime larger than 𝑆𝐴 ′ ≟ 𝑆𝐴 (9)
160 bits, and then selects a base point G of order d on
Secure Blockchain-Based Electronic Voting Mechanism 257

Similarly, the voter A authenticates the voting smart 𝐶𝑛 = [𝑃𝑛 + 𝑥𝑛 ‧𝐶𝑛−1 + 𝑟𝐴 ‧𝑆𝐶 ] (25)
contract B using Equation (10):
𝑆𝐵 ′ ≟ 𝑆𝐵 (10) 𝐶̅ = {𝐶0 , 𝐶1 , 𝐶2 , … , 𝐶𝑛 } (26)

Once the identities of both parties are successfully h2() is used to process the ciphertext 𝐶̅ to generate the
authenticated, the voting smart contract B sends n ciphertext digest M:
ballots to the voter A. (27)
ℎ2 (𝐶̅ ) = 𝑀
3.2.3. Encryption 3.2.4. Blinding
After the voter A has received the ballots and submitted The public key of the vote-tallying smart contract C, i.e.,
a vote, the cleartext contents of the votes are divided SC, and the random value rA are used by the voter A to
into “n” blocks, as Equation (11): blind the ciphertext digest M, via the following
Equations (28 and 29):
𝑚𝑖𝑗 = 𝑚11 ,𝑚12 ,…,𝑚𝑛1 ,𝑚𝑛2 ,1 ≤ 𝑖 ≤ 𝑛 (11)
𝑋 = [𝑓𝑚2𝑝 (𝑟𝐴 ) + 𝑛𝐴 ‧𝑆𝐶 ] (28)
Each document is divided into two blocks. The mij
cleartext is then hashed by converting the cleartext into (29)
points via cleartext-to-point mapping, as Equations (12- 𝑌 = 𝑟𝐴 ‧𝑀‧𝑆𝐶
14):
X, the ciphertext 𝐶̅ , and the random values rA and RA are
𝑚𝑖𝑗 = {𝑚11 ,𝑚12 ,…,𝑚𝑛1 ,𝑚𝑛2 }
̅̅̅̅̅ (12) then passed to the vote-tallying smart contract C, while
the blinded ciphertext digest Y is sent to the voting smart
ℎ2 (𝑚
̅̅̅̅̅)
𝑖𝑗 = 𝑚) (13) contract B for signing.
𝑓𝑚2𝑝 (𝑚) = 𝑃1 , 𝑃2 , … , 𝑃𝑛 (14)
3.2.5. Signing
The following Equation (15) is assumed:
After the voting smart contract B receives Y from the
𝑥̅ = {𝑥1 , 𝑥2 , … , 𝑥𝑖 } ∈ (0,1) (15) voter A, it uses its private key nB on Y to generate the
If xi is 1 while xi+1 is 0, the point “≫ 1” is right-shifted signed document MS:
by one block. If xi is 0 and xi+1 is 1, the point “≪ 1” is
𝑀𝑆 = 𝑛𝐵 ‧𝑌 (30)
left-shifted by one block. If xi is 1 and xi+1 is 1, the point
“≫ 3” is right-shifted by three blocks. If xi is 0 and xi+1 The signed document MS is then passed to the vote-
is 0, the point “≪ 3” is left-shifted by three blocks. tallying smart contract C.
if 𝑥𝑖 = 1;𝑥𝑖+1 = 0 ≫ 1 (16)
3.2.6. Unblinding
(17)
𝑥𝑖 = 0;𝑥𝑖+1 = 1 ≪ 1 After the vote-tallying smart contract C receives the
(18) ciphertext 𝐶̅ , rA, RA, and X from the voter A and the
if 𝑥𝑖 = 1;𝑥𝑖+1 = 1 ≫ 3 signed document MS from the voting smart contract B,
(19) it applies h2() to the ciphertext 𝐶̅ from the voter A to
𝑥𝑖 = 0;𝑥𝑖+1 = 0 ≪ 3 generate a second ciphertext digest M’. It then uses its
private key nC and the public key SA of the voter A to
The binary number w is then calculated: unblind the signed document MS. This process is
(20) described by the following Equations (31 and 32):
𝑤 = {𝑥1 ‧21−1 , 𝑥2 ‧22−2 , … , 𝑥𝑛 ‧2𝑛−𝑛 }
ℎ2 (𝐶̅ ) = 𝑀´ (31)
A random value rA, where 𝑟𝐴 ∈ 𝑍𝑛∗ and 𝑟𝐴 ∈ [2, 𝑛 −
2], is used to compute 𝑓𝑚2𝑝 (𝑟𝐴 ) = 𝑋 − 𝑛𝐶 ‧𝑆𝐴 (32)

(21)
𝑅𝐴 = 𝑟𝐴 ‧𝐺 3.2.7. Signature Verification
The vote-tallying smart contract C then computes MS’
The public key of the vote-tallying smart contract C and
and thus verifies M’ using the public key of the voting
rA are then used to encrypt the ciphertext:
smart contract B, i.e., SB, as Equations (33 and 34):
𝐶0 = [𝑓𝑚2𝑝 (𝑤, 𝑚) + 𝑟𝐴 ‧𝑆𝐶 ] (22) 𝑟𝐴 = 𝑓𝑝2𝑚 [𝑓𝑚2𝑝 (𝑟𝐴 )] (33)
(23)
𝐶1 = [𝑃1 + 𝑥1 ‧𝐶0 + 𝑟𝐴 ‧𝑆𝐶 ] (23) 𝑀𝑆´ = 𝑟𝐴 ‧𝑀´‧𝑛𝐶 ‧𝑆𝐵 (34)

𝐶2 = [𝑃2 + 𝑥2 ‧𝐶1 + 𝑟𝐴 ‧𝑆𝐶 ] (24)


258 The International Arab Journal of Information Technology, Vol. 20, No. 2, March 2023

The vote-tallying smart contract C then compares MS’ distribution, ensuring voter privacy, and securely
with MS: transferring the contents of each vote. In this section, a
(35) BAN logic analysis is performed to verify the security
𝑀𝑆´ ≟ 𝑀𝑆
of the self-certified framework. Additionally, our
If MS’ and MS are equal, MS’ is unaltered, and the system is analysed with regard to security metrics, for
signature of the vote-tallying smart contract C is valid. predicting the security level of the system and
comparing its benefits with those of other e-voting
systems.
3.2.8. Decryption
The vote-tallying smart contract C uses its private key 4.1. BAN Logic
nC and RA to decrypt the ciphertext 𝐶̅ : BAN-Logic is a logical concept used to analyse
information exchange protocols. It can help each
𝑓𝑚2𝑝 (𝑤, 𝑚) = 𝐶0 − 𝑛𝐶 ‧𝑅𝐴 (36)
participant to trust the exchanged messages through
(37) necessary assumptions and it is a widely employed
(𝑤, 𝑚) = 𝑓𝑝2𝑚 [𝑓𝑚2𝑝 (𝑤, 𝑚)]
method for analysing authentication protocol [1].
w is converted back into a series of numbers, 𝑥̅ . In this Prior to the first transaction, the participants of our
binary series, if xi is 1 and xi+1 is 0, the point is left- system mutually authenticate each other to ascertain
shifted by one block. If xi is 0 and xi+1 is 1, the point is whether they are authorised users. Therefore, BAN-
right-shifted by one-block. If xi is 1 and xi+1 is 1, the logic analysis is performed to determine whether the
point is left-shifted by three blocks. If xi is 0 and xi+1 is voter A and smart contract SC—the two parties involved
0, the point is right-shifted by three blocks. in the self-certification mechanism—can trust the public
key S that they send to each other. If so, this proves the
𝑤 = {𝑥1 ‧21−1 , 𝑥2 ‧22−2 , … , 𝑥𝑛 ‧2𝑛−𝑛 } (38)
correctness and security of the proposed e-voting
(39) mechanism. The BAN-logic analysis is used to prove
if𝑥𝑖 = 1;𝑥𝑖+1 = 0 ≪ 1 that the goals of the proposed mechanism can be
(40) achieved. The goals of the mechanism are formalised as
𝑥𝑖 = 0;𝑥𝑖+1 = 1 ≫ 1 follows:
(41) Goal 1: 𝑆𝐶| ≡ 𝑆𝐴
if 𝑥𝑖 = 1;𝑥𝑖+1 = 1 ≪ 3
Goal 2: A| ≡ 𝑆𝑆𝐶 .
(42)
𝑥𝑖 = 0;𝑥𝑖+1 = 0 ≫ 3 First, the protocol messages of the proposed mechanism
(43) must be expressed using BAN-logic syntax to ensure
𝑥̅ = {𝑥1 , 𝑥2 , … , 𝑥𝑛 }
notational consistency in the subsequent derivation. The
The ciphertext 𝐶̅ is decrypted as Equation (44-48): amended expressions of the messages are shown below:
𝑃1 ′ = [𝐶1 − 𝑥1 ‧𝐶1−1 − 𝑛𝐶 ‧𝑅𝐴 ] (44)
Message 1: 𝐴 → 𝑆𝐶:(𝑃𝐾𝐴 , 𝑆𝐴 , 𝐼𝐷𝐴 )
(45)
𝑃2 ′ = [𝐶2 − 𝑥2 ‧𝐶2−1 − 𝑛𝐶 ‧𝑅𝐴 ] Message 2: 𝑆𝐶 → 𝐴:(𝑃𝐾𝑆𝐶 , 𝑆𝑆𝐶 , 𝐼𝐷𝑆𝐶 ).
(46)
𝑃𝑖 ′ = [𝐶𝑖 − 𝑥𝑖 ‧𝐶𝑖−1 − 𝑛𝐶 ‧𝑅𝐴 ] The following assumptions are proposed for our
(47) system, to facilitate further analysis.
𝑃̅ ′ = {𝑃1 ′, 𝑃2 ′, 𝑃3 ′, … , 𝑃𝑛 ′}
Assumption 1: 𝐴| ⇒ 𝑟𝐴
𝑓𝑝2𝑚 (𝑃̅ ′) = ̅̅̅̅̅′
𝑚𝑖𝑗 (48)
Assumption 2: 𝑆𝐶| ≡ 𝐴| ∼ (𝐼𝐷𝐴 , 𝑑𝐴 )
̅̅̅̅̅′
𝑚𝑖𝑗 is a set consisting of multiple votes. Assumption 3: 𝑆𝐶| ⇒ 𝑟𝑆𝐶
Another one-time hash is performed on ̅̅̅̅̅´
𝑚𝑖𝑗 using h2() Assumption 4: 𝑆𝐶| ≡ 𝐶𝐴| ∼ 𝑊𝐴
to obtain m': Assumption 5: 𝐴| ≡ 𝐶𝐴| ∼ 𝑊𝑆𝐶
ℎ2 (𝑚
̅̅̅̅̅′) Assumption 6: 𝐴| ≡ 𝑆𝐶| ∼ (𝐼𝐷𝑆𝐶 , 𝑟𝑆𝐶 )
𝑖𝑗 = 𝑚′
Assumption 7: 𝐴| ≡ 𝑆𝐶| ≡ (𝑛𝑆𝐶 , 𝐶𝐴| ∼ 𝑃𝐾𝑆𝐶 )
The contents of the vote are validated by comparing m Assumption 8: 𝑆𝐶| ≡ 𝐴| ≡ (𝑛𝐴 , 𝐶𝐴| ∼ 𝑃𝐾𝐴 )
with m'. If the vote is valid, it is included in the voting Assumption 9: 𝐴| ≡ 𝐼𝐷𝑆𝐶
results. Assumption 10: 𝑆𝐶| ≡ 𝐼𝐷𝐴
According to these assumptions and the rules of BAN
4. Security and Benefits Analysis logic, we will prove that the voter A and smart contract
We presented a blockchain-based e-voting system that SC can trust the authentication messages that they send
uses smart contracts, ECC-based blind multi-document to each other through the self-certification mechanism.
signcryption, and self-certified public-key When SC receives Message 1, it can be proved that
cryptography. The system is capable of secure key SC can see the message sent by A:
Secure Blockchain-Based Electronic Voting Mechanism 259

SC ⊲ (𝑃𝐾A , 𝑆A , 𝐼𝐷A ). 4.2.2. Integrity


By jurisdiction,
Integrity is the characteristic that prevents the alteration
SC ⊲ (𝑆A ). of data during their transmission and ensures the
According to Equations (6) and (7) and Assumptions 1, accuracy and completeness of all the data in the system.
2, and 4, the following can be inferred: In the proposed system, the ciphertext digest signed by
the voting smart contract B is hashed by the voter A
𝑆𝐶| ≡ A| ⇒ 𝑆𝐴 and 𝑆𝐶| ≡ A| ≡ 𝑆𝐴 .
using the one-way hash function h2(), in accordance
Therefore, according to the jurisdiction rules, it can be with Equation (13). If a third party intercepts the
proved that ciphertext sent by the voter A and sends a falsified or
altered ciphertext to the vote-tallying smart contract C,
SC| ≡ 𝑆𝐴 (Goal 1).
the irreversibility of the one-way hash ensures that the
Because the registration processes of nSC and SSC for SC ciphertext digest produced during signature verification
are identical to those for the voter A, after A receives will not match the correct signature. Hence, if a vote is
Message 2, the following can be proved using verified by the vote-tallying smart contract C, the
Assumptions 3, 5, and 6: contents of the vote must be correct and complete,
because the hash function produces the same ciphertext
A| ≡ SC| ⇒ 𝑆𝑆𝐶 and A| ≡ SC| ≡ 𝑆𝑆𝐶 .
digest. It is thus proven that the proposed system can
It is then proved by jurisdiction that
ensure vote integrity.
A| ≡ 𝑆𝑆𝐶 (Goal 2).
According to the aforementioned assumptions and goals, 4.2.3. Authenticity
it can be concluded that the participants and smart Authenticity pertains to the ability of the receiver to
contracts can both trust the PK, S, and ID that they send authenticate the message and ensure that the message
to each other. Therefore, a certificate authority is not came from the announced sender. In the proposed
necessary for identity verification, and the proposed mechanism, the sender is the voter A, and the receiver is
system satisfies the requirements for self-certification. the voting smart contract B. During identity verification,
Furthermore, the participants have jurisdiction over the voting smart contract B may use Equations (18) and
their random values (r), which prevents impersonation (19) to verify the identity of the voter A. If a third party
by a third party. The security of the proposed self- wishes to impersonate the voter A, it must brute-force a
certification mechanism is thus proven. Hence, the solution for the ECDLP. Hence, the proposed
participants and smart contracts in the system can trust mechanism ensures identity authenticity.
each other.
4.2.4. Anonymity
4.2. Security Analysis
In the context of this study, anonymity is the
In this section, we summarize the security items characteristic that prevents the signatory from knowing
regulated by VVSG 2.0 [6] and analyse the security of the contents of the documents that they sign. Because
the proposed ECDLP-based e-voting mechanism with the voting smart contract B only signs ciphertext digests
regard to confidentiality, integrity, authenticity, of the votes, it cannot infer the contents of the votes.
anonymity, non-repudiation, and untraceability. Furthermore, the ciphertext digest from the voter A has
been blinded via the blind-signature technique, in
4.2.1. Confidentiality accordance with Equations (28) and (29). The random
Confidentiality is the characteristic that prevents data number k is used to ensure that the ciphertext digest is
(i.e., documents and their contents) from being accessed always changing, which prevents the voting smart
by or revealed to unauthorised individuals, entities, or contract B from correlating ciphertext digests with vote
programs during their transmission. Therefore, if a data. This ensures the anonymity of the voter A in the
system ensures confidentiality, no parties other than the signing process.
sender and receiver may access the contents of the
transmitted data. In our system, the voter A uses his/her 4.2.5. Non-Repudiation
private key nA and the public key of the vote-tallying Non-repudiation refers to the ability to prove that an
smart contract C, i.e., PKC, to encrypt his/her vote action or event occurred in the past, so that the parties
message, in accordance with Equation (25). If an involved in the action or event cannot deny its
external party intercepts this encrypted message, it occurrence. Because the certificates of the voter A are
cannot decrypt the ciphertext without brute-forcing a solely possessed by the voter A, once the voting smart
solution for the ECDLP, because it does not possess the contract B has verified the voter A by receiving his/her
aforementioned public or private keys. Therefore, the certificate and thus accepted his/her vote, the voter A
proposed mechanism provides vote confidentiality. cannot repudiate his/her vote to submit a second vote.
Although the voter A can decide whether they wish to
260 The International Arab Journal of Information Technology, Vol. 20, No. 2, March 2023

submit a vote after receiving their ballots, they are only multi-voting) and thus reduces the computational loads
allowed to vote once. Furthermore, because nB belongs of the voting system. This private blockchain-based
to the voting smart contract B alone, its signature electronic voting mechanism is convenient and practical
(Equation (30)) can be verified by the vote-tallying and fulfils all security requirements for E-voting,
smart contract C using Equation (34). This prevents the including confidentiality, integrity, authenticity,
voting smart contract B from repudiating its signature. anonymity, non-repudiation, and untraceability. It will
allow election organisers to quickly analyse voting
4.2.6. Untraceability results and obtain useful and objective data, facilitating
In this context, untraceability refers to the impossibility the management of the multilevel elections.
of tracing the contents of a vote to a voter. Because Furthermore, the self-certification mechanism helps to
voting smart contract B only signs the ciphertext digest prevent identity forgery during certificate issuance and
Y (Equation (29)), it cannot infer the contents of the vote reduces the costs associated with the storage and
from the voter A. Furthermore, because the vote-tallying management of public keys. In the future, we will
smart contract C only uses its own private key nC to investigate the possibility of including weights in the
decrypt the votes (Equation (46)), it cannot identify the ballots and voting population, to give more weight to
voter A from the contents of the vote. This ensures the expert opinions and thus improve the diversity and
untraceability of the voter A. reliability of the voting process with regard to decision
making.
4.3. Comparison of Benefits
References
Table 2 compares the benefits of our e-voting
mechanism with those of methods proposed by other [1] Burrows M., Abadi M., and Needham R., “A
researchers. The e-voting mechanism of Song and Cui Logic of Authentication,” ACM Transactions on
does not provide anonymity, as it allows votes to be Computer Systems, vol. 8, no. 1, pp. 18-36, 1990.
traced to their voters. In contrast to the e-voting [2] Buterin V., “A Next-Generation Smart Contract
mechanism of Zhou and Yan [26], our system uses a and Decentralised Application Platform,” 2015,
self-certification mechanism instead of a centralised https://ethereum.org/zh/whitepaper/, Last Visited,
certificate authority. This renders the participation of a 2021.
trusted third party unnecessary, provides a highly [3] Camenisch J., Piveteau J., and Stadler M., “Blind
decentralised structure, and reduces the key- Signatures Based on the Discrete Logarithm
management burden. Problem,” in Proceedings of the Advances in
Cryptology- EUROCRYPT '94, Perugia, pp. 428-
Table 2. Comparison of benefits between the proposed mechanism 432, 1994.
and other e-voting mechanisms.
[4] Chaum D., “Blind Signatures for Untraceable
Benefit
Song and Cui Zhou and Proposed Payments,” in Proceedings of the Advances in
[19] Yan [26] mechanism
Blockchain architecture X O O Cryptology, Boston, pp. 199-203, 1983.
Minimal third-party
X X O [5] Dutta P., Choi T., Somani S., and Butala R.,
participation
“Blockchain Technology in Supply Chain
Decentralised X △ O
Operations: Applications, Challenges and
Consensus X O O
Confidentiality O O O Research Opportunities,” Transportation
Integrity O O O Research Part e: Logistics and Transportation
Authenticity X O O Review, vol. 142, 2020.
Anonymity O O O
Non-repudiation O O O [6] Election Assistance Commission, “Voluntary
Untraceability △ O O Voting System Guidelines,”
Note: O, compliant; △, partially compliant; X, noncompliant
https://www.eac.gov/voting-
equipment/voluntary-voting-system-guidelines,
Last Visited, 2021.
5. Conclusions [7] ElGamal T., “A Public Key Cryptosystem and a
This work presents an electronic voting mechanism that Signature Scheme Based on Discrete Logarithms,”
is sufficiently secure for practical use. We used ECC IEEE Transactions on Information Theory, vol. 31,
cryptography for our system because it has the same no. 4, pp. 469-472, 1985.
level of security as RSA and ElGamal encryption while [8] Fernández-Caramés T. and Fraga-Lamas P., “A
having shorter key lengths, which allows the system to Review on the Use of Blockchain for the Internet
perform encryption and decryption operations more of Things,” IEEE Access, vol. 6, pp. 32979-33001,
efficiently. We also used a blind multi-document 2018.
signcryption mechanism that can be employed for [9] Girault M., “Self-Certified Public Keys,” in
simultaneous voting on multiple issues, which reduces Proceedings of the Workshop on the Theory and
the number of signing instances (particularly during Application of Cryptographic Techniques,
Secure Blockchain-Based Electronic Voting Mechanism 261

Brighton, pp. 490-497, 1991. https://gavwood.com/paper.pdf, Last Visited,


[10] Harn L., “Cryptanalysis of the Blind Signatures 2021.
Based on the Discrete Logarithm Problem,” IEEE [24] Yu X. and He D., “A New Efficient Blind
Electronic Letters, vol. 31, no. 14, pp. 1136-1137, Signcryption,” Wuhan University Journal of
1995. Natural Sciences, vol. 13, no. 6, pp. 662-664, 2008.
[11] Horster P., Michels M., and Petersen H., [25] Zheng Y., “Digital Signclyption or How to
“Comment: Clyptanalysis of the Blind Signatures Achieve Cost (Signature and Encryption) << Cost
Based on the Discrete Logarithm Problem,” IEEE (Signature)+Cost (Encryption),” in Proceedings
Electronic Letters, vol. 31, no. 21, pp. 1S27, 1995. of the Advances in Cryptology-Crypto '97,
[12] Jeng F., Chen T., and Chen T., “All ECC-Based California, pp. 165-179, 1997.
Blind Signature Scheme,” Journal of Networks, [26] Zhou Z. and Yan G., “Design of Block Chain-
vol. 5, no. 8, pp. 921-928, 2010. based Anonymous E-Voting Scheme,” Software
[13] Khan K., Arshad J., and Khan M., “Investigating Guide, vol. 19, no. 1, pp. 229-233, 2020.
Performance Constraints for Blockchain Based
Secure E-voting System,” Future Generation Pin-Chang Su is presently working
Computer Systems, vol. 105, pp. 13-26, 2020. as a Professor in the Department of
[14] Lee C., Hwang M., and Yang W., “A New Blind Information Management at National
Signature Based on the Discrete Logarithm Defense University, Taiwan. He
Problem for Untraceability,” Applied Mathematics received his Ph.D. degree in
and Computation, vol. 164, no. 3, pp. 837-841, Electrical Engineering from Chang
2005. Gung University, Taiwan in 2007. His
[15] Lin S., Zhang L., Li J., Ji L., and Sun Y., “A Survey research mainly focuses on Algorithms Design in Error-
of Application Research Based on Blockchain Control Coding, Information Security, Cryptographic
Smart Contract,” Wireless Networks, vol. 28, pp. Systems and E-Commerce Technologies. His published
635-690, 2022. articles can be found in most academic journals like
[16] Nakamoto S., “Bitcoin: A Peer-to-Peer Electronic KSII Transactions on Internet and Information Systems,
Cash System,” pp. 1-9, 2008, Computers and Electrical Engineering, Security and
http://bitcoin.org/bitcoin.pdf, Last Visited, 2021. Communication Networks, Applied Mathematics and
[17] National Conference of State Legislatures, Computation, Journal of e-Business and so forth.
“Online Voter Registration,”
https://www.ncsl.org/research/elections-and- Tai-Chang Su is a young researcher,
campaigns/electronic-or-online-voter- presently working as a MIS Manager
registration.aspx, Last Visited, 2021. in the National Defense University,
[18] Sabah N., Sagheer A., and Dawood O., Taiwan. He received the degree of
“Blockchain-Based Solution for COVID-19 and Master of Management Science (2022)
Smart Contract Healthcare Certification,” Iraqi awarded by Department of
Journal for Computer Science and Mathematics, Information Management, National
vol. 2, no. 1, pp. 1-8, 2021. Defense University, Taiwan. His research interests
[19] Song F. and Cui Z., “Electronic Voting Scheme include Blockchain, Algorithms Design, and
about ElGamal Blind-Signatures Based on XML,” Cryptographic Systems.
Procedia Engineering, vol. 29, pp. 2721-2725,
2012.
[20] Su P., Yang L., and Wang P., “Multiple Blind
Signcryption Scheme Based on ECC Technology
-Design of the E-voting at one Time for Multiple
Polls,” Journal of Information Management, vol.
14, pp. 73-94, 2014.
[21] Su P., Chang C., and Huang T., “Design and
Implement of Self-Certified PKI Mechanism for
E-commerce,” Electronic Commerce Studies, vol.
12, no. 1, pp. 73-92, 2014.
[22] Szabo N., “Formalizing and Securing
Relationships on Public Networks,” vol. 2, no. 9,
1997.
https://firstmonday.org/ojs/index.php/fm/article/d
ownload/548/469, Last Visited, 2021.
[23] Wood G., “Ethereum: A Secure Decentralised
Generalised Transaction Ledger,” 2014,

You might also like