Design of a Secured E-voting System
Hanady Hussien , Hussien Aboelnaga
Electronic and Communication Department. AAST
Cairo, Egypt
[email protected]
,
[email protected]
Abstract—E-voting systems are becoming popular with the
widespread use of computers and embedded systems. Security is
the vital issue should be considered in such systems. This paper
proposes a new e-voting system that fulfills the security
requirements of e-voting. It is based on homomorphic property
and blind signature scheme. The proposed system is implemented
on an embedded system which serves as a voting machine. The
system employes RFID to store all conditions that comply with
the rule of the government to check voter eligibility.
Keywords-component; E-voting system, Paillier cryptosystem,
RFID, blind signature, embedded system, security.
I. INTRODUCTION
One of the fundamental mechanisms for democracy is
election. It is the way to collect the public opinions to form a
democratic government. The traditional process of election is
quite tedious, time consuming and has a cumbersome
procedure in preparation and tallying phases. To overcome
these difficulties electronic voting system (EVS) is introduced.
EVS continues to grow as long as the world becomes more
dependable on the new technologies. EVS provides a lot of
benefits than traditional voting systems. It tries to enable
efficient and secure elections. EVS is inexpensive because its
resources are reusable. Also it does not require any
geographical proximity of voters, and it provides better
scalability for large elections [1]. Meanwhile using EVS must
satisfy some security requirements such as authentication, voter
privacy, confidentiality, integrity, etc. Many security flaws
were found because EVS is more vulnerable than traditional
voting process [2]. Digital data processing allows any
manipulation, updating or copying in votes. Hence this results
in a widespread fraud during the election day. Thus many
professionals expressed their negative opinions on e-voting [3].
Nevertheless, efforts are still made to introduce EVS in
countries that use traditional paper ballots [3].
The primary needs in any EVS are the confidence of voters
that their votes are counted and the final tally is sum of all
correct votes. For this reason, many different methods were
proposed concerning the security of EVS [1, 2].
This paper introduces a new EVS employs the
homomorphic property and blind signature based on RSA.
The paper is organized as follows; the essential EVS security
requirements are described in section II. Section III explains
the significant security tools. The details of proposed e-voting
system and its different phases are detailed in section IV.
Analysis of the proposed system from the point of view of
security is illustrated in section V. Section VI concludes the
paper.
II. ELECTRONIC VOTING SECURITY REQUIREMENTS
Security and accuracy are the first and foremost
requirements for any voting system. Hence, EVS should satisfy
at least the following security requirements which are
described in [4, 5, 6, 7]:
• Eligibility: only authorized voters who satisfy pre-
determined criterion can vote.
• Uniqueness: no one can vote more than once.
• Privacy: a vote is kept secret and no one can determine
for whom anyone else voted,
• Integrity: election process is secure so no one can
change anyone else’s vote without being discovered. In
addition no one can duplicate anyone else’s vote.
• Accuracy: every voter can make sure that his vote has
been taken into account in the final tabulation.
To achieve the above security services many security
schemes are provided. These schemes can be classified into [2,
8]
• Cryptography system and blind signature which used
for encrypting ballot and printing encrypted receipt.
[9,10,11],
• Mix-net based scheme for encrypting receipts which
are one part of ballot [ 12,13, 14],
• Using a Homomorphic method for hiding voter
information and ballot content [15, 16, 17].
III. SIGNIFICANT SECURITY TOOLS
The cryptographic voting protocols are based on significant
security tools. These tools are classified to
• Homomorphic encryption.
• Mix-net.
• Blind signature based on RSA.
The following subsections describe briefly these tools
A. Homomorphic Cryptosystem
Homomorphic cryptosystem is one of the efficient security
tools for e-voting system due to homomorphic property [18].
978-1-4673-5285-7/13/$31.00 ©2013 IEEE
It is an algebraic property that allows to apply mathematical
operations on sets of encrypted ballots without need of
decrypting them which improves privacy [18]. For example, in
additive homomorphic encryption, the product of two
ciphertexts is a third ciphertext that encrypts the sum of the
two original plaintexts [2]. Paillier algorithm is one of the
homomorphic cryptosystem which is widely used in most
voting systems. It is a probabilistic asymmetric algorithm for
public key cryptography, invented by Pascal Paillier in 1999
[2, 19]. A brief description of Paillier cryptosystem algorithm
is described below [2].
1) Key generation:In this step both the public keys (n,g)
and private keys ( ,μ) are generated.
• Choose two large prime numbers p and q where (gcd
(pq, (p–1) (q–1)) =1)
• Compute n = p×q and = lcm (p---1, q---1) where,
λ= (p---1)(q---1) / gcd ((p---1)(q---1))
• Select random integer g where, gcd [((gλ mod n2 --- 1)
/ n) , n] = 1
• Compute μ = (L( gλ mod n2))−1 mod n where, L(u) =
(u-1) / n
2) Encryption
• Select a random number r
• C (ciphertext) = gm rn mod n2 where, m is the plain
message.
3) Decryption
• m (plaintext) = L(cλ mod n2) . μ mod n
To illustrate the homomorphic property consider two
messages m1 and m2, the encryption of each message is E(m) =
gm rn mod n2 . Consequently, the product of cipher texts E(m1)
and E(m2) produces the cipher of addition of m1 and m2
messages as follows:
E(m1).E(m2) = (gm1 r1n)( gm2 r2n) mod n2 = (gm1+m2 )(r1r2)n mod
n2 = E(m1+m2)
B. Blind signature based on RSA
The blind signature technique allows a singer to sign
documents without knowing what's inside. The security of this
technique is achieved if the signers do not know the content of
the message to be signed. Moreover the signers should not
know the signature message pair or for whom he signed this
message [4]. This technique is first introduced by Chaum in
1983. Blind signature based on RSA is one of the techniques
used in EVS. In this technique the registrar, who has the
authority to sign, has a set (n, d, e) based on RSA key scheme.
He chooses a random number k where 1< k ≤ n. The voter
blinds his ballot m to get blind ballot B where
B = (mke) mod n (1)
where e is the public key.
The blinded ballot B is signed by an authority person with
a private key d to get signed ballot S where
S = Bd = (mke)d mod n = (mdk) mod n (2)
The signed ballot is unblinded by dividing it over k
UB = S k–1 = md mod n (3)
C. Mix- net
Mix-net technique is a way used to anonymize ballots by
dissociating the encrypted message from its sender [11]. This
technique mixes messages by sending them through a network
of authorities. Then each authority shuffles the received
messages before sending them to next one and keeping the
permutation secret [20]. The mix-net has two types:
decryption and reencryption. In decryption mix-net the
messages are encrypted by all authorities’ public keys and
each authority partially decrypts the message. In reencryption
mix-net the message is encrypted by a shared public key and
reencrypted by each authority’s private key [2,20].
IV. PROPOSED E-VOTING SYSTEM
The proposed e-voting system adopts one Central
Tabulation Facility (CTF) which collects all secret ballots
from local committee servers that distributed among poll
stations. Each server in each poll station is connected with a
number of embedded systems named voting terminals which
used to create voter’s ballot. The proposed system utilizes
both homomorphic cryptosystem which implemented using
Paillier cryptosystem and blind signature based on RSA. The
system is accomplished in five distinctive phases: authorizing,
voting, authenticating, and tallying phases. The main
workflow of the proposed system is depicted in Fig. 1. The
following subsections detail each phase.
A. Authorizing phase:
Authorizing phase is the first phase in the proposed e ---
voting system. It starts when a voter arrives at poll station with
his national ID and RFID. The main role of this phase is to
check the voter identity and eligibility. The voter identity is
checked by an authority part that checks the voter national ID.
Hence this part of the process is a human controlled process.
The voter eligibility is confirmed by voter’s passive RFID
card which is prepared by the government before election day.
The RFID card contains all information (constraints) required
to check voter eligibility as shown in table I. The status of
voter against each constraint is saved as a flag bit which
equals to logic one if voter satisfy this constraint or logic zero
if not. All these flags consumes one byte storage area. In
addition, forty bytes are needed to store the voter’s name.
Since this system is proposed for any kind of election, a part
of RFID memory is reserved to store the type of election. The
proposed system suggests to serve eight different types of
elections, each type needs 17-bit storage area as shown in
table I. The first two bytes represent the date of election while
the last bit is a flag bit which will be changed after a voter
casts his vote. From the authority perspective this flag
prevents voter from vote once again. The last field in RFID is
validity field which concerns the RFID validity time. This
field needs 2-bit which limits the validation time in four years.
 Figure 1. The proposed EVS phases

The security of the RFID and its communication are beyond Name of storage field in RFID Size (bits)
the scope of this paper. Presidential election 17

B. Voting phase: Re-Presidential election 17

People's Assembly elections 17

Type of Election

After checking identity and eligibility of a voter, voting

phase starts. In this phase, voting terminal displays an empty Re-People's Assembly elections 17
ballot, so the eligible voter selects his nominee and constructs Shura Council elections 17
his ballot. Subsequently, the voting terminal stores all ballots
generated by voters in M×L tables where L is the number of Re- Shura Council elections 17
nominees and M is a number of voter’s ballots. Local people council election 17

Re- local people council elections 17

TABLE I. DATA STORED IN RFID
Validity ( number of years) 2
Name of storage field in RFID Size (bits)
Total 466
Voter name 40 bytes

Nationality 1 If a voter casts his vote his ballot will be constructed by

storing a prime number representing vote YES in a cell
Age 1
intersects with the selected nominee while the rest L-1 cells
Constrains of Eligibility

Criminal status 1 have another prime number that represents vote NO as shown
in table II. For a real time processing the number of rows M
Armed forces 1
(ballots) is chosen to be small for example 5 rows or multiple
Quarintied status 1 of 5. The voting terminal encrypts each prime number in the
ballot (row) using Paillier cryptosystem. Afterward the
Mental illness 1
encrypted ballot is concatenated with a corresponding voter’s
Bankruptcy 1 information. The resulting tables are sent to the local
committee. Based on the additive homomorphic property of
Status of requirement 1
Paillier cryptosystem the voting terminal multiplies all
encrypted votes for each nominee (column) as shown in table
III. To prohibit any attempts to vote again, the RFID writer
records the election date and set the flag in type of election
field in voter’s RFID to logic one. All these steps are repeated
for the remaining ballots until the end of the Election Day.
TABLE II. TABLE 5×5 OF PLAIN BALLOTS PRIME NO. OF VOTE YES = 5
AND FOR VOTE NO =19
where,
n is the number of “Vote Yes” for each nominee.
y is the decryption result of each nominee.
r2 is the prime number representing “Vote No.”
r1 is the prime number representing “Vote Yes”.
N is the total number of ballots delivered to CTF

David Jon Carl Arlond Tom For the above example, if it is required to find the number of
“Vote Yes” for nominee 3, assuming that N = M = 5
Voter1 5 19 19 19 19

Voter2 5 19 19 19 19 n = (81 – (5×19)) / (5 – 19) = 1vote

Voter3 19 5 19 19 19
And, the number of “Vote No” = N – n = 5 – 1 = 4 votes.
Voter4 19 5 19 19 19 Table V shows the final results for all nominees in the
Voter5 19 19 5 19 19 example. This result reflects the exact votes shown in table II.

TABLE V. RESULT OF THE ELECTION

TABLE III. MULTIPLIED VOTES FOR EACH NOMINEE
NO of David Jon Carl Arlond Tom
David Jon Carl Arlond Tom
Yes Vote 2 2 1 0 0
E(5) E(19) E(19) E(19) E(19) No Vote 3 3 4 5 5
×E(5) ×E(19) ×E(19) ×E(19) ×E(19)
×E(19) ×E(5) ×E(19) ×E(19) ×E(19)
×E(19) ×E(5) ×E(19) ×E(19) ×E(19)
V. SECURITY ANALYSIS
×E(19) ×E(19) ×E(5) ×E(19) ×E(19)
=ξ1 =ξ2 = ξ3 =ξ4 =ξ5 In this section we analyze how strong the proposed e-
voting system satisfies the security requirements
C. Authentication phase:
Authentication means, it should be possible for the A. Eligibility
receiver of a message to ascertain its origin; an intruder should
not be able to masquerade as someone else [18]. In our This requirement is achieved by voter’s RFID. The voter
system blind signature based on RSA is used for cannot cast his vote unless voting terminal checks the content
authentication. In this phase the voting terminal blinds the of voter’s RFID. The government prepares and encrypts this
data with a public key encryption algorithm. The voting
multiplied votes ξi using a public key e as depicted in equation
terminal decrypts it with a private key. This part of security is
1. The blind votes are sent to the local committee server beyond the scope of this paper.
which signs them with a private key d as illustrated in
equation 2. Consequently, the local committee blinds the
received tables that contain the encrypted ballots and voter’s B. Secrecy
information. Then all these blinded and signed data are sent to The secrecy requirement is accomplished by using Paillier
CTF as shown in Fig. 1. cryptosystem which is a probabilistic encryption. Thus it is
hard for cryptoanalist to decrypt any random cipher text to get
D. Tallying phase: a correct plaintext [5]. In addition the homomorphic property
in Paillier allows CTF, in tallying phase, to count the
This phase starts when signed votes delivered to CTF encrypted votes with no need to decrypt them. Another
which unblinds them as illustrated in equation 3. Afterwards measure of secrecy is achieved in the voting phase. In this
CTF decrypts the resulting unblinded message. Due to the phase a group of encrypted ballots are multiplied by each
additive homomorphic property of the Paillier cryptosystem, other and then sent to CTF that makes tracking a voter's
the decryption results will be the addition of the prime choice is hard
numbers of votes YES and NO. To verify the idea table IV
shows the decryption results for the example shown in table II. C. Uniqueness
This security requirement can be accomplished in the
TABLE IV. DECRYPTION RESULTS FOR THE EXAMPLE SHOWN IN TABLE voting phase. The election type field stored in voter’s RFID
II who satisfies this requirement. This field consists of election
David Jon Carl Arlond Tom date and flag bit that is raised whenever a voter casts his vote.
67 67 81 95 95 As a result the voter cannot vote again.

At the end of election day CTF extracts the number of D. Privacy

votes for each nominee to get the election results. Hence CTF
calculates the number of vote YES by applying
n = (y – Nr2) / (r2 – r1)
This requirement needs to hide vote and no one can know
anyone else vote. Using a blind signature based on RSA
technique provided that the vote will be blinded so it will not
(4) be revealed to local committee (authority party). In addition
the authority party cannot learn the voter’s decision during [10] Kazue Sako, “Electronic voting scheme allowing open objection to the
signing. Another advantage provided by blind signature is the tally,” IEICE transactions on fundamentals of electronics,
communications and computer sciences, vol. E77-A. No.1, pp. 24-30,
vote is disassociated with voter data so no one can know 1998., in press.
which voter a vote belongs to. [11] Tatsuaki Okamoto. “Receipt-free electronic voting scheme for large
scale election,” Proceeding of the 5th International Workshop on
E. Accuracy Security Protocols, pp. 25 – 35, 1997., in press.
Using the blind signature based on RSA can satisfy this [12] Wakaha Ogata, Kaoru Kurosawa, Kazue Sako, and Kazunori Takatani,
“Fault tolerant anonymous channel,” Proceedings of the First
requirement. All votes are blinded in voting phase then signed International Conference on Information and Communication Security,
in the authentication phase. Therefore the CTF counts only the Springer-Verlag, pp. 440–444, 1997.
signed votes. In addition, verification phase satisfies this [13] M. Abe and F. Hoshino, “Remarks on Mix-network based on
requirement by comparing the ballots from local committee permutation networks,” Public Key Cryptography (PKC 2001), LNCS
with the one tallied in CTF. 1992 Springer Verlag, pp. 317-324, 2001., in press.
[14] Mads Johan Jurik, “Extensions to the Paillier Cryptosystem with
Applications to Cryptological Protocols,” A PhD dissertation, Faculty of
VI. CONCLUSION Science of the University of Aarhus, Denmark, 2004.
In this paper, a new EVS is presented. It utilizes Pailier [15] Josh Cohen Benaloh, “Verifiable Secret Ballot Elections,” PhD
cryptosystem and blind signature based on RSA as security dissertation, Yale University, New Haven, 1987.
tools. It consists of CTF that communicates with multiple [16] Kazue Sako and Joe Kilian, “Secure voting using partially compatible
local committee servers that distributed among poll stations. homomorphisms,” Advances in Cryptology - CRYPTO’94, Springer-
Verlag, pp. 411–424, 1994., in press.
Each server is connected with group of embedded systems
acting as voting machines. The system satisfies the vital [17] Ronald Cramer, Rosario Gennaro, and Berry Schoenmakers. “A secure
and optimally efficient multi-authority election scheme,” Advances in
security requirements. Pailier cryptosystem provides the Cryptology - EUROCRYPT, pp. 103-118, 1997.
secrecy requirement because of its additive homomorphic [18] Ben Adida, “Advances in Cryptographic Voting Systems,” Doctor of
property, which allows CTF to tally the secret votes without Philosophy in Computer Science in the MASSACHUSETTS
decrypting them. The blind signature based on RSA blinds the INSTITUTE OF TECHNOLOGY (MIT), 2006. , in press.
votes and voter identity to achieve privacy and accuracy [19] Dario Catalano, Rosario Gennaro Nick, HowgraveGraham, and Phong
security requirements. The eligibility and uniqueness Q. Nguyen, “Paillier’s Cryptosystem Revisited,” Proceeding CCS '01
requirements are accomplished by the data stored in voter’s Proceedings of the 8th ACM conference on Computer and
Communications Security, pp. 206 – 214, USA, 2001.
RFID.
[20] Martin Hirt and Kazue Sako, “Efficient receipt-free voting based on
homomorphic encryption,” In Proceedings of the Eurocrypt 2000, pp.
VII. REFERENCES 539-556, 2000., in press.
[1] K. Alam and S. Tamura, “Electronic voting using confirmation numbers
systems,” IEEE International Conference on System, Man and
Cybernetics, SMC 2009, pp. 4535 – 4540, 2009., in press.
[2] M. J. Moayed, A. A. A. Ghani, and R. Mahmod, “A survey on
cryptography algorithms in security of voting system approaches,”
International Conference on Computational Sciences and Its
Applications, ICCSA '08, pp. 190 – 200, 2008., in press.
[3] B. Ondrisek, “E-Voting system security optimization,” 42nd Hawaii
International Conference on System Sciences, HICSS '09, pp. 1 – 8,
2009., in press.
[4] Gina Gallegos-García, Roberto Gómez-Cárdenas, and Gonzalo I.
Duchén-Sánchez, “Identity based threshold cryptography and blind
signatures for electronic voting,” Journal WSEAS Transactions on
Computers, vol. 9. Issue: 1, pp. 62-7.1, 2010., in press.
[5] Bruce Schnieer, “Applied Cryptography, Protocols, Algorthms, and
Source Code in C,” Wiley Computer Publishing, John Wiley & Sons,
Inc. Second Edition, 1996.
[6] Byoungcheon Lee and Kwangjo Kim, “Receipt-free electronic voting
scheme with a tamper-resistant randomizer,” ICISC'02 Proceedings of
the 5th international conference on Information security and cryptology,
pp. 389-406, 2002.
[7] A. O. Santin, R. G. Costa, and C. A. Maziero, “A three-ballot-based
secure electronic voting system,” Security & Privacy IEEE, vol. 6. Issue:
3, pp. 14 – 21, 2008., in press.
[8] T. Rossler, H. Leitold, and R. Posch, “E-Voting: A scalable approach
using XML and hardware security modules,” The 2005 IEEE
International Conference on e-Technology, e-Commerce and e-Service,
pp. 480 – 485, 2005., in press.
[9] R. Anane, R. Freeland, and G. Theodoropoulos, “E-voting requirements
and implementation,” E-Commerce Technology and the 4th IEEE
International Conference on Enterprise Computing, E-Commerce, and
E-Services, pp. 382-392, 2007., in press.