1. Introduction
The essence of democracy is majority rule. Deciding what the majority is will basically be carried out by a vote. Since the end of 2019, the influence of the coronavirus disease (namely COVID-19) has promoted the trend of legislation for absentee voting, so that voters can vote without returning to their registered domiciles. One of the approaches to conducting absentee voting is Internet voting (I-voting), which is one type of electronic voting (e-voting). However, while the advancement in information and communication technologies makes it possible to realize electronic voting, most countries still adopt paper voting and manual vote-counting procedures. The fundamental reason behind this phenomenon is that voters have concerns regarding the security of emerging techniques related to voting [1]. Furthermore, the transparency of the current voting procedures is often unable to make voters feel confident, no matter what type (i.e., paper or electronic) of voting it is [2] [3].
In recent years, with the increasing utilization in finance, medical care, and supply chains, blockchain technology has become famous. Through consensus, such a technology maintains a shared ledger and stores data distributedly over all nodes. In this way, if the data is tampered with, it will be detected immediately. Therefore, blockchain technology has the characteristics of decentralization, immutability, anonymity, etc. to ensure the transparency of the voting procedures. Because of these characteristics, researchers have begun to introduce this technology into electronic voting systems. In addition to process design using a blockchain, signature and encryption in cryptography are also techniques in electronic voting that are essential to addressing security issues of the system. In related researches, Chaum (1983) [4] first proposed the blind signature based on the RSA (short for Rivest-Shamir-Adleman, names of its inventors) encryption algorithm. Its concept is that the signature requester allows the signer to complete signing the unknown message content without revealing the information within it. It has the characteristics of protecting the privacy of the message content of the signature requester. However, it also causes security issues, such as insufficient integrity, untraceability, and non-repudiation. Jen et al. (2010) [5] proposed the blind signature based on the elliptic curve cryptography (ECC). The main feature is that it reaches a higher computational speed under the same circumstances achieving untraceability.
This research is motivated by resolving the above-mentioned issues associated with electronic voting. The main goal is to design a novel electronic voting mechanism with sufficient security and practicality, by utilizing the underpinning blockchain technology with the characteristics of decentralization, immutability, and trustworthiness, and adopting the theoretical bases of the elliptic curve cryptography, the blind signature, and the selfcertification mechanism. Such a mechanism will have the following advantages:
• The electronic voting mechanism with blockchain technology provides decentralized services to ensure the transparency and fairness of voting procedures and thereby strengthens the level of trust of voters in such a mechanism.
• By applying the elliptic curve cryptography theory to the electronic voting system, the use of the blind signature technique meets the fundamental security requirements. Besides, the use of keys with shorter bit lengths effectively reduces the computational load of the system and still achieves the same security strength as the RSA encryption algorithm.
• The introduction of the self-certification mechanism prevents the certificate authority (CA) as a trusted third party from selecting the private key on behalf of the voter and counterfeiting the voter’s identity in the process of creating and issuing the certificate, and it reduces the cost and risk of the overall certification system in storing, calculating, and managing public keys.
To prove that the proposed mechanism is sufficiently secure, the BAN logic analysis and the investigation for several key security features will be conducted. There will also be comparisons between the proposed mechanism and the ones designed by relevant studies. Furthermore, the feasibility of such a mechanism will be verified through simulations and demonstrations.
2. Related Researches
This section discusses the blockchain, cryptography, and electronic voting techniques which are adopted as the bases of this research, and categorizes, summarizes, and analyzes the related researches in the literature.
2.1 Blockchain Technology
Nakamoto (2008) published a white paper, “Bitcoin: A peer-to-peer electronic cash system” [6], in which the Bitcoin electronic currency and its algorithms were described, and the concept of blockchains was presented. Buterin (2013) proposed a next-generation smart contract [7]. The study described that the smart contract is based on blockchain technology and can be used to construct a trustless cryptocurrency and a decentralized application (Dapp) platform. This had made the applications of blockchain technology more diverse and freer.
The concept of smart contracts was proposed by Szabo (1996), an interdisciplinary legal scholar [8]. That is, in comparison with the traditional contracting method, a higher level of security will be achieved and the transaction costs associated with contracting will be reduced by programming relevant agreements and executing them on computers.
The programs of decentralized applications are deployed on peer-to-peer distributed blockchain networks, and all of the data are open, transparent, and immutable [9].
2.2 Cryptography
2.2.1 Elliptic Curve-based Blind Signature
The elliptic curve-based blind signature was proposed by Jeng et al. in 2010 [5]. With the characteristics of having a short elliptic curve key length, a fast processing speed, and the difficulty of solving an elliptic curve discrete logarithm problem (ECDLP) when trying to crack the encryption, this algorithm is computationally faster, less expensive, and harder to crack at the same key length than the RSA.
2.2.2 Self-certification Mechanism
Girault proposed a self-certification mechanism based on the RSA public key cryptosystem [10] in 1991. Its purpose is to allow the user to participate in the calculation of the public key at the authorization stage. At the subsequent usage stage, independent identity selfcertification can be completed without the need for a trusted third party. This mechanism has a higher security level, a lower management load, and higher identity certification efficiency. For the security of the public key cryptosystem, Girault proposed three levels of security as shown in Table 1.
Table 1. Three levels of security
2.3 Electronic Voting
Electronic voting refers to utilizing electronic equipment to assist in completing any part of the voting procedures. Generally, it is divided into two categories in correspondence with the different types of equipment used [11]. One category is implemented through the use of standalone electronic voting machines. In such a category, the voting personnel must be selected through a certain screening process, and the equipment cost may be fairly high. Furthermore, the voters are still required to go to a polling station to vote in person. The other category is Internet voting. Different from the category adopting electronic voting machines, the information exchange of this category is carried out exclusively through the Internet. Inperson voting is no longer needed.
The representatives of recent studies regarding electronic voting are summarized as follows.
Song and Cui (2012) [12] presented an electronic voting algorithm by incorporating the ElGamal blind-signature algorithm in the Extensible Markup Language (XML). It was reported to have good security importance. However, the main issue with this algorithm is that it is categorized as a general centralized mechanism, which relatively lacks transparency and is prone to interventions of trusted third parties. Furthermore, when the algorithm is adopted, the voter identity may be traceable from the vote [13].
Waheed et al. (2021) [14] proposed a scheme using the elliptic curve-based blind signature. Compared with the ElGamal-based or RSA-based cryptosystems, the scheme is more efficient and secure. However, it is also categorized as a centralized mechanism. Its main issue is similar to the one proposed by Song and Cui (2012) [12].
Liu and Wang (2017) [15] presented a mechanism that incorporates blockchain technology and deploys the interactions among participants in the form of transaction records on the blockchain for verification. The mechanism provides relatively better transparency. However, their study did not describe how the participants generate public and private keys at the registration stage. If the public and private keys still need to be generated by relying on a trusted third party like the certificate authority, the mechanism may be prone to interventions of the third party. Besides, at the voting stage, the voter establishes voting information directly based on the voting options, not through the ballot sent by the organization, so the organization is not able to ensure non-repudiation of the voting behavior by the voter.
The mechanisms proposed by Dong et al. (2017) [16], Yu et al. (2019) [17], and Zhou and Yan (2020) [18] all incorporate blockchain technology for better transparency. However, the certificate authority is required in these mechanisms to assist in the public and private key generation for conducting identity certification. They are prone to interventions of the certificate authority. Furthermore, the smart contract is used to provide a decentralized environment when there is not any trusted third party present. However, these mechanisms all deploy the public and private keys in the smart contract through the certificate authority. Since the smart contract is public and accessible to all participants, the information in it is not secure.
This research is to design a mechanism that is able to resolve the issues associated with the currently developed electronic voting mechanisms as discussed above.
3. Mechanism Design
This study proposes an electronic voting mechanism suitable for use through the Internet. First of all, the Ethereum blockchain [19] can be adopted to construct the development environment, and the smart contracts can be utilized for publishing the votes on the chain, which will allow the participants to conduct verifications from the hash values of the transactions on the blockchain and resolve the issue associated with the lack of transparency in the current electronic voting system. Furthermore, the blind signature algorithm based on the elliptic curve cryptography can be adopted to enhance the security of this mechanism to protect the privacy of the voters’ identities and the content of ballots. For identity verification, the self-certification mechanism can be introduced to prevent untrustworthy certificate authorities from using the computed public and private keys during the process of certificate issuance to falsely act as the voters to vote. It can also reduce the load of certificate authorities to compute the public and private keys for all voters, so as to enhance the execution efficiency. The following describes the structure and operation process of the proposed electronic voting mechanism.
3.1 Operation Process and Symbols
The electronic voting process designed in this study is categorized into 5 stages, namely the initialization stage, the ballot collecting and voting stage, the blinding and signing stage, the unblinding stage, and the verifying and counting stage. The processes of all stages are shown in Fig. 1, and the parameters and symbols are shown in Table 2.
Table 2. System parameters
Fig. 1. Sequence diagram for the processes of all stages
3.2 Stages and Algorithms
This section describes the processes and algorithms of the 5 stages, namely the initialization stage, the ballot collecting and voting stage, the blinding and signing stage, the unblinding stage, and the verifying and counting stage.
3.2.1 The Initialization Stage
At the initialization stage, the certificate authority (CA) chooses one secure elliptic curve 𝐸(𝐹𝑞) in the finite field 𝐹𝑞 , where 𝐸(𝐹𝑞): 𝑦2 = 𝑥3 + 𝑎x + 𝑏 (mod 𝑞) , 4𝑎3 + 27𝑏2 ≠ 0 (mod 𝑞), and 𝑞 is a prime number greater than 256 bits, and adopts a base point 𝐺 with its order equal to 𝑛, so that
𝑛 ⋅ 𝐺 = 𝑂 (1)
where 𝑂 is the infinitely-distant point of this elliptic curve. In addition, one-way collision-free hash functions, ℎ1( ) and ℎ2( ), are adopted at this stage. The public key is computed in the following equation.
PKCA = skCA ⋅ 𝐺 (2)
Subsequently, 𝐸(𝐹𝑞), 𝐺, 𝑞, PKCA, ℎ1( ) and ℎ2( ) are published to allow the participants, namely the election organization, the voter, and the time server, to conduct the related computation when registering with the certificate authority.
For example, the election organization (ORG) uses its identity information idORG and a randomly-chosen secret value rORG ∈ [2, 𝑛 − 2] to generate the signature file SFORG , and subsequently sends idORG and SFORG to the certificate authority. SFORG is computed in the following equation.
SFORG = ℎ1(rORG ∥ idORG) ⋅ 𝐺 (3)
The certificate authority chooses a secret value rCA ∈ [2, 𝑛 − 2] to compute the verification public key VPKORG and the signature SVORG of the election organization as shown in the following equation, where (qORGx, qORGy) represents the corresponding point of VPKORG on the elliptic curve 𝐸(𝐹𝑞) in the x and y coordinates. After the computation, VPKORG and SVORG are sent to the election organization.
VPKORG = SFORG + (rCA - h1(idORG)) ∙ 𝐺 = (qORGx, qORGy) (4)
SVORG = rCA + skCA ∙ (qORGx + ℎ1(idORG)) (5)
The election organization uses the parameters (VPKORG and SVORG) returned by the certificate authority to compute the private key skORG and to verify the computation accuracy of the certificate authority.
skORG = (SVORG + ℎ1(𝑟ORG ∥ idORG)) (6)
The public key PKORG is computed by the election organization using the following equation.
PKORG = skORG ∙ 𝐺 (7)
The verification is conducted as follows.
PKORG = (rCA + skORG ∙ (qORGx + ℎ1(idORG)) + ℎ1(rORG ∥ idORG)).𝐺 (8)
PKORG = (rCA + skORG ∙ (qORGx + ℎ1(idORG))) ∙ 𝐺 + ℎ1(rORG ∥ idORG)).𝐺 (9)
∵ PKCA = skCA ∙ 𝐺 (10)
∴ PKORG = (rCA + ℎ1(rORG ∥ idORG)) ∙ 𝐺 + (qORGx + ℎ1(idORG)) ∙ PKCA (11)
∴ PKORG = rCA ∙ 𝐺 + ℎ1(rORG ∥ idORG)) ∙ 𝐺 + (qORGx + ℎ1(idORG)) ∙ PKCA (12)
∵ SFORG = ℎ1(rORG ∥idORG)) ∙ 𝐺 (13)
∴ PKORG = rCA ∙ 𝐺 + SFORG + (qORGx + ℎ1(idORG)) ∙ PKCA (14)
∵ VPKORG = SFORG + (rCA − ℎ1(idORG)) ∙ 𝐺 (15)
∵ SFORG = VPKORG − (rCA − ℎ1(idORG)) ∙ 𝐺
= VPKORG − rCA ∙ 𝐺 + ℎ1(idORG)) ∙ 𝐺 (16)
∴ PKORG = rCA ∙ 𝐺 + VPKORG − rCA ∙ 𝐺 + ℎ1(idORG)) ∙ 𝐺 + (qORGx + ℎ1(idORG)) ∙ PKCA (17)
∴ PKORG = VPKORG + ℎ1(idORG) ∙ 𝐺 + (qORGx + ℎ1(idORG)) ∙ PKCA (18)
The registration processes of the voter and the time server with the certificate authority are the same as the process mentioned above. After registering with the certificate authority and receiving the exclusive verification public key VPKz and signature SVz (where 𝑧 represents the participant), every participant can compute the private key by itself and verify the accuracy of the public key. It is also feasible to use identity-related parameters, such as idz, VPKz, and PKz, to directly certify the identity of a participant without the need to rely on the certificate authority for conducting identity certification.
After completing registration, the election organization will incorporate the self-certification mechanism, the associated public parameters, and the voting functions in the smart contract and deploy the contract on the blockchain. As soon as the address of the contract is obtained, it will implement the decentralized voting and counting applications and publish them for the voters and the time server to use.
3.2.2 The Ballot Collecting and Voting Stage
All participants must mutually complete self-certification before interacting with each other. After the voter (V) and the election organization obtain valid identities from the certificate authority, as soon as the election organization receives the identity-related parameters (𝑖𝑑𝑉, VPKV, and PKV) from the voter, it will conduct certification to make sure that the identity of the voter is valid. The associated computation is as follows.
PKV′ = VPKV + ℎ1(idV) ∙ 𝐺 + (qvx + ℎ1(idV)).PKCA (19)
PKV′ ≟ PKV (20)
Similarly, the voter can use idORG, VPKORG, and PKORG sent by the election organization to certify its identity.
PKORG′ ≟ PKORG (21)
After mutual identity certification, the election organization sends a ballot to the voter and puts the record on the blockchain to prevent the voter from repeatedly collecting ballots. The ballot contains the voting question and a collection of voting options (denoted by opj, where 𝑗 = {1, 2, 3, ⋯ , 𝑚}) as shown in the following equation.
options = {op1, op2, op3, ⋯ , opm} (22)
The voter can mark an option after collecting the ballot.
3.2.3 The Blinding and Signing Stage
After marking an option opj, the voter adopts a random value bf ∈ [2, 𝑛 − 2] as the blinding factor and uses the public key PKTS of the time server (TS) and the one-way collision-free hash function ℎ2( ) to generate the encrypted voting information 𝑤. The encrypted voting information 𝑤 is then blinded to generate the encrypted abstract document 𝑊. After mutual identity certification, 𝑊 is sent to the election organization.
𝑤 = ℎ2(bf ∙ PKTS ∥ opj) (23)
𝑊 = 𝑤 ∙ 𝐺 (24)
As soon as the election organization receives the blinded encrypted abstract document 𝑊, it uses a random value rORG ∈ [2, 𝑛 − 2] and its private key skORG to sign the document W and to generate the relationship value 𝑅 and the signed document 𝑆. Subsequently, 𝑅 and 𝑆 are returned to the voter.
𝑅 = rORG ∙ 𝑊 (25)
𝑆 = (skORG + rORG) ∙ 𝑊 (26)
3.2.4 The Unblinding Stage
After receiving the relationship value 𝑅 and the signed document 𝑆, the voter uses the public key PKORG of the election organization to compute the unblinding point wPK for the encrypted voting information 𝑤, and then deploys such a point along with 𝑅 and 𝑆 on the blockchain through the smart contract (SC). In the meantime, the smart contract will enable its functions to verify whether or not the 3 parameters (wPK, 𝑅, and 𝑆) and the same transaction address addr already exist on the blockchain. If they do exist, such a vote will be nullified. In this way, repeated voting by the voter can be avoided.
wPK = 𝑤 ∙ PKORG (27)
After the parameters are deployed on the blockchain, the participants can conduct the verification on their own. The equations are as follows.
𝑅 ≟ 𝑅′ = 𝑆 − wPK (28)
∵ 𝑅 = rORG ∙ 𝑊 (29)
∵ 𝑆 = (skORG + rORG) ∙ 𝑊 (30)
∴ rORG ∙ 𝑊 ≟ (skORG + rORG) ∙ 𝑊 − wPK (31)
∴ rORG ∙ 𝑊 ≟ skORG ∙ 𝑊 + rORG ∙ 𝑊 − wPK (32)
∵ wPK = 𝑤 ∙ PKORG= 𝑊 ∙ skORG (33)
∴ rORG ∙ 𝑊 ≟ wPK + rORG ∙ 𝑊 − wPK (34)
∴ rORG ∙ 𝑊 = rORG ∙ 𝑊 (35)
∴ 𝑅 = 𝑅′ (36)
As the final step, the voter sends the election organization the transaction address addr obtained after deploying the parameters on the blockchain along with the encrypted blinding factor BF computed by the following equation.
BF = bf ∙ 𝐺 (37)
3.2.5 The Verifying and Counting Stage
After mutual self-certification with the time server, the election organization sends the time server the transaction address addr, the encrypted blinding factor BF, and the verification values of all voting options (options = {op1, op2, op3, ⋯ ,op𝑚}). Subsequently, the time server uses the transaction address addr to obtain the unblinding point wPK of each vote through the smart contract and uses the private key skTS of the time server and the public key PKORG of the election organization to compute a collection of points wPK′ = {wPK′1, wPK′2, wPK′3, ⋯ , wPK′𝑚} to be compared with and to verify each wPK. Taking voting option 1 op1 as an example, the computation is as follows.
wPK = 𝑤 ∙ PKORG (38)
wPK′1 = ℎ2(BF ∙ skTS ∥ op1) ∙ PKORG (39)
The verification process is as follows.
wPK ≟ wPK′1 (40)
𝑤 ∙ PKORG ≟ ℎ2(BF ∙ skTS ∥ op1) ∙ PKORG (41)
∵ 𝑤 = ℎ2(bf ∙ PKTS ∥ opj) (42)
∴ ℎ2(bf ∙ PKTS ∥ opj) ∙ PKORG ≟ ℎ2(BF ∙ skTS ∥ op1) ∙ PKORG (43)
∵ bf ∙ PKTS = bf ∙ SKTS ∙ 𝐺 = BF ∙ skTS (44)
if opj = op1 (45)
ℎ2(bf ∙ PKTS ∥ opj) ∙ PKORG = ℎ2(bf ∙ SKTS ∙ 𝐺 ∥ op1) ∙ PKORG
= ℎ2(BF ∙ skTS ∥ op1) ∙ PKORG (46)
wPK = wPK′1 (47)
When wPK = wPK′1, it indicates that the vote is for option 1. Such a result will be added to the collection of voting results, Sum = {sumop1, sumop2, sumop3,⋯ ,sumopm}. That is sumop1 + 1. On the other hand, when wPK ≠ wPK′1, the other results wPK′j, 𝑗 ∈ 2 ⋯ 𝑚 will be compared to decide which option the vote is for.
When all the votes are compared and the results are counted, the collection of voting results Sum, the product of the encrypted blinding factor and the private key BF ∙ skTS, and the verification values of all voting options ( options = {op1, op2, op3, ⋯ , op𝑚}) will be deployed on the blockchain to allow all participants to verify the counting results on their own.
4. Security Analysis and Evaluation
This section verifies the security of the proposed mechanism through the analysis using the BAN logic and the investigation of relevant security regulations.
4.1 The BAN Logic Analysis
The Burrows-Abadi-Needham logic (BAN logic) was proposed by Burrows, Abadi, and Needham in 1990. It is a security analysis that specifically focuses on examining whether or not the identities of two parties in the transaction can be certified in the network security protocol. The representation of a general security protocol includes the subjects, the keys, and the formulas. The combination of them will represent all of the inference processes. The BAN logic has 5 inference rules, namely the message-meaning rule, the nonce-verification rule, the jurisdiction rule, the receiving rule, and the freshness-conjuncatenation rule.
Participants in this study mutually certify whether or not the identities of each other are authorized users through the proposed self-certification mechanism before transactions. Taking the voter (V) and the election organization (ORG) as an example, the BAN logic analysis is used to prove that through such a mechanism, each party trusts the public key (S) sent by the other with which it communicates, so as to ensure the correctness and security of the mechanism. First, the goals to be achieved through the BAN logic analysis are as follows.
Goal 1: ORG| ≡ 𝑆𝑉
Goal 2: 𝑉| ≡ SORG
Before conducting the analysis, the message exchange process of this study is transformed into the expressions defined by the BAN logic format. The transformed messages are as follows.
Message 1: 𝑉 → ORG:(VPKV, PKV, IDV)
Message 2: ORG → 𝑉:(VPKORG, PKORG, IDORG)
Subsequently, the assumptions regarding the mechanism proposed in this study are stated as follows for further inference and analysis.
Assumption 1: 𝑉| ⇒ 𝑟𝑉
Assumption 2: ORG| ≡ 𝑉| ∼ (IDV , 𝑟𝑉)
Assumption 3: ORG| ⇒ rSC
Assumption 4: ORG| ≡ CA| ∼ 𝑆𝑉𝑉
Assumption 5: 𝑉| ≡ CA| ∼ SVORG
Assumption 6: 𝑉| ≡ ORG| ∼ (IDORG , rORG)
Assumption 7: 𝑉| ≡ ORG| ≡ (skORG, CA| ∼ VPKORG)
Assumption 8: ORG| ≡ 𝑉| ≡ (skV, CA| ∼ VPKV)
Assumption 9: 𝑉| ≡ IDORG
Assumption 10: ORG| ≡ IDV
According to the assumptions regarding the proposed mechanism and the rules of the BAN logic, it is proven that the voter and the election organization can trust the messages sent by each other after mutually certifying their identities through the self-certification mechanism. The proofs are described as follows.
When the election organization receives Message 1, it is proven that the election organization can see the message sent by the voter.
ORG ⊲ (VPKV, PKV, IDV)
According to the jurisdiction rule, the following is inferred.
ORG ⊲ (PKV)
Based on the formulas skV = (SKV + ℎ1(𝑟𝑉 ∥ idV)) and PKV = skV ∙ 𝐺, and Assumptions 1, 2, and 4, the following conclusions are drawn.
ORG| ≡ 𝑉| ⇒ PKV and ORG| ≡ 𝑉| ≡ PKV
Therefore, according to the jurisdiction rule, the following is proven.
ORG| ≡ PKV (Goal 1)
Furthermore, according to Assumptions 3, 5, and 6, when the election organization receives Message 2, the following conclusions are drawn.
𝑉| ≡ ORG| ⇒ PKORG and 𝑉| ≡ ORG| ≡ PKORG
According to the jurisdiction rule, the following is proven.
𝑉| ≡ PKORG (Goal 2)
At the initialization stage, the registration process of the smart contract is the same as the other participants. Therefore, they can trust the VPKs, PKs, and IDs sent by each other through the self-certification mechanism without relying on the certificate authority for identity certification. Besides, the participants have jurisdiction over the chosen random value 𝑟 to prevent the third party from impersonating their identities. Therefore, the security of the proposed self-certification mechanism is verified.
4.2 Security Analysis
This study summarizes the security regulations defined in the voluntary voting system guidelines (VVSG) 2.0 and conducts verification for a list of security aspects of the proposed electronic voting mechanism. These aspects include transparency, confidentiality, integrity, authentication, anonymity, non-repudiation, untraceability, and minimum third-party participation [20].
4.2.1 Transparency
The proposed electronic voting mechanism is developed based on blockchain technology. A blockchain is a decentralized, immutable, and credible distributed ledger that provides a secure, stable, transparent, verifiable, and efficient transaction record. As its extensions, the smart contract and the decentralized applications are developed and deployed on a distributed blockchain network, on which all data are open, transparent, and immutable. Therefore, transparency in the voting operation is ensured. Visitors on the blockchain are allowed to examine the voting processes and transactions at any time to verify the operation of the voting mechanism.
4.2.2 Confidentiality
The voter uses a randomly-chosen secret value bf and the public key PKTS of the time server to encrypt the vote (as shown in (23)). The secret value bf is owned by the voter, and the private key skTS is owned by the time server. Therefore, even if a third party steals the encrypted information of the vote, without the associated secret value bf and private key skTS, decrypting the information will require facing the difficulty of solving a problem with elliptic-curve discrete logarithmic complexity. This means that the proposed mechanism ensures the confidentiality of the vote.
4.2.3 Integrity
The encrypted abstract document 𝑊 to be signed by the election organization is computed by the voter using the one-way collision-free hash function ℎ2( ) (as shown in (23) and (24)). Even if a third party intercepts the encrypted document sent by the voter and falsifies it before deploying it on the blockchain, the produced encrypted abstract document will not be the same because of the irreversibility characteristic associated with the hash function ℎ2( ) , and therefore signature verification will fail. It is evident that when verification at the time server finally succeeds, it means that the same hash value of the encrypted abstract document is produced and that the content of the vote is correct and intact. This indicates that the proposed mechanism ensures the integrity of the vote.
4.2.4 Authentication
Through the proposed self-certification mechanism, two parties confirm the identities of each other before transmitting data. Taking the voter as the sender and the election organization as the receiver as an example, the voter sends idV, VPKV, and PKV for identity certification, and the election organization uses (19) and (20) to certify the identity of the voter. A third party intending to impersonate the identity of the voter will face the difficulty of solving a problem with elliptic-curve discrete logarithmic complexity. Therefore, the proposed mechanism ensures the authentication of the participants’ identities.
4.2.5 Anonymity
In the proposed mechanism, the blind signature technique is adopted to allow the voter to use a randomly-chosen value bf as the blinding factor and to incorporate the public key PKTS of the time server for encrypting and blinding operations to generate an encrypted abstract document that is blinded (as shown in (23) and (24)). In this way, the election organization can only process the vote, and will not be able to access its content. Through the use of a random value bf, the produced encrypted abstract document will not be deterministic, so the election organization will not be able to determine which content of a vote will generate which kind of encrypted abstract document. Therefore, the voter does not need to worry that the document may be exposed during the signing process. Besides, when submitting the vote, the voter deploys the unblinding point wPK, the relationship value 𝑅, and the signed document 𝑆 on the blockchain through the smart contract for verification. The process of deployment is accomplished by using the public and private keys stored at the transaction address to complete the transaction with the smart contract. No one will know who the owner of the private key is as long as it is not disclosed to anyone. Therefore, the proposed mechanism ensures the anonymity of the voter identity.
4.2.6 Non-repudiation
Because the associated certificate is only owned by a specific voter, the behavior of such a voter collecting a ballot after mutual self-certification with the election organization will be regarded as a transaction record and deployed on the blockchain through the smart contract, which makes the fact that the voter has already collected a ballot undeniable and prevents the voter from repeatedly collecting ballots. As for whether or not to cast a vote after collecting a ballot, it depends on the voter to exercise the voting right. Besides, when the voter deploys the information regarding the vote on the blockchain, the smart contract will verify whether or not the information and the same transaction address already exist on the blockchain. If they exist, such a vote will be nullified and not deployed on the blockchain to ensure that the voter can only cast a vote once. As for the process of the blind signature, the election organization signs the document as the operation shown in (26). Since the private key skORG is only owned by the election organization, and the time server can verify the validity of the transaction record by using the public key PKORG of the election organization (as shown in (40)), it can prevent the election organization from denying the signing behavior. Therefore, the proposed mechanism ensures non-repudiation of the ballot collecting, voting, and signing behaviors.
4.2.7 Untraceability
In this study, the blind signature mechanism is incorporated. The voter uses a randomly-chosen value bf as the blinding factor for blinding the encrypted abstract document (as shown in (23) and (24)). The election organization can only sign the encrypted abstract document (as shown in (26)), and will not be able to access its content to know its voting option. Furthermore, the time server uses its private key skTS to check the vote (as shown in (40)) during the counting process. Although the time server eventually learns the content of the vote, it will not be able to make a connection with the voter. Even if any third party tries to trace the voter through the published verification parameters on the blockchain, it will still need the private key skTS of the time server (as shown in (29)). Therefore, the proposed mechanism ensures untraceability of the voter identity.
4.2.8 Third-party Participation
A decentralized blockchain does not rely on any trusted third party, thereby enhancing data verifiability and maintaining voting transparency. Therefore, the voter can still count the votes and verify the election result by itself even when there are no trusted third parties present [21]. As for identity certification, the participant in this study uses its own identity information and a random value to generate the signature file (as shown in (3)). After registering with the certificate authority and receiving the verification public key and the signature, it produces the public and private keys by itself and verifies the correctness of the public key (as shown in (19)). As soon as all participants complete registration, identity certification between any two parties of the transaction will no longer need to go through the certificate authority. Instead, they self-certified mutually. The proposed mechanism satisfies the security requirements of the Level 3 public key cryptosystem proposed by Girault (1991) [11] and ensures minimum third-party participation.
4.3 Comparison Between Security Alternatives
The comparison between the proposed mechanism and security alternatives proposed by relevant studies is shown in Table 3.
Table 3. Comparison between the proposed mechanism and alternatives by relevant studies
The electronic voting mechanisms proposed by Song and Cui (2012) [12] and Waheed et al. (2021) [14] are both categorized as general centralized mechanisms. Compared with the blockchain-based electronic voting mechanisms, they relatively lack transparency and are prone to interventions of trusted third parties. Furthermore, when the mechanism proposed by Song and Cui is adopted, the voter identity may be traceable [13], so the vote does not satisfy the security requirements of anonymity and untraceability. The mechanism proposed by Liu and Wang (2017) [15] further incorporates blockchain technology and deploys the interactions among participants in the form of transaction records on the blockchain for verification. However, their study did not describe how the participants generate public and private keys at the registration stage. It merely explained that the individual participant submits the identity information and the public key to the organization for registration. If the public and private keys still need to be generated by relying on a trusted third party like the certificate authority, the mechanism does not completely meet the security requirement of reducing third-party participation. Besides, at the voting stage, the voter establishes voting information directly based on the voting options, not through the ballot sent by the organization, so the organization is not able to ensure non-repudiation of the voting behavior by the voter.
The electronic voting mechanisms proposed by Dong et al. (2017) [16], Yu et al. (2019) [17], and Zhou and Yan (2020) [18] also incorporate blockchain technology. However, the certificate authority is required in these mechanisms to assist in the public and private key generation for conducting identity certification. Unlike the self-certification mechanism proposed in this study, in which the participants produce the public and private keys on their own and certify the identities of each other mutually, these mechanisms only partially meet the security requirement of minimum third-party participation. Furthermore, the main goal of the smart contract is to provide a decentralized environment when there is not any trusted third party present, and it will automatically carry out the processes according to the corresponding triggering inputs. However, these mechanisms all deploy the public and private keys in the smart contract through the certificate authority. Based on the fact that the smart contract is public and accessible to all participants, this means that everyone can access all information stored in the smart contract. As a result, counterfeiting may occur during the signing, and direct deciphering may be possible during encrypting the votes. Therefore, these mechanisms do not meet the security requirements of confidentiality and authentication.
On the other hand, the proposed mechanism meets all the listed security requirements and is proven to be feasible. Further verification of the feasibility of such a mechanism will be conducted through simulation and demonstration in the next section.
5. Simulation and Demonstration
This study proposes an electronic voting mechanism. In this section, the feasibility of the proposed mechanism will be verified through simulation and demonstration. The testing blockchain environment was established by using the Truffle Suite Ganache tools. The smart contract was developed by using the Solidity scripting language in the Remix online development environment. Subsequently, the MetaMask crypto wallet was registered and the smart contract was deployed on the Ganache simulated blockchain. Finally, the decentralized application (Dapp) for voting was developed by utilizing the Web3.js libraries for interacting with the Ethereum network. The following subsections describe the implementation of simulations for the 5 stages of the proposed voting mechanism.
5.1 The Initialization Stage
The initialization stage includes two parts, deploying the smart contract and registering the voting participants. For deploying the smart contract, the following steps are completed.
• Start Ganache to establish the testing blockchain, and set the network name and port number on the setting page,
• Use Remix and Solidity to implement the contract of the election organization,
• Select “Injected Web3” in the environment column of the deployment function settings and select the contract name to be deployed in the contract column, and
• Deploy the contract on the Ganache testing blockchain through the browser extension program MetaMask.
For registration, all participants register with the certificate authority through the decentralized application. A screenshot of the simulated registration process is shown in Fig. 2.
Fig. 2. A screenshot of the simulated registration process
5.2 The Ballot Collecting and Voting Stage
All participants need to mutually self-certify the identities of each other before interactions. Taking the voter and the election organization as an example, the voter first sends the identity 𝑖𝑑𝑉, the verification public key VPKV, and the public key PKV to the election organization for identity certification. After the process succeeds, the election organization similarly sends the identity idORG, the verification public key VPKORG, and the public key PKORG to the voter for identity certification. The mutual identity certification process is shown in Fig. 3. Subsequently, the voter collects the ballot and enters the voting page. After the randomlychosen blinding factor is generated and an option is selected, the vote is submitted and the process is completed (as shown in Fig. 4).
Fig. 3. A screenshot of simulated mutual identity certification between the voter and the election organization
Fig. 4. A screenshot of simulated voting
5.3 The Blinding and Signing Stage
After the voter clicks “submit” at the previous stage, the blinding factor bf, the public key PKTS of the time server, and the one-way collision-free hash function ℎ2( ) are used to generate the encrypted voting information 𝑤 and to conduct the blinding process. The program for the blinding process is shown in Fig. 5. The blinded encrypted abstract document 𝑊 is then sent to the election organization for signing. The program for the signing process is shown in Fig. 6. After signing, the election organization sends the relationship value 𝑅 and the signed document 𝑆 back to the voter.
Fig. 5. The program for the blinding process
Fig. 6. The program for the signing process
5.4 The Unblinding Stage
After receiving the relationship value 𝑅 and the signed document 𝑆, the voter uses the public key PKORG of the election organization to generate the unblinding point wPK for the voting information 𝑤. The program for the unblinding process is shown in Fig. 7. Subsequently, the unblinding point wPK, the relationship value 𝑅, and the signed document 𝑆 are deployed on the Ganache testing blockchain through the use of Web3.js and MetaMask to summon the smart contract for providing the voting participants to conduct the verification on their own. A screenshot of the simulated deployment process is shown in Fig. 8.
Fig. 7. The program for the unblinding process
Fig. 8. A screenshot of the simulated data deployment on the blockchain after voting
5.5 The Verifying and Counting Stage
At the verifying and counting stage, after the time server and the election organization mutually self-certify the identities of each other (as shown in Fig. 9), the election organization sends the transaction address addr, the encrypted blinding factor BF, and the verification values of all voting options options to the time server. Subsequently, the time server uses the transaction address addr to obtain the unblinding point wPK from the blockchain through the smart contract and uses its private key skTS and the public key PKORG of the election organization to compute a collection of points wPK′ to be compared with and to verify each wPK. A screenshot of the simulated counting process is shown in Fig. 10.
Fig. 9. A screenshot of simulated mutual identity certification between the time server and the election organization
Fig. 10. A screenshot of the simulated counting process
6. Conclusion
The main contribution of this study is the design of an electronic voting mechanism that meets all security requirements discussed in Section 4. The specific features of the mechanism are briefly described as follows. (1) Blockchain technology is incorporated to avoid the issues associated with the verification of the voting process through a trusted third party. (2) The elliptic curve cryptography is adopted to provide higher efficiency on the premise that the same level of security is reached (compared with the RSA cryptography). (3) A self-certification mechanism is introduced for identity certification to prevent the certificate authority as a trusted third party from selecting the private key on behalf of the voter and counterfeiting the voter’s identity, and to reduce the cost and risk of the overall certification system in storing, calculating, and managing public keys.
A consideration for future work may be conducting extensive analyses and validation of the proposed mechanism by testing and evaluating its performance and limitation with the real-life numbers of participants as well as different voting scenarios to ensure that it serves its purpose.
References
- J. W. Liu, "Opportunity, Challenge and Future of Promoting Electronic Voting in Taiwan," Taiwan Democracy Quarterly, vol. 16, no. 1, pp. 155-162, 2019.
- T. Moura and A. Gomes, "Blockchain voting and its effects on election transparency and voter confidence," in Proc. of the 18th Annual International Conference on Digital Government Research, pp. 574-575, 2017.
- W. J. Juang, "Does technology promote democracy? Analysis of the public's perception of the relevance of democratic development with adopting electronic voting," Taiwan Democracy Quarterly, vol. 18, no. 1, pp. 83-140, 2021.
- D. Chaum, "Blind signatures for untraceable payments," in Advances in Cryptology, Springer, Boston, MA, 1983, pp. 199-203.
- F. G. Jeng, T. L. Chen, and T. S. Chen, "An ECC-based blind signature scheme," Journal of Networks, vol. 5, no. 8, pp. 921-928, Aug. 2010. https://doi.org/10.4304/jnw.5.8.921-928
- S. Nakamoto, "Bitcoin: a peer-to-peer electronic cash system," 2008.
- V. Buterin, "A next-generation smart contract and decentralized application platform," 2013. [Online]. Available: https://blockchainlab.com/pdf/Ethereum_white_papera_next_generation_smart_contract_and_decentralized_application_platform-vitalik-buterin.pdf
- N. Szabo, "Smart contracts: building blocks for digital markets," 1996. [Online]. Available: https://www.fon.hum.uva.nl/rob/Courses/InformationInSpeech/CDROM/Literature/LOTwintersc hool2006/szabo.best.vwh.net/smart_contracts_2.html
- D. Johnston, S. O. Yilmaz, J. Kandah, N. Bentenitis, F. Hashemi, R. Gross, S. Wilkinson, and S. Mason, "The general theory of decentralized applications, DApps," 2014. [Online]. Available: https://cryptochainuni.com/wp-content/uploads/The-General-Theory-of-DecentralizedApplications-DApps.pdf
- M. Girault, "Self-certified public keys," in Proc. of EUROCRYPT 1991: Advances in Cryptology-EUROCRYPT '91, pp. 490-497, 1991.
- K. M. Khan, J. Arshad, and M. M. Khan, "Investigating performance constraints for blockchain based secure e-voting system" Future Generation Computer Systems, vol. 105, pp. 13-26, Apr. 2020. https://doi.org/10.1016/j.future.2019.11.005
- F. Song and Z. Cui, "Electronic voting scheme about Elgamal blind-signatures based on XML," Procedia Engineering, vol. 29, pp. 2721-2725, 2012. https://doi.org/10.1016/j.proeng.2012.01.379
- B. C. Xie and Z. W. Luo, "On the anonymity of Song and Cui's electronic voting scheme," in Proc. of Symposium on Enterprise Architecture and Information Technology, New Taipei, Taiwan, 2012.
- A. Waheed, N. Din, A. I. Umar, R. Ullah, and U. Amin, "Novel blind signcryption scheme for e-voting system based on elliptic curves," Mehran University Research Journal of Engineering & Technology, vol. 40, no. 2, pp. 314-322, Apr. 2021. https://doi.org/10.22581/muet1982.2102.06
- Y. Liu and Q. Wang, "An e-voting protocol based on blockchain," Cryptology ePrint Archive: Report 2017/1043, International Association for Cryptologic Research, 2017.
- Y. K. Dong, D. W. Zhang, Z. Han, and L. Chang, "Board voting system based on the consortium blockchains," Chinese Journal of Network and Information Security, vol. 3, no. 12, pp. 31-37, 2017.
- T. Yu, C. Cao, L. Wang, and L. Xu, "An anonymous electronic voting scheme based on alliance chain," Cyberspace Security, vol. 10, no. 12, pp. 22-29, 2019.
- Z. Zhou and G. L. Yan, "An anonymous electronic voting protocol design," Software Guide, vol. 19, no. 1, pp. 229-233, 2020.
- G. Wood, "Ethereum: A secure decentralized generalised transaction ledger," 2014.
- Election Assistance Commission, "Voluntary voting system guidelines," 2021. [Online]. Available: https://www.eac.gov/voting-equipment/voluntary-voting-system-guidelines
- K. T. Sri, K.R. Sri, and N. Pedamallu, "E-voting system using blockchain," Journal of Xi'an University of Architecture & Technology, vol. 13, no. 5, pp. 527-533, May 2021.