ES2726003A1 - Method for secure electronic voting with immutable audit system and computer programs (Machine-translation by Google Translate, not legally binding) - Google Patents

Abstract

Method for secure electronic voting with immutable audit system, allows to conduct electronically, with total security, voting and consultation through a communications network. The method employs interrelated cryptographic processes (210) and protocols (202, 204, 206, 208, 212, 214), specially designed to provide security for the casting of votes, the counting of votes, and the verification of Results of the vote or consultation. These cryptographic processes and protocols together form a cryptographic voting scheme capable of ensuring the specific security requirements of an electronic voting in which voters cast their votes remotely. The method incorporates an audit layer based on the use of immutable mechanisms that protect the records of all actions taken during the voting, such as those performed by the system administrators of the voting servers, to ensure total transparency of the process. (Machine-translation by Google Translate, not legally binding)

Description

DESCRIPTION

Method for secure electronic voting with immutable audit system and computer programs

Field of the Invention

The present invention generally relates to electronic voting. In particular, the present invention relates to a method, and computer programs, for secure electronic voting, as well as the associated cryptographic processes and protocols, with immutable audit system.

Throughout this specification, the cryptographic process means any ordered set of information transformation steps that include cryptographic operations. The term cryptographic protocol will be used here to refer to a cryptographic process carried out among various participants, which exchange information through any data communication system. On the other hand, a number of interrelated cryptographic processes and protocols that pursue a common goal will be called a cryptographic scheme.

The document will indicate which processes will be submitted to an immutabilization system that allows an audit based on mechanisms for protecting the privacy and integrity of the documentation. The implementation of the audit based on the immutabilized data is not part of the invention, only the mechanisms of immutabilization and validation for the securing of the voting process.

Background of the invention

In a remote electronic voting or consultation system, a number of authorized voters cast their votes or opinions from certain voting devices, to a virtual voting center, through a communications network. A server, or several of them, constitute said virtual voting center and are responsible for accepting voter connections and registering the votes or opinions cast for future counting and tabulation. Once tabulated, the results of the query are finally published, probably through the communications network itself.

Clearly, these types of remote electronic voting systems must include a series of security measures. Voting in the traditional way (that is, using physical ballots at actual voting sites) is done with confidence due to the use of physical security measures such as paper envelopes, guards, or physical ballot boxes. However, these types of physical protection measures are no longer useful in remote electronic voting systems. It is necessary to replace them with the appropriate digital security measures, a task that presents a complex problem, with a set of specific security requirements. Voter privacy, for example, is a central security requirement in any electoral process and in many types of consultation. No one (not even the electoral authorities or the system administrators of the servers of vote) should be able to correlate the votes with the voters who have cast them. However, at the time of casting their vote, voters must be properly identified through some authentication mechanism to prevent unauthorized voters from voting or authorized voters voting more than once. The correctness of the results is also very important. No one should be able to add false votes (perhaps on behalf of voters who have abstained), or to eliminate or manipulate valid votes cast. Another desirable quality is the secret of any intermediate outcome until the consultation has not been completed, unless the inherent characteristics of the process require otherwise. The purpose of this secret is to prevent the current state of the consultation from affecting the decision of some voters. Another security requirement of great importance is the verification of the final results. Voters should be able to verify that their corresponding votes have been correctly counted. In case of detecting any problem in the count, the affected voters must be able to demonstrate publicly (without violating their privacy with it) that their validated votes were not treated properly. Finally, the use of electronic voting systems should not expose voters to coercion, nor facilitate the sale of votes.

This type of security requirements specific to an electoral process cannot be resolved using only generic digital security measures common in the market, such as firewalls, demilitarized zones, encryption at the level of data transport, and so on. A correct solution must necessarily include a special purpose cryptographic scheme, designed specifically for the problem raised by a remote electronic voting. A cryptographic voting scheme determines precisely the steps and actions involved in the remote issuance of a vote, both by the voting device used by the voter and by the corresponding voting server. The scheme also determines the cryptographic operations that must take place during the vote counting process, and also for the verification of the final results. Naturally, a cryptographic voting scheme must also be complemented with generic security measures to maximize security, and better protect the entire voting system.

The first cryptographic voting scheme was proposed by Chaum in 1981 [Chaum, D. Untraceable electronic mail, return addresses and digital pseudonyms. Communications of the ACM, v. 24, n. 2, pp. 84-88, 1981]. Many other proposals followed, shaping a large group of voting schemes, known as schemes based on mixing or mixing techniques. The fundamental principle of such mixing-based schemes consisted of casting votes to a virtual voting center through some kind of anonymous channel built in the communications network. Usually, these voting schemes used the technique of the blind digital signature described in US 4,759,063, to validate the votes without violating the privacy of the voters. Among the voting schemes based on mixing, the most representative examples were presented in [Fujioka, A., Okamoto, T. and Ohta, K. A practical secret voting scheme for large scale elections. Proc. of Auscrypt '92, LNCS 718, pp. 244-251, 1992] and [Park, C, Itoh, K. and Kurosawa, K. Efficient anonymous channel and all / nothing election scheme. Proc. of Eurocrypt '93, LNCS 765, pp. 248-259, 1993]. The invention described in US 6,317,833 is also based on mixing, although unlike the proposals listed above, the mixing process is not carried out in the communication channel but in the center for receiving votes. Voters protect their votes with the public key owned by a voting authority. This authority is very similar to the electoral table figure introduced in. [Borrell, J., Rifa, J. An implementable secure voting scheme. Computers & Security, 15, pp. 327-338, 1996]. Each voter needs a pair of asymmetric keys in order to sign the encrypted vote. In the description of the invention reference is made only to the ElGamal cryptosystem [ElGamal, T., A public key cryptosystem and a signature scheme based on discrete logarithms, Proc. of Crypto '84, LNCS 196, pp. 10-18, 1985] as a means for such signature. It is assumed, therefore, that each voter's key pair must conform to the ElGamal cryptosystem. This requirement implies a limitation in the voting scheme. In addition, the scheme does not offer an important benefit: the verifiability or possibility for voters to verify the correct counting of their votes at the end of the process.

A second group of cryptographic voting schemes, based on homomorphic encryption techniques, began with the work of Benaloh and Yung in 1986 [Benaloh, JC and Yung, M. Distributing the power of a government to enhance the privacy of voters. Proc. of 5th Annual ACM Symposium on Principies of Distributed Computing, pp. 52-62, 1986]. These voting schemes avoided the use of anonymous channels by splitting individual votes into a number of pieces and sending each of the pieces to a separate counting agent. These agents counted the votes without having to decipher them (for this they had cryptographic mechanisms that ensured the accuracy of the count). Some representative examples of voting schemes based on homomorphic encryption techniques have recently been presented in [Sako, K. and Kilian, J. Secure voting using partially compatible homomorphisms. Proc. of Crypto '94, LNCS 839, pp. 411-424, 1994], [Cramer, R „Franklin, M., Schoenmakers, B. and Yung, M. Multi-authority secret-ballot elections with linear work. Proc. of Eurocrypt '96, LNCS 1070, pp. 72-83, 1996], and [Cramer, R., Gennaro, R. and Schoenmakers, B. A secure and optimally efficient multi-authority election scheme. Proc. of Eurocrypt '97, LNCS 1233, pp. 103-118, 1997]. Inventions US 5,495,532 and WO 0120562 describe two voting schemes based on homomorphic encryption techniques. These schemes require computing resources significantly higher than those required by mixing-based schemes, making it impossible for them to be implemented on client devices with low computational capacity. Another limitation of such schemes is that due to their intrinsic characteristics they are absolutely unable to support arbitrary voting ballot formats.

Inventions US 6,081,793 and US 6,021,200 describe rather simplistic cryptographic voting schemes, based on the well-known "model of the two agencies". In general, these two voting schemes provide a solution to the security requirements of an election only if both agencies do not conduct a coalition dishonest, and it is also necessary to place full confidence in some parts of the system.

In any cryptographic voting scheme, measures should be taken to ensure the verifiability of the final result of the vote by the voters and at the same time protection measures against the coercion of the voters by third parties as well as against the sale of votes by the voters themselves. The two sets of measures have proven contradictory to each other. Indeed, facilitating verifiability increases the possibility of coercion and sale of votes, and if the possibility of coercion and sale of votes is hindered, verifiability is also difficult. Two previous works have tried to solve both issues simultaneously, although the resulting proposals are not applicable on regular communication networks. In US 6,092,051 and EP1017025 two cryptographic voting schemes are described that use an anonymous channel as described in US 5,682,430. Said channel must be physically protected against passive attackers that can subtract information from it, so the resulting voting systems cannot use conventional data communication networks such as the Internet.

In any of the cases described, the audit of the election is based on validating the cryptographic evidence and the evidence of the actions that have been performed during the election. Therefore, it is of utmost importance to ensure the integrity and veracity of all such audit information so that the correct election results can be validated and to detect and assimilate any possible problem.

In this invention, a set of techniques for the protection of the integrity and veracity of the audit information are proposed that allow this information to be immutabilized at the time it is recorded, providing a further level of security in the electoral processes.

Brief exposition of the invention

The present invention describes a secure, remote electronic voting method, as well as the cryptographic protocols and processes used, which form a cryptographic voting scheme, whose evidences of correct execution will be protected by an information immutabilization mechanism.

The invention also relates to computer programs for the implementation of the aforementioned cryptographic processes and protocols that allow immutabilizing the evidence of the correct execution of the processes and protocols.

A first objective of the present invention is to cover a complete list of security requirements inherent in elections and electronic consultations: voter privacy, authentication of authorized voters, accuracy of the results of the consultation, secrecy of any intermediate results up to the completion of the consultation (if necessary), difficulty of coercion of the voters as well as the sale of votes, and verification of the final results. The present invention allows to minimize the level of confidence that must be placed in any of the elements and participants of the electronic voting, thus ensuring the list of security requirements even in the case of system administrators, electoral authorities, or voters, corrupt or dishonest. The present invention ensures the privacy of voters through digital envelopes for votes, a cryptographic scheme for distributing trust between various electoral authorities, and blind digital signature techniques or alternative protocols to validate the votes. Voter authentication is preferably achieved through public key technology ([ITU-T, Recommendation X.509 ( 08/97) Information Technology - Open Systems Interconnection - the Directory: Authentication Framework, 1997] can be taken as a reference ), where appropriate enabling a mechanism to save the installation of digital keys and certificates in the voting devices of the voters themselves. The verification of the final results is based on digitally signed voting receipts, combined with a highly efficient method of downloading results by voters. The accuracy of the final results is ensured by means of digital envelopes, and proof of authenticity, with the support of digitally signed voting receipts. The secret of intermediate results, if necessary, is secured by means of digital envelopes. The prevention of coercion and the sale of votes is based on a special design of voting receipts and, where appropriate, the use of voter-resistant devices. To facilitate the audit of the execution of security mechanisms described, the present invention proposes a set of techniques based on the cryptographic chaining and sealing of chain blocks to preserve the immutability and authenticity of the evidence of execution of said mechanisms.

It is another objective of the present invention to overcome the limitations and practical inconveniences of previous work in secure electronic voting methods. For this, the invention incorporates only cryptographic processes and protocols of low computational cost, allowing advantageously the efficient implementation in thin clients and the efficient audit of the electoral processes. In addition, the invention supports absolute flexibility in the format of the votes, including issues and open candidates, which can be chosen at the same time as the vote. Furthermore, the invention eliminates the need for any type of special communication channel such as a physically protected secure channel, or an anonymous channel. Only regular regular data communication channels are required in any communications network.

It is another objective of the present invention to describe alternative protocols to the use of blind digital signatures to ensure voter privacy in cryptographic voting schemes based on mixing. Therefore, the mechanisms to protect the evidence will not be restricted to a single cryptographic voting protocol.

It is another objective of the present invention to describe secure mechanisms for the opening and closing protocols of virtual voting centers, as well as facilitating a Immutable audit that these processes were carried out at the correct time and order.

Ultimately, the present invention describes a secure method of electronic voting and the cryptographic voting scheme used that implements cryptographic mechanisms for immutabilization of the evidence of voting transactions in order to allow a reliable and complete audit of the voting process. The invention allows electronic voting or consultation through a regular communications network to reach similar levels of security and confidence and in certain aspects superior to those given in traditional elections by physical means. Said objectives are achieved by a method for secure electronic voting comprising the steps detailed in independent claim one, as well as in the dependent claims.

Brief description of the figures

Figures 1a, 1b and 1c show the main elements on which the electronic voting method described in the present invention is implemented. A plurality of Voting Emission Platforms 102 (in which Voter Agents 116 are executed), a Voting Site 104, a Publication Site 106, a Counting Site 108 and an Immutabilization Computer System 109, are connected between them through a communications network 114. Said elements can be fully distributed and separated from each other, as shown in Figure 1a. There can also be different levels of grouping. Figure 1b shows the configuration with Voting Site 104 and Publication Site 106 grouped together. Figure 1c shows the grouping configuration of Voting Site 104, Publication Site 106, and Counting Site 108. In any case, Counting Site 108 is operated by an Electoral Board 110 consisting of several members, and is it is physically connected to the communications network 114 through a highly secure network connection 112.

Figure 2 shows the cryptographic processes and protocols that the present invention comprises, and the order in which said processes and protocols take place.

Figures 3a and 3b show two possible configurations of the highly secure network connection 112 used to connect Count Site 108 to communications network 114.

Figure 4 shows the format of the opening order 402 that the Electoral Board 110 sends to the Voting Site 104 Upon receipt of said order, the Voting Site 104 proceeds to accept connections by Voting Agents 116

Figure 5 shows the seven steps that constitute the Vote Emission Protocol 206.

Figure 6 shows the format of the closing order 602 that the Electoral Board 110 sends to the Voting Site 104. Upon receipt of said order, the Voting Site 104 ceases to accept connections by Voting Agents 116.

Figures 7a, 7b and 7c show three examples of splitting the data list for verification that is used in the Verification Protocol 214. Figure 7a shows the splitting of said list into two subsets of mutually exclusive entries, so that The partial downloading of results from Publication Site 106 performed by Voter Agent 116 affects only half of the entries. Figure 7b shows the partition of said list into four mutually exclusive subsets. Figure 7c shows the existence of an excessively minority voting option that is not taken into account to partition and that is included in its entirety in each and every one of the resulting subsets.

Figures 8.a, 8.b and 8.c show different centralized and distributed configuration configurations of the Immutabilization Computer System 109 together with the Voting Site 104, the Publication Site 106 and the Counting Site 108.

Figure 9 describes the immutabilization processes 501 of the evidence generated by the voting system that is the subject of this invention.

Detailed description of the invention

The present invention relates to a secure method of electronic voting and the cryptographic scheme used, with special application to remote electronic voting through a communications network. Said cryptographic scheme includes cryptographic protocols and processes that take place before, during and after the voting or consultation itself, and the use of cryptographic mechanisms for immutabilization of evidence of execution of said cryptographic protocols and processes 501. The scope of the invention does not It covers the tasks of building the census, the possible management of asymmetric keys for voters, and the development of an audit system based on unmutabilized evidence.

The creation of a voter census is in fact an essential preliminary step for any vote that seeks to meet minimum security requirements. Such census will be useful during the Voting Protocol 206 and / or in the Counting Process 210, essentially to prevent unauthorized users from voting and authorized voters to count more than one vote, as well as to prevent the introduction of false votes on behalf of voters who have abstained.

Preferably, the voting method will be based on a public key infrastructure or PKI, a concept contained in the X.509 specification [ITU-T, Recommendation X.509 ( 08/97) Information Technology - Open Systems Interconnection - the Directory: Authentication Framework, 1997], with the purpose of managing asymmetric keys for voting actors. Asymmetric voter codes are used during voting for authentication and non-repudiation purposes. The private key of each Voter must be known or accessible only by the voter himself. This implies either that the voters generate their asymmetric key pairs by their own means or that the asymmetric key pairs are generated by an appropriate Certification Authority and are delivered securely to the voters. Each voter's private key may remain on the Voting Site 104 itself, protected by a symmetric encryption system with a password that meets certain security parameters, in particular as regards its entropy. In this case, each voter should only know and maintain their password. Some representative examples of symmetric encryption that could be used are described in [Applied Cryptography, Protocols, Algorithms, and Source Code in C (second edition), Bruce Schneier, editor John Wiley & Sons, Inc., 1996] and [The Design of RijndaeL: AES -The Advanced Encryption Standard ( Information Security and Cryptography), Joan Daemen and Vincent Rijmen, Springer Verlag, 2002]. The protection of voters' private keys through symmetric encryption prevents them from being used without the knowledge of the password. In this way, the encrypted private key can reside on the Voting Site 104 with which the voter will interact, and be sent to it through the communication network 114, at the beginning of the Voting Protocol 206. This storage technique of The private keys of the voters can avoid the inconvenience arising from the installation of private keys and digital certificates in the Voting Emission Platforms 102. Alternatively, each voter can keep their private key in a secure physical medium (floppy disk, CD, smart card or other type of trusted personal device) or in encrypted form on your personal computer or on another computing platform of your property that is part of, or interconnected with, the Voting Emission Platform 102.

Figure 1a shows the architecture of the voting system in the case of maximum dispersion of the elements that comprise it. In this figure, a plurality of voters can be observed interacting through their respective Voting Agents 116 on each Voting Issue Platforms 102, a Voting Site 104, a Publication Site of the results 106 and a Counting Site 108, all of them connected through a communications network 114 such as the Internet. Due to the sensitivity of the Counting Site 108, it is connected to the communications network 114 via a high security connection 112. An Electoral Board 110 formed by several members controls the functionalities of the Counting Site 108, as well as the administrative tasks and functional related to the electoral process. The opening and closing of Voting Site 104 would be two examples of these tasks. Figures 1b and 1c show other possible configurations of the voting system, in which the degree of grouping of the different elements that make up the system is higher. Figures 3a and 3b show two possible configurations of the highly secure network connection 112 used to connect Count Site 108 to the communications network 114. In Figure 3a, the connection of Count Site 108 to the communications network 114 it is protected with computer security measures in networks, such as the aforementioned firewalls, demilitarized zones, etc. This type of measures greatly hinders fraudulent remote accesses that have the purpose of attacking the processes and tasks that are carried out on the Counting Site 108. Figure 3b shows It shows an even more reliable configuration, with the Counting Site 108 physically disconnected from the communications network 114. An additional device connected to the communications network 114 is responsible for receiving the data that the Counting Site 108 requires to carry out their tasks (basically, the digital urn). Said data is transferred from the additional device to the Counting Site 108 by means of a physical medium such as a magnetic disk, a Zip, CD or DVD. The data that must circulate in the reverse direction also uses the same type of support.

The cryptographic processes and protocols included in the present invention require the completion of complex mathematical calculations by the voter during their interactions with Voting Site 104 and Publication Site 106. The complexity of these calculations motivates them to be performed, on behalf of the Voter, by a Voter Agent 116 formed by a set of programs or software. It can be a conventional application, a plug-in for an internet browser, an application that runs on the browser itself, or a module that runs on a mobile phone terminal or on another personal mobile computing device. Voter Agent 116 could even be implemented in the form of an integrated circuit. In any case, the Voting Agent 116 must be duly audited and certified, to guarantee the voter that he does not perform any operation that is not described in the cryptographic voting processes and protocols. Voter Agent 116 runs on Voting Broadcast Platforms 102. These can take the form of different hardware devices, or a combination of them, such as a personal computer, a voting terminal, a personal digital assistant (PDA) , a mobile phone terminal, or a smart card.

Voting Site 104 has the mission of accepting the connections of Voting Agents 116, collaborating with them in the cryptographic voting processes and protocols, and saving the votes cast for subsequent recount. Optionally, different Voting Sites 104 can be created as independent virtual polling stations. This type of configuration could occur, for example, in the case of very large electoral censuses that require a distribution of voters in several independent voting centers. In the following, the existence of a single Voting Site 104 (a single virtual polling station) will be assumed, although the method described in the present invention could easily be extrapolated to configurations with a plurality thereof.

The evidences of the correct execution of the processes of creation and loading of the electoral census, of creation of the public and private keys of the election, and of opening and closing the voting, will be recorded in an audit system immutabilized by means of cryptographic techniques 501 executed in an immutabilization computer system 109. To simplify the notation, in the rest of the document, each evidence that is recorded in the immutabilized audit system will be indicated with the notation [* BC *] after mentioning the event.

The 501 immutabilization techniques implemented will have the main objective of offering the following properties:

• Preserve the integrity of the information contained in the recorded evidence. It must be guaranteed that an audit will detect any alteration of the information contained in said evidence.

• Preserve the integrity of the order in which said evidence has been recorded regardless of any timestamp included in the evidence information. An audit must be able to detect manipulation attempts based on the time alteration of the systems that implement the voting system.

• Preserve the authenticity of the immutabilization of evidence. The irrefutable authorship of the origin that has immutabilized the evidence must be preserved to avoid falsifications.

• Isolate possible integrity errors in the immutabilized evidence, without this error affecting the overall evidence recorded in the election.

These immutabilization techniques 501 will consist of the execution of the following steps in the aforementioned immutabilization computer system 109 for each of the evidences received:

1. Generation of a proof of integrity of the evidence by means of the cryptographic chain of the information of said evidence with the information of the previous evidence received, by means of a summary or hash function.

2. Storage of the value of the integrity test of the evidence in the memory and / or storage system of the immutabilization computer system 109.

3. Generation, every certain number of evidences and / or certain time, of a proof of integrity of evidence block by means of the execution of a second cryptographic signature function on the last proof of integrity of the evidence.

4. Storage of the block integrity test.

In a preferred implementation, the immutabilization computer system 109 has a first initialization phase in which the value of the first evidence is a predetermined one, such as a block start message or the like. In this way the first evidence is immutabilized with that first value of evidence. The cited evidence will be referred to as E0 and the integrity test of said evidence as PI0. An initial value of the evidence could be an indicative text (eg, "Start of immutabilation") together with a unique identifier related to the event from which the evidence is immutabilized (eg, the identifier of the election) and a time stamp of the when the immutabilization starts (eg, date, time and day in the desired time zone or UTC) The format of this information can be readable or binary text, the type of format not being a limitation for the implementation of the mechanism for immutabilization of the evidence.

As a summary or hash function used for the generation of the integrity test, a cryptographic hash function such as SHA1, SHA2 or the like can be used, applied to the concatenation of the value of the evidence to be chained with the previous value of the evidence. This function will be denoted as H. Concatenation can be done directly by joining both values by adding a separator (eg, a semicolon) or even combining them with an XOR function. There is no limitation in the technique implemented to concatenate and this can be adapted to the format of the evidence information (text or binary). This concatenation will be denoted with the symbol |, the evidence to be immutabilized as E¡ and the proof of integrity of said evidence PI ^í , being i the order number of the evidence.

Following said notation, in an exemplary embodiment, the evidence will be immutabilized as follows:

• For the first E0 evidence, there will be no concatenation, so you will have:

E0 = indicative_text | event_identifier | time_mark

PI ⁰ = H (E0) •

• For the following evidences E¡ being i> 0, the integrity test is calculated by concatenating the evidence Ei with the previous evidence Ei-1 or the evidence of the previous evidence PIi-1, and then the H hash function is applied.

Pl¡ = H (E¡ | PI¡-1)

Every certain number of evidences N or elapsed time T, will proceed to generate a proof of integrity of evidence block that will be called PBEj. The j value of PBEj will depend on the number of blocks that are generated. N or T may have values equal to or greater than 1, being in the case of time relative to the desired measure, such as seconds, minutes, hours or any other without limitation (although the use of seconds is preferably recommended). This PBEj is calculated by executing a cryptographic signature function that will be called S over the value of the last integrity test P¡.

PBE ^j = S (P ^¡ )

The first block integrity test PBE ⁰ can be calculated after the time T or after N evidences, or it can be calculated on the first evidence E ⁰ , in that case PBE ⁰ = S (P ⁰ ).

The cryptographic signature function S can be any cryptographic function of symmetric key such as RSA, ElGamal, DS, based on Elliptic Curves, or any based on symmetric key such as an HMAC. For this, the immutabilization computer system 109 will have a secret key for the execution of said cryptographic function. That symmetric key will be stored in the immutabilization computer system 109 or in a secure device connected to said system (e.g., a secure hardware module, smart card or cryptographic token.

Alternatively, for the generation of the integrity test, other concatenation techniques can be used, such as those based on binary trees. In that sense, a Merkle tree of evidence integrity tests could be used instead of a sequential concatenation of the evidence with the previous integrity test.

Another alternative to the hash function used to obtain the PI integrity test is a key hash function or HMAC. In that sense, the key K that is used in that hash function H can be the same for all integrity tests or it can be changed from time to time or number of blocks. In a preferred implementation, this key K is changed each time a PI integrity test is generated. To do this, K is randomly generated just before or after generating the PBE block integrity test and is kept secret until a new K is generated. To make public the K used in the IP of a block, evidence is recorded with the value of said K (EK). Therefore, the following integrity tests will be recorded in the evidence register:

PIi = H (E¡ | PI ^m , K¡-1)

PBE ^j

PI ^{i + 1} = H (EK ^¡-1 , K ^¡ )

The following explains what types of events are immutabilized in the different components of the voting system by the immutabilization computer system 109.

At the end of the voting or consultation, the Counting Site 108 receives from the Voting Site 104 the digital ballot box containing all the votes cast [* BC *]. Operated by an Electoral Board 110 composed of a plurality of members, the Counting Site 108 counts the votes and prepares the list of results [* BC *]. Count Site 108 is an especially sensitive component of the voting system. That is why both the hardware and software components that constitute it should be kept as simple as possible. In particular, the software must be duly audited and certified, to ensure that it does not perform any operation that is not described in the cryptographic voting processes and protocols. As seen in Figures 3a and 3b, the Counting Site 108 is connected to the communications network 114 via a high security connection 112. The purpose of said high security connection 112 is to prevent unauthorized remote access to the Site. Count 108. In a First option, the high security connection 112 can be implemented by means of firewall systems that filter the remote accesses to the Counting Site 108. Additionally, a permanent surveillance group can monitor all incidents and anomalies with the help of intrusion detection systems. However, the preferred option to provide maximum protection to the Counting Site 108 in regard to remote accesses is to isolate it completely from the communications network 114, as shown in Figure 3b. In that case, the mechanisms of immutabilization of the evidence of the processes implemented in the Counting Site 108, are executed in the same Counting Site 108. However, to allow the sending of various data (including the digital urn) to the Counting Site 108 through the communications network 114, an additional device is available, physically close to the Counting Site 108, and with connection to the communications network 114 (connection protected with the security measures already listed). Said additional device is responsible for receiving the digital urn or other data that is subsequently transferred to the Counting Site 108 by means of a suitable physical support or an appropriate point-to-point connection. The flow of information in the reverse direction (data that must be sent from the Counting Site 108 through the communications network 114) also follows a similar operation. It should be noted that for greater security of the system as a whole, packet filtering firewall systems can also be used on Voting Site 104 and on Publication Site 106.

Publication Site 106 receives from the Counting Site 108 the voting results once tabulated [* BC *], and is responsible for making them public through communications network 114 [* BC *]. Additionally, it allows voters to verify the correct counting of their vote or, at a minimum, the correct reception of the vote by the Electoral Board 110. Publication Site 106 may consist of one, or a plurality of Publication Sites 106 connected to the communication network 114.

In the following explanations it will be assumed that Voting Site 104, Counting Site 108 and Publishing Site 106 are distributed and well differentiated. However, the possibility of grouping them has already been discussed. The immutabilization computer system 109 can also be implemented in a distributed or centralized manner (see Figures 8.a, 8.b and 8.c). An example of distributed implementation would be to implement in each of the components of the voting system a proprietary immutabilization computer system 109 for its evidences, as mentioned above in the case of having the Counting Site 108 isolated. An example of centralized implementation would be for the different components of the voting system to send their evidence via the communications network to a central computerization system 109, to be immutabilized.

The voting system described uses a series of cryptographic processes and protocols that are represented in Figure 2, together with the order in which they are happening in the course of elections or consultation. Initially, the Initialization Protocol 202 executed by the members of the Electoral Board 110 [* BC *] takes place. In this protocol the necessary tasks to prepare the vote. Then, the Opening Protocol 204 of the Voting Site 104 [* BC *] is carried out. Voters may from that moment execute the Voting Protocol 206, through the respective Voting Agents 116 and jointly with the Voting Site 104, in order to cast their votes. Once the voting period is over, the voting period is completed. carried out the Closing Protocol 208 [* BC *]. The next step consists of the Counting Process 210, in which the list of results is prepared [* BC *]. After the counting and tabulation of results, they are transmitted from the Counting Site 108 to the Publication Site 106 by means of the Results Transmission Protocol 212 [* BC *]. Voters finally verify the correct treatment of their votes through Verification Protocol 214.

To allow a more detailed description of the cryptographic processes and protocols listed, the following notation will be used:

• V: One voter in particular, acting from his Voting Platform 102, through his Voting Agent 116.

• PS: Voting Site 104.

• EB: Electoral Table 110.

• elect: A string of data that uniquely identifies the elections or consultation that may be held. It can be, for example, a sequential identifier, or the date and a descriptive text of the elections.

• ident: Unique identifier for each vote cast. This may be, for example, a random data chain of a sufficiently large length in relation to the census of voters participating in the election. •

• vote: Data string that uniquely identifies a specific voting option. It is a chain of data that supports a length and arbítranos contents. This feature allows maximum flexibility in regard to the format of the ballots. For example, open questions can be implemented, where the voter can give his or her opinion on what is being asked or directly write the identity of the voted candidate.

• M1 | M2: Concatenation of two messages M1 and M2.

• H {M}: Summary of the M message obtained through a cryptographic summary function.

• K: Key of a specific symmetric encryption system. Subscripts will be used to distinguish between the various keys of this type used in the protocols.

• E ^k [M]: Synthetic encryption of message M with the key K.

• Pent¡ty and Sentify: Pair of asymmetric keys (public key and private key respectively) owned by entity.

• P * entity and S * entity: Pair of asymmetric keys (public key and private key respectively) owned by entity, corresponding to probabilistic encryption according to the proposal of Blum and Goldwasser [Blum, M. and Goldwasser, S. An Effictent Probabdistic Public Key Encryptwn Scheme which Hides All Partial Information, Advances ín Cryptology - CRYPTO '84 Proceedings, pp. 289-299, Spnnger Verlag, 1985].

• Pentity [M]: Asymmetric encryption of the M message with the public key Pentity

• P'entify [Mj : Probabilistic encryption of the M message with the entity public key .

• EK [Mj | Pentity [Kj: Digital envelope of the M message that is intended for entity. This digital envelope comprises the encryption of M with a symmetric session key K, concatenated to the encryption of said session key K with the public key Pentity of the recipient. The digital envelope mechanism is described in [PKCS # 7, Cryptographic Message Syntax Standard, An RSA Laboratories Technical Note, Version 15, November 1, 1993]

• Sentity [H {M} j : Digital signature of the M message created with the entity private key.

The signature involves a cryptographic transformation determined by the pnvada entity key on the summary of the M message obtained by means of a cryptographic summary function. You can take [Rivest, R L., Shamir, A., and Adleman, LM A Method for Obtaining Digital Signatures and Public Key Cryptosystems. Comm. of the ACM, V. 21, n. 2, pp. 120-126, 1978] as a reference to said cryptographic transformation. The resulting format of a digital signature is described in [PKCS # 7, Cryptographic Message Syntax Standard, An RSA Laboratories Technical Note, Version 1.5, November 1, 1993]

• MBF : Message M covered with a BF concealment factor, according to the proposal made in US 4,759,063.

• [* BC *]: Evidence of the process that is recorded in the immutabilized audit system

The first step of the voting scheme consists of the Initialization Protocol 202, which includes the assignment of initial values to all the parameters necessary for the current voting [* BC *] and the generation of the necessary asymmetric key pairs for the set of Electoral Table 110 [* BC *] and for Voting Site 104 [* BC *]. These initialization processes can be carried out for a more or less extensive time. In a secure device, two pairs of asymmetric keys are generated for the whole of the Electoral Table 110. PEB (ADM) and SEB (ADM) are called the public and private keys, respectively, of the first of these pairs and PEB (ENV) and SEB (ENV) to the keys of the second pair. Likewise, a pair of keys is generated for Voting Site 104, called PPS and SPS. Public keys must be certified. Such certification can be performed by a Certification Authority with broad representation in conventional Internet browsers. Alternatively, the public keys could also be certified by a Public Key Infrastructure Certification Authority (PKI) associated with the voting system or another Certification Authority of some PKI whose root public key is somehow recognized by the voters.

The PPS and SPS keys will be used by the Voting Site 104 for the realization of digital signatures during the Voting Protocol 206 [* BC *] and the Closing Protocol 208 [* BC *]. In particular, the SPS private key will be used very frequently during the Voting Protocol 206 and therefore it will preferably be installed on a hardware device such as a cryptographic accelerator card, which will be associated with Voting Sites 104. Yes hardware device not available mentioned, the private key will be protected by the conventional protection mechanisms offered by the voting system of the Voting Sites 104.

The keys P ^{EB (ADM)} and S ^{EB (ADM)} will be used by the Electoral Board 110 for the Opening Protocols 204 [* BC *] and Closing 208 [* BC *] of the Voting Site 104, optionally for Voting Protocol 206 [* BC *], as well as for all those operations that require the performance of a digital signature by the Electoral Board 110. The private key S ^{EB (ADM) will} remain on the Counting Site 108 , which is connected to the communication network 114 via the High Security connection 112.

The keys P ^{EB (ENV)} and S ^{EB (ENV)} will be used only for the current voting. With the public key P ^{EB (ENV)} of the Electoral Table 110, voters will protect their votes during the Voting Protocol 206. The private key S ^{EB (ENV)} of the Electoral Table 110 is a piece of information of great sensitivity , since with it the votes can be checked out to allow their counting. The knowledge of this key by a single voting authority would weaken electronic voting by concentrating too much trust in a single point. The connoisseur of this private key could be put under pressure, or simply be dishonest and try to manipulate the vote. To avoid excessive concentration of trust, a cryptographic mechanism for distributing trust is used among the different members that constitute the Electoral Board 110 [* BC *]. This mechanism eliminates the possibility that a single member of the Electoral Board 110, or a certain minority of them, has knowledge of the private key S ^{EB (ENV)} . In general, it is assumed that there will be no majority coalitions for dishonest purposes among the members of the Electoral Board 110, since each of the members may have conflicting interests, when representing different voting options, belonging to third parties with interests in the correct conduct of the elections, or simply be an independent auditor. However, even in the event that a majority coalition for dishonest purposes occurs, the present invention allows the voters themselves to be able to detect the manipulation of the digital ballot box (elimination or modification of votes cast, as well as addition of false votes) [* BC *].

Various cryptographic secret sharing protocols can be used in the present invention to divide the private key S ^{EB (ENV)} of the Electoral Board 110 among its members, complying with the aforementioned characteristics of trust distribution. In the aforementioned work of Schneier you can find a description of them.

Once the private key S ^{EB (ENV)} of the Electoral Table 110 has been divided into individual participations by means of a cryptographic secret sharing protocol [* BC *], each of the participations is stored, conveniently encrypted, on the Site of Count 108 used to perform said division. To encrypt the participations, a suitable encryption system (typically symmetric) and a secure random key generated in the Counting Site 108 itself are used, and different for each of the participations. Each member of the Electoral Board 110 is assigned one of participations [* BC *], thereby receiving the random code used to encrypt said participation (generated with or without your intervention). The received key is stored in a personal secure memory device. The original private key, as well as the participations in clear, are finally destroyed by removing any trace of them from the processing, storage and memory devices and systems of the Counting Site 108. Alternatively, the members of the Electoral Board 110 could having received their respective participations directly, with which said participations would not be stored encrypted in Counting Site 108 but in secure personal memory devices.

The next step after Initialization Protocol 202 is Opening Protocol 204 of Voting Site 104 [* BC *]. The Electoral Board 110 is the one who determines the opening moment of the Voting Site 104. For this purpose, the opening order 402 is sent to the Voting Site 104 (see Figure 4) [* BC *]. Said opening order 402 must contain the following fields. First, the identifier of the current elections elect. Second, the Voting Site identifier 104 (typically, the IP Internet address of the Voting Site 104 accessed by the voters, or their DNS domain name). Third, the status of Voting Site 104 ("Open"). Fourth, the probability value PRACK. This value regulates the process of issuing voting confirmations from the Voting Agent 116 to the Counting Site 108. This process is carried out at the end of the Voting Protocol 206, as will be described later. Optionally, the opening order 402 may also contain the opening date and time. Finally, said order must incorporate a proof of authenticity as generated by the Electoral Board 110. This test consists of the digital signature of the opening order 402, using SEB (ADM) - The generic form of the opening order 402 would be well:

elect | PS | "Open" | PRACK I SEB (ADM) [H {elect | PS | "Open" | PRACK}]

Upon receipt of the opening order 402 by Voting Site 104, voters can begin casting their votes. At the end of the Voting Protocol 206 [* BC *], the vote cast by each voter will be stored on Voting Site 104, duly protected by cryptographic measures that will be described later. Likewise, the Voting Issue Platform 102 will store a voting receipt [* BC *] for purposes of subsequent verification of the vote.

The Voting Protocol 206 comprises seven steps, as detailed in Figure 5. If the Voting Emission Platform 102 consists of a trusted personal device and has a secure tamper module, all cryptographic operations performed by the Agent Voter 116 in the Voting Protocol 206 (and also in the Verification Protocol 214) are held inside for greater security. The first step of the Voting Protocol 206 is optional and includes voter authentication before Voting Site 104 [* BC *]. In the second step the voter chooses their voting option from the various options presented. In the third step Voter Agent 116 obtains a voting identifier, unique for each vote. Said identifier may be known (and even chosen) by the voter in the configuration with unlinked identifiers. The voting identifier cannot be known by the voter in the configuration with linked identifiers. In the fourth step, the Voting Agent 116 obtains a voting receipt that validates the vote and will allow the verifiability of the voting results. The voting method allows two different degrees of verifiability, depending on its configuration (linked identifiers or unlinked identifiers). In the fifth step, Voter Agent 116 protects the vote and other related information by building a digital envelope that can only be opened by a qualified set of members of the Electoral Board 110. In the sixth step, once the Site Voting 104 has received the digital envelope from the previous step, gives Voter Agent 116 a voting voucher [* BC *] showing that the vote has been effectively delivered. In the seventh step, the Voter Agent 116 decides to send, in whole or in part, said receipt to the Counting Site 108 [* BC *], according to the PR ^ack probability specified in the opening order 402, by way of confirmation of correct completion of the Voting Protocol 206. The Voting Protocol 206 always requires voter authentication. Said authentication can be performed in the first step of said protocol, or by using an authenticity test in the fifth step.

In the first step of the Voting Protocol 206, voter authentication allows Voting Site 104 to reasonably obtain proof of the real identity of each voter who contacts remotely [* Bc *]. Ideally, voters should have a pair of asymmetric keys that allow them to carry out strong authentication protocols, such as those described in the X.509 standard mentioned above, or through WTLS industry standards [WAP Forum, Wireless Transport Layer Security specification, Version 06-Apr-2001, April 2001], TLS [Dierks, T. and Alien, C. The TLS protocol, version 1.0. Request for Comments 2246, January 1999], or its predecessor SSL [Freier, AO, Karlton, P. and Kocher, PC The SSL protocol, version 3.0. Internet-Draft, November 1996], with bilateral authentication. The use of biometric identification systems could be combined with the strong authentication mechanism to add more security to remote voter authentication. This first step of the Voting Protocol 206 is optional and in case of not being carried out, the authenticity test of the vote that will be carried out in the fifth step of the Voting Protocol of Vote 206, will offer the due guarantees on the identity of each voter .

For its part, Voting Site 104 must also be authenticated to voters, using the industry standard authentication protocols mentioned in the previous paragraph. These protocols additionally guarantee the secure transport of data (the confidentiality, integrity and authenticity of the data exchanged between the Voting Platform 102 and the Voting Site 104).

During the second step of the Voting Protocol 206, the voter, interacting with the Voting Agent 116 on the Voting Platform 102, chooses the Sense of your vote. The present invention allows maximum flexibility in regard to the format of the votes. The voter can speak in favor of a certain option, in favor of a set of them, or in favor of some and against others. Open-ended questions can also be raised to collect the opinion of voters in free format, or also allow the election of selected candidates at the same time of voting. The voter's choice is encoded in the vote data chain, which supports any format, standardized or not.

The third step of the Voting Protocol 206 consists in obtaining a unique identifier for the vote. This value ( ident) must be large enough to uniquely identify each of the votes cast. Identification can be obtained in two different ways, depending on how the voting method is configured. A first configuration allows the voter to choose the ident value within a predetermined range or to delegate to their Voter Agent 116 the choice of said value. A second configuration requires that the voter not be able to determine the unique identifier of their vote before, nor know it once it has been obtained. In this case, the ident value is obtained by the Voter Agent 116 randomly with a uniform distribution.

In the first configuration mentioned, the voting identifiers will appear published in the final results, without any link to the respective voting options (which will be published grouped as totals). This first configuration will allow voters, during Verification Protocol 214, to ensure the correct reception of their votes by the Electoral Board 110. This configuration will be designated as "configuration with unlinked voting identifiers". In the second configuration, "with linked voting identifiers", the final results incorporate a list of all votes cast, individually and accompanied by the respective voting identifiers to facilitate their location and identification. This second configuration will allow voters to ensure not only the correct reception of their votes, but also the correct accounting of them by the Electoral Board 110. In both cases, the present invention ensures the impossibility of coercion or sale of votes based on the use and knowledge of vote identifiers.

In the configuration with unlinked voting identifiers, the voter does not have any means to demonstrate the link between their voting identifier and the chosen voting option. For this reason, the coercion or sale of the vote based on the search in the published results of the vote identifier has no effect.

However, in the configuration with linked voting identifiers, the coercion or sale of the vote could be based on the voter's ability to predetermine, or only get to know, the identifier of his vote. This would be a serious weakness since coercion and the sale of votes would cease to be limited problems to become significant threats to the security of the elections as a whole. Indeed, it is possible to distinguish between the coercion or sale of individual votes, due to the fact of voting remotely from uncontrolled environments, and the coercion or sale of mass votes, based on the automated processing of voting identifiers or voting receipts. The mere knowledge of the voter identifiers by the voters, prior to their publication in the final results, would represent an unequivocal proof of the voting option chosen by each voter. In this way, it would not be necessary to observe the voter while casting their vote but it would be sufficient to verify what the vote actually was when contrasting their voting identifier with the list of published votes.

Therefore, in the configuration with linked voting identifiers, Voter Agent 116 must prevent voter access to the identifier of their vote, both during their generation and in their subsequent storage. Ideally, this access control will be carried out by incorporating some type of tamper-resistant hardware device, such as a smart card, into the Voting Emission Platforms 102. The ident value is generated inside said device, being stored in a protected memory area that prevents access even by the voter himself. A first version of this technique of concealing sensitive data from voters was introduced in [Riera, A., Borrell, J. and Rifa, J. An uncoercible verifiable electronic voting protocol. Proc. of the IFIP SEC '98 Conference, pp. 206-215, Austrian Computer Society, 1998]. Alternatively, said data concealment can be done by software protection. However, this type of protection is too weak against certain attacks. That is why the preferred implementation is based on the use of a secure hardware device against tampering. Even so, in the case of using software protection for concealment of the voting identifier, the present invention includes a cryptographic protocol between the Voting Agent 116 and the Voting Site 104 for obtaining the voting identifier. The proposed protocol allows the joint generation of the voting identifier, so that the voter cannot in any way predetermine the identifier beforehand, while preventing Voting Site 104 from gaining any knowledge about the identifier once generated jointly. Before initiating the protocol, Voter Agent 116 and Voting Site 104 must agree to use a particular symmetric encryption system. The block size of the cipher must match or be larger than the size of the vote identifier to be generated (if it is smaller, the protocol must be repeated as many times as necessary). Voter Agent 116 randomly generates a key K¡ for the chosen encryption system and, by means of a cryptographic summary function, calculates the summary string of said key, H {K}. Voter Agent 116 sends said summary to Voting Site 104. A random value R, of a number of bits equal to the block size of the agreed cipher, is generated at Voting Site 104. Voting Site 104 may digitally sign the summary of the symmetric key it has received along with the R value it has generated. Said digital signature will be useful to verify, on the Counting Site 108, the consistency of the voting identifier obtained, preventing the falsification of said identifiers by non-honest voters. In the next step of the protocol, Voting Site 104 then sends the following data to Voter Agent 116:

H {K ^¡ } | R | S ^ps [H {H {K ^¡ } | R}]

To obtain the ident value, the Voter Agent 116 encrypts with the key K ^¡ the R value sent by the Voting Site 104, obtaining ident = EKi [R].

The fourth step of the Voting Protocol 206 is to obtain a voting receipt. In the configuration with unlinked voting identifiers, said voting receipt validates the voting identifier chosen in the third step, and allows the voter to publicly issue a claim in the event that said voting identifier is not published in the final results. In the configuration with linked voting identifiers, said voting receipt gives validity to the voting option chosen in the second step, linking it to the voting identifier obtained in the third step. This allows the voter to publicly issue a claim in the event that said voting option, with the voting identifier to which it is linked, is not published in the final results. In both cases, the claim can be made publicly, demonstrating the accounting problem without revealing what the voting option was.

In the configuration with unlinked voting identifiers, the voting receipt is obtained by the digital signature of the Voting Site 104 of the concatenation of the voting identifier and the elect identifier:

ident | elect | S ^PS [H {ident | elect}]

In the configuration with linked voting identifiers, the voting receipt must contain information in some way intimately linked to the voting option chosen by the voter, vote. This prevents subsequent manipulation of the voting option, keeping the same voting receipt valid. The voting receipt cannot, however, contain the vote value clearly, since this would prevent the voter from making public claims (the voter, by showing his validated voting receipt, would reveal what his voting option really was). The technique of voting tags, introduced in [Sako, K. Electronic voting scheme allowing open objection to the tally, IEICE Trans. Fund Of Electronics, Communications in Computer Science, E77-A, pp. 24-30, 1994], and improved in its practical aspects of implementation in [Riera, A., Rifa, J. and Borrell, J. Efficient construction of vote-tags to allow open objection to the tally in electronic elections. Information Processing Letters, Vol. 75, n. 4, pp. 211-215, Elsevier Science, October 2000], helps achieve the objectives that voting receipts must meet In the present invention, a voting receipt for configuration with linked identifiers is constructed by applying a cryptographic summary function on the voting option of the voter, vote, and the identifier of vote ident, and concatenating said summary string with the identifier of the current elections, elect, finally obtaining H {ident | vote} | elect To validate said voting receipt, Voting Site 104 will use its private key S ^PS [* BC *]. However, the use of the conventional digital signature mechanism would allow the administrators of Voting Site 104 (or who had similar privileges) to correlate the votes published in the results with the voting receipts previously validated during the Issuance Protocols of Vote 206 To avoid this inconvenience, which would directly threaten the privacy of voters, the present invention uses variations of the digital signature mechanism. These variations make it possible to validate the voting receipt and at the same time prevent the Voting Site 104 from correlating the validated receipts and the votes that will subsequently be published in the results.

The first variation of the digital signature mechanism that can be used in the present invention consists of the so-called blind digital signature, described in US 4,759,063. Thus, Voter Agent 116 prepares the data to be signed with a concealment factor BF generated from randomly, ( H {H {ident | vote} | elect}) BF and sends this data to Voting Site 104 Voting Site 104 digitally signs the information received with its private key, obtaining SPS [ ( H {H {ident | vote} | elect}) BF] and sends that signature to Voter Agent 116. Due to the randomness of the BF concealment factor , Voting Site 104 does not obtain any useful information about the voting receipt. The Voting Agent 116, however, is able to eliminate the concealment factor of the received signature, recovering the digital signature on the original voting receipt, which constitutes the validated voting receipt:

H {ident | vote} | elect | SPS [H {H {ident | vote} | elect}]

A second variation for the validation of voting receipts is to encrypt them by means of a probabilistic cryptosystem, before transmitting them to the Voting Site 104. The probabilistic encryption has the property that the same message encrypted several times with the same public key gives rise to different encrypted texts, with which the Voting Site 104 cannot relate the encrypted receipts that it has validated with the votes that are published in the results. The concept of probabilistic encryption was described in [Goldwasser, S. and Micali, S. Probabilistic encryption, Journal of Computer and System Sciences, Vol. 28, no. 2, April 1984], and subsequently a possible implementation was presented in [Blum, M. and Goldwasser, S., An Efficient Probabilistic Public Key Encryption Scheme which Hides All Partial Information, Advances in Cryptology -CRYPTO '84 Proceedings, pp. 289-299, Springer Verlag, 1985]. The steps to validate voting receipts using probabilistic encryption are as follows. First, Voter Agent 116 generates a pair of session keys for the probabilistic cryptosystem, P * ^SESSION and S * ^session (public key and private key respectively) and probabilistically encrypts the receipt with the public key:

P * session ( H {ident | vote} | elect)

Next, Voter Agent 116 transmits to the Voting Site 104 the encrypted receipt along with the newly generated public key, P * SESSION- Voting Site 104 digitally signs this information with its private key, transmitting said signature to the Voter Agent 116. Voter Agent 116 stores the signature received together with the S * ^SESSION key, all of which forms the validated voting receipt:

P * ^{s E ss io N} (H {ident | vote} | elect) | P * ^SESSION | S ^RS [H {P * ^SESSION (H {ident | vote} | elect) | P * ^SESSION }] IS * ^SESSION

A third variation for the validation of voting receipts consists in using symmetric encryption to hide the receipt before the Voting Site 104. To obtain the validation of your voting receipt, Voter Agent 116 randomly generates a symmetric K ^r key of session. Voter Agent 116 encrypts the voting receipt with the generated key, and sends said encryption to the Voting Site 104 together with the summary of the key K ^r , obtained by means of a cryptographic summary function:

EKr [H {ident | vote} | elect] | H {Kr}

Voting Site 104 digitally signs the message received with its private key, sending said signature to Voter Agent 116. Voter Agent 116 stores the signature received together with the K ^r key, all of which forms the validated voting receipt:

EKr [H {ident | vote} | elect] | H {Kr) | S ^ps [H {EKr [H {ident | vote} | elect] | H {K}}] | Kr

Once the Voting Agent 116 has the voting receipt validated by the Voting Site 104 (according to any of the alternatives described), he can proceed with the fifth step of the Voting Protocol 206. This step includes the construction of a digital envelope to protect the vote (and with it the voter's privacy). Only the Electoral Table 110 as a whole will be able to open said digital envelope, thus following an analogy with most conventional electoral systems. In the digital envelope, the Voter Agent 116 includes the string vote, the ballot identifier ident and the validated voting receipt and the information necessary to verify the correct obtaining ident in the event that this value has been generated jointly between the Voting Agent 116 and the Voting Site 104. Additionally, the digital envelope will contain all the relevant information for the correct administration of the elections, such as the style of the ballot, the date of the elections or the election identifier of the language used. To construct said digital envelope, the Voter Agent 116 generates a session key K ^e , which encrypts with the public key P ^{EB (ENV)} of the Electoral Table 110. The generic form of the digital envelope would then be:

about = EKe [vote | ident | voting receipt | relevant information] | PEB ( ENV) [Ke]

Once the contents of the envelope have been encrypted, Voter Agent 116 attaches a proof of authenticity to said digital envelope. In the present invention four different options are contemplated to guarantee the authenticity of said digital envelope. In a first option, the Voter Agent 116 concatenates the digital envelope with the voter's identity V, with the identifier of the elect elections, with the opening order 402 and optionally, with a timestamp (time) at the time of voting and that is agreed between the Voting Agent 116 and the Voting Site 104. The set of all these concatenated data is digitally signed with the private key Sy of the voter and transmitted to the Voting Site 104:

about | V | elect | Order 402 | time | Sv [H {about | V | elect | Order 402 | time}]

In a second option, Voter Agent 116 concatenates the same previous data except for the digital envelope, and digitally signs it with the voter's private key SV.

Vle / ectO ^ in 402 | time | Sv [H {V | elect Order 402 | time}]

Next, Voter Agent 116 builds a second digital envelope on ' which he sends to Voting Site 106. For the construction of envelope' he uses the public key Peb (ADM) of Electoral Table 110. This second digital envelope contains the first digital envelope, and the digital signature on the specified values:

The third option is indicated for elections in which voters do not have a pair of asymmetric keys. In this type of election, each voter must have a different and secret private voter identifier ( PVI) that allows them to authenticate. The Voter Agent 116 concatenates said piece of information, PVI, with the identity of the voter V, with the identifier of the elect elections, with the opening order 402 and optionally, with a timestamp (time), and constructs a second digital envelope, on ', with the public key PEB (ADM) of the Electoral Table 110:

over '= E ^ over ^! V e ^^ O rd at 402 ^ ime ^ | PEB ( ADM) [Ke]

In a fourth option, Voter Agent 116, based on a chosen asymmetric cryptosystem, creates a key pair (PV (AUT), SV (AUT)) where the public component, or one of the public key components, it is the summary of the digital envelope, obtained by means of a cryptographic summary function. For example, using the RSA public key cryptosystem [Rivest, RL, Shamir, A. and Adleman, LM A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, v. 21, n. 2, pp.

120-126, February 1978], the public component, which usually receives the name of e, would correspond to the digital envelope summary, and the private component d , would be calculated, in the conventional way, to fulfill the properties of said cryptosystem. With the private component of the key pair created, Voter Agent 116 obtains the following signature:

^ e lec tO ^ en 402 | time | Sv ( AUT) [H {V | elect Order 402 | time}]

Voter Agent 116 concatenates and sends the following information to Voting Site 104:

so be ^ e lec tO ^ en 402 | time | Sv ( AUT) [H {V | elect Order 402 | time}]

In the second and third options, unlike the first and fourth, it is not possible to deduce the identities of the voters who have exercised the vote from the urn of the Site Voting 104. In any case, the proof of authenticity included with the digital envelope containing the vote prevents the addition of votes on behalf of voters who have abstained, both on Voting Site 104 and on Counting Site 108 .

The sixth step of the Voting Protocol 206 consists in obtaining a voting voucher [* BC *]. Said voucher, issued and validated by the Voting Site 104 by means of a digital signature, is intended to subsequently allow the voter to prove that he finally deposited a digital envelope in the Voting Site 104 during the current voting. The voucher may then consist of the signature of Voting Site 104 on the data submitted by the voter in the previous step. For the first and fourth options described above:

about | V | elect | Order 402 | time | SPS [H {about | V | elect | Order 402 | time}]

For the second and third options:

about '| SPS [H {about '}]

Voting Site 104 deposits in the digital ballot box the data set delivered by the voter in the fifth step of the protocol, together with the voting voucher. Thus, each vote in the digital ballot box incorporates a proof of authenticity by the voter himself and a proof of authenticity by the Voting Site 104.

Voter Agent 116 stores the voting voucher obtained in the sixth step of the Voting Protocol 206. Said voucher will be required in the counting claim processes, to demonstrate that the voter actually cast the vote.

The seventh and final step of the Voting Protocol 206, consists of the sending, by the Voter Agent 116, to the Counting Site 108 [* BC *], of the data chain corresponding to the digital signature included in the voting voucher obtained in the sixth step of the Voting Protocol 206, SPS [H {on | V | elect | Order 402 | time}]. This submission serves as confirmation to the Electoral Board 110 that the voter has completed the Voting Protocol 206. This submission is not made deterministically, but Voter Agent 116 makes the submission based on the PR ^ack probability included in the opening order 402. The objective of this shipment is to be able to detect, statistically, the eventual elimination of digital envelopes at the Voting Site 104, with a level of trust as large as desirable, without overloading the Counting Site 108 .

The Voting Protocol 206 could be interrupted for reasons beyond the voting method (communications network failures 114, for example). In the event that any of these unforeseen events occur, there must be an election oversight agency responsible for resolving these situations and serving voters. The specification and operation of said agency is outside the scope of the present invention.

In Figure 2 it can be seen how the next step to the Voting Protocol 206 is the Closing Protocol 208 [* BC *] of the Voting Site 104, which ceases its acceptance of new Voting Agent connections 116. The Closing Protocol 208 is initiated by the Electoral Board 110, which sends the closing order 602 to the Voting Site 104 (see Figure 6). Closing order 602 [* BC *] contains the elect election identifier, the Voting Site identifier 104 and the status of Voting Site 104 ("Closed"). Optionally, closing order 602 may contain the closing date and time. To prevent the falsification of the closing order 602, it is digitally signed with the private key S ^{EB (ADM>} of the Electoral Table 110. The generic form of the closing order 602 would therefore be:

elect | PS | "Closed" | S ^{eb (ADM)} [H {elect | PS | "Closed"}]

Upon receipt of closing order 602 duly signed by Electoral Board 110, Voting Site 104 makes it public [* BC *]. In this way, the following Voter Agents 116 will be shown to attempt a connection, that Voting Site 104 is already closed. The Electoral Board 110 expects, after having sent the closing order 602, the immediate reception by the Voting Site 104 of the digital signature of the digital ballot box together with the identities of the voters currently being processed [* BC *]. This digital signature prevents Voting Site 104 from accepting new votes once closed. After receiving this data, the Electoral Board 110 waits for a predetermined maximum time for Voter Agents 116 who had not completed the Voting Protocol 206 to finalize it. Once all outstanding Voter Agents 116 have ended, or the maximum waiting time has elapsed, Voting Site 104 transmits to the Electoral Table 110 the complete digital ballot box. This shipment is made through a secure connection such as those detailed above.

Once the digital urn [* BC *] is received, Electoral Board 110 proceeds to initiate the Counting Process 210 [* BC *]. The first task to be performed on the Counting Site 108 is to verify that the digital ballot box received matches the digital signature received immediately after issuing the closing order 602, adding in any case the digital envelopes of the voters who were completing the Protocol of Vote Emission 206 [* BC *]. With this, the Electoral Board 110 can verify that no votes have been added after the deadline, nor that possibly valid votes have been removed. Count Site 108 also verifies the authenticity tests associated with each of the envelopes in the urn [* BC *]. This verification ensures that only authorized voters in the census have cast votes, and that they have done so only once. In the first, second and fourth authenticity options presented, the Counting Site 108 verifies the digital signature attached with the digital envelope (in the second option you must first open the external digital envelope with the private key S ^{EB (ADM)} of Electoral Table 110) [* BC *]. In the third option, once the external digital envelope with the private key S ^{EB (ADM)} of the Electoral Table 110 is opened, it verifies that the private voter identifier, PVI, corresponds to the voter identifier V. The Counting Site 108 also verify the correct presence of the opening order 402 accompanying each over digital [* BC *]. The Counting Site 108 also contrasts the ballot box received with the confirmations sent by the Voting Agents 116 during the last step of the Voting Protocol 206.

In the case of finding two or more digital envelopes of the same voter (in the event that the electoral process allows it), only one of them will be considered valid [* BC *]. The time stamp signed by the voter can be used to determine the order of precedence of the votes of the same voter and choose for example the last one. The possibility of issuing more than one digital envelope by each voter could also be useful to protect electronic voting against individual coercion, by means of the same technique of duress codes typical of electronic alarm devices. In this case, each digital envelope would be accompanied by a duress code. All codes would have the same format, but one of them would be the correct one (indicating no coercion) and the rest would be incorrect (indicating coercion). If the voter were coerced during the casting of the vote, he could choose to cast a false vote, in the presence of the coercion, by associating him with an incorrect coercion code. This could be repeated as many times as necessary. At some point during which the voter found the absence of coercion, he could cast his final vote, associating the correct code. Only this vote would be included in the final count, the remaining digital envelopes with incorrect codes rejected in the Counting Process 210. To prevent a voter from issuing a high number of votes with an incorrect coercion code in an unintended way, you can establish a minimum time between the acceptance of two successive votes by the same voter [* BC *].

To proceed to the tabulation of the votes, on the Counting Site 108, the digital envelopes must be opened to gain access to their content [* BC *]. Such digital envelopes can only be opened when the minimum threshold of members of the Electoral Board 110 specified in the protocol for sharing secrets provides their participation, and the private key SEB ÍENV) of the Electoral Table 110 can be rebuilt [* BC *] . The opening of the digital envelopes must be carried out accompanied by a random permutation of the position of the votes, to prevent the correlation between the identities of the voters (authenticity tests that accompany the votes) and the respective votes (data inside the votes digital envelopes). This process of mixing votes can be based on the techniques introduced in [Gülcü, C. and Tsudik, G. Mixing E mail with BABEL, ISOC Symposium on Network and Distributed System Security, February 1996] and applied to electronic voting schemes in [Riera A. and Borrell J. Practical approach to anonymity in large scale electronic voting schemes, Proc. of 1999 Network and Distributed System Security Symposium, pp. 69-82, Internet Society, 1999]. In any case, the software that implements the vote mixing process must be duly audited and certified, to ensure that it does not perform any operation outside the cryptographic processes and protocols of the present invention.

Counting Site 108 verifies the validity of each vote once the digital envelope containing it [* BC *] has been opened. The integrity and consistency of all data contained in the digital envelope must be checked. The voting receipt must be duly found validated by Voting Site 104, and must effectively correspond to the voting identifier contained in the digital envelope (as well as the voting option contained in the digital envelope, in the configuration with linked voting identifiers). It is also verified, in the event that the voting identifier has been obtained jointly between the Voting Agent 116 and the Voting Site 104, that the Voting Agent 116 has actually used the correct voting identifier. In general, the vote as a whole should not contain any formal flaws. Otherwise, the vote is considered a null vote [* BC *]. A voter who has obtained a correct and validated voting receipt, and who has nevertheless delivered a badly constructed vote, will not be able to issue a valid claim due to the proof of authenticity that accompanies the digital envelope containing the badly constructed vote , and to the voucher. The Electoral Board 110 will be able to prove the fraud committed by the voter without revealing any of their private keys S ^{EB (ENV)} , or S ^{EB (ADM)} . It is enough to reveal the symmetric session key or codes, which the voter has used to close the digital envelope or digital envelopes. Any independent third party auditor may take the digital envelope, the voucher, and the proof of authenticity, and verify the authenticity of the symmetric session key announced by the Electoral Board 110 only by encrypting it with the public key P ^{EB (ENV )} , or P ^{EB (ADM)} according to the digital envelope. With the corresponding symmetric key, the envelope can be opened to verify that it does not contain a well-constructed vote.

Once all the digital envelopes are opened and mixed, the private key S ^{EB (ENV)} of the Electoral Table 110 is destroyed [* BC *], as well as the participations that allow its reconstruction (whether they are in the personal devices of the members of the Electoral Board 110 as if they are on the Counting Site 108). Optionally, said private key or the participations that allow its reconstruction are stored with a totally restricted access, with purposes of subsequent audit [* BC *].

Then, the results to be published can be prepared from all valid votes [* BC *]. The results to be published consist of two differentiated data structures. First, the results in abbreviated format (list of voting options with the total number of votes for each) [* BC *]. Second, Counting Site 108 prepares a list with one entry for each valid vote, which will be used for the purpose of verifying results by voters [* BC *]. In the configuration with unlinked voting identifiers, said list of data for verification contains all valid identifiers of voting. In the configuration with linked voting identifiers, the verification data list contains all the voting identifiers accompanied by the respective voting options, ident | vote Additionally, in the case of having used a digital blind signature in the fourth step of the Voting Protocol 206, each entry in the list of data for verification may contain the corresponding validated voting receipt.

Both the results in abbreviated format and the list of data for verification must be digitally signed by the Electoral Board 110 with its S ^{EB (ADM)} code and finally transmitted from Counting Site 108 to Publication Site 106 [* BC *]. For this, the Electoral Table 110 activates the Transmission of Results Protocol 212. This shipment is made through a secure connection such as those previously detailed. Once the results to be published have been received, Publication Site 106 makes them publicly accessible through communications network 114 [* BC *]. This publication of results has two objectives, to disseminate the final results of the elections, and to allow individual verifiability to the voters, through the list of data for verification and the Verification Protocol 214.

The purpose of Verification Protocol 214 is to grant enough confidence to voters regarding the treatment their respective votes have received. For this, each voter who wishes may access Publication Site 106 through their Voter Agent 116, and perform a search in the list of data for verification, in order to locate their respective voting identifier [* BC *] . Depending on how the voting method has been configured, the guarantees offered to the voter are different. Once you have located your voting identifier in the list of data for verification, the configuration with unlinked voting identifiers guarantees the voter the correct receipt of their vote by the Counting Site 108 and the Electoral Board 110. In the case of configuration with linked voting identifiers, the voter not only makes sure of the correct reception of his vote on the Counting Site 108, but also of the correct presence of his vote in the final results, when the voting identifier is accompanied by the own voting option (the consistency between the abbreviated results and the list of data for verification can be universally verified by any third party). Although the second of the configurations shows superior characteristics in terms of verifiability, the first totally prevents coercion and the sale of votes based on the processing of voting receipts. In the second configuration, coercion and sale of votes based on the processing of voting receipts are prevented by hiding the voting identifiers and voting receipts from the voters themselves, up to the moment of Verification Protocol 214. This can be done. with full guarantees only in the case of associating a suitable hardware device, such as a tamper-resistant smart card, to each Voting Platform 102.

The specific actions that a voter must perform during Verification Protocol 214 may differ slightly depending on the configuration established for the fourth step of the Voting Protocol 206 (see Figure 5). In the configuration with unlinked voting identifiers, the Voter Agent 116 obtains from the Publication Site 106 the list of data for the verification consisting of all the voting identifiers processed in the Counting Site 108 [* BC *]. Said list should preferably be indexed so that the search for a particular voting identifier can be carried out efficiently by the voter (even manually). Each voter is therefore able to locate their corresponding voting identifier in the list. In the event that the voting identifier is not located, the voter can issue a public claim (which does not reveal what the chosen vote really was) by displaying the validated voting receipt, together with the voting voucher.

In the configuration with linked voting identifiers, the voter obtains from the Publication Site 106 the list of data for verification, consisting of all the voting identifiers accompanied by the respective voting options [* BC *]. This list must be consistent with the totals for each voting option (abbreviated results). This coherence can be verified universally, by any third party. The voter is unaware of the voting identifier that corresponds to him. Your voting identifier stored in the Voting Broadcasting Platform 102 is protected (by a tamper-resistant hardware device or by software protection) and is not accessible to the voter. Such protection allows access to the voting identifier by the Voting Agent 116 only in the event that the list of data for the verification corresponding to the elections in progress has already been published, digitally signed by the Electoral Board 110 with its code SEB (ADM). Once the Voter Agent 116 has the list of data for verification and the voting identifier, he can locate said identifier in said list. For this, the list should preferably be indexed so that the search for a particular voting identifier can be carried out efficiently. In the event that the voting identifier is not located, the Voter Agent 116 facilitates the voting receipt, which until now was protected, to the voter. The voter can issue a public claim, displaying the validated voting receipt, together with the voting receipt. This claim demonstrates the omission of a valid vote in the published results without revealing what the chosen voting option really was.

Individual verifiability on the part of each voter is not only adequate to offer guarantees to the voters about the correct treatment of their votes, but it is also very effective in detecting general manipulations of the results. Verification by a small proportion of voters is sufficient so that the probability of an undetected manipulation is minimized sufficiently. To ensure this minimum verification, the possibility of randomly selecting a group of voters to carry out Verification Protocol 214 is contemplated.

Under the Verification Protocol 214, downloading from the Publication Site 106 of the list of data for verification can be highly inefficient since said list of data can be arbitrarily large in size. In the configuration with unlinked voting identifiers, the size is directly proportional to the number of voters. In the configuration with linked voting identifiers, the size depends on the number of voters as well as the size of the voting options. In fact, for the verification it would be sufficient to perform a partial download of data, ensuring that in said partial download the voting identifier in question must be found. In the first configuration, said partial discharge can be easily structured, distributing all the voting identifiers in mutually exclusive sub-lists, each of which covers certain ranges for the voting identifiers. Verification Protocol 214 consists of downloading the appropriate sublist (the voter is able to determine it easily due to indexing by the voting identifier) and the location of the proper voting identifier in the downloaded sublist. However, in the second configuration, the data download Partial measures must be carried out with more caution, since it may pose a threat to the privacy of voters (no mere voting identifiers are downloaded, but the respective voting options accompany them). In the end, for example, a partial download of a set of matching entries in regard to the chosen voting option would completely violate the privacy of the voter.

The present invention includes a couple of mechanisms to allow the partial download of data for verification, without at all attempting to protect the privacy of voters. The first of these is based on partitioning the list of data for verification, in Counting Site 108, into subsets of approximately equal number of entries and in such a way that each of said subsets contains approximately the same proportion among the voted options than in the overall results [* BC *]. As they are subsets with the same proportions that show the overall results, voter privacy when downloading one of the subsets remains guaranteed. The simplest case of partition consists of a grouping of entries into a single subset that covers the entire list (in this case, the download of data would in fact not be partial but total). The next case would be to partition the list of data into two subsets, so that the download would be partially effective, affecting only half of the entries. Figure 7a graphically shows this possibility. The list of data could also be partitioned into three subsets, four subsets, and so on, achieving greater efficiency as the number of subsets becomes larger (and therefore the size of each subset is smaller). Figure 7b shows a partition into four subsets. However, the efficiency of partial downloading of data for verification cannot be improved indefinitely. To fully guarantee voter privacy, all voting options are required to be represented in each and every one of the resulting subsets. In some cases, the efficiency of the partial downloading of data could be improved, treating some of the voting options (the most minor) separately, without taking them into account to perform the partition. The entries corresponding to these options would be included in their entirety in each and every subset. Figure 7c graphically shows this possibility.

The grouping of the entries in the different subsets is based on the modular division of the identifiers of the votes (they must be random values with a uniform distribution) by the number of subsets. This modular division produces mutually exclusive sets, with approximately the same number of entries and with approximately the same proportion among the options voted as in the overall results. In order to determine precisely which of the subsets of entries must be downloaded during Verification Protocol 214, Voter Agent 116 should only perform the modular division of the corresponding voting identifier by the number of subsets (information provided by the Publication Site 106 digitally signed by the Electoral Board 110). This process does not threaten voter privacy at all.

The second partial downloading mechanism for verification allows the voter to decide the approximate number of votes that NV wants to download. Publication Site 106 makes the identMAX major vote identifier, identMIN minor vote identifier, and the number of votes cast NTOTAL accessible. With this information Voter Agent 116 calculates an interval of approximately NV votes, which contains his identifier of vote ident. The interval is defined by an initial identifier identINI, and a final identifier identFIN, where identINI is chosen at random so that it meets the following restriction:

ident <identiNi (((identMAX- identMiN) 'Nv) / (Ntotal)) The value of identF! N is then calculated as:

identpiN = identiNi (((identMAX- identMiN) 'Nv) / (Ntotal)

It is then fulfilled in a trivial way that identiNi <ident <identFiN. If the total number of votes (Total) is large, the voting identifiers will be uniformly distributed, and it will be fulfilled that the number of identifiers between identiNi and identF! N will be approximately equal to NV.

If identiNi is less than identMiN the identMiN value is recalculated as follows.

remainder = (identMiN- identiNi) -1

The new identification will be:

identiNi = (identMAX - remainder)

If identFiN is greater than identMAX it would proceed in the same way.

remainder = (identFlN- identMAX) -1

The new identMAX will be:

identification = (remainder identification)

Voter Agent 116 sends identiNi and identF [N to Publication Site 106, and the latter sends the voting identifiers within the range. In the event that identiNi is larger than identifiN, Publication Site 106 sends the following intervals: [identMiN, identFlN] and [identiNi, identMAX]. This second option is indicated for elections with a high number of votes cast, where identifiers are uniformly distributed. In the event that the number of votes is low, it is possible for the voter to download more votes than desired, or very few votes, thus violating the privacy of the vote.

The operations of the voting process described above will be carried out with the help of a computer program capable of being loaded directly into the internal memory of a digital computer, which comprises parts of the computer program code to carry out those operations, comprising said program parts of it distributed between the Voting Site (104) and the Voting Platform (s) (102).

Likewise, the operations of the verification process and / or the claim process, as explained, will be carried out with the help of a computer program prepared to be loaded directly into the internal memory of a digital computer and comprising parts of program code software to carry out those operations, said program comprising parts of it distributed between the Site of Publication (106), the Counting Site (108) and the Voting Platform (102).

The invention also provides a computer program capable of being loaded directly into the internal memory of a digital computer, such program being executed on said Counting Site (108), and comprising parts of computer program code to carry out the process operations Counting as described above.

The invention further provides a computer program capable of being loaded directly into the internal memory of a digital computer and comprising parts of computer program code distributed between the Voting Site (104) and the Counting Site (108).

The operations of immutabilization of the evidences described will also be carried out with the help of a computer program prepared to be loaded directly into the internal memory of a digital computer. As described, said computer program can be loaded into a central digital computer in a central immutabilization computer system 109 or distributed to several computers, such as those in Voting Site 104, Publication Site 106, Counting Site 108 and the Voting Emission Platform 102.

The invention provides an immutable record of all activities performed by the authorities and administrators so that an external auditor can verify that all established processes have been strictly followed to ensure the confidentiality and security of the voting process.

Claims (47)

Claims 1.- Method for secure electronic voting with immutable audit system, in which at least one Voting Voting Platform (102), a Voting Site (104) is used to receive and accumulate votes in a digital ballot box during a Default voting period, a Counting Site (108) of the votes, a Publication Site (106) of results, said Voting Sites (104), Counting (108) and Publication (106) susceptible of varying degrees of dispersion or grouping, each of them being provided with computing means and preferably interconnected with each other in case of dispersion, through at least one communications network, comprising cryptographic processes and protocols so that throughout the execution of the method and once an electoral process is completed, a series of specific security requirements of the electoral process are guaranteed, where the method comprises the following stages: a) provide an Electoral Board (110) that operates said Counting Site (108) of at least one asymmetric key pair and allow access to a private key or private component of one of said key pairs, only a part , set by a minimum threshold, or to all members of said Electoral Board (110) preferably in accordance with a cryptographic secret sharing protocol; b) initiate a vote acceptance process on the Voting Site (104); c) proceed to the issuance of votes by each voter through a set of programs called Voter Agent (116) and if necessary, at least one Voting Voting Platform (102) with sufficient computational capacity to execute said set of programs, comprising: the voter's choice of his or her voting option, the generation of a unique vote identifier, the obtaining of a voting receipt that at least validates said unique vote identifier for said vote electoral process, the construction, using the public component of said pair, which is at least one, of asymmetric keys of the Electoral Board (110), of a digital envelope protecting the privacy of the voter, containing said digital envelope at least the option of voting, and after or prior to the aforementioned steps the realization of a voter authentication test; d) finalize the voting acceptance process on the Voting Site (104); e) through the collaboration of a party, set by a minimum threshold, or of all the members of the Electoral Board (110), gain access to the private component of said pair, which is at least one, of asymmetric keys of the Electoral Board (110) and use said private component to access the content of the digital envelopes; Y f) proceed to a counting and tabulation of the voting options of each voter and publish the results on the Publication Site (106) with the possibility that said voters may carry out a process of verifying said results without disclosing their choice of vote; characterized in that the method further comprises: g) generate, in a computerized information immutabilization system (109), a record of some evidence of the execution of the previous steps a) to f), immutabilized by cryptographic techniques of chaining the evidences in order, and protecting the integrity and authenticity of blocks of evidence chained by cryptographic signature techniques. 2. - Method according to claim 1, characterized in that said cryptographic techniques of immutabilization of step g) comprise: i. generate proof of integrity of the evidence by means of the cryptographic chain of the information of said evidence with the information of the previous evidence received, by means of a summary or hash function; ii. storing a value of the evidence integrity test in a memory and / or storage system of the immutabilization computer system (109); iii. generate, every certain number of evidences and / or certain time, a proof of integrity of evidence block by executing a second cryptographic signature function on the last evidence of integrity of the evidence; Y iv. Store the block integrity test. 3. - Method according to claim 1, characterized in that the evidence, immutabilized, of step g) is generated by the Voting Site (104), Counting (108) and / or Publication (106). 4. - Method according to claim 1, characterized in that the Immutabilization System (109) is a system independent of the Voting Site (104), Counting (108) and Publication (106), or is integrated in one or in all of them. 5. - Method, according to claim 1, characterized in that said voter in said stage f) verifies his vote by accessing all of the published results or a subset of them that his voting identifier should contain, performing in any case the search of the voting identifier locally, and enabling the possibility that said voter can raise a claim supported by said voting receipt, in case of an incorrect treatment or absence of their voting identifier in the published results, without revealing at any time The voting option. 6. - Method, according to claim 5, characterized in that from said closing of the period of acceptance of votes, in said Counting Site (108), a process of mixing the digital envelopes received is received, randomly swapping the order of all or a portion of said digital envelopes. 7. - Method according to claim 6, characterized by providing said Voting Site (104) with at least one pair of asymmetric keys. 8. - Method according to claim 7, characterized in that in step c) said digital envelope additionally contains at least one of the following data: said voting receipt, said unique vote identifier, an identifier of the current electoral process and / or an opening order (402) of the voting period. 9. - Method, according to claim 8, characterized in that it further comprises generating, from a pre-established voter census, a pair of asymmetric keys for each voter, certifying the public key or public component of the generated key pair and maintaining Secure the private key or private component. 10. - Method according to claim 9, characterized in that said private component of the voter resides in a voter's own computing device, including a card with a microprocessor incorporated, or resides in the Voting Site (104) with which the voter interacts Voter, protected by a symmetric encryption system using a secure key or password, providing that key or password, secretly, to the voter, or being chosen directly by the voter, and because at the beginning of the voting process said private component Protected is sent to the voter through said communication network (114) and is checked out locally by providing the voter with said secure password. 11. - Method according to one of claims 9 or 10, characterized in that said voter authentication test of step c) consists of a strong authentication cryptographic protocol based on public key cryptography. 12. - Method, according to one of claims 9 or 10, characterized in that said voter authentication test of step c) consists of a digital signature by the Voter Agent (116) of at least said digital envelope with the private key of the voter, before delivering it to the Voting Site (104). 13. - Method, according to one of claims 9 or 10, characterized in that said voter authentication test of step c) consists in the construction of a second digital envelope using the public component of one of said pairs of asymmetric keys of the Electoral Table (110), which is at least one, and where said second digital envelope contains at least said first digital envelope and a digital signature by the Voter Agent (116) with the voter's private key, of at least one value, including the identifier of the elections, the voter's identifier or a random pseudo value, so that to verify the authenticity of said two digital envelopes in step f) said second digital envelope must be opened. 14. - Method according to claim 8, characterized in that said voter authentication test of stage c) consists of the construction of a second digital envelope using the public component of one of said pairs of asymmetric keys of the Electoral Board (110 ), which is at least one, and wherein said second digital envelope contains at least said first digital envelope and a password, or identification number secret personnel, so to verify the authenticity of said two digital envelopes in step f) said second digital envelope must be opened 15. - Method according to one of claims 6 or 7, characterized in that said voter authentication test of step c) consists of the digital signature by the Voter Agent (116) of at least one value, including the identifier of voter, the identifier of the current electoral process, or a pseudo random value, with the private key of a pair of asymmetric keys where the public component of said pair of keys is derived from said digital envelope. 16. - Method, according to claim 8, characterized in that said voting identifier of step c) is an arbitrary value large enough to allow univocally identifying the voting option of each voter without probable repetitions, said value being determined by the voter, or its Voter Agent (116) that uses a random pseudo sequence generator system or a source of natural noise. 17. - Method according to claim 8, characterized in that said voting identifier of step c) is an arbitrary value large enough to allow uniquely identifying the voting option of each voter without probable repetitions, said value being determined by a cryptographic protocol between the Voting Agent (116) and the Voting Site (104) so that the latter does not gain any knowledge about the generated value. 18. - Method according to claim 8, characterized in that said voting receipt of step c) is derived from said voting identifier and / or an identifier of the current electoral process, and said voting receipt is validated by the Site Voting (104) by a digital signature method with the private component of said pair, which is at least one, of asymmetric keys of said Voting Site (104). 19. - Method according to claim 8, characterized in that said voting receipt of step c) is derived from at least one of the following data: said voting identifier, an identifier of the current electoral process, and the voting option , and said receipt is validated by the Voting Site (104) without the latter having access to the information contained in the receipts or subsequently being able to correlate said receipts, in case of having access to them, with their corresponding voters . 20. - Method, according to claim 19, characterized in that said voting receipt is validated by the digital signature or by a blind digital signature protocol, with the private component of said pair, which is at least one, of asymmetric keys of said Voting Site (104). 21. - Method, according to claim 19, characterized in that said voting receipt is validated by digital signature with the private component of said pair, which is at least one, of asymmetric keys of said Voting Site (104), once said receipt of Voting has been encrypted using a probabilistic cryptosystem, or a symmetric cryptosystem, using a session key generated by the Voter Agent (116). 22. - Method according to claim 14, characterized in that said digital envelope additionally contains the information necessary to verify the correct obtaining of said voting identifier. 23. - Method according to one of claims 18 to 21, characterized in that said digital envelope additionally contains the information necessary to verify the validity of the voting receipt. 24. - Method, according to claim 8, characterized in that step c) further comprises generating, by the Voting Site (104), proof of delivery of said digital envelope that is transmitted to the Voting Agent (116) in the form of a voucher for the issuance of votes for each voter, totally detached from the clear voting option. 25. - Method according to claim 24, characterized in that said voucher of vote casting is validated by digital signature with the private component of the pair of asymmetric keys of said Voting Site (104), which is at least one. 26. - Method, according to claim 24, characterized in that step c) further comprises sending, depending on a certain probability, the voucher of vote casting, or a part thereof, to the Electoral Board (110) by part of the Voter Agent (116). 27. - Method according to claim 8, characterized in that said start of stage b) is executed from an opening order (402) of the voting period and said closure of stage d) is executed from an order of closing (602) of the voting period, generating said opening (402) and closing (602) orders by the Electoral Board (110). 28. - Method according to claim 27, characterized in that said opening order (402) of the voting period comprises at least one of the following data: an identifier of the current electoral process, an identifier of the Voting Site (104), an indication about the "open" status of the Voting Site (104), an indicative value of a probability of issuance of a voucher to the polling station (110) by the Voting Agent (116), the opening date and time of the voting period and the digital signature of the Electoral Board (110), with the private component of one of the pairs of asymmetric keys of said Electoral Board (110), on said opening order data ( 402). 29. - Method according to claim 27, characterized in that said closing order (602) of the voting period comprises at least one of the following data: an identifier of the current electoral process, an identifier of the Voting Site (104), an indication about the "closed" status of the Voting Site (104), the closing date and time of the voting period and the digital signature of the Electoral Board (110), with the private component of one of the pairs of asymmetric keys of said Electoral Board (110), on said data of the closing order (602). 30. - Method according to claim 8, characterized in that said cryptographic secret sharing protocol of said stage a) comprises dividing the private component of said pair of asymmetric keys of the Electoral Board (110), which is at least one, in several fragments or participations that are distributed among different control agents or members of the Electoral Board (110), and stored in a corresponding individual protected memory device, and because said stage e) comprises gathering in said Counting Site (108) said shares and rebuild said private component. 31. - Method according to claim 8, characterized in that said cryptographic secret sharing protocol of said stage a) comprises dividing the private component of said pair of asymmetric keys of the Electoral Board (110), which is at least one, in several fragments or participations that are stored, separately, in said Counting Site (108) protected by a symmetric encryption system using secure keys or passwords, which are distributed among the different control agents or members of the Electoral Board (110 ), that they store them in a protected and / or secure way, and because said step e) comprises gathering in said Counting Site (108) said keys or passwords depriving the shares of said private component from them and proceeding to rebuild said private component 32. - Method, according to claim 8, characterized in that at least a part of the Voting Emission Platforms (102) is protected against unauthorized manipulations or access, allowing to store sensitive data obtained during the cryptographic protocols of the process of issuing vote, restricting access to such data even by the voter himself until a certain condition is met. 33. - Method according to claim 8, characterized in that once said voting period is over, the Electoral Board (110) sends a closing order (104) to the Voting Site (602) from which moment new connections are not accepted of Voting Agents (116), for which the following operations are carried out on the Voting Site (104): a) obtaining a cryptographic summary of the set of digital envelopes issued or digital ballot box; b) obtain a cryptographic summary of the identifiers of the voters who, having started the voting process, have not yet completed it; c) sending to the polling station (110) of the two previous cryptographic summaries or of a single summary of said set of digital envelopes with said voter identifiers that have not yet completed the voting process; Y d) after a predetermined time has elapsed allowing voters who were still voting to finalize the voting process, sending the complete digital ballot box to the Electoral Board (110), one or more of said summaries of operations a), b) and c) being optional depending on the size of the respective data structures to be summarized. 34. - A method according to claim 33, characterized in that the Voting Site (104) digitally signs at least one of the following data: set of issued digital envelopes or digital ballot box, voter identifiers that having initiated the process of issuing The vote has not yet been completed, using the private component of that pair, which is at least one, of asymmetric keys of the Voting Site (104). 35. - Method, according to claim 8, characterized in that once the tabulation of the voting options of all voters is finished, the private component of said pair, which is at least one, of asymmetric keys of the Electoral Board (110) from stage e) it is destroyed or stored with totally restricted access facilitating further audits, proceeding to also store the digital ballot box formed by all the original digital envelopes, so that it can be audited later. 36. - Method, according to one of the claims 17 or 19, characterized in that said validated voting receipt or any other information generated during the voting process, including said voting identifier, which allows the voter to prove reliably what his option was Voting remains hidden, through the use of a secure manipulation device, including a card with a built-in microprocessor, or by encryption. 37. - Method, according to one of claims 17 or 19, characterized in that said validated voting receipt or any other information generated during the voting process, such as said voting identifier, that allows the voter to prove reliably what his / her vote was voting option is kept hidden, with restricted access and is only accessible after the publication of the results of the electoral process, for the verification of the results, or is only accessible in case of claim if an incorrect treatment of the identifier of vote, or its absence in the results. 38. - Method according to claim 8, characterized in that said verification process carried out by the voter comprises the following operations: a) grouping of voting identifiers into subsets of approximately the same number of identifiers, a single subset containing all the voting identifiers being the simplest case; b) determination by the Voting Agent (116) of the subset of voting identifiers that the voting identifier corresponding to the voter should contain, based on said voting identifier and optionally for additional information provided by the Publication Site (106); Y c) downloading from the Publication Site (106) of said subset of voting identifiers and local verification by the Voter Agent (116), or the voter, of a correct presence of the voting identifier corresponding to the voter. 39. - Method according to claim 8, characterized in that said verification process carried out by the voter comprises the following operations: a) grouping of the voting identifiers together with their corresponding voting options into subsets of approximately the same number of identifiers and in such a way that each of said subsets contains approximately the same proportion among the voted options as in the overall results, being a only subset containing the totality of the voting identifiers the simplest case; b) determination by the Voting Agent (116) of the subset of voting identifiers that the voting identifier corresponding to the voter should contain, based on said voting identifier and optionally additional information provided by the Publication Site (106 ); Y c) downloading from the Publication Site (106) of said subset of voting identifiers together with their corresponding voting and local verification options by the Voting Agent (116), or the voter, of a correct presence of the voting identifier corresponding to the voter and the previously chosen voting option. 40. - Method according to claim 38 or 39, characterized in that the Electoral Board (110) makes a digital signature of each of said sub-assemblies. 41. - Method according to claim 39, characterized in that the number of said subsets of voting identifiers and voting options is obtained from the number of voters who have selected the least voted voting option or minority group, except that the number of elements is very low, in which case the next minority or subsequent group is chosen until the minority group is large enough to perform an efficient partition, which is obtained through a classification of all voting identifiers and voting options in mutually exclusive subsets by means of the value of the voting identifiers, and in such a way that each of said subsets contains approximately the same proportion among the voted options as in the overall results and finally adding to all the subsets the voting identifiers and options of voting belonging to the most minority groups that have been discarded for partition 42. - Method according to claim 8, characterized in that said process of verification of the results comprises the calculation by the Voting Agent (116) of a range of voting identifiers from a maximum identifier of cast vote identMAX, of a minimum identifier of cast vote identMIN, of a number of votes cast NTOTAL, of a number of voting identifiers that the NV voter wishes to download, and of an identifier of voter voting ident, said range being determined by an initial identifier identINI, and a final identifier identFIN, and finally proceeding to download from the Publication Site (106) of said range of voting identifiers along with their corresponding voting options and local verification by the Voter Agent (116), or the voter, of a correct presence of the voter identifier corresponding to the voter and the previously chosen voting option. 43. - Method according to claim 42, characterized in that the calculation of said range of values comprises the election of an initial identifier of identifier or NI arbitrarily that meets the following restriction: ident <identiNi (((identMAx- identMIN) • N ^v ) / (NTO ^tal )) and where said final vote identifier identifier FIN is: identFN = identiNi (((identMAx- identMIN) - Nv) / (NTOtal)) 44. - Method according to claim 5, characterized in that said possibility of verification by a minimum group of voters randomly selected from the electorate is carried out. 45. - Method, according to one of claims 24 or 25, characterized in that said claim that the voter can make in case of an incorrect treatment or absence of his or her voting identifier in the published results includes the display by the voter of the receipt of vote together with said voucher of vote casting. 46. - Method according to claim 8, characterized in that all the sensitive cryptographic operations performed by the Voter Agent (116) during the voting process and the verification process are carried out inside a safe manipulation device including manipulations including a card with a built-in microprocessor or an identification module of a mobile phone terminal with cryptographic capabilities. 47. - Computer program product that includes code instructions that when implemented in a computer system implement a method to carry out immutabilization operations (501) of evidence generated during a vote according to claim 1 or 2 .