CN114005217A - Electronic voting system and method based on block chain - Google Patents

Electronic voting system and method based on block chain Download PDF

Info

Publication number
CN114005217A
CN114005217A CN202111226808.8A CN202111226808A CN114005217A CN 114005217 A CN114005217 A CN 114005217A CN 202111226808 A CN202111226808 A CN 202111226808A CN 114005217 A CN114005217 A CN 114005217A
Authority
CN
China
Prior art keywords
voting
voter
result
scoring
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111226808.8A
Other languages
Chinese (zh)
Inventor
张振永
余泽
艾铭超
章源
虞静怡
魏贵义
邵俊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Gongshang University
Original Assignee
Zhejiang Gongshang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Gongshang University filed Critical Zhejiang Gongshang University
Priority to CN202111226808.8A priority Critical patent/CN114005217A/en
Publication of CN114005217A publication Critical patent/CN114005217A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C13/00Voting apparatus
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
    • H04L9/3221Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs interactive zero-knowledge proofs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3255Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/08Randomization, e.g. dummy operations or using noise
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/42Anonymization, e.g. involving pseudonyms

Abstract

The invention belongs to the field of electronic voting, and discloses an electronic voting system and method based on a block chain, which comprises an ElGamal encrypted deformation module supporting an addition homomorphism, a range certification module based on a ring signature and a knowledge certification module; the ElGamal encrypted deformation module supporting the addition homomorphism is used for encrypting all votes; the range certification module based on the ring signature is used for judging whether the used deformed ElGamal encrypted plaintext belongs to {0,1 }; the knowledge proof module is used for verifying the operation of the ticket player, namely the ElGamal decryption operation. The invention can not only meet 7 safety targets of integrity, correctness, anonymity, non-reusability, eligibility, fairness and verifiability of voting, but also has a distributed system architecture, and the system can realize the scoring function of voters on the premise of not influencing the safety attribute. The objectivity and the specialty of the voting event are ensured.

Description

Electronic voting system and method based on block chain
Technical Field
The invention belongs to the technical field of electronic voting, and particularly relates to an electronic voting system and method based on a block chain.
Background
With the advent of blockchain technology, electronic voting systems based on blockchains have been widely proposed. In the existing electronic voting system scheme based on the block chain, the public transparency of the voting process is realized by utilizing the characteristics of block chain decentralization and untrustworthy modification. However, a supervision mechanism for the right of a voter is generally lacked in the existing electronic voting system based on the block chain, the anonymity of the system may cause the voter to misuse the right of the vote, the voter may cast a vote without professionalism due to the likes and dislikes of the individual, and the behavior is difficult to be effectively restricted in the existing electronic voting system scheme.
Therefore, the electronic voting system can realize the scoring function of voters on the premise of not influencing the safety attribute, and the scoring rule can be customized, for example, x is added when the voting is consistent with the final result, and y is added when the voting is not consistent with the final result. In the invention, a voter scoring mechanism is set, so that the voter can objectively and fairly cast each vote, the result of each voting event is ensured to accord with the objective fact, and the problem of voter supervision is solved. And the invention can be expanded to take the quality of the influence after the voting event as the final result of the voting event, and judge the voter score by taking the quality as the standard.
Disclosure of Invention
The present invention provides an electronic voting system and method based on a block chain, so as to solve the above technical problems.
In order to solve the above technical problems, the specific technical solution of the electronic voting system and method based on the block chain of the present invention is as follows:
an electronic voting system based on a block chain comprises an ElGamal encrypted deformation module supporting an addition homomorphism, a range certification module based on a ring signature and a knowledge certification module;
the ElGamal encrypted deformation module supporting the addition homomorphism is used for encrypting all votes;
the range certification module based on the ring signature is used for judging whether the used deformed ElGamal encrypted plaintext belongs to
{0,1};
The knowledge proof module is used for verifying the operation of the ticket player, namely the ElGamal decryption operation.
The invention also discloses a novel electronic voting method based on the block chain, which comprises the following steps:
step 1: a system initialization stage: initializing and setting parameters required in the voting system;
step 2: a voting stage: carrying out specific operation on the voting event, and displaying a voting result after the voting event is finished; any member in the system can serve as a voting initiator to create a brand-new voting event, and the event is stored on the block chain for all people to check; after initiating the vote, the voter enters a voting link, the voter with authorization can vote to release own opinions, and the voter stores the vote on the block chain after selecting the vote; when all voters complete voting or the voting event reaches the deadline time, the voter starts to enter a vote link; during the period, each voter plays the vote, the result of each voter is counted and uploaded to the block chain, and any person can obtain the result of the voting event through the calculation result of the voter;
and step 3: and (3) grading stage: starting after a plurality of voting events, and obtaining the scores of the users after the scoring stage is finished; anyone may initiate scoring of voters participating in a vote over a period of time, wherein the periods of time during which scoring is initiated between different initiators are not allowed to intersect; at the moment, the voter takes the voting information and the voting result of all voting events in a period of time from the block chain, compares whether the votes cast by each voter are consistent with the final result in sequence, calculates the scoring result and stores the scoring result in the block; anyone can then also obtain the data from the blockchain.
Further, the step 1 comprises the following specific steps:
when the system starts to operate, a safety parameter lambda is obtained, and then G, h, G and p are output by the system; p is a large prime number, p is greater than the total number of voters, G is a finite cyclic group with order p, G, h are elements randomly selected from the group G, and the obtained (G, h, G, p) is set as (G, h, G, p) used in vElGamal encryption, range attestation based on ring signatures and knowledge attestation algorithms; finally, a value q is taken, wherein q is a prime number, and the prime number is larger than the maximum number of all voters or voting events in a scoring period;
each participant in the system has a pair of public and private signature keys; the system can set multiple ticket players and realize (t, n) threshold, supposing that there are two ticket players, named PC and NP respectively, and setting the private keys of PC and NP as
Figure BDA0003314612630000021
And
Figure BDA0003314612630000022
at this time, can obtain
Figure BDA0003314612630000023
The obtained public keys of the PC and the NP are stored in a block chain through an intelligent contract, the PC and the NP know the public keys of all persons and the corresponding relation between the public keys and specific identities, and other persons only know all the public keys without knowing the corresponding relation between the public keys and the identities; when the voter votes, only votes for or against the votes are stipulated, if the value of the votes for the votes is 1 and the value of the votes for.
Further, the step 2 comprises the following specific steps:
step 2.1: and (3) initiating a vote:
initiating a voting stage, wherein a voting sponsor creates a new voting event, the voting event comprises voting content, voting deadline, an authorized voter public key and a signature of the voting sponsor on the voting event, and the information of the voting event is stored in a block chain after the digital signature of the voting sponsor is verified to be valid by an intelligent contract;
step 2.2: voting by the voter:
the voting of the voter is divided into four steps, firstly, the voter calculates to obtain encrypted voting data
Figure BDA0003314612630000031
Then to
Figure BDA0003314612630000032
Computing ring signatures
Figure BDA0003314612630000033
Last pair of
Figure BDA0003314612630000034
After digital signature, voting data is obtained
Figure BDA0003314612630000035
Sending the contract to an intelligent contract; step 2.3, the person who plays the ticket:
when voting event EjAfter all voters in the system save votes to a block chain through an intelligent contract, a voter can conduct vote operation, a plurality of voters cooperate to conduct vote, two voters PC and NP are arranged, the two voters PC and NP cooperate to conduct statistics on voting results on the premise that no voting result is leaked, and the voting stage is divided into PC vote and NP vote and voting results are obtained.
Further, the step 2.2 comprises the following specific steps:
step 2.2.1, the voting data is encrypted to realize voting secret:
after the voting is initiated, a voting stage is entered, voters with authorization can vote, and encrypted voting data are obtained through calculation
Figure BDA0003314612630000036
Is provided with nvVoting by the first voter to event EjMaking a vote during which the voter viFor voting event EjThe number of tickets that can be cast is vi,jSetting a voting value vi,jE {0,1}, the voting information of the voter is encrypted by using vElGamal, wherein the operation process is
Figure BDA0003314612630000037
Obtaining encrypted voting data
Figure BDA0003314612630000038
Step 2.2.2, calculating the ring signature to realize voting validity:
is obtained by
Figure BDA0003314612630000039
Then, the voter calculates the ring signature, and any person can confirm whether the voting data is valid through the range certification technology based on the ring signature, and the voter sets two public keys to be (K)PC·KNP,Si,j(K) and (g)PC·KNP,Si,jV (h g)), generating its ring signature
Figure BDA00033146126300000310
The intelligent contract can be verified through the ring signature and the encrypted voting data to ensure the voting information vi,j{0,1,};
And 2.2.3, calculating the digital signature to realize the impossibility of the vote:
the voter uses the private key of his own signature to generate information for the first two steps
Figure BDA00033146126300000311
Signing to generate corresponding digital signature sigmai,jAnyone can verify whether the digital signature is valid, and the voting data generated at the moment is
Figure BDA00033146126300000312
Step 2.2.4, the intelligent contract verifies the signature validity and stores voting data:
voter will vote data
Figure BDA0003314612630000041
And sending the voting data to the intelligent contract, and storing the voting data in a block after the intelligent contract verifies that the ring signature and the digital signature are valid, wherein if any one of the ring signature and the digital signature is considered to be invalid, the voting data is abandoned.
Further, the step 2.3 includes the following specific steps:
step 2.3.1.: PC gramophone ticket to obtain Tv,PCAnd calculating the result to prove that:
first, the first ticket player PC calculates
Figure BDA0003314612630000042
And the result Tv,PC and
Figure BDA0003314612630000043
Figure BDA0003314612630000044
the knowledge proof of the data is sent to the intelligent contract, the PC sends the digital signature of the data to the intelligent contract, the intelligent contract verifies the digital signature and the knowledge proof after receiving the data, the data is stored in the block chain A after the verification is passed, and the voting is finished if the verification is not passed;
step 2.3.2: NP singing ticket to obtain Tv,NPAnd calculating the result to prove that:
second order singer NP, calculating
Figure BDA0003314612630000045
And combining the resultsTv,NPAnd
Figure BDA0003314612630000046
Figure BDA0003314612630000047
the zero knowledge proof is sent to the intelligent contract together, similarly, the NP sends the digital signature of the data to the intelligent contract together, the intelligent contract verifies the digital signature and the knowledge proof after receiving the data, the data are stored on the block chain after the verification is passed, and the voting is finished if the verification is not passed;
step 2.3.3: intelligent contract checking and keeping gramophone record result, anyone can pass through Tv,PCAnd Tv,NPObtaining the ticket result to complete the ticket operation in both PC and NP and to obtain the ticket result Tv,PCAnd Tv,NPAfter sending to the intelligent contract, anyone can obtain the contract through calculation
Figure BDA0003314612630000048
Because of the number of votes
Figure BDA0003314612630000049
Is not a large number and the maximum possible value is nvObtaining the value by a brute force cracking method if
Figure BDA00033146126300000410
If the value is equal to or greater than the threshold, the voting result can be obtained as approval, i.e., resjOtherwise, the voting result is against, i.e. resj=0。
Further, the scoring stage of step 3 allows anyone to initiate scoring for voters according to time periods, the interval for initiating scoring can be set to be one year or a longer fixed time, but the time periods for initiating scoring by any individual cannot be crossed, the voter can decide to respond or not respond to the scoring event according to the public key of the scoring initiator, after all the voters respond, the system enters the scoring stage to score votes of all users within a period of time, the voter voting is specified to be consistent with the result and added with 2 points, and is not consistent with 1 point;
the calculation of the scoring stage needs to be carried out after a plurality of votes are carried out, and the potential voter to be scored is assumed to be the voter ViThe voting event is E1To
Figure BDA0003314612630000051
The scoring stage is divided into four steps, firstly, the voting data is pre-calculated, and then the PC calculates v by using random numbersPCProtecting the privacy of voters and calculating the scoring result Te,PCFinally, NP carries out the same operation to calculate the scoring result Te,NPAnd anyone can verify the accuracy of the scoring result, and after the steps are completed, anyone can calculate the score or verify that the score is not manufactured.
Further, the scoring stage comprises the following specific steps:
step 3.1: pre-computing the vote:
firstly, pre-calculating votes, and according to different voting results, performing different pre-calculating on voters by a system, specifically as follows:
if the voting result is against, i.e. resjWhen it is 0, then calculate
Figure BDA0003314612630000052
And
Figure BDA0003314612630000053
the following equation can be obtained at this time:
Figure BDA0003314612630000054
Figure BDA0003314612630000055
Figure BDA0003314612630000056
Figure BDA0003314612630000057
after the calculation is completed, two voting situations can occur: if both the voting result and the voter vote are anti-votes, i.e. resjv i,j0, then v 'is known'i,j=q,v″i,j0; otherwise, v'i,j=q+1,v″i,jq;
If the voting result is approval, resj1, then calculate
Figure BDA0003314612630000058
The following equation can then be obtained:
Figure BDA0003314612630000059
Figure BDA00033146126300000510
Figure BDA00033146126300000511
Figure BDA00033146126300000512
after the calculation is completed, two voting situations also occur: when the voting result and voter vote are all approval, i.e. resj=vi,j1, then v 'is known'i,j=q,v″i,jQ + 1; otherwise, v'i,j=0,v″i,j=q;
Step 3.2: PC scoring and calculation of knowledge proof:
obtain the above mentioned fortuneAfter calculating the result, the two voters PC and NP begin to calculate voter ViAt voting event E1To
Figure BDA0003314612630000061
A median score, first, taking u as one satisfying u + neRandom number of < q, ruIs that
Figure BDA0003314612630000062
A random number, PC calculation
Figure BDA0003314612630000063
And v is to bePCAnd the digital signature is sent to an intelligent contract, and NP carries out similar calculation
Figure BDA0003314612630000064
V is to beNPAnd the digital signature is sent to the intelligent contract, and a new v is calculated for each voter, PC and NPPCAnd vNP
Then, PC calculates
Figure BDA0003314612630000065
And processing the result Te,PC
Figure BDA0003314612630000066
The zero knowledge proof and the digital signature of the data are sent to an intelligent contract, and the intelligent contract is verified and then stored on a block chain to realize the public verifiability;
step 3.3: NP scoring and computing knowledge proofs:
finally, NP directly obtains data T through intelligent contractv,PCNP calculation
Figure BDA0003314612630000067
Figure BDA0003314612630000068
The result Tc,NP
Figure BDA0003314612630000069
Figure BDA00033146126300000610
The zero knowledge proof and the digital signature of the data are sent to an intelligent contract, and the intelligent contract is verified and then stored on a block chain to realize the public verifiability;
step 3.4: obtaining a final score:
after TC and NP complete statistics, anybody can calculate voter V by the following processiVoting for an event E within a certain time period1To
Figure BDA00033146126300000611
Score of (1) and before calculating the total score, test Te,PCAnd Te,NPZero knowledge proof and validity of digital signature, if verified, based on
Figure BDA00033146126300000612
Figure BDA00033146126300000613
The SUM is calculated, where SUM is ha·q+b
Next, the voter's total score is obtained, first a and b, assuming δx,yNumber of votes voted for y, x, dxFor the number of times the result is x, it is deduced from the calculation:
uPC+uNP+2(δ0,10,01,1)+(δ0,11,11,0)=a
uPC+uNP+2δ0,11,1=b
since the voting score is divided into two cases of adding 2 and adding 1, it can be known that 0 < a < 3neAnd 0 < b < 3neFrom [ a.q + b]Trial maximum in H (3 n)e)2Once the values of a and b are obtained, the voter V can be calculatediIs scored as a totalEach of a-b is 2 (delta)0,0+δ1,1)+(δ0,11,0)A-b represent that the vote and the result are the same, and
at this time, it can be proved that the voting information is still secret to anyone, and the obtained formula is as follows:
Figure BDA0003314612630000071
one knows δ0,δ1A, b, but not known uPC,uNPFor any common member, the member has four formulas and six unknowns, and cannot obtain a result; whereas for a ticket taker PC, the PC knows delta0,δ1,a,b,uPCAt this time, the PC has four formulas and five unknowns, and the result cannot be calculated, so the method is also similar to any other ticket player.
The novel electronic voting system and the novel electronic voting method based on the block chain have the following advantages that:
the invention can not only meet 7 safety targets of integrity, correctness, anonymity, non-reusability, eligibility, fairness and verifiability of voting, but also has a distributed system architecture, and the system can realize the scoring function of voters on the premise of not influencing the safety attribute. The objectivity and the specialty of the voting event are ensured.
Drawings
FIG. 1 is a general block diagram of an electronic voting system based on a block chain according to the present invention;
fig. 2 is a flowchart of an electronic voting method based on a block chain according to the present invention.
Detailed Description
For better understanding of the objects, structure and functions of the present invention, an electronic voting system and method based on block chains according to the present invention will be described in detail with reference to the accompanying drawings.
Basic concept and framework of the present system:
firstly, block chain:
in 2008, this clever first proposed the concept of blockchains, which in the following years become the core component of electronic currency bitcoins: as a public ledger for all transactions. By utilizing a peer-to-peer network and distributed timestamp servers, the blockchain database can be managed autonomously. The blockchain invented for bitcoin makes it the first digital currency to solve the repeat consumption problem. The properties of the blockchain may address some of the problems in electronic voting systems. Decentralization can be realized, and the credibility problem of a third party of the electronic voting system can be solved; the openness can ensure the information to be disclosed and transparent; independence and safety guarantee the unforgeability of the voting result; anonymity protects the privacy of the individual.
Secondly, intelligent contract:
by writing an intelligent contract, the voting system can store data to be disclosed on the block chain, and can conveniently put some verification operations required in the voting system on the block chain, and at the moment, a trusted third party is not required to verify the safety problem possibly occurring in each stage in the voting event. The concept of Smart contracts (Smart contracts) was first introduced by Nick Szabo in 1995. An intelligent contract is a computer protocol intended to propagate, validate or execute contracts in an informational manner. As shown in the smart contract deployment flow diagram of fig. 1, smart contracts deployed on blockchains allow trusted transactions, which are traceable and irreversible, to be conducted without a third party. The invention deploys intelligent contracts on the Ether house block chain, and the intelligent contracts run on the Ether house virtual machine. An etherhouse virtual machine may be understood as a distributed "world computer" with computing power provided by all etherhouse nodes. Any node that provides computing power will pay for resources in Ether digital currency. People can establish a contract through an intelligent contract. After the intelligent contract is successfully deployed, the intelligent contract automatically runs and is responsible for executing data verification operation and block chain related operation in the invention.
Thirdly, an ElGamal encrypted deformation module supporting the addition homomorphism:
in the invention, in order to protect the secrecy of the voting information of the voter, all the voting information is uploaded to the block chain after being encrypted by the variant ElGamal. In the present invention, this encryption algorithm is named vselgamal. The voter may vote for or against a vote, embodied in the system as a value of 1 for a vote, 0 for a vote against, and 0 or 1 for m in the following algorithm. Meanwhile, in order to realize the ticket-singing function, the vElGamal encryption supports addition homomorphism, and voters can be voted and calculated without decrypting plaintext when singing tickets. The implementation is as follows:
1. is provided with
Inputting a safety parameter lambda and outputting G, h, G and p. Where p is a large prime number and G is a finite cyclic group of order p. G, h are randomly selected elements in G.
2. Key generation
For any one user, its public-private key pair (y, g, x) is generated. Satisfy y ═ gx
3. Encryption
Input plaintext m e {0,1}κHere, because of brute force cracking in the decryption stage, k needs to be small enough to be 10000, and the user can use the key from the key
Figure BDA0003314612630000081
Selecting a random number r, and calculating: (c)1,c2)=(hm·yr,gr)。
4. Decryption
The decryption formula is as follows:
Figure BDA0003314612630000082
according to equation A ═ hmAnd performing brute force cracking on m to obtain m meeting the equation. To achieve additive homomorphism, two ciphertexts may be given
Figure BDA0003314612630000091
And
Figure BDA0003314612630000092
is provided with a3,1The following additive homomorphic operation may be performed:
Figure BDA0003314612630000093
Figure BDA0003314612630000094
subsequently setting a plaintext m3And calculating by using a decryption method:
Figure BDA0003314612630000095
m is obtained from the above formula3=m1+m2
Fourthly, range certification based on ring signature:
in the operation process of the system, the intelligent contract needs to check whether the voter votes for approval or disapproval, so as to prevent the voter from voting disorderly. The invention realizes the range certification based on the ring signature through the ring signature to realize the function of checking the voter for voting, and particularly, whether the plaintext belongs to {0,1} or not is judged for the vElGamal encryption used by the invention. The ring signature used is from the literature and is specifically as follows:
1. is provided with
Inputting a safety parameter lambda and outputting G, h, G and p. Where p is a large prime number and G is a finite cyclic group of order p. G, h are randomly selected elements in G. Select a hash function H: {0,1}*→{0,1}lWhere l is a security parameter.
2. Key generation
Generating its public and private key pair (y) for user ii,gi,xi). Satisfy the requirement of
Figure BDA0003314612630000096
Where i is 0. Let L be the set of these public keys.
3. Signature generation
For any user i, a ring signature (c) corresponding to L may be generated for message m0,s0,s1,...,sn-1). The method comprises the following specific steps:
first of all, the first step is to,randomly selecting alpha ← ZpAnd calculate ck+1=Hk+1L,m,gα). When the user i.k +1,.., n-1, 0,.., k-1, s is selectedi←ZpAnd calculate
Figure BDA0003314612630000097
Then, a ring is generated, and s is calculatedk=α-xkck. Finally, the ring signature for the message m and the public key L is (c)0,s0,s1,...,sn-1)。
4. Signature verification
When i is 0
Figure BDA0003314612630000098
Subsequently, when i ≠ n-1, c is calculatedi+1=Hi+1(L,m,ei). When c occurs0=H0(L,m,en-1) If so, the signature verification is successful, otherwise, the signature verification fails.
As can be seen from the security of the ring signature, only one of the private keys is known to generate the ring signature. This is also the key point for the present invention to implement range attestation using ring signatures. Specifically, the two public keys corresponding to the ring signature are (K)PC+KNP,Si,j-G) and (K)PC+KNP,Si,j-h-G). When the voter voting range belongs to {0,1}, KPC+KNPH and G are parameters available to the voter, who must have one of the private keys.
Fifthly, knowledge proves:
the invention needs to realize verifiability, and the expression form in the system realization is that whether the ticket result of each ticket player is fake can be verified, and the operation essentially utilizes a certain public element and the private key of the ticket player to carry out modular exponentiation, which is exactly corresponding to the function of knowledge signature. The knowledge signature scheme used in the invention is from the literature, and is specifically as follows:
1. key generation
A safety parameter lambda is input and,outputs G, h, G and p. Where p is a large prime number, p is greater than the total number of voters, and G is a finite cyclic group of order p. G, h are randomly selected elements in G. And selects a hash function H: {0,1}*→{0,1}lWhere l is a security parameter.
2. Proof of knowledge generation
Input y1,y2The prover proves to the verifier: x is logg y1=logh y2. The prover then follows from ZpSelecting a random number t to generate a knowledge proof: c is H (y)1||y2||g||h||gt||ht) And s ═ t-c · x mod p.
3. Knowledge proof verification
The verifier performs verification by the following equation:
Figure BDA0003314612630000101
it can be concluded that if c' is c, the proof of knowledge passes, x is logg y1=logh y2(ii) a Otherwise x is logg y1=1logh y2. In the system scheme of the present invention, we define the proof of knowledge as DLOG (g, y)1)=DLOG(h,y2)。
The specific embodiment is as follows:
as shown in fig. 2, the voting system of the present invention is mainly divided into three stages: system initialization, a voting phase and a scoring phase. During the initialization phase, initial parameters of the system are set. In the voting stage, specific operation is mainly carried out on a certain voting event, and the voting result is displayed after the voting event is finished. The scoring phase begins after a plurality of voting events, and the scoring of the user can be obtained after the scoring phase is finished.
After the initialization of the parameters in the initialization stage is finished, the system enters a voting stage, any member in the system can serve as a voting initiator at the moment to create a brand-new voting event, and the event is stored in a block chain for all people to check. After the voting is initiated, the voter enters a voting link, the voter with authorization can vote to release own opinions, and after the voter selects the vote, the voter can save the vote on the block chain, so that the voter can conveniently sing the vote. When all voters complete the voting or the voting event reaches the deadline, the voter starts to enter the voting link. During the period, each voter plays the vote, the result of each voter is counted and uploaded to the block chain, and the result of the voting event can be obtained by any voter through the calculation result of the voter.
After a number of voting events, anyone may initiate scoring of voters participating in the vote over a period of time, wherein the periods of time during which scoring is initiated between different initiators do not allow for intersection. At the moment, the voter takes out the voting information and the vote results of all voting events in a period of time from the block chain, compares whether the votes cast by each voter are consistent with the final result in sequence, calculates the scoring result and stores the scoring result in the block. Anyone can then also obtain the data from the blockchain.
Step 1: system initialization phase
In the initialization stage, the parameters required in the voting system are mainly initialized and set. When the system starts to operate, a safety parameter lambda is obtained, and then the system outputs G, h, G and p. Where p is a large prime number, p is greater than the total number of voters and can be taken to be more than 1000, and G is a finite cyclic group of order p. G, h are randomly selected elements in group G. The obtained (G, h, G, p) is set to (G, h, G, p) used in the vselgamal encryption, range certification based on the ring signature, and knowledge certification algorithm. Finally, a value q is taken, where q is a prime number that is greater than the maximum number of voters or voting events within a scoring period.
Each participant in the system possesses a pair of public and private keys with signatures. The system can set a plurality of ticket players and realize the (t, n) threshold so as to ensure the integrity of the ticket players. For convenience of description, two voters, named PC and NP, respectively, are assumed in the present invention. Let the private keys of PC and NP be
Figure BDA0003314612630000111
And
Figure BDA0003314612630000112
at this time, can obtain
Figure BDA0003314612630000113
The obtained public keys of the PC and the NP are stored in a block chain through an intelligent contract, so that anyone can verify the authenticity of the data in the subsequent process. The PC and NP know all persons' public keys and their correspondence to specific identities, while the rest of the persons only know all public keys and not their correspondence, which action provides initial anonymity protection.
The invention provides that voters can only vote for or against votes, and the system provides that the value of voted for is 1 and the value of voted for is 0. The rating may be set to any (x, y) when initiating the rating, i.e. voters voting for a match will receive a x rating and voters voting for a non-match will receive a y rating. In the implementation process of the system, for the convenience of implementation, the scoring score (x, y) is set to (2, 1), that is, voters voting for the result will obtain 2 scores, and voters voting for the result not meeting the result obtain 1 score.
Step 2: voting stage
Any one voting stage of the invention comprises three processes, namely initiating voting, voter voting and voter singing. After the voting is initiated, a voting event just starts, and after the vote is finished, the mark that the voting period is formally finished is made, and anyone can check the vote result. The system can enter the scoring phase after multiple votes. Details of the voting phase will be described below.
Step 2.1: initiating a vote
And initiating a voting phase, wherein a new voting event is created by the voting initiator, and the voting event comprises the voting content, the voting deadline, the public key of the authorized voter and the signature of the voting initiator on the voting event. The information of the voting event is stored in the block chain after the intelligent contract verifies that the digital signature is valid.
Step 2.2: voter voting
The voting of the voter can be divided into four steps, firstly, the voter calculates to obtain the encrypted voting data
Figure BDA0003314612630000121
Then to
Figure BDA0003314612630000122
Computing ring signatures
Figure BDA0003314612630000123
Last pair of
Figure BDA0003314612630000124
After digital signature, voting data is obtained
Figure BDA0003314612630000125
And sending the contract to the intelligent contract. The specific scheme is as follows:
step 2.2.1, the voting data is encrypted to realize voting secret
After the voting is initiated, a voting stage is entered, voters with authorization can vote, and encrypted voting data are obtained through calculation
Figure BDA0003314612630000126
Is provided with nvVoting by the first voter to event EjA vote is conducted. During the voting process, the voter viFor voting event EjThe number of tickets that can be cast is vi,jBy schemes setting the voting value vi,jE {0,1 }. The voting information of the voter is encrypted by using vElGamal to realize the secrecy of the voting information. Wherein the operation process is
Figure BDA0003314612630000127
Figure BDA0003314612630000128
Obtaining encrypted voting data
Figure BDA0003314612630000129
In essence, the process of the present invention,
Figure BDA00033146126300001210
is the ciphertext encrypted by vElGamal.
Step 2.2.2, calculating the ring signature to realize the voting validity
Is obtained by
Figure BDA00033146126300001211
Then, the voter calculates the ring signature, and anyone can confirm whether the voting data is valid through a range certification technology based on the ring signature. The voter sets two public keys to (K)PC·KNP,Si,j(K) and (g)PC·KNP,Si,jV (h g)), generating its ring signature
Figure BDA00033146126300001212
The intelligent contract can be verified through the ring signature and the encrypted voting data to ensure the voting information vi,j∈{0,1}。
Step 2.2.3, calculating the digital signature to realize the non-forgeability of the vote
The voter uses the private key of his own signature to generate information for the first two steps
Figure BDA00033146126300001213
Signing to generate corresponding digital signature sigmai,jAnyone can verify whether the digital signature is valid or not, and the impossibility of counterfeiting of the vote is realized. The voting data generated at this time are
Figure BDA00033146126300001214
Step 2.2.4, the intelligent contract verifies the signature validity and stores the voting data
Voter will vote data
Figure BDA00033146126300001215
Is sent toAnd the intelligent contract stores the voting data in the block after verifying that the ring signature and the digital signature are valid, and abandons the voting data if any one of the ring signature and the digital signature is considered to be invalid.
Step 2.3, the person singing the ticket
When voting event EjAfter all voters in the system store votes to the block chain through the intelligent contracts, the voter can conduct the operation of singing the votes. The system adopts a mode of cooperation of a plurality of voters to prevent the voting result from being forged or falsified. As mentioned above, the present invention is provided with two singlers PC and NP. The PC and NP two voters cooperate to count the voting results on the premise of not revealing any voting results. The vote stage is divided into PC vote and NP vote and voting result is obtained.
Step 2.3.1: PC gramophone ticket to obtain Tv,PCAnd computing knowledge proof of the result
First, the first ticket player PC calculates
Figure BDA0003314612630000131
And the result Tv,PCAnd
Figure BDA0003314612630000132
Figure BDA0003314612630000133
together with the proof of knowledge of the intelligent contract. In addition, the PC sends a digital signature of the data to the smart contract. And after receiving the data, the intelligent contract verifies the digital signature and the knowledge proof, the data is stored in the block chain A through verification, the public verifiability is realized, and the voting is finished if the verification fails.
Step 2.3.2: NP singing ticket to obtain Tv,NPAnd computing knowledge proof of the result
Second order singer NP, calculating
Figure BDA0003314612630000134
And the result Tv,NPAnd
Figure BDA0003314612630000135
Figure BDA0003314612630000136
together with the zero knowledge proof of knowledge to be sent to the intelligent contract. Similarly, the NP sends the digital signatures of the data to the intelligent contract, the intelligent contract verifies the digital signatures and knowledge proof after receiving the data, the data are stored on the block chain through verification, the public verifiability is realized, and the voting is finished if the verification fails.
Step 2.3.3: intelligent contract checking and keeping gramophone record result, anyone can pass through Tv,PCAnd Tv,NPObtaining gramophone record results
The ticket-reading operation is completed at both PC and NP, and the result T of the ticket-reading operation is recordedv,PCAnd Tv,NPAfter sending to the intelligent contract, anyone can obtain the contract through calculation
Figure BDA0003314612630000137
Because of the number of votes
Figure BDA0003314612630000138
Is not a large number and the maximum possible value is nvAnd obtaining the value by a brute force cracking method. If it is not
Figure BDA0003314612630000139
If the value is equal to or greater than the threshold, the voting result can be obtained as approval, i.e., resjOtherwise, the voting result is against, i.e. resj=0。
And step 3: scoring stage
The scheme allows anyone to initiate the scoring of voters according to time periods, and the interval for initiating the scoring can be set to be one year or a longer fixed time, but the time periods for any individual to initiate the scoring cannot be crossed. The voter can decide to respond or not respond to the scoring event according to the public key of the scoring initiator, and the system enters a scoring stage after all the voters respond to the scoring event to score votes of all users within a period of time. When the system is designed, the scheme provides that voters vote in accordance with the result and add 2 points, and do not accord with the result and add 1 point.
The calculation of the scoring stage needs to be carried out after a plurality of votes are carried out. If the voting times are too low, the situation that the voter score is equal to the number of voting events and the voter score is 1 can be easily generated, and the result of one-time voting by the voter can be known, so that the voting result is leaked. At this point, without loss of generality, assume that the potential voter being scored is voter ViThe voting event is E1To
Figure BDA0003314612630000141
The scoring phase can be divided into four steps, first pre-computing the voting data, then the PC computes v using random numbersPCProtecting the privacy of voters and calculating the scoring result Te,PCFinally, NP carries out the same operation to calculate the scoring result Te,NPAnd anyone can verify the accuracy of the scoring result, and after the steps are completed, anyone can calculate the score or verify that the score is not manufactured. The method comprises the following specific steps:
step 3.1: precomputing votes
Firstly, the system carries out different pre-calculations on voters' votes according to different voting results. The method comprises the following specific steps:
if the voting result is against, i.e. resjWhen it is 0, then calculate
Figure BDA0003314612630000142
And
Figure BDA0003314612630000143
the following equation can be obtained at this time:
Figure BDA0003314612630000144
Figure BDA0003314612630000145
Figure BDA0003314612630000146
Figure BDA0003314612630000147
after the calculation is completed, two voting situations can occur. If both the voting result and the voter vote are anti-votes, i.e. resjv i,j0, then v 'is known'i,j=q,v″i,j0; otherwise, v'i,j=q+1,v″i,j=q。
If the voting result is approval, resj1, then calculate
Figure BDA0003314612630000148
The following equation can then be obtained:
Figure BDA0003314612630000149
Figure BDA00033146126300001410
Figure BDA00033146126300001411
Figure BDA00033146126300001412
after the calculation is finished, two voting situations also occur. When the voting result and voter vote are all approval, i.e. resj=vi,j1, then v 'is known'i,j=q,v″i,jQ + 1; otherwise, v'i,j=0,v″i,j=q。
Step 3.2: PC scoring and computing knowledge proofs
After obtaining the above operation results, two voters, PC and NP, begin to calculate voter ViAt voting event E1To
Figure BDA0003314612630000151
And (4) carrying out a medium score. First, take u as one satisfying u + neRandom number of < q, ruIs that
Figure BDA0003314612630000152
A random number of (2). PC calculation
Figure BDA0003314612630000153
And v is to bePCAnd the digital signature is sent to the smart contract. NP performing similarity calculation
Figure BDA0003314612630000154
V is to beNPAnd the digital signature is sent to the smart contract. For each voter, PC and NP calculate a new vPCAnd vNP
Then, PC calculates
Figure BDA0003314612630000155
And processing the result Te,PC
Figure BDA0003314612630000156
The zero knowledge proof of (a) is sent to the intelligent contract with a digital signature on the data. After the verification of the intelligent contract, the verification result is stored in the block chain, so that the public verifiability is realized.
Step 3.3: NP scoring and computing knowledge proofs
Finally, NP directly obtains data T through intelligent contractv,PC. NP computation
Figure BDA0003314612630000157
Figure BDA0003314612630000158
The result Te,NP
Figure BDA0003314612630000159
Figure BDA00033146126300001510
The zero knowledge proof of (a) is sent to the intelligent contract with a digital signature on the data. After the verification of the intelligent contract, the verification result is stored in the block chain, so that the public verifiability is realized.
Step 3.4: obtaining a final score
After the PC and NP complete the statistics, anyone can calculate voter V by the following processiVoting for an event E within a certain time period1To
Figure BDA00033146126300001511
Score total score in (1). Before calculating the total score, T needs to be checkede,PCAnd Te,NPZero knowledge proof and validity of digital signatures. Any one of the two is invalid, the scoring result has the possibility of counterfeiting, and the voter fails to score; if the verification passes, according to
Figure BDA00033146126300001512
The SUM is calculated. Here SUM ═ ha·q+b
The voter's total score is then obtained, first a and b. Suppose deltax,yNumber of votes voted for y, x, dxThe number of times x is the result. From the calculation process it can be derived:
uPC+uNP+2(δ0,10,01,1)+(δ0,11,11,0)=a
uPC+uNP+2δ0,11,1=b
since the voting score is divided into two cases of adding 2 and adding 1, it can be known that 0 < a < 3neAnd 0 < b <3ne. Thus, it can be selected from [ a · q + b]Trial maximum in H (3 n)e)2And obtaining the values of a and b. Once the values of a and b are obtained, voter V may be calculatediScore sum of (d) a-b is 2(δ)0,01,1)+(δ0,11,0). a-b exactly means that the vote and the result are the same, and
at this point it can be proven that the voting information is still covert to anyone. The formula that can be obtained is:
Figure BDA0003314612630000161
one knows δ0,δ1A, b, but not known uPC,uNP. For any common member, it has four equations and six unknowns, and apparently cannot yield results.
Whereas for a ticket taker PC, the PC knows delta0,δ1,a,b,uPCAt this time, the PC has four equations and five unknowns, and it is obvious that the result cannot be calculated. The same is true for any other drawer. This addresses the risk that a voter's vote may be revealed when a certain voting result occurs only once.
It is to be understood that the present invention has been described with reference to certain embodiments, and that various changes in the features and embodiments, or equivalent substitutions may be made therein by those skilled in the art without departing from the spirit and scope of the invention. In addition, many modifications may be made to adapt a particular situation or material to the teachings of the invention without departing from the essential scope thereof. Therefore, it is intended that the invention not be limited to the particular embodiment disclosed, but that the invention will include all embodiments falling within the scope of the appended claims.

Claims (8)

1. An electronic voting system based on a block chain is characterized by comprising an ElGamal encrypted deformation module supporting an addition homomorphism, a range certification module based on a ring signature and a knowledge certification module;
the ElGamal encrypted deformation module supporting the addition homomorphism is used for encrypting all votes;
the range proving module based on the ring signature is used for judging whether the used deformed ElGamal encrypted plaintext belongs to {0,1 };
the knowledge proof module is used for verifying the operation of the ticket player, namely, the FlGamal decryption operation.
2. A method of voting using the blockchain-based electronic voting system according to claim 1, comprising the steps of:
step 1: a system initialization stage: initializing and setting parameters required in the voting system;
step 2: a voting stage: carrying out specific operation on the voting event, and displaying a voting result after the voting event is finished; any member in the system can serve as a voting initiator to create a brand-new voting event, and the event is stored on the block chain for all people to check; after initiating the vote, the voter enters a voting link, the voter with authorization can vote to release own opinions, and the voter stores the vote on the block chain after selecting the vote; when all voters complete voting or the voting event reaches the deadline time, the voter starts to enter a vote link; during the period, each voter plays the vote, the result of each voter is counted and uploaded to the block chain, and any person can obtain the result of the voting event through the calculation result of the voter;
and step 3: and (3) grading stage: starting after a plurality of voting events, and obtaining the scores of the users after the scoring stage is finished; anyone may initiate scoring of voters participating in a vote over a period of time, wherein the periods of time during which scoring is initiated between different initiators are not allowed to intersect; at the moment, the voter takes the voting information and the voting result of all voting events in a period of time from the block chain, compares whether the votes cast by each voter are consistent with the final result in sequence, calculates the scoring result and stores the scoring result in the block; anyone can then also obtain the data from the blockchain.
3. The novel electronic voting method based on the block chain according to claim 2, wherein the step 1 comprises the following specific steps:
when the system starts to operate, a safety parameter lambda is obtained, and then G, h, G and p are output by the system; p is a large prime number, p is greater than the total number of voters, G is a finite cyclic group with order p, G, h are elements randomly selected from the group G, and the obtained (G, h, G, p) is set as (G, h, G, p) used in vElGamal encryption, range attestation based on ring signatures and knowledge attestation algorithms; finally, a value q is taken, wherein q is a prime number, and the prime number is larger than the maximum number of all voters or voting events in a scoring period;
each participant in the system has a pair of public and private signature keys; the system can set multiple ticket players and realize (t, n) threshold, supposing that there are two ticket players, named PC and NP respectively, and setting the private keys of PC and NP as
Figure FDA0003314612620000021
And
Figure FDA0003314612620000022
at this time, can obtain
Figure FDA0003314612620000023
The obtained public keys of the PC and the NP are stored in a block chain through an intelligent contract, the PC and the NP know the public keys of all persons and the corresponding relation between the public keys and specific identities, and other persons only know all the public keys without knowing the corresponding relation between the public keys and the identities;
when the voter votes, only votes for or against the votes are stipulated, if the value of the votes for the votes is 1 and the value of the votes for.
4. The novel electronic voting method based on the block chain according to claim 3, wherein the step 2 comprises the following specific steps:
step 2.1: and (3) initiating a vote:
initiating a voting stage, wherein a voting sponsor creates a new voting event, the voting event comprises voting content, voting deadline, an authorized voter public key and a signature of the voting sponsor on the voting event, and the information of the voting event is stored in a block chain after the digital signature of the voting sponsor is verified to be valid by an intelligent contract;
step 2.2: voting by the voter:
the voting of the voter is divided into four steps, firstly, the voter calculates to obtain encrypted voting data
Figure FDA0003314612620000024
Then to
Figure FDA0003314612620000025
Computing ring signatures
Figure FDA0003314612620000026
Last pair of
Figure FDA0003314612620000027
After digital signature, voting data is obtained
Figure FDA0003314612620000028
Sending the contract to an intelligent contract;
step 2.3: the ticket player plays the ticket:
when voting event EjAfter all voters in the system save votes to a block chain through an intelligent contract, a voter can conduct vote operation, a plurality of voters cooperate to conduct vote, two voters PC and NP are arranged, and the two voters PC and NP cooperate to conduct voting results on the premise that any voting results are not leakedLine statistics, wherein the ticket-singing stage is divided into PC ticket-singing, NP ticket-singing and voting result obtaining.
5. A novel block chain-based electronic voting method according to claim 4, wherein the step 2.2 comprises the following specific steps:
step 2.2.1: and (3) encrypting the voting data to realize voting secrecy:
after the voting is initiated, a voting stage is entered, voters with authorization can vote, and encrypted voting data are obtained through calculation
Figure FDA0003314612620000029
Is provided with nvVoting by the first voter to event EjMaking a vote during which the voter viFor voting event EjThe number of tickets that can be cast is vi,jSetting a voting value vi,jE {0,1}, the voting information of the voter is encrypted by using vElGamal, wherein the operation process is
Figure FDA0003314612620000031
Obtaining encrypted voting data
Figure FDA0003314612620000032
Step 2.2.2: calculating a ring signature to realize voting validity:
is obtained by
Figure FDA0003314612620000033
Then, the voter calculates the ring signature, and any person can confirm whether the voting data is valid through the range certification technology based on the ring signature, and the voter sets two public keys to be (K)PC·KNP,Si,j(K) and (g)PC·KNP,Si,jV (h g)), generating its ring signature
Figure FDA0003314612620000034
Intelligent boxThe contract can be verified through the ring signature and the encrypted voting data to ensure the voting information vi,j∈{0,1};
Step 2.2.3: and calculating a digital signature to realize the impossibility of forgery of the vote:
the voter uses the private key of his own signature to generate information for the first two steps
Figure FDA0003314612620000035
Signing to generate corresponding digital signature sigmai,jAnyone can verify whether the digital signature is valid, and the voting data generated at the moment is
Figure FDA0003314612620000036
Step 2.2.4: the intelligent contract verifies the signature validity and saves the voting data:
voter will vote data
Figure FDA0003314612620000037
And sending the voting data to the intelligent contract, and storing the voting data in a block after the intelligent contract verifies that the ring signature and the digital signature are valid, wherein if any one of the ring signature and the digital signature is considered to be invalid, the voting data is abandoned.
6. A novel block chain-based electronic voting method according to claim 5, wherein the step 2.3 comprises the following specific steps:
step 2.3.1: PC gramophone ticket to obtain Tv,PCAnd calculating the result to prove that:
first, the first ticket player PC calculates
Figure FDA0003314612620000038
And the result Tv,PCAnd
Figure FDA0003314612620000039
Figure FDA00033146126200000310
the knowledge proof of the data is sent to the intelligent contract, the PC sends the digital signature of the data to the intelligent contract, the intelligent contract verifies the digital signature and the knowledge proof after receiving the data, the data is stored in the block chain A after the verification is passed, and the voting is finished if the verification is not passed;
step 2.3.2: NP singing ticket to obtain Tv,NPAnd calculating the result to prove that:
second order singer NP, calculating
Figure FDA00033146126200000311
And the result Tv,NPAnd
Figure FDA00033146126200000312
Figure FDA00033146126200000313
the zero knowledge proof is sent to the intelligent contract together, similarly, the NP sends the digital signature of the data to the intelligent contract together, the intelligent contract verifies the digital signature and the knowledge proof after receiving the data, the data are stored on the block chain after the verification is passed, and the voting is finished if the verification is not passed;
step 2.3.3: intelligent contract checking and keeping gramophone record result, anyone can pass through Tv,PCAnd Tv,NPObtaining the ticket result to complete the ticket operation in both PC and NP and to obtain the ticket result Tv,PCAnd Tv,NPAfter sending to the intelligent contract, anyone can obtain the contract through calculation
Figure FDA0003314612620000041
Because of the number of votes
Figure FDA0003314612620000042
Is not a large number and the maximum possible value is nvObtaining the value by a brute force cracking method if
Figure FDA0003314612620000043
If the value is equal to or greater than the threshold, the voting result can be obtained as approval, i.e., resjOtherwise, the voting result is against, i.e. resj=0。
7. The block chain-based novel electronic voting method according to claim 6, wherein the step 3 scoring stage allows anyone to initiate scoring for voters according to time periods, the interval for initiating scoring can be set to be one year or a longer fixed time, but the time periods for any person to initiate scoring cannot be crossed, the voter can decide to respond or not respond to the scoring event according to the public key of the scoring initiator, and after all the voters respond, the system enters the scoring stage to score votes of all users within a period of time, and the voter votes are defined to be matched with the result and added with 2 points, and are not matched with 1 point;
the calculation of the scoring stage needs to be carried out after a plurality of votes are carried out, and the potential voter to be scored is assumed to be the voter ViThe voting event is E1To
Figure FDA0003314612620000044
The scoring stage is divided into four steps, firstly, the voting data is pre-calculated, and then the PC calculates v by using random numbersPCProtecting the privacy of voters and calculating the scoring result Te,PCFinally, NP carries out the same operation to calculate the scoring result Te,NPAnd anyone can verify the accuracy of the scoring result, and after the steps are completed, anyone can calculate the score or verify that the score is not manufactured.
8. The novel electronic voting method based on the blockchain according to claim 7, wherein the scoring stage comprises the following specific steps:
step 3.1: pre-computing the vote:
firstly, pre-calculating votes, and according to different voting results, performing different pre-calculating on voters by a system, specifically as follows:
if the voting result is against, i.e. resjWhen it is 0, then calculate
Figure FDA0003314612620000045
And
Figure FDA0003314612620000046
the following equation can be obtained at this time:
Figure FDA0003314612620000047
Figure FDA0003314612620000048
Figure FDA0003314612620000051
Figure FDA0003314612620000052
after the calculation is completed, two voting situations can occur: if both the voting result and the voter vote are anti-votes, i.e. resj=vi,j0, then v 'is known'i,j=q,v″i,j0; otherwise, v'i,j=q+1,v″i,j=q;
If the voting result is approval, resj1, then calculate
Figure FDA0003314612620000053
The following equation can then be obtained:
Figure FDA0003314612620000054
Figure FDA0003314612620000055
Figure FDA0003314612620000056
Figure FDA0003314612620000057
after the calculation is completed, two voting situations also occur: when the voting result and voter vote are all approval, i.e. resj=vi,j1, then v 'is known'i,j=q,v″i,jQ + 1; otherwise, v'i,j=0,v″i,j=q;
Step 3.2: PC scoring and calculation of knowledge proof:
after obtaining the above operation results, two voters, PC and NP, begin to calculate voter ViAt voting event E1To
Figure FDA0003314612620000058
A median score, first, taking u as one satisfying u + neRandom number of < q, ruIs that
Figure FDA0003314612620000059
A random number, PC calculation
Figure FDA00033146126200000510
And v is to bePCAnd the digital signature is sent to an intelligent contract, and NP carries out similar calculation
Figure FDA00033146126200000511
V is to beNPAnd the digital signature is sent to the intelligent contract, and a new v is calculated for each voter, PC and NPPCAnd vNP
Then, PC calculates
Figure FDA00033146126200000512
And processing the result Te,PC
Figure FDA00033146126200000513
The zero knowledge proof and the digital signature of the data are sent to an intelligent contract, and the intelligent contract is verified and then stored on a block chain to realize the public verifiability;
step 3.3: NP scoring and computing knowledge proofs:
finally, NP directly obtains data T through intelligent contractv,PCNP calculation
Figure FDA00033146126200000514
Figure FDA0003314612620000061
The result Te,NP
Figure FDA0003314612620000062
Figure FDA0003314612620000063
The zero knowledge proof and the digital signature of the data are sent to an intelligent contract, and the intelligent contract is verified and then stored on a block chain to realize the public verifiability;
step 3.4: obtaining a final score:
after the PC and NP complete the statistics, anyone can calculate voter V by the following processiVoting for an event E within a certain time period1To
Figure FDA0003314612620000064
To getDividing the total score, and checking T before calculating the total scoree,PCAnd Te,NPZero knowledge proof and validity of digital signature, if verified, based on
Figure FDA0003314612620000065
Figure FDA0003314612620000066
The SUM is calculated, where SUM is ha·q+b
Next, the voter's total score is obtained, first a and b, assuming δx,yNumber of votes voted for y, x, dxFor the number of times the result is x, it is deduced from the calculation:
uPC+uNP+2(δ0,10,01,1)+(δ0,11,11,0)=a
uPc+uNP+2δ0,11,1=b
since the voting score is divided into two cases of adding 2 and adding 1, it can be known that 0 < a < 3neAnd 0 < b < 3neFrom [ a.q + b]Trial maximum in H (3 n)e)2Once the values of a and b are obtained, the voter V can be calculatediScore sum of (d) a-b is 2(δ)0,01,1)+(δ0,11,0) A-b represent that the vote and the result are the same, and
at this time, it can be proved that the voting information is still secret to anyone, and the obtained formula is as follows:
Figure FDA0003314612620000067
one knows δ0,δ1A, b, but not known uPC,uNPFor any common member, the member has four formulas and six unknowns, and cannot obtain a result; for the ticket player PCSay, PC knows δ0,δ1,a,b,uPCAt this time, the PC has four formulas and five unknowns, and the result cannot be calculated, so the method is also similar to any other ticket player.
CN202111226808.8A 2021-10-21 2021-10-21 Electronic voting system and method based on block chain Pending CN114005217A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111226808.8A CN114005217A (en) 2021-10-21 2021-10-21 Electronic voting system and method based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111226808.8A CN114005217A (en) 2021-10-21 2021-10-21 Electronic voting system and method based on block chain

Publications (1)

Publication Number Publication Date
CN114005217A true CN114005217A (en) 2022-02-01

Family

ID=79923402

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111226808.8A Pending CN114005217A (en) 2021-10-21 2021-10-21 Electronic voting system and method based on block chain

Country Status (1)

Country Link
CN (1) CN114005217A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114520728A (en) * 2022-04-21 2022-05-20 之江实验室 Distributed anonymous marking method and system
CN114978517A (en) * 2022-07-27 2022-08-30 西南石油大学 Electronic voting method based on intelligent contract and distributed Elgamal algorithm

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101908677B1 (en) * 2017-09-29 2018-10-16 숭실대학교산학협력단 System and method for managementing electronic vote using blockchain
CN110224993A (en) * 2019-05-16 2019-09-10 暨南大学 Anonymous Electronic Voting method and system of calling to account based on block chain
CN110473332A (en) * 2019-08-23 2019-11-19 上海理工大学 It is a kind of based on the facial expression of recognition of face and block chain technology vote assessment system
CN110555933A (en) * 2019-07-31 2019-12-10 中钞信用卡产业发展有限公司杭州区块链技术研究院 Electronic voting method, device, equipment and computer storage medium
US20210075599A1 (en) * 2018-06-11 2021-03-11 Douglas J. Pepe Blockchain voting system and method with audit trail verification
CN113381991A (en) * 2021-06-04 2021-09-10 福州大学 Electronic voting system and method based on block chain

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101908677B1 (en) * 2017-09-29 2018-10-16 숭실대학교산학협력단 System and method for managementing electronic vote using blockchain
US20210075599A1 (en) * 2018-06-11 2021-03-11 Douglas J. Pepe Blockchain voting system and method with audit trail verification
CN110224993A (en) * 2019-05-16 2019-09-10 暨南大学 Anonymous Electronic Voting method and system of calling to account based on block chain
CN110555933A (en) * 2019-07-31 2019-12-10 中钞信用卡产业发展有限公司杭州区块链技术研究院 Electronic voting method, device, equipment and computer storage medium
CN110473332A (en) * 2019-08-23 2019-11-19 上海理工大学 It is a kind of based on the facial expression of recognition of face and block chain technology vote assessment system
CN113381991A (en) * 2021-06-04 2021-09-10 福州大学 Electronic voting system and method based on block chain

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
孙萌;王昀飚;: "基于区块链的可追踪匿名电子投票方案", 网络空间安全, no. 09, 25 September 2019 (2019-09-25), pages 85 - 91 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114520728A (en) * 2022-04-21 2022-05-20 之江实验室 Distributed anonymous marking method and system
CN114520728B (en) * 2022-04-21 2022-08-05 之江实验室 Distributed anonymous marking method and system
CN114978517A (en) * 2022-07-27 2022-08-30 西南石油大学 Electronic voting method based on intelligent contract and distributed Elgamal algorithm
CN114978517B (en) * 2022-07-27 2022-10-21 西南石油大学 Electronic voting method based on intelligent contract and distributed Elgamal algorithm

Similar Documents

Publication Publication Date Title
CN109523683B (en) Anonymous electronic voting method based on block chain technology
Ateniese et al. Efficient group signatures without trapdoors
Grewal et al. Du-vote: Remote electronic voting with untrusted computers
CN110912705B (en) Distributed electronic voting method and system based on block chain
Damgård et al. Unclonable group identification
KR102187294B1 (en) System and method for providing secret electronic voting service based on blockchain
Au et al. Compact e-cash from bounded accumulator
CN114005217A (en) Electronic voting system and method based on block chain
CN114255034A (en) Electronic voting method capable of verifying fairness based on block chain
CN113381991B (en) Electronic voting system and method based on block chain
CN114866259B (en) Block chain controlled traceable identity privacy method based on secret sharing
Kremer et al. To du or not to du: A security analysis of du-vote
CN110867012A (en) Method, device and system for de-centering electronic voting based on intelligent contract and storage medium
CN110719168B (en) Hierarchical anonymous voting method based on block chain
I͡Ashchenko Cryptography: An Introduction: An Introduction
Simmons A protocol to provide verifiable proof of identity and unforgeable transaction receipts
Xue et al. ACB-Vote: Efficient, Flexible, and Privacy-Preserving Blockchain-Based Score Voting with Anonymously Convertible Ballots
CN112422294B (en) Anonymous voting method and device based on ring signature, electronic equipment and storage medium
Asaar et al. A Novel Strong Designated Verifier Signature Scheme without Random Oracles
CN114677794A (en) Electronic voting method based on block chain
Su et al. Secure blockchain-based electronic voting mechanism.
Huang et al. Ambiguous optimistic fair exchange: Definition and constructions
Lu et al. Self-tallying e-voting with public traceability based on blockchain
Lijuan et al. Electronic Voting Scheme Based on Blockchain and SM2 Cryptographic Algorithm Zero-Knowledge Proof
Sheikhi et al. Receipt-Free Electronic Voting from zk-SNARK

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination