CN114333137A - Anonymous and stress-resistant electronic voting system based on partial blind signature and block chain - Google Patents
Anonymous and stress-resistant electronic voting system based on partial blind signature and block chain Download PDFInfo
- Publication number
- CN114333137A CN114333137A CN202111541386.3A CN202111541386A CN114333137A CN 114333137 A CN114333137 A CN 114333137A CN 202111541386 A CN202111541386 A CN 202111541386A CN 114333137 A CN114333137 A CN 114333137A
- Authority
- CN
- China
- Prior art keywords
- voter
- vote
- key
- identity
- voting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention belongs to the technical field of block chains, and particularly relates to an electronic voting system based on partial blind signatures and a block chain technology. The invention mainly serves a block chain technology, researches and analyzes the vulnerability of the electronic voting protocol proposed by Zaghloul and the like in the anonymity aspect, integrates partial blind signature based on identity into the electronic voting protocol which is novel anonymity and stress-resistant and is applied to an electronic voting system, and solves the inconvenience that the original electronic voting protocol needs to realize anonymity by carrying out safe multi-political-party calculation through different political parties and the potential threat vulnerability. The electronic voting protocol is mainly divided into 7 participants, namely a voter, a registrar, an authentication mechanism, a host, a election candidate, a block chain network and a vote counting mechanism.
Description
Technical Field
The invention belongs to the technical field of block chains, and particularly relates to an anonymous and stress-resistant electronic voting system based on partial blind signatures and a block chain.
Background
The election committee publishes the election activity through the central voting system, voters with the election right can vote through the central voting system, the election committee completes the vote counting work, and the voting activity is broadcasted through the central voting system and all votes are collected. However, the single-point centralized voting system bears a great risk, and not only the voting event needs to be issued, but also a huge database is needed to store the voting information and the like, so that the voting system is at risk of breakdown or attack by illegal persons. It can be seen that the conventional electronic voting system relies heavily on a centralized platform for issuing voting campaigns and storing votes, which cannot guarantee the voting security, and the centralized voting system inevitably faces all risks of single-point failure.
If it is desired to completely replace conventional voting with electronic voting, a completely secure electronic voting system is required, otherwise it is difficult to replace it. While a mature and secure electronic voting system needs to satisfy the following 7 basic characteristics:
(1) integrity: in all votes, the system only counts all valid votes;
(2) legitimacy: the legal voter after identity authentication can participate in the voting activity to vote;
(3) fairness: the voting result is just and just, and the final result cannot be controlled by any thing;
(4) uniqueness: legitimate voters enjoy only one opportunity to exercise the voting rights;
(5) verifiability: the voter can check whether the vote takes effect or not and verify whether the vote is successfully counted in the voting result or not;
(6) anonymity: the voter cannot be confirmed through voting, and only the voter can know the voting of the voter by other people;
(7) stress resistance: the duress voter asks the duress voter to vote in a particular way, however the duress voter cannot determine whether the voter obeys the demand vote.
In recent years, blockchain technology has grown, and new blockchain technology provides distributed, transparent, and non-tamperproof distributed ledgers. All nodes are interconnected to form a blockchain network, accounts are commonly maintained by all nodes, all transactions in the blockchain network are stored, and the transactions are verified by the whole network according to a specified consensus protocol. Secondly, the intelligent contracts on the blockchain can be automatically and safely executed, and all message transmission and relevant calculation can be processed reliably. Therefore, it can be seen that the blockchain can be well applied to satisfy the above characteristics, so that many scholars try to apply the blockchain to the electronic voting by using different methods, and the blockchain is combined with the electronic voting to realize a safe electronic voting system.
For the anonymity problem, the learner uses the characteristics of the block chain to solve, and the learner also uses the techniques such as group signature and blind signature to solve. Blind signatures are a special type of digital signatures, and the signer will not be able to see the specific content of the signature. However, the signature which is "blind" has a great hidden danger, and the signature is probably misused by the user, so that a partial blind signature is produced, namely, the signer is allowed to add public information which is negotiated with the user in advance when signing, and the public information is embedded into the blind signature, so that the user is prevented from providing illegal information or abusing rights. The method not only protects the privacy of the user and realizes the anonymity, but also effectively limits the authority range of the user. Islam et al propose an Identity-Based Partial Blind Signature (IB-PBS) scheme. However, this solution is not completely secure and public information may also be attacked. Therefore, it is very important to design an efficient and safe IB-PBS scheme. However, public information needs to be prevented from being replaced by attacks, and the safety of the public information is guaranteed.
In summary, the present invention provides a new electronic voting protocol based on the block chain technique and using the identity-based partial blind signature and AES symmetric encryption technique. The method does not depend on reliable statistical authority, votes are stored in a distributed mode through the block chain, the intelligent contract is triggered and operated through the votes to ensure that the voting result is recorded on the block chain, and the block chain is used as an open bulletin board, so that the method is beneficial to solving the serious problems that voters vote doubly, influence the voting result through manipulation, resist stress and the like. The scheme based on Y.Jiang et al provides a new efficient and safe IB-PBS scheme, the scheme is adjusted and applied to an electronic voting system in a proper and ingenious mode, anonymity is achieved through ingenious combination, and the leading-edge scheme can also protect the safety of public information so that the public information is not attacked.
Disclosure of Invention
The invention aims to provide an anonymous and stress-resistant electronic voting system based on a partial blind signature and a block chain, aims at the defect that an electronic voting protocol proposed by Zaghloul and the like has anonymity, integrates a new anonymous and stress-resistant electronic voting protocol proposed by a partial blind signature based on identity, and is actually applied to the electronic voting system. The inconvenience and the potential threat loophole that the original electronic voting protocol needs to be subjected to safe multi-political-party calculation through different political parties to realize anonymity are solved.
The invention provides an anonymous and stress-resistant electronic voting system based on a partial blind signature and a block chain, which comprises a voter, a registrant, a certification authority, a moderator, election candidates, a block chain network and a vote counting authority, wherein:
the voter is a collection of qualified voters who are granted voting rights in the election vote: { viE is gamma |1 is more than or equal to i is less than or equal to n, and v is usediRepresenting a voter;
the registrar, an entity, generates a unique, random digital vote, and shares it anonymously with the voter for use
Represents a registrar;
the certification authority is an entity for avoiding registrars
Both for registration and authentication, the rights are too centralized, so that to achieve decentralization a certificate authority CA is added, which will address voters viPerforming identity-based partial blind signature authenticationVoter viA new public and private key pair is obtained to realize anonymity, and a CA can be used for representing a certification authority;
the host, being a separate entity, is responsible for voting the voter viAre subject to secondary encryption hiding and are anonymously enabled to send registrant encrypted votes for
Representing a presenter;
the election candidate, people or things, can all be used as election candidates, namely qualified candidates who can participate in the election voting, and are stored and expressed by a set: { candkE.g., C |1 is more than or equal to k is less than or equal to m }, and cankRepresents a candidate;
the blockchain network is an untrusted peer-to-peer P2P network serving as a blockchain network, maintains a publicly accessible blockchain and can run election intelligent contracts;
the ticket counting mechanism is used as a trusted third party and is used for counting tickets after the voting stage is finished;
the electronic voting system specifically operates as follows:
(1) voter registration phase, voter registration, refers to the voter registering with a registrar
A preliminary stage of proving whether the voter is qualified or not and proving the voting qualification; the voter provides the necessary evidence for the election provision, once enrolled
Confirming qualification, registrant
The voter will be added to the qualified voter set γ:
(1.1) registrar key generation: registrant
A pair of signing key pairs is required to sign and authenticate the voter identity when the qualified voter is added to the set of qualified voters gamma; registrant
Randomly selecting a key
(
Is a set of integers from 1 to p-1) and computes the corresponding public key as
Get the registrant
Signature key pair (x)r,yr);
(1.2) voter key generation and registration: voter viMust possess a voting key pair corresponding to its election identity, and so voter viRandomly selecting a key
And calculates the corresponding public key as
Obtaining the voting key pair (x) of the voteri,yi) (ii) a In order to perform voter registration, the voter and registrar need to share their respective public keys;
(1.3) signing the voter public key: in order to grant the voter's voting right, the registrar first verifies the voter's qualification and then signs the registrar's public key before adding the qualified voter to the qualified voter's set; random selection of u by registrantiWherein 1 < ui< p-1 and gcd (u)iP-1) (gcd means maximum common factor), and then calculated as follows:
wherein: g is
Is generated by the one of the generators of (1),
is a publicly selectable multiplication loop group, p is the prime order of the multiplication loop group, and Hash is a Hash function, (w)i,si) Is a signature, uiIs a random number, xrIs the registrar key, yiIs the voter public key; at the end of the voter registration phase, the registrar
Publishing a qualified voter set;
(2) the voter identity authentication and new identity acquisition stage authenticates the identity and takes the new identity, which means that the voter proves whether the voter is a qualified voter or not to an authentication authority CA, so as to prove the voting qualification of the voter, and blind signature is carried out on the new identity of the voter after the authentication is passed;
(2.1) setting system parameters: firstly, generating system parameters:
(2.1.1.) A quadruple F is selectedρ,E/FρG, P }; where ρ is a prime number of k bits; fρIs a prime field of order q; E/FρIs a set of points of an elliptic curve; g is a group of addition cycles on the elliptic curve; p is the generator of G;
(2.1.2.) random selection
For computing the system master private key, PPubAs the main part of the systemA public key;
(2.1.3.) three hash functions are selected:
wherein:
is an integer from 1 to p, {0, 1}* Represents 0 or 1, G is a group of addition cycles on the elliptic curve; (2.1.4) finally, storing the system master private key x in a secret way and outputting global system parameters:
wherein: E/FρIs a set of points of an elliptic curve; g is a group of addition cycles on the elliptic curve; p is the generator of G, FρIs a prime field of order q, PPubIs the master public key of the system, H0,H1,H2Represents three hash functions;
(2.2) key extraction: the step is mainly to generate a public and private key pair of a certificate authority CA (certificate Authority) so as to carry out blind signature at the back, and the method specifically comprises the following two steps:
(2.2.1) certificate Authority CA ID its identityCATransmitted to PKGs via a secure channel, and then the PKG randomly selects one
And the following calculations were performed:
RCA=rCAP#(18)
hCA=H0(IDCA,RCA)#(19)
wherein: p is the generator of G, rCAIs that
Random number of (1), H0Is a hash function, IDCAIs the identity of the certification authority; (2.2.2.) Recalculation of the private key dCA=rCA+hCAx; the trusted third party PKG will (d)CA,RCA) Transmitted to the certification authority CA via a secure channel and the public key P of the certification authority CACA=RCA+hCAPPub(ii) a The certification authority CA determines whether to receive (d) based on the judgment of whether the following equation stands upCA,RCA) If not, the receiving is not carried out;
PCA=dCAP=RCA+hCAPPub#(20)
wherein: rCA、hCAIs an intermediate parameter, P, calculated in the preceding stepPubIs the master public key of the system;
(2.3) identity-based partial blind signature: the identity of the certification authority is IDCAThe identity of the voter being IDiThe message m that needs to be blind signed is { x ═ xi′,yi′Is the new identity of the voter
The common information agreed by the certificate authority CA and the voter is C ═ yi,(wi,si) Then go through the following steps:
(2.3.1) it is visible first because C is public information, when voter viAfter the public information is sent to the certification authority CA, the CA can certify whether the following equation is valid, if yes, the voter v is describediIf the voter is a legal voter, if the voter is not a legal voter, the voter is illegal to execute the subsequent steps;
wherein: y isiIs the public key of the voter, (w)i,si) Is a registrar generated signature pair, p is a prime number;
(2.3.2) after the first step of authentication, the certification authority CA will randomly select a number
Then calculating S ═ H2(C)[PCA+sP]The certification authority CA will (S, R)CA) Sending the identity authentication information to a voter v needing to authenticate the identity and obtain a new identityi;
(2.3.3) when voter viReceiving (S, R)CA) After, viWill randomly select three numbers
And calculating:
E=αS+βP+γ[RCA+H0(IDCA,RCA)PPub]=αS+βP+γPCA#(22)
l=H1(m,E,C)#(23)
g=α-1(γ+l)+H2(C)#(24)
wherein: alpha, beta, gamma are three random numbers, H0、H1、H2All are hash functions, and C is public information;
the voter sends g to the certification authority CA;
(2.3.4) when the certification authority CA receives g, the calculation δ ═ gd is calculatedCA+sH2(C) And sending δ back to the voter;
(2.3.5) voter viAfter receiving delta, calculating epsilon as alpha delta + beta, and finally obtaining the final partial blind signature based on identity as lambda as (m, C, R)CA,E,ε);
(3) A voter vote acquisition phase, wherein the voter acquires a vote,
(3.1) vote generation: registrant
Generating n unique random digital votes
And digitally signing the votes by using an EIGamal digital signature scheme; for the signature sets
Represents; then to the collection
Carrying out pi replacement:
wherein:
is a signature set;
(3.2) voter rearrangement: host person
As an intermediary, among voters viHelp when requesting to get votes viThe new identity i' is encrypted twice and the hidden identity viAnd help achieve stress resistance;
a set of one-time permutations σ of N unique numbers is generated:
performing a secondary scrambling sequence to prevent voters viThe new identity i' of is also revealed;
(3.3) certificate authority signature verification: voter viFirstly, the blind signature λ of the authentication structure CA obtained in the authentication stage is (m, C, R)CA,E,E) since the information of m includes voter viA new public and private key pair, and therefore cannot be directly exposed to
The public information C comprises viInitial public key and registrar
And therefore cannot be directly exposed to
Therefore, it is necessary to produce λ' ═ (H) by the following processing1(m,E,C),RCAE, epsilon) to the host
And (3) signature authentication is carried out: judging the equality E + H1(m,E,C)PCAWhether the verification is true or not indicates that the verification passes and the following flow can be continuously executed if the verification is true, and the verification fails if the verification is not true;
(3.4) new identity obfuscation of voters: after the authentication is passed, the voter viWill move to
Passing its new public key y'i,
Randomly selecting a number
And calculate out
Wherein: g is
One generator of, x'iFor the new private key of the voter, p is the prime order of the multiplicative cyclic group, biIs a blurring factor; (3.5) vote distribution and encryption: registrant
Receipt via the host
The forwarded voter get vote request, which includes σ (i') and y ″)i(ii) a After receiving
Votes are randomly allocated to anonymous voters in the following manner: baliPi (sigma (i')), in the ballot baliBy passing
Before being sent to the voter, the voter may,
an encryption key k is usediAnd (3) encrypting the ballot:
wherein:
is a random number, x'iFor the new private key of the voter, p is the prime order of the multiplicative cyclic group, biAs a blurring factor, g is
Is generated by the one of the generators of (1),
is a publicly selectable multiplication loop group; and (3) encrypting the ballot:
wherein: AES-Enc is the AES symmetric encryption algorithm, kiIs a symmetric encryption key, baliFor unencrypted ballots, which enables
The votes are distributed to the voters anonymously, and the content of the votes is encrypted and invisible to the host; for this purpose, an ephemeral key is generated
And allows the voter to regenerate the encryption key k when decrypting the balloti;
And (3.6) encrypted vote transmission: host person
Receiving a secret key QiAnd encrypted vote ebaliThen, b can be calculated for the voteriA ciphertext will be computed:
wherein: biIs a random number of the new identity ambiguity phase of the voter,
is also a random number, y'iFor the new public key of the voter, g is
A generator of (2);
(3.7) obtaining votes: voter viReceiving host
Transmitted ciphertext ebiThen firstly passes through the ciphertext ebiCalculate the followingMachine number:
wherein: y'iIs the new public key of the voter, x'iNew private key for voter, rmIs a random number, g is
A generator of (2);
the voter then bases on the secret key QiRegenerating symmetric encryption keys
Finally decipher out
Wherein AES-Dec is a decryption method of AES;
(4) the voter voting stage, voter voting, means that the voter who has obtained the vote can perform the voting,
and (4.1) vote encryption: the voter first encrypts the vote associated with the vote, using the registrar
Of (2) a public key
And the host
Of (2) a public key
Encryption, denoted BiAs follows:
wherein: v is followingNumber of machine selection and
in order to be the public key of the registrar,
for the moderator's public key, T stands for T ═ baliVote in T means the bit sequence Vote of all candidates ═ cand (cand)1,cand2,cand3,…,candm) Corresponding to the expression:
wherein: candiRepresenting the corresponding candidate;
(4.2) submitting a vote: voter viIntelligent contract SC for triggering election votingvoteAnd encrypting the output ballot of the ballot encryption stage to (c)3,c4) Integration BiAs input to a smart contract; due to the characteristics of the intelligent contract, once the intelligent contract runs, the running result is added into the block chain, and the vote is permanently stored;
(5) the ticket counting mechanism counts the tickets, and after the voting stage is finished, the ticket counting mechanism counts the tickets; the vote counting mechanism collects the votes that appear on the blockchain at this stage, step 10 in fig. 2, for validation and counting; the detailed resolution is described as follows:
preparing a table: for authentication, registrant
Will disclose his keys
(registry is disclosed herein)
Does not pose a risk to the security of the protocol because of the registrant
The key is used for decrypting and counting votes in the voter registration stage and the vote counting stage, and the registrant after the voter registration
The qualified voter set is published by itself, and the key is subsequently disclosed
Also, there is no problem, and a new public-private key pair is regenerated each time the registrant elects), and similarly, a public host is also required
Is a key of
Only used for decrypting the ticket counting in the ticket counting stage, and a new public and private key pair can be regenerated by the election host each time; and registrant
A new permutation of γ is also disclosed:
including all votes allocated to the voter during the voter's vote acquisition phase, the tally mechanism will decrypt the votes on the blockchain as follows:
wherein: (c)3,c4) For the encrypted ballot after the vote is cast,
in order to be the public key of the registrar,
in order to be the host's public key,
in order for the registrar's private key to be,
a host private key;
if baliIf the voter belongs to gamma, the vote counting mechanism will check the voting bit sequence attached to the votes and correspondingly increase the number of votes corresponding to the voters cast;
(6) the voter verification vote stage is used for verifying whether the final voting result contains the votes of the voters; at the end of the tally phase of the tally mechanism, the tally mechanism publishes the election results on the blockchain. Each election will publish a corresponding vote as a proof of the validity of the result; voters can confirm that their own votes were cast and counted.
The invention has the beneficial effects that: the invention discovers the anonymity loophole of the electronic voting protocol based on the prior electronic voting protocol, introduces a partial blind signature algorithm based on identity to realize the safety anonymity, takes a block chain as a publicity board which can be accessed in a public way and is prevented from being tampered, and adopts AES symmetric key encryption to vote to ensure the stress resistance, thereby providing a safe electronic voting system.
Drawings
FIG. 1 is a system model diagram.
Fig. 2 is a diagram of a voting flow timing diagram.
FIG. 3 is a system architecture diagram.
Fig. 4 is a functional block diagram of the system.
Fig. 5 is a diagram of the voter authentication and acquisition of new identity phase.
Fig. 6 is a graph comparing average time consumption for voting encryption and decryption under different key sizes.
Fig. 7 is a graphical representation of the time taken for voting encryption and decryption under different ballot numbers.
FIG. 8 is a graphical representation of the overall time consumption for each algorithm model execution.
Detailed Description
The invention is further illustrated by the following examples in conjunction with the accompanying drawings.
Example 1: fig. 2 is a schematic diagram of the voting process applied to the electronic voting system, and the whole voting process is summarized as 11 steps and divided into six stages. The voting is divided into six stages in total, and the six stages are respectively: voter registration, voter identity authentication and acquisition of new identity, voter acquisition, voter voting, vote counting by a vote counting mechanism, and voter verification vote. Each stage is further subdivided into different steps:
1. the voter registration stage, voter registration, refers to the voter registering with the registrar
And a preliminary stage of proving whether the voter is qualified or not and proving the voting qualification. The voter provides the necessary evidence for the election provision, once enrolled
Confirming qualification, registrant
The voter is added to the qualified voter set y, two steps 1, 2 in figure 2 at this stage. The detailed resolution is described as follows:
(1) registrar key generation: registrant
A pair of signing keys is required to sign the identity of the qualified voter when it is added to the set of qualified voters gamma. Registrant
Randomly selecting a key
And calculates the corresponding public key as
Get the registrant
Signature key pair (x)r,yr);
(2) Voter key generation and registration: voter viMust possess a voting key pair corresponding to its election identity, and so voter viRandomly selecting a key
And calculates the corresponding public key as
Obtaining the voting key pair (x) of the voteri,yi). In order to perform voter registration, the voter and registrar need to share their respective public keys;
(3) signing the voter public key: to grant the voter voting authority, the registrar first verifies the voter's qualification and then signs the registrar's public key before adding the qualified voter to the set of qualified voters. Random selection of u by registrantiWherein 1 < ui< p-1 and gcd (u)iP-1) (gcd means maximum common factor), and then calculated as follows:
wherein g is
One is bornThe element is formed by the components of the raw materials,
is a publicly selectable multiplication loop group, p is the prime order of the multiplication loop group, and Hash is a Hash function, (w)i,si) Is a signature, uiIs a random number, xrIs the registrar key, yiIs the public key of the voter. At the end of the voter registration phase, the registrar
A set of qualified voters will be published.
2. The voter identity authentication and new identity acquisition stage authenticates the identity and takes the new identity, which means that the voter proves whether the voter is a qualified voter or not to a certification authority CA, so as to prove the voting qualification, and blind signature is carried out on the new identity of the voter after the certification is passed. The 3, 4 steps in fig. 2 are in this stage. The detailed resolution is described as follows:
(1) setting system parameters: firstly, generating system parameters:
(1.1) selecting a quadruple { F }ρ,E/FρG, P }. Where ρ is a prime number of k bits; fρIs a prime field of order q; E/FρIs a set of points of an elliptic curve; g is a group of addition cycles on the elliptic curve; p is the generator of G;
(1.2) random selection
For computing the system master private key, PPubxP is used as a main public key of the system;
(1.3.) three hash functions are selected:
wherein:
is an integer from 1 to p, {0, 1}*Represents any number of 0 or 1, and G is a group of addition cycles on the elliptic curve.
(1.4) finally, storing the system master private key x in a secret way and outputting global system parameters:
wherein: E/FρIs a set of points of an elliptic curve; g is a group of addition cycles on the elliptic curve; p is the generator of G, FρIs a prime field of order q, PPubIs the master public key of the system, H0,H1,H2Representing three hash functions.
(2) Key extraction: the step is mainly to generate a public and private key pair of a certificate authority CA (certificate Authority) so as to carry out blind signature at the back, and the method specifically comprises the following two steps:
(2.1) certificate Authority CA ID its identityCATransmitted to PKGs via a secure channel, and then the PKG randomly selects one
And the following calculations were performed:
RCA=rCAP#(18)
hCA=H0(IDCA,RCA)#(19)
wherein: p is the generator of G, rCAIs that
Random number of (1), H0Is a hash function, IDCAIs the identity of a certification authority
(2.2) recalculating the private key dCA=rCA+hCAx. The trusted third party PKG will (d)CA,RCA) Transmitted to the certification authority CA via a secure channel and the public key P of the certification authority CACA=RCA+hCAPPub. The certification authority CA determines whether to receive (d) based on the judgment of whether the following equation stands upCA,RCA) And if the reception is not successful, the reception is not carried out.
PCA=dCAP=RCA+hCAPPub#(20)
Wherein: rCA、hCAIs an intermediate parameter, P, calculated in the preceding stepPubIs the master public key of the system.
(3) Identity-based partial blind signatures: the identity of the certification authority is IDCAThe identity of the voter being IDiThe message m that needs to be blind signed is { x ═ xi′,yi′Is the new identity of the voter
The common information agreed by the certificate authority CA and the voter is C ═ yi,(wi,si) Then go through the following steps:
(3.1) first, since C is public information, it is visible when voter viAfter the public information is sent to the certification authority CA, the CA can certify whether the following equation is valid, if yes, the voter v is describediIf the voter is a legal voter, if the voter is not a legal voter, the voter is illegal to execute the subsequent steps;
wherein: y isiIs the public key of the voter, (w)i,si) Is a signature pair generated by a registrar and p is a prime number.
(3.2) after the first step of authentication, the certification authority CA will randomly select a number
Then calculating S ═ H2(C)[PCA+sP]The certification authority CA will (S, R)CA) Sending the identity authentication information to a voter v needing to authenticate the identity and obtain a new identityi;
(3.3) when voter viReceiving (S, R)CA) After, viWill randomly select three numbers
And calculate
E=αS+βP+γ[RCA+H0(IDCA,RCA)PPub]=αS+βP+γPCA#(22)
l=H1(m,E,C)#(23)
g=α-1(γ+l)+H2(C)#(24)
Wherein: alpha, beta, gamma are three random numbers, H0、H1、H2Are all hash functions and C is public information.
The voter sends g to the certification authority CA;
(3.4) when the certification authority CA receives g, the δ ═ gd is calculatedCA+sH2(C) And sending δ back to the voter;
(3.5) voter viAfter receiving delta, calculating epsilon as alpha delta + beta, and finally obtaining the final partial blind signature based on identity as lambda as (m, C, R)CA,E,ε)。
3. The voter acquires the ballot phase, the voter acquires the ballot, and the four steps 5, 6, 7 and 8 in fig. 2 are in this phase. The detailed resolution is described as follows:
(1) vote generation: registrant
Generating n unique random digital votes
And applies these votes using the ElGamal digital signature schemeAnd (6) digitally signing. For the signature sets
And (4) showing. Then to the collection
Carrying out pi replacement:
wherein:
is a set of signatures.
(2) Voter re-ranking: host person
As an intermediary, among voters viHelp when requesting to get votes viThe new identity i' is encrypted twice and the hidden identity viAnd help achieve stress resistance.
A set of one-time permutations σ of N unique numbers is generated:
performing a secondary scrambling sequence to prevent voters viThe new identity i' of is also revealed;
(3) and (3) signature verification of a certificate authority: voter viFirstly, the blind signature λ of the authentication structure CA obtained in the authentication stage is (m, C, R)CAE, E) since the information of m includes voter viA new public and private key pair, and therefore cannot be directly exposed to
The public information C comprises viInitial public key and registrar
And therefore cannot be directly exposed to
Therefore, it is necessary to produce λ' ═ (H) by the following processing1(m,E,C),RCAE, epsilon) to the host
And (3) signature authentication is carried out: judging the equality E + H1(m,E,C)PCAWhether the verification is true or not indicates that the verification passes and the following flow can be continuously executed if the verification is true, and the verification fails if the verification is not true;
(4) new identity obfuscation of voters: after the authentication is passed, the voter viWill move to
Passing its new public key y'i,
Randomly selecting a number
And calculate out
Wherein: g is
One generator of, x'iFor the new private key of the voter, p is the prime order of the multiplicative cyclic group, biIs a blurring factor.
(5) Vote distribution and encryption: registrant
Receipt via the host
The forwarded voter get vote request, which includes σ (i') and y ″)i. After receiving
Votes are randomly allocated to anonymous voters in the following manner: baliPi (sigma (i')), in the ballot baliBy passing
Before being sent to the voter, the voter may,
an encryption key k is usediAnd (3) encrypting the ballot:
wherein:
is a random number, x'iFor the new private key of the voter, p is the prime order of the multiplicative cyclic group, biAs a blurring factor, g is
Is generated by the one of the generators of (1),
is a publicly selectable group of multiplication cycles. And (3) encrypting the ballot:
wherein: AES-Enc is an AES symmetric encryption algorithm, which enables
The votes are distributed to the voters anonymously and the contents of the votes are encrypted and not visible to the host. For this purpose, an ephemeral key is generated
And allows the voter to regenerate the encryption key k when decrypting the balloti。
(6) And (3) encrypted vote transmission: host person
Receiving a secret key QiAnd encrypted vote ebaliThen, b can be calculated for the voteriA ciphertext will be computed:
wherein: biIs a random number of the new identity ambiguity phase of the voter,
is also a random number, y'iFor the new public key of the voter, g is
A generator of (2).
(7) Obtaining a vote: voter viReceiving host
Transmitted ciphertext ebiThen firstly passes through the ciphertext ebiCalculating a random number:
wherein: y'iIs the new public key of the voter, x'iNew private key for voter, rmIs a random number, g is
A generator of (2);
the voter then bases on the secret key QiRegenerating symmetric encryption keys
Finally decipher out
Wherein AES-Dec is the decryption method of AES.
4. The voter voting stage, voter voting, means that the voter who has obtained the vote can perform the voting, and step 9 in fig. 2 is in this stage. The detailed resolution is described as follows:
(1) and (3) vote encryption: the voter first encrypts the vote associated with the vote, using the registrar
Of (2) a public key
And the host
Of (2) a public key
Encryption, denoted BiAs follows:
wherein v is a randomly selected number and
t stands for T ═ (bal)iVote in T means the bit sequence Vote of all candidates ═ cand (cand)1,cand2,cand3,…,candm) Corresponding to the expression:
wherein: candiA corresponding candidate is indicated and,
in order to be the public key of the registrar,
is the moderator public key.
(2) Submitting a vote: voter viIntelligent contract SC for triggering election votingvoteAnd encrypting the output ballot of the ballot encryption stage to (c)3,c4) Integration BiAs input to the smart contract. Due to the characteristics of the intelligent contract, once the intelligent contract runs, the running result is added into the block chain, and the vote is stored permanently.
5. And a ticket counting stage of the ticket counting mechanism, wherein the ticket counting mechanism can count tickets after the voting stage is finished. The vote counting mechanism collects the votes that appear on the blockchain at this stage, in which step 10 of fig. 2 is in effect validated and counted. The detailed resolution is described as follows:
(1) preparing a table: for authentication, registrant
Will disclose his keys
(registry is disclosed herein)
Does not pose a risk to the security of the protocol because of the registrant
Is used in the voter registration phase andthe voter is registered after the voter finishes the registration
The qualified voter set is published by itself, and the key is subsequently disclosed
Also, there is no problem, and a new public-private key pair is regenerated each time the registrant elects), and similarly, a public host is also required
Is a key of
Only used for decrypting the ticket counting in the ticket counting stage, and a new public and private key pair can be regenerated by the election host each time; and registrant
A new permutation of γ is also disclosed:
including all votes allocated to the voter during the voter's vote acquisition phase, the tally mechanism will decrypt the votes on the blockchain as follows:
wherein: (c)3,c4) For the encrypted ballot after the vote is cast,
in order to be the public key of the registrar,
in order to be the host's public key,
in order for the registrar's private key to be,
is the moderator private key.
If baliE gamma, the voting authority checks the sequence of voting bits attached to the ballot and increases the number of votes corresponding to the cast candidate accordingly.
6. The voter validation voting stage, voting validation, means that the voter can verify whether the final voting result contains their vote. At the end of the tally phase of the tally mechanism, the tally mechanism publishes the election results on the blockchain. Each election will publish a corresponding vote as proof of the validity of the result. Voters can confirm that their own votes were cast and counted. Step 11 in fig. 2 is at this stage.
FIG. 4 is a functional block diagram of the system, which is divided into a general module, a voter module, a registrar module, a host module, a ticket counting mechanism module and an authentication mechanism module according to the difference of the role identities.
Fig. 5 is a stage diagram of voter identity authentication and new identity acquisition, which is a new and newly added stage based on the original protocol in the present invention, and fig. 5 shows the flow interaction of the whole process.
FIG. 6 is a comparison graph of average time consumption for voting encryption and decryption under different key sizes, and the comparison graph of the time for the voter to encrypt a ballot and the ballot counting mechanism to decrypt a ballot under different encryption key sizes is tested.
Fig. 7 is a diagram showing the voting encryption and decryption time consumption under different numbers of votes, and a comparison diagram of the present invention for simultaneously performing encryption and decryption time consumption tests on votes with different numbers.
Fig. 8 is a comparison graph of total time consumption for execution of each algorithm model, and the performance of the invention is improved compared with the performance of the prior algorithm model, but the performance of the invention is similar to that of the prior Islam model, because the electronic voting system of the invention aims to solve the problems of anonymity and stress resistance, and does not take much effort for improving the performance, and needs to be improved later.
Claims (1)
1. An anonymous and duress-resistant electronic voting system based on a partial blind signature and a block chain, the electronic voting system comprising a voter, a registrar, a certification authority, a moderator, election candidates, a block chain network and a vote counting authority, characterized in that:
the voter is a collection of qualified voters who are entitled to vote in an election vote: { viE is gamma |1 is more than or equal to i is less than or equal to n, and v is usediRepresenting a voter;
the registrar is an entity that generates unique, random digital votes and shares them anonymously with the voter for use
Represents a registrar;
the certification authority is an entity, in order to avoid registrars
Both for registration and authentication, the rights are too centralized, so that to achieve decentralization a certificate authority CA is added, which will address voters viCarrying out identity-based partial blind signature authentication, and obtaining voter v passing authenticationiA new public and private key pair is obtained to realize anonymity, and a CA can be used for representing a certification authority;
the host is a separate entity responsible for voters viAre subject to secondary encryption hiding and are anonymously enabled to send registrant encrypted votes for
Representing a presenter;
the election candidates are persons or things, i.e. qualified candidates that can participate in the election vote, stored in a collection representing: { candkE.g., C |1 is more than or equal to k is less than or equal to m }, and cankRepresents a candidate;
the blockchain network is an untrusted peer-to-peer P2P network as a blockchain network that maintains a publicly accessible blockchain and is capable of running election intelligence contracts;
the ticket counting mechanism is used as a trusted third party and is used for counting tickets after the voting stage is finished;
the electronic voting system specifically operates as follows:
(1) voter registration phase, voter registration, refers to the voter registering with a registrar
A preliminary stage of proving whether the voter is qualified or not and proving the voting qualification; the voter provides the necessary evidence for the election provision, once enrolled
Confirming qualification, registrant
The voter will be added to the qualified voter set γ:
(1.1) registrar key generation: registrant
A pair of signing key pairs is required to sign and authenticate the voter identity when the qualified voter is added to the set of qualified voters gamma; registrant
Randomly selecting a key
(
Is a set of integers from 1 to p-1) and computes the corresponding public key as
Get the registrant
Signature key pair (x)r,yr);
(1.2) voter key generation and registration: voter viMust possess a voting key pair corresponding to its election identity, and so voter viRandomly selecting a key
And calculates the corresponding public key as
Obtaining the voting key pair (x) of the voteri,yi) (ii) a In order to perform voter registration, the voter and registrar need to share their respective public keys;
(1.3) signing the voter public key: in order to grant the voter's voting right, the registrar first verifies the voter's qualification and then signs the registrar's public key before adding the qualified voter to the qualified voter's set; random selection of u by registrantiWherein 1 < ui< p-1 and gcd (u)iP-1) (gcd means maximum common factor), and then calculated as follows:
wherein: g is
Is generated by the one of the generators of (1),
is a publicly selectable multiplication loop group, p is the prime order of the multiplication loop group, and Hash is a Hash function, (w)i,si) Is a signature, uiIs a random number, xrIs the registrar key, yiIs the voter public key; at the end of the voter registration phase, the registrar
Publishing a qualified voter set;
(2) the voter identity authentication and new identity acquisition stage authenticates the identity and takes the new identity, which means that the voter proves whether the voter is a qualified voter or not to an authentication authority CA, so as to prove the voting qualification of the voter, and blind signature is carried out on the new identity of the voter after the authentication is passed;
(2.1) setting system parameters: firstly, generating system parameters:
(2.1.1.) A quadruple F is selectedρ,E/FρG, P }; where ρ is a prime number of k bits; fρIs a prime field of order q; E/FρIs a set of points of an elliptic curve; g is a group of addition cycles on the elliptic curve; p is the generator of G;
(2.1.2.) random selection
For computing the system master private key, PPubxP is used as a main public key of the system;
(2.1.3.) three hash functions are selected:
wherein:
is an integer from 1 to p, {0, 1}*Represents 0 or 1, G is a group of addition cycles on the elliptic curve;
(2.1.4) finally, storing the system master private key x in a secret way and outputting global system parameters:
wherein: E/FρIs a set of points of an elliptic curve; g is a group of addition cycles on the elliptic curve; p is the generator of G, FρIs a prime field of order q, PPubIs the master public key of the system, H0,H1,H2Represents three hash functions;
(2.2) key extraction: the method is to generate a public and private key pair of a certificate authority CA (certificate Authority) so as to carry out blind signature at the back, and the method specifically comprises the following two steps:
(2.2.1) certificate Authority CA ID its identityCATransmitted to PKGs via a secure channel, and then the PKG randomly selects one
And the following calculations were performed:
RCA=rCAP#(18)
hCA=H0(IDCA,RCA)#(19)
wherein: p is the generator of G, rCAIs that
Random number of (1), H0Is a hash function, IDCAIs the identity of the certification authority;
(2.2.2.) Recalculation of the private key dCA=rCA+hCAx; the trusted third party PKG will (d)CA,RCA) Transmitted to the certification authority CA via a secure channel and the public key P of the certification authority CACA=RCA+hCAPPub(ii) a The certification authority CA determines whether to receive (d) based on the judgment of whether the following equation stands upCA,RCA) If not, the receiving is not carried out;
PCA=dCAP=RCA+hCAPPub#(20)
wherein: rCA、hCAIs an intermediate parameter, P, calculated in the preceding stepPubIs the master public key of the system;
(2.3) identity-based partial blind signature: the identity of the certification authority is IDCThe identity of the voter being IDiThe message m that needs to be blind signed is { x ═ xi′,yi′Is the new identity of the voter
The common information agreed by the certificate authority CA and the voter is C ═ yi,(wi,si) Then go through the following steps:
(2.3.1) first, since C is public information, when voter viAfter the public information is sent to the certification authority CA, the CA can certify whether the following equation is valid, if yes, the voter v is describediIf the voter is a legal voter, if the voter is not a legal voter, the voter is illegal to execute the subsequent steps;
wherein: y isiIs the public key of the voter, (w)i,si) Is a registrar generated signature pair, p is a prime number;
(2.3.2) after the first step of authentication, the certification authority CA will randomly select a number
Then calculating S ═ H2(C)[PCA+sP]The certification authority CA will (S, R)CA) Sending the identity authentication information to a voter v needing to authenticate the identity and obtain a new identityi;
(2.3.3) when voter viReceiving (S, R)CA) After, viWill randomly select three numbers
And calculating:
E=αS+βP+γ[RCA+H0(IDCA,RCA)PPub]=αS+βP+γPCA#(22)
l=H1(m,E,C)#(23)
g=α-1(γ+l)+H2(C)#(24)
wherein: alpha, beta, gamma are three random numbers, H0、H1、H2All are hash functions, and C is public information;
the voter sends g to the certification authority CA;
(2.3.4) when the certification authority CA receives g, the calculation δ ═ gd is calculatedCA+sH2(C) And sending δ back to the voter;
(2.3.5) voter viAfter receiving delta, calculating epsilon as alpha delta + beta, and finally obtaining the final partial blind signature based on identity as lambda as (m, C, R)CA,E,ε);
(3) A voter vote acquisition phase, wherein the voter acquires a vote,
(3.1) vote generation: registrant
Generating n unique random digital votes
And digitally signing the votes by using an EIGamal digital signature scheme; for the signature sets
Represents; then to the collection
Carrying out pi replacement:
wherein:
is a signature set;
(3.2) voter rearrangement: host person
As an intermediary, among voters viHelp when requesting to get votes viThe new identity i' is encrypted twice and the hidden identity viAnd help achieve stress resistance;
a set of N unique numbers of one-time permutation sets is generated
Performing a secondary scrambling sequence to prevent voters viThe new identity i' of is also revealed;
(3.3) certificate authority signature verification: voter viFirstly, the blind signature λ of the authentication structure CA obtained in the authentication stage is (m, C, R)CAE, E) since the information of m includes voter viNew public and private key pairs and thus cannot be directly exposed to
The public information C comprises viInitial public key and registrar
And therefore cannot be directly exposed to
Therefore, it is necessary to produce λ' ═ (H) by the following processing1(m,E,C),RCAE, epsilon) to the host
And (3) signature authentication is carried out: judging the equation ε P ═ c + H1(m,E,C)PCAWhether the verification is true or not indicates that the verification passes and the following flow can be continuously executed if the verification is true, and the verification fails if the verification is not true;
(3.4) new identity obfuscation of voters: after the authentication is passed, the voter viWill move to
Passing its new public key y'i,
Randomly selecting a number
And calculate out
Wherein: g is
One generator of, x'iFor the new private key of the voter, p is the prime order of the multiplicative cyclic group, biIs a blurring factor;
(3.5) vote distribution and encryption: registrant
Receipt via the host
The forwarded voter get vote request, which includes σ (i') and y ″)i(ii) a After receiving
Votes are randomly allocated to anonymous voters in the following manner: baliPi (sigma (i')), in the ballot baliBy passing
Before being sent to the voter, the voter may,
an encryption key k is usediAnd (3) encrypting the ballot:
wherein:
is a random number, x'iFor the new private key of the voter, p is the prime order of the multiplicative cyclic group, biAs a blurring factor, g is
Is generated by the one of the generators of (1),
is a publicly selectable multiplication loop group; and (3) encrypting the ballot:
wherein: AES-Enc is the AES symmetric encryption algorithm, kiIs a symmetric encryption key, baliFor unencrypted ballots, which enables
The votes are distributed to the voters anonymously, and the content of the votes is encrypted and invisible to the host; for this purpose, an ephemeral key is generated
And allows the voter to regenerate the encryption key k when decrypting the balloti;
And (3.6) encrypted vote transmission: host person
Receiving a secret key QiAnd encrypted vote ebaliThen, b can be calculated for the voteriA ciphertext will be computed:
wherein: biIs a random number of the new identity ambiguity phase of the voter,
is also a random number, y'iFor the new public key of the voter, g is
A generator of (2);
(3.7) obtaining votes: voter viReceiving host
Transmitted ciphertext ebiThen firstly passes through the ciphertext ebiComputingAnd (3) outputting a random number:
wherein: y'iIs the new public key of the voter, x'iNew private key for voter, rmIs a random number, g is
A generator of (2);
the voter then bases on the secret key QiRegenerating symmetric encryption keys
Finally decipher out
Wherein AES-Dec is a decryption method of AES;
(4) the voter voting stage, voter voting, means that the voter who has obtained the vote can perform the voting,
and (4.1) vote encryption: the voter first encrypts the vote associated with the vote, using the registrar
Of (2) a public key
And the host
Of (2) a public key
Encryption, denoted BiAs follows:
wherein: v is a randomly selected number and
in order to be the public key of the registrar,
for the moderator's public key, T stands for T ═ baliVote in T means the bit sequence Vote of all candidates ═ cand (cand)1,cand2,cand3,…,candm) Corresponding to the expression:
wherein: candiRepresenting the corresponding candidate;
(4.2) submitting a vote: voter viIntelligent contract SC for triggering election votingvoteAnd encrypting the output ballot of the ballot encryption stage to (c)3,c4) Integration BiAs input to a smart contract; due to the characteristics of the intelligent contract, once the intelligent contract runs, the running result is added into the block chain, and the vote is permanently stored;
(5) the ticket counting mechanism counts the tickets, and after the voting stage is finished, the ticket counting mechanism counts the tickets; the vote counting mechanism collects the votes that appear on the blockchain at this stage for validation and counting:
preparing a table: for authentication, registrant
Will disclose his keys
Similarly, there is also a need for public presenters
Is a key of
Only used for decrypting the ticket counting in the ticket counting stage, and a new public and private key pair can be regenerated by the election host each time; and registrant
A new permutation will also be disclosed
Including all votes allocated to the voter during the voter's vote acquisition phase, the tally mechanism will decrypt the votes on the blockchain as follows:
wherein: (c)3,c4) For the encrypted ballot after the vote is cast,
in order to be the public key of the registrar,
in order to be the host's public key,
in order for the registrar's private key to be,
a host private key;
if baliE.g. gamma, the ticket counting mechanism checks the ticket attachedVoting bit sequence and correspondingly increasing the number of votes corresponding to the voters cast;
(6) the voter verification vote stage is used for verifying whether the final voting result contains the votes of the voters; when the ticket counting stage of the ticket counting mechanism is finished, the ticket counting mechanism can publish the election result on the block chain; each election will publish a corresponding vote as a proof of the validity of the result; the voters confirm that their own votes were cast and counted.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111541386.3A CN114333137A (en) | 2021-12-16 | 2021-12-16 | Anonymous and stress-resistant electronic voting system based on partial blind signature and block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111541386.3A CN114333137A (en) | 2021-12-16 | 2021-12-16 | Anonymous and stress-resistant electronic voting system based on partial blind signature and block chain |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114333137A true CN114333137A (en) | 2022-04-12 |
Family
ID=81052140
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111541386.3A Pending CN114333137A (en) | 2021-12-16 | 2021-12-16 | Anonymous and stress-resistant electronic voting system based on partial blind signature and block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114333137A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114978517A (en) * | 2022-07-27 | 2022-08-30 | 西南石油大学 | Electronic voting method based on intelligent contract and distributed Elgamal algorithm |
| CN117240496A (en) * | 2023-07-20 | 2023-12-15 | 北京邮电大学 | Voting method and related equipment |
-
2021
- 2021-12-16 CN CN202111541386.3A patent/CN114333137A/en active Pending
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114978517A (en) * | 2022-07-27 | 2022-08-30 | 西南石油大学 | Electronic voting method based on intelligent contract and distributed Elgamal algorithm |
| CN114978517B (en) * | 2022-07-27 | 2022-10-21 | 西南石油大学 | Electronic voting method based on intelligent contract and distributed Elgamal algorithm |
| CN117240496A (en) * | 2023-07-20 | 2023-12-15 | 北京邮电大学 | Voting method and related equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110572267B (en) | Anonymous electronic voting method based on block chain of alliances | |
| CN116566660B (en) | Identity authentication method based on medical block chain | |
| Kumar et al. | A secure end-to-end verifiable internet-voting system using identity-based blind signature | |
| CN114333137A (en) | Anonymous and stress-resistant electronic voting system based on partial blind signature and block chain | |
| Nguyen Thi et al. | Enhanced security in internet voting protocol using blind signatures and dynamic ballots | |
| CN111612961B (en) | Electronic voting method for encrypting voter vote information | |
| CN114255034A (en) | Electronic voting method capable of verifying fairness based on block chain | |
| CN109887150A (en) | The agency of approval voting system signs decryption method again | |
| Wu et al. | An electronic voting mechanism for fighting bribery and coercion | |
| Backes et al. | Using mobile device communication to strengthen e-voting protocols | |
| Grontas et al. | Coercion resistance in a practical secret voting scheme for large scale elections | |
| CN114677794B (en) | Electronic voting method based on block chain | |
| Alam et al. | Electronic voting-Scopes and limitations | |
| KR100362603B1 (en) | An Electronic Voting Method | |
| KR101167647B1 (en) | An Electron Vote Symtem | |
| Chung et al. | Casting ballots over internet connection against bribery and coercion | |
| Haghighat et al. | An efficient and provably-secure coercion-resistant e-voting protocol | |
| Pu et al. | An electronic voting scheme using secure multi-party computation based on secret sharing | |
| KR101139898B1 (en) | An Electron Vote Method | |
| Guo et al. | Generic Construction of Privacy-Preserving Optimistic Fair Exchange Protocols. | |
| CN116738452A (en) | District democratic voting method based on block chain | |
| Al-Saidi et al. | E-Voting Authentication Preparation Scheme (EV-APS) Based on Evox-MA and REVS E-Voting Blind Signature Protocols | |
| Liu et al. | How to design the faultless bribery and coercion prevention electronic voting scheme | |
| Vangujar et al. | A Novel Approach to e-Voting with Group Identity Based Identification and Homomorphic Encryption | |
| de Barros et al. | A Receipt-Free i-Voting System Based on Blind Signatures and Anonymous IDs |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |