CN117218758A - Electronic voting method and device, storage medium and electronic equipment - Google Patents
Electronic voting method and device, storage medium and electronic equipment Download PDFInfo
- Publication number
- CN117218758A CN117218758A CN202311070364.2A CN202311070364A CN117218758A CN 117218758 A CN117218758 A CN 117218758A CN 202311070364 A CN202311070364 A CN 202311070364A CN 117218758 A CN117218758 A CN 117218758A
- Authority
- CN
- China
- Prior art keywords
- mask
- voting
- value
- result
- determining
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 89
- 238000003860 storage Methods 0.000 title claims abstract description 22
- 238000012795 verification Methods 0.000 claims abstract description 216
- 230000006870 function Effects 0.000 claims abstract description 97
- 238000007781 pre-processing Methods 0.000 claims description 30
- 238000004364 calculation method Methods 0.000 claims description 25
- 230000002776 aggregation Effects 0.000 claims description 22
- 238000004220 aggregation Methods 0.000 claims description 22
- 238000012545 processing Methods 0.000 claims description 22
- 238000004590 computer program Methods 0.000 claims description 15
- 230000004931 aggregating effect Effects 0.000 claims description 5
- 230000000873 masking effect Effects 0.000 claims description 5
- 230000008569 process Effects 0.000 abstract description 23
- 238000011144 upstream manufacturing Methods 0.000 description 19
- 238000010586 diagram Methods 0.000 description 12
- 230000006872 improvement Effects 0.000 description 8
- 238000005516 engineering process Methods 0.000 description 6
- 230000003287 optical effect Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 229920001296 polysiloxane Polymers 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 239000010979 ruby Substances 0.000 description 1
- 229910001750 ruby Inorganic materials 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The specification discloses a method, a device, a storage medium and an electronic device for electronic voting, which comprise the following steps: and counting the mask voting results based on a pre-constructed vote counting tree according to the mask voting results published by each voting party and the received initial tag values, and determining mask counting results, and first results and intermediate tag values output by each operation node. And generating and publishing tag commitment values of the intermediate tag values based on homomorphic commitment functions, so that each voting party discloses a verification mask statistical result. And when the verification of the mask statistical result is passed, decrypting the mask statistical result according to the mask bit share published by each voting party, determining the final voting result and publishing. And verifying the mask statistical result to ensure the accuracy of the process of counting the voting result, and decrypting the mask statistical result by adopting each mask bit share when the mask statistical result passes the verification, thereby ensuring the accuracy of the final voting result.
Description
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a method and apparatus for electronic voting, a storage medium, and an electronic device.
Background
With the continuous development of technology, electronic voting is increasingly widely used. Currently, during the voting process, the voting party can determine the selected options as voting results according to the voting options, and send the voting results to the voting party, and the voting party determines the final voting result according to the voting results of each voting party. For example, in the voting process, the voting options can be agreeing or disagreeing, so that the voting result determined by the voting party according to the voting options can be one of agreeing and disagreeing, and the final voting result determined by the voting party according to the voting result of each voting party can be the number of agreeing and the number of disagreeing.
In addition, in order to protect the privacy of the voter and to ensure that the voter can vote according to the actual intention, it is necessary to ensure the privacy of the voting result of each voter, that is, the voting result of the voter cannot be known to the voter and the voter other than the voter itself. And the final voting result meets the wish of each voting party, namely the accuracy of the final voting result determined by the voting party is ensured. Therefore, how to conduct electronic voting is an important issue.
Based on this, the present specification provides a method of electronic voting.
Disclosure of Invention
The present specification provides a method, apparatus, storage medium, and electronic device for electronic voting, so as to partially solve the above-mentioned problems existing in the prior art.
The technical scheme adopted in the specification is as follows:
the present specification provides a method of electronic voting, the method being applied to a ticker, the method comprising:
determining a mask voting result published by each voting party, and receiving an initial tag value corresponding to the mask voting result sent by each voting party, wherein the mask voting result is a result obtained by processing the voting result by the voting party according to a mask bit share, and the mask bit share is generated by the voting party based on a secure multiparty calculation preprocessing function;
according to each mask voting result and each initial label value, counting each mask voting result based on a pre-constructed vote counting tree, determining a mask counting result output by the vote counting tree, and determining a first result and an intermediate label value output by each operation node; wherein the ticketing tree comprises a plurality of operation nodes;
generating a tag commitment value of each intermediate tag value based on a homomorphic commitment function, and publishing each first result and the tag commitment value, so that each voting party publicly verifies the mask statistical result according to each first result and the tag commitment value published by the voting party;
When the mask statistical result verification passes, determining mask bit shares corresponding to the mask statistical result published by each voting party;
and decrypting the mask statistical result according to each mask bit share, determining a final voting result, and publishing the final voting result.
Optionally, the operation node includes a plurality of and operation units;
publishing each first result and the tag commitment value, specifically including:
determining, for each and operation unit, a mask voting result input to the and operation unit, and determining a verifiable mask bit share input to the and operation unit and a verifiable mask bit share output by the and operation unit based on a secure multiparty computation preprocessing function;
determining verifiable check bits of the AND operation unit according to the determined verifiable mask bit shares and the mask voting result;
determining a message verification code of the AND operation unit according to the verifiable check bit, and determining a verification code commitment value of the message verification code based on the homomorphic commitment function;
and determining the sum of the promise values of the verification codes as a promise value of the verification code aggregation, and publishing the promise value of the verification code aggregation, the first results and the promise value of the label.
Optionally, decrypting the mask statistics according to the mask bit shares to determine a final voting result, which specifically includes:
determining a mask promise value corresponding to the mask bit share published by each voting party;
performing public verification on each mask bit share according to each mask promise value;
and when the mask bit share verification passes, decrypting the mask statistical result according to the mask bit shares to determine a final voting result.
Optionally, the masked commitment value includes an original commitment value and other commitment values;
the method for determining the mask promise value corresponding to the mask bit share published by each voting party specifically comprises the following steps:
for each voting party, determining an original commitment value corresponding to the mask bit share published by the voting party and other commitment values, wherein the original commitment value is a commitment value determined by the voting party based on the mask bit share corresponding to the voting party, and the other commitment values are commitment values determined by the voting party based on the mask bit shares published by other voting parties;
performing public verification on each mask bit share according to each mask promise value, specifically including:
Determining the sum of the original promise values as a first value and determining the sum of the other promise values as a second value;
and when the first value is consistent with the second value, determining that each mask bit share passes verification.
The present specification also provides a method of electronic voting, the method being applied to a voter, the method comprising:
determining a voting result according to voting options, and generating a mask bit share by adopting a safe multiparty calculation preprocessing function according to a topological structure of a vote tree pre-constructed by a vote counting party;
processing the voting result according to the mask bit share, determining a mask voting result, publishing the mask voting result, generating an initial tag value corresponding to the mask voting result, transmitting the initial tag value to the vote counting party, enabling the vote counting party to count each mask voting result based on the vote counting tree according to the mask voting result published by each vote counting party and the received initial tag value, determining a mask counting result output by the vote counting tree, determining a first result and an intermediate tag value output by each operation node in the vote counting tree, determining a tag promise value according to each intermediate tag value, and publishing each first result and the tag promise value;
Determining each first result published by the ticket counter and a label promise value;
determining label values output by operation nodes in the ticket tree according to the first results, determining verification promise values of the label values according to homomorphic promise functions, and publishing the verification promise values;
performing public verification on the mask statistical result according to the tag promise value and the verification promise value;
and when the mask statistical result passes verification, determining mask bit shares corresponding to the mask statistical result, publishing the mask bit shares, decrypting the mask statistical result by the ticket counter according to the mask bit shares published by each voting party, determining a final voting result, and publishing the final voting result.
Optionally, performing public verification on the mask statistics according to the tag promise value and the verification promise value, which specifically includes:
determining the verification promise value published by other voters as other verification promise values;
aggregating the other verification promise values and the verification promise values;
and carrying out public verification on the mask statistical result according to the aggregated promise value and the tag promise value.
Optionally, the operation node includes a plurality of and operation units;
performing public verification on the mask statistical result according to the aggregated promise value and the tag promise value, wherein the method specifically comprises the following steps:
when the aggregated promise value is consistent with the label promise value, determining mask voting results published by other voters;
for each AND operation unit, determining a mask voting result input to the AND operation unit according to each mask voting result and each first result, and determining a verifiable mask bit share input to the AND operation unit and a verifiable mask bit share output by the AND operation unit;
determining verifiable check bits of the AND operation unit according to the determined verifiable mask bit shares and the mask voting result;
determining a message verification code of the AND operation unit according to the verifiable check bit, and determining a verification code commitment value of the message verification code based on the homomorphic commitment function;
determining the sum of the promise values of all verification codes as a verification aggregation promise value, and publishing the verification aggregation promise value;
and determining an identifying code aggregate promise value published by the ticket counter, and performing public verification on the mask statistical result according to the identifying code aggregate promise value and the identifying aggregate promise value.
Optionally, determining a mask bit share corresponding to the mask statistics result, and publishing, specifically including:
determining a mask bit share corresponding to the mask statistics;
and determining a mask promise value corresponding to the mask bit share based on the homomorphic promise function, publishing, and enabling the ticket counter to perform public verification on each mask bit share according to the mask promise value corresponding to the mask bit share published by each voting party.
Optionally, the masked commitment value includes an original commitment value and other commitment values;
based on the homomorphic commitment function, determining a mask commitment value corresponding to the mask bit share, and publishing, specifically including:
determining a commitment value corresponding to the mask bit share as an original commitment value based on the homomorphic commitment function;
and determining mask bit shares corresponding to the mask statistics results published by other voters, determining other commitment values based on the homomorphic commitment function according to the mask bit shares published by the other voters, and publishing the mask bit shares, the original commitment values and the other commitment values.
The present specification provides an apparatus for electronic voting, the apparatus being for use with a ticker, the apparatus comprising:
The first determining module is used for determining mask voting results published by each voting party and receiving initial tag values corresponding to the mask voting results sent by each voting party, wherein the mask voting results are results obtained by the voting party after processing the voting results according to mask bit shares, and the mask bit shares are generated by the voting party based on a secure multiparty computing preprocessing function;
the counting module is used for counting each mask voting result based on a pre-constructed counting tree according to each mask voting result and each initial label value, determining a mask counting result output by the counting tree, and determining a first result and an intermediate label value output by each operation node; wherein the ticketing tree comprises a plurality of operation nodes;
the publishing module is used for generating a label promise value of each intermediate label value based on the homomorphic promise function, and publishing each first result and the label promise value, so that each voting party can publicly verify the mask statistical result according to each first result and the label promise value published by the voting party;
the second determining module is used for determining mask bit shares corresponding to the mask statistical results published by each voting party when the mask statistical result verification passes;
And the decryption module is used for decrypting the mask statistical result according to each mask bit share, determining a final voting result and publishing the final voting result.
The present specification also provides an apparatus for electronic voting, the apparatus being for use with a voter, the apparatus comprising:
the generation module is used for determining a voting result according to voting options, adopting a safe multiparty calculation preprocessing function according to the topological structure of the voting tree pre-constructed by the voting party, and generating a mask bit share;
the sending module is used for processing the voting result according to the mask bit share, determining a mask voting result, publishing, generating a label value corresponding to the mask voting result, sending the label value to the vote counting party, enabling the vote counting party to count each mask voting result based on the vote counting tree according to the mask voting result published by each vote counting party and the received label value, determining a mask counting result output by each vote counting tree, determining a first result and an intermediate label value output by each operation node in the vote counting tree, determining a label promise value according to each intermediate label value, and publishing each first result and the label promise value;
The determining module is used for determining each first result published by the ticket counter and a label promise value;
the promise module is used for determining the label value output by each operation unit in the ticket counting tree according to each first result, determining the verification promise value of each label value according to the homomorphic promise function, and publishing the verification promise value;
the verification module is used for carrying out public verification on the mask statistical result according to the tag promise value and the verification promise value;
and the mask module is used for determining mask bit shares corresponding to the mask statistical result and publishing when the mask statistical result passes verification, so that the ticket counter decrypts the mask statistical result according to the mask bit shares published by each voting party, determines a final voting result and publishes the final voting result.
The present description provides a computer-readable storage medium storing a computer program which, when executed by a processor, implements the method of electronic voting described above.
The present specification provides an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method of electronic voting described above when the program is executed.
The above-mentioned at least one technical scheme that this specification adopted can reach following beneficial effect:
the method for electronic voting provided by the specification determines the mask voting results published by each voting party and receives the label values corresponding to the mask voting results sent by each voting party. And then, according to each mask voting result and each initial label value, counting each mask voting result based on a pre-constructed voting tree, determining a mask counting result output by the voting tree, and determining a first result and an intermediate label value output by each operation node. And generating a label promise value of each intermediate label value based on the homomorphic promise function, and publishing each first result and the label promise value, so that each voting party discloses a verification mask statistical result according to each first result and the label promise value published by the voting party. And when the mask statistical result passes verification, determining mask bit shares corresponding to the mask statistical result published by each voting party, decrypting the mask statistical result according to each mask bit share, determining a final voting result, and publishing the final voting result.
As can be seen from the above method, the present application determines the mask voting result published by each voting party and receives the initial tag value corresponding to the mask voting result transmitted by each voting party when performing electronic voting. The mask voting result is a result of the voting party processing the voting result according to the mask bit share, so that privacy contained in the voting result of each voting party can be protected. And then, according to each mask voting result and each initial label value, counting each mask voting result based on a pre-constructed voting tree, determining a mask counting result output by the voting tree, and determining a first result and an intermediate label value output by each operation node. And generating a label promise value of each intermediate label value based on the homomorphic promise function, and publishing each first result and the label promise value, so that each voting party discloses a verification mask statistical result according to each first result and the label promise value published by the voting party. And when the mask statistical result passes verification, determining mask bit shares corresponding to the mask statistical result published by each voting party, decrypting the mask statistical result according to each mask bit share, determining a final voting result, and publishing the final voting result, so that the voting party can verify the accuracy of the mask statistical result, thereby ensuring the accuracy of the process of counting the voting result by the voting party. And when the mask statistical result passes verification, decrypting the mask statistical result by adopting each mask bit share, and ensuring the accuracy of the final voting result.
Drawings
The accompanying drawings, which are included to provide a further understanding of the specification, illustrate and explain the exemplary embodiments of the present specification and their description, are not intended to limit the specification unduly. In the drawings:
FIG. 1 is a flow chart of a method of electronic voting provided in the present specification;
FIG. 2 is a schematic representation of a ticketing tree provided in this specification;
FIG. 3 is a flow chart of another method of electronic voting provided in the present specification;
fig. 4 is a schematic structural diagram of an apparatus for electronic voting provided in the present specification;
fig. 5 is a schematic structural view of another apparatus for electronic voting provided in the present specification;
fig. 6 is a schematic structural diagram of an electronic device corresponding to fig. 1 provided in the present specification.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the present specification more apparent, the technical solutions of the present specification will be clearly and completely described below with reference to specific embodiments of the present specification and corresponding drawings. It will be apparent that the described embodiments are only some, but not all, of the embodiments of the present specification. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are intended to be within the scope of the present disclosure.
The following describes in detail the technical solutions provided by the embodiments of the present specification with reference to the accompanying drawings.
Fig. 1 is a flow chart of a method of electronic voting provided in the present specification, including the following steps:
s100: determining a mask voting result published by each voting party, and receiving an initial tag value corresponding to the mask voting result sent by each voting party, wherein the mask voting result is a result obtained by processing the voting result by the voting party according to a mask bit share, and the mask bit share is generated by the voting party based on a secure multiparty computing preprocessing function.
In the voting scene, the voting party determines the selected option as a voting result according to the voting options, informs the voting party of the voting result, determines a final voting result according to the voting result of each voting party, publishes the final voting result, and each voting party can acquire the final voting result. The voting scene may be a scene of voting by a person to be selected or a scene of voting by a thing to be selected, and the present specification is not particularly limited. Different voting scenarios, voters, voting options, and voting results may differ. In the voting scene, the voting party is a voter or voting equipment used by the voter, the voter is a voter used for counting the number of voters or the voting equipment used by the voter, and the voting options can be two options of agreeing to the selection of the candidate and disagreeing to the selection of the candidate. The voting party can select one option from the two options as a voting result and inform the voting party, and the voting party determines a final voting result according to the voting result of each voting party and publishes the final voting result, wherein the final voting result can be one of agreeing or disagreeing and can also be the number of agreeing and disagreeing. And then determining whether the candidate is selected according to the final voting result.
In addition, in the scenario of scheme evaluation, the voter may be a voting device used by members or members of a department or group, the voter may be any member other than the department or group or a device for counting the number of votes, and the voting options may be that the candidate scheme passes and that the candidate scheme does not pass. The alternative scheme is a scheme proposed by a department or a member of a group for a certain business, such as an operating scheme for goods. The voting party can select one option from the two options as a voting result and inform the voting party, and the voting party determines a final voting result according to the voting result of each voting party and publishes the final voting result, wherein the final voting result can be one of pass or fail and can also be the quantity of pass and fail. And determining whether the to-be-selected scheme passes or not according to the final voting result, executing the service according to the to-be-selected scheme if the to-be-selected scheme passes, and re-proposing the scheme by members of a group or a department if the to-be-selected scheme does not pass.
However, in the voting scenario, it is necessary to ensure the privacy of the voter and the accuracy of the final voting result determined by the voter. Based on this, the device for performing electronic voting may determine the mask voting result published by each voting party, and receive the initial tag value corresponding to the mask voting result sent by each voting party, where the device for performing electronic voting may be a ballot party that counts the number of votes (i.e., the voting result of each voting party), and the ballot party may be a system, a server, or an electronic device such as a desktop computer, a notebook computer, or the like. For convenience of description, a method of electronic voting provided in the present specification will be described below with only a ticket counter as an execution subject. The voting party may be a voting device used by a voter, and the voting device may be a terminal, a server, a system, or the like, and the present specification is not particularly limited. The mask voting result is a result of the voting party processing the voting result according to a mask bit share generated by the voting party based on a secure multiparty calculation preprocessing function. The initial tag value corresponding to the mask voting result is a bit string that the voter randomly generates based on the mask voting result. The secure multiparty computing preprocessing function is a function in an existing secure multiparty computing library, and can generate global keys of each voting party and each voting party based on a billing tree, mask bit shares of data input to each operation node in the billing tree, mask bit shares of data output by each operation node in the billing tree, message verification codes of each mask bit share required to be verified and keys corresponding to each message verification code.
In order to ensure the privacy of the voter, that is, to ensure that the voting result of the voter is not revealed, the voter can determine the voting result according to the voting options, and a safe multiparty calculation preprocessing function is adopted to generate a mask bit share according to the topology structure of the voting tree constructed in advance by the voter. And encrypting the voting result by using the mask bit share to obtain a mask voting result and publishing the mask voting result. And determining an initial tag value corresponding to the mask voting result, and transmitting the initial tag value to the ticket counter. The subsequent voter can determine the mask voting result published by each voter and receive the initial tag value corresponding to the mask voting result transmitted by each voter. The ticket counter can publish a pre-constructed ticket tree in advance, so that the voting party can determine the mask bit share according to the topology structure of the ticket tree published by the ticket counter. The initial tag value may be a bit string randomly generated by the voter based on the mask voting result, and when the bit value of the mask voting result is 0, the voter may randomly generate a K-bit string as the initial tag value, and when the bit value of the mask voting result is 1, the voter may exclusive-or the bit string generated when the bit value is 0 with a pre-stored global key, and use the exclusive-or result as the initial tag value. K is a natural number and can be preset. The global key may be generated for the voter in advance based on a secure multiparty computing preprocessing function.
S102: according to each mask voting result and each initial label value, counting each mask voting result based on a pre-constructed vote counting tree, determining a mask counting result output by the vote counting tree, and determining a first result and an intermediate label value output by each operation node; wherein, the ticket counting tree comprises a plurality of operation nodes.
S104: based on homomorphic promise function, generating label promise value of each intermediate label value, and publishing each first result and the label promise value, so that each voting party can publicly verify the mask statistical result according to each first result and the label promise value published by the voting party.
The vote counting party counts each mask voting result based on a pre-constructed vote counting tree according to each mask voting result and each initial label value, determines a mask counting result output by the vote counting tree, and determines a first result and an intermediate label value output by each operation node. And then, generating a label promise value of each intermediate label value based on the homomorphic promise function, and publishing each first result and the label promise value, so that each voting party discloses a verification mask statistical result according to each first result and the label promise value published by the voting party.
Wherein the publishing of the first results and the tag promise values is to publish the first results and the tag promise values to voting parties and third parties, the third parties are persons or devices other than the voting parties and the ballot counting parties, for example, in a voting scene, the third parties can be persons or devices other than the voter or the voting device, the candidate and the ballot counting party or the ballot counting device. Since each first result and the tag promise value are disclosed to the owner or the device, the third party can verify the mask statistics result besides the mask statistics result, and the specification is not limited specifically. Public verification in the following process also means that in addition to the voter and the meter can verify, a third party can verify.
The vote tree is pre-built for the voter based on the number of voters. The vote tree comprises a plurality of operation nodes and leaf nodes, the leaf nodes in the vote tree represent voting results corresponding to voting parties, each leaf node represents voting results of one voting party, other nodes except the leaf nodes in the vote tree are all operation nodes, and the operation nodes are used for carrying out exclusive or operation, AND operation and the like on data input into the operation nodes. The result output by the root node in the vote tree is the final vote result after statistics of the vote results of each voter, and for the upstream node (i.e. the operation node) of the leaf node in the vote tree, the vote results of two voters are input to the upstream node, but for the upstream node of the upstream node, there may be four vote directions to input data in the upstream node of the upstream node.
For example, as shown in fig. 2, fig. 2 is a schematic diagram of a vote tree provided in the present specification, assuming that n voters performing electronic votes are voters D1 to Dn, and the corresponding inputs of each voter are v1 to vn, and v1 to vn are taken as leaf nodes of the vote tree, and the statistical vote number process may be v1+v2+v3+v4+ + vn, and may also be expressed as (v1+v2) + (v3+v4) + (vn-1+vn) = [ (v1+v2) + (v3+v4) ]++ (vn-1+vn), so that at the bottom layer of the vote tree, each two leaf nodes is taken as an input of an upstream node thereof, for example, v1 and v2 which are taken as an input of two upstream nodes, and the upstream node is a calculation node. In the process from the upstream node of the leaf node of the ticket tree to the top layer, the output of each two operation nodes is used as the input of the upstream node, the node with "+" in the square frame in fig. 2 represents the operation node in the ticket tree, the operation bits of the operation nodes are increased layer by layer, and for the upstream operation nodes of the two leaf nodes, the operation bits of the operation nodes are 1bit. For the operation bit of the upstream operation node of the operation node to be 2 bits, the operation bit of the operation node is added layer by layer until the root operation node, the result output by the root operation node is v1+v2+v3+v4+ & gt vn, and the operation bit of the root operation node is lognbit.
The homomorphic commitment function is used for processing the tag value, and the tag value can be processed by adding a random factor to the tag value. When generating the label promise value of each intermediate label value based on the homomorphic promise function, the ticket counter can determine the promise value corresponding to each intermediate label value based on the homomorphic promise function, and the sum of the promise values is taken as the label promise value. Of course, the ticket counter may also determine the sum of the intermediate tag values first, and then determine, based on the homomorphic commitment function, that the commitment value of the sum of the intermediate tag values is the tag commitment value. The label promise value is used for the voting party to verify whether the label value output by all operation nodes or operation units in the process of counting the voting result by the voting party is correct, and whether the counting party is accurate based on the mask counting result obtained by the operation nodes or operation units is determined by verifying whether the label value is accurate.
Specifically, the vote counting party sequentially determines, for each operation node in the preset vote counting tree, the mask voting result and the label value input to the operation node according to each mask voting result and each initial label value, determines the mask voting result output by the operation node according to the mask voting result input to the operation node, and determines the label value output by the operation node as a first result and as an intermediate label value according to the label value input to the operation node. And then taking the mask voting result output by the operation node as the mask voting result of the next operation node input to the operation node, taking the tag value output by the operation node as the tag value of the next operation node input to the operation node until the mask voting result and the tag value output by the last operation node are determined, and taking the mask voting result output by the last operation node as the mask statistical result output by the vote counting tree. And then, the ticket counter generates a label commitment value of each intermediate label value based on the homomorphic commitment function, and publishes each first result and the label commitment value, so that each voting party discloses a verification mask statistical result according to each first result and the label commitment value published by the ticket counter.
When determining the mask voting result and the label value input to the operation node, if the operation node is an upstream operation node of a leaf node in the vote tree, the mask voting result and the label value input to the operation node are one of mask voting results published by voting parties and received initial label values. If the operation node is not the upstream operation node of the leaf node in the vote tree, the mask voting result and the label value of the operation node are input as the mask voting result and the label value output by the last operation node of the operation node.
In this specification, the operation nodes may include an exclusive-or operation unit, and one operation node may include one or more exclusive-or operation units, so when each operation node includes a plurality of exclusive-or operation units, respectively, in the step S102, the vote counter may determine, for each operation node in the vote tree and for each exclusive-or operation unit in the operation node in turn, a mask voting result and a tag value input to the exclusive-or operation unit, exclusive-or operate the determined mask voting result, determine a mask voting result output by the exclusive-or operation unit, and use the determined mask voting result as the first-season result. And performing exclusive-or operation on the determined tag value, determining the tag value output by the exclusive-or operation unit, and taking the tag value as an intermediate tag value. And then taking the mask voting result output by the exclusive-or operation unit as the mask voting result input by the next exclusive-or operation unit of the exclusive-or operation unit, taking the tag value output by the exclusive-or operation unit as the tag value input by the next exclusive-or operation unit of the exclusive-or operation unit, and taking the mask voting result output by the last exclusive-or operation unit as the mask voting result output by the operation node and taking the tag value output by the last exclusive-or operation unit as the tag value output by the operation node when the mask data and the tag value output by the last exclusive-or operation unit are determined. And then taking the mask data output by the operation node as a mask voting result of the next operation node input to the operation node, taking the tag value output by the operation node as the tag value of the next operation node input to the operation node until the mask voting result and the tag value output by the last operation node are determined, and taking the mask voting result output by the last operation node as a mask statistical result output by the vote counting tree.
If the exclusive-or operation unit is the first operation unit in the operation node, the mask voting result and the tag value input to the exclusive-or operation unit are the mask voting result and the tag value input to the operation node. If the exclusive-or operation unit is not the first operation unit in the operation nodes, the mask voting result and the tag value of the exclusive-or operation unit are input as the mask voting result and the tag value output by the last exclusive-or operation unit of the exclusive-or operation unit.
In this specification, the operation nodes may include and operation units, and one operation node may include one or more and operation units, so when each operation node includes a plurality of and operation units, respectively, in the step 102, the vote counter may determine, for each operation node in the vote tree and for each and operation unit in the operation node in turn, a mask voting result input to the and operation unit according to each mask voting result and each initial tag value, and determine a unit ciphertext corresponding to the and operation unit according to the determined mask voting result. And then, determining the label value input into the AND operation unit, determining a mask voting result and a label value output by the AND operation unit according to the determined label value and the unit ciphertext, taking the determined mask voting result as a first result, and taking the determined label value as an intermediate label value. And taking the mask voting result output by the AND operation unit as the mask voting result input by the next AND operation unit of the AND operation unit, taking the tag value output by the AND operation unit as the tag value input by the next AND operation unit of the AND operation unit, taking the mask voting result output by the last AND operation unit as the mask voting result output by the operation node when the mask voting result and the tag value output by the last AND operation unit are determined, and taking the tag value output by the last AND operation unit as the tag value output by the operation node. And then taking the mask voting result output by the operation node as the mask voting result of the next operation node input to the operation node, and taking the tag value output by the operation node as the tag value of the next operation node input to the operation node until the mask voting result and the tag value output by the last operation node are determined, and taking the mask voting result output by the last operation node as the mask statistical result output by the vote counting tree.
And if the AND operation unit is the first operation unit in the operation nodes, the mask voting result and the tag value of the AND operation unit are input as the mask voting result and the tag value of the input operation nodes. If the AND operation unit is not the first operation unit in the operation nodes, the mask voting result and the label value of the AND operation unit are input as the mask voting result and the label value output by the last AND operation unit of the AND operation unit.
The unit ciphertext is determined for each voting party based on the voting tree and is sent to the voting party. Therefore, in the step S100, the vote counter may send the preset vote tree to each vote party, and then determine the mask voting result published by each vote party, and receive the initial tag value corresponding to the unit ciphertext of the operation unit and the mask voting result in each vote tree sent by each vote party. Each voting party can generate a corresponding unit ciphertext for each and an operation unit in the vote tree, and when generating the unit ciphertext, a bit value of a mask voting result input to the operation unit needs to be determined, wherein the bit value can be 0 or 1, and because two mask voting result input to the operation unit are available, the bit value of mask data input to the operation unit has 4 combination modes, namely 00, 01, 10 and 11, respectively, and each combination mode corresponds to one unit ciphertext, so each unit ciphertext corresponding to the operation unit can be generated based on a plurality of combinations, and each unit ciphertext corresponding to each combination can be generated by each voting party, namely a plurality of unit ciphers corresponding to the operation unit.
Based on this, when the unit ciphertext corresponding to the operation unit is determined according to the determined mask voting result, the vote counter can determine a combination mode of bit values corresponding to the mask voting result according to the determined mask voting result, and determine each unit ciphertext corresponding to the operation unit, that is, each unit ciphertext corresponding to the operation unit according to the determined combination mode from each unit ciphertext of the operation unit sent by each vote counter. For example, the voters D1 and D2 respectively send 4 unit ciphertexts with the operation unit a to the voter, and the 4 unit ciphertexts are respectively determined based on 4 combinations (i.e., 00, 01, 10 and 11), so that the voter can receive 8 unit ciphertexts with the operation unit a in total. Assuming that the bit values corresponding to the determined mask voting result are 0 and 1, respectively, the combination mode of the bit values is 01, and the vote counter can determine the unit ciphertext corresponding to the combination mode 01 from the 8 unit ciphers sent by the voters D1 and D2 and corresponding to the operation unit a, so that the vote counter can determine two unit ciphertexts corresponding to the operation unit a, namely, two unit ciphertexts corresponding to the operation unit a.
When determining the mask data and the tag value output by the and operation unit according to the determined tag value and the unit ciphertext, the ticket counter can determine the mask voting result and the tag value output by the and operation unit corresponding to the unit ciphertext according to the determined tag value and the unit ciphertext for each unit ciphertext. And then, taking the determined mask voting results as mask voting results output by the AND operation unit and taking the determined tag values as tag values output by the AND operation unit.
In this specification, the operation node may further include a plurality of and operation units and a plurality of xor operation units, so in the step S102, the vote counter may determine, for each operation node in the vote tree and for each operation unit in the operation node in turn, a type of the operation unit, and when the operation unit is an xor operation unit, determine, according to the above process, a mask voting result and a tag value output by the xor operation unit, and use the determined mask voting result as a first result, and use the determined tag value as an intermediate tag value, which will not be described herein. Then, the determined mask voting result and the tag value are used as the mask voting result and the tag value of the next arithmetic unit input to the exclusive OR arithmetic unit. When the operation unit is an and operation unit, determining the mask voting result and the label value output by the and operation unit according to the above process, taking the determined mask voting result as a first result, and taking the determined label value as an intermediate label value, which will not be described herein. And then, taking the determined mask voting result and the tag value as the mask voting result and the tag value of the next operation unit input to the AND operation unit, wherein the subsequent process is similar to the process of determining the mask statistical result and the tag promise value, and the detailed description is omitted.
In addition, since the mask voting result output by the exclusive or operation unit may be obtained by performing an exclusive or operation on the mask voting result input to the exclusive or operation unit, and the mask voting result of each voting party is published, that is, the mask voting result of each voting party may be known to any party, when the mask statistics result is publicly verified, the voting party may use only the determined mask voting result output by each and operation unit as the first result, and the tag value output by each and operation unit as the intermediate tag value. And then, generating a label promise value of each intermediate label value based on the homomorphic promise function, and publishing each first result and the label promise value.
S106: and when the mask statistical result verification passes, determining mask bit shares corresponding to the mask statistical result published by each voting party.
S108: and decrypting the mask statistical result according to each mask bit share, determining a final voting result, and publishing the final voting result.
And when the mask statistical result verification passes, determining mask bit shares corresponding to the mask statistical result published by each voting party. Decrypting the mask statistical result according to each mask bit share, determining a final voting result, and publishing the final voting result. Each voting party sends a mask bit share corresponding to the mask statistics to the voting party, and the mask bit share is used for decrypting the mask statistics finally output by the voting tree.
Specifically, each voter performs public verification on the mask statistics result according to each first result and the tag promise value published by the voter in step S104. When the mask statistics verification passes, each voter publishes a mask bit share corresponding to the mask statistics. The voter can determine the mask bit shares published by each voter, decrypt the mask statistics according to each mask bit share, determine the final voting result, and publish the final voting result. Each mask bit share is a secret key generated by a voter for the mask statistics output by the vote counting tree, and the vote counting party can decrypt the mask statistics output by the vote counting tree according to each mask bit share.
In addition, in order to ensure the accuracy of the mask bit shares published by each voter, the voter can determine a mask commitment value corresponding to the mask bit share based on the homomorphic commitment function and publish the mask commitment value. The ticket counter determines the mask promise value corresponding to the mask bit share published by each voting party, and performs public verification on each mask bit share according to each mask promise value. And when each mask bit share passes verification, decrypting the mask statistical result according to each mask bit share, determining a final voting result, and publishing the final voting result.
The method comprises the steps that each voting party publishes a mask promise value, wherein the mask promise value published by each voting party comprises an original promise value and other promise values, so that when determining the mask promise value corresponding to the mask bit share published by each voting party, a ballot party can determine the original promise value corresponding to the mask bit share published by the voting party and the other promise values, wherein the original promise value is the promise value determined by the voting party based on the mask bit share corresponding to the voting party, of the other promise values are promise values determined by the voting party based on the mask bit shares published by the other voting party. The other voters are voters other than the voter.
Based on this, upon publicly verifying each mask bit share based on each mask promise value, the ticket counter may determine that the sum of each original promise value is a first value and that the sum of each other promise value is a second value. When the first value is consistent with the second value, each mask bit share verification pass is determined. When the first value is inconsistent with the second value, determining that each mask bit share verification fails, and publishing a message that the verification fails by the ticket counter.
The above-mentioned decryption of the mask statistics according to the mask bit shares may be performed by the following formula when determining the final voting result:
Wherein z is w Representing the final voting result, z' w The result of the statistics of the mask is represented,representing exclusive OR operation, ++>Representing the respective mask bit shares sent by voter Di, n representing the number of voters.
As can be seen from the above method, in the application, when electronic voting is carried out, the voter can determine the mask voting result published by each voter and receive the initial label value corresponding to the mask voting result sent by each voter. The mask voting result is a result of the voting party processing the voting result according to the mask bit share, so that privacy contained in the voting result of each voting party can be protected. And then, according to each mask voting result and each initial label value, counting each mask voting result based on a pre-constructed voting tree, determining a voting tree output mask counting result, and determining a first result and an intermediate label value output by each operation node. And generating a label promise value of each intermediate label value based on the homomorphic promise function, and publishing each first result and the label promise value to enable each voting party to disclose and verify the mask statistical result according to each first result and the label promise value published by the voting party, so as to ensure the accuracy of the voting result counting process of the voting party, namely the accuracy of the mask statistical result determined by the voting party. And the voter only knows the mask statistical result and does not know the specific voting result of each voter, thereby protecting the privacy of the voter. In addition, the calculation speed of the voting result is also increased, and the time cost is reduced. Meanwhile, when the mask statistical result is verified, a third party can be verified besides each voting party, so that the accuracy of the mask statistical result is better ensured. And then, when the mask statistical result verification passes, determining mask bit shares corresponding to the mask statistical result published by each voting party, decrypting the mask statistical result according to each mask bit share, determining a final voting result, and publishing the final voting result, so that the voting party decrypts the mask statistical result by adopting each mask bit share when the mask statistical result verification passes, and the accuracy of the final voting result is ensured.
Further, in order to ensure the accuracy of the mask bit shares published by each voting party, the voting party can verify each mask bit share according to the mask promise value corresponding to the mask bit shares published by each voting party, and when each mask bit share passes the verification, decrypt the mask statistical result by adopting each mask bit share to determine the final voting result and publish the final voting result. The fact that each voting party publishes a wrong mask bit share is avoided, and the accuracy of the determined final voting result is guaranteed.
In this specification, in addition to determining whether the mask statistics result is accurate by verifying whether the tag value is accurate, it may be further determined whether the mask statistics result is accurate by verifying the mask voting result output by the operation node or the operation unit. Therefore, when each first result and the tag commitment are published in step S104, the ticket counter may further determine, for each and operation unit, a mask voting result inputted to the and operation unit, and determine a verifiable mask bit share inputted to the and operation unit and a verifiable mask bit share outputted by the and operation unit based on the secure multiparty calculation preprocessing function. And determining verifiable check bits of the AND operation unit according to the determined verifiable mask bit share and the mask voting result. And determining the message verification code of the AND operation unit according to the verifiable verification bit, and determining the verification code commitment value of the message verification code based on the homomorphic commitment function. And then, determining the sum of the promise values of the verification codes as the promise value of the verification code aggregation, and publishing the promise value of the verification code aggregation, the first results and the promise value of the label. Wherein the verifiable mask bit shares include the mask bit shares, the message authentication code corresponding to the mask bit shares, and the keys of the message authentication code corresponding to the mask bit shares of other voters, other voters than the voter itself. The verification code aggregate promise value is used for each voting party to publicly verify the accuracy of the mask voting result output by the operation node or the operation unit.
The above-mentioned verifiable mask bit share and mask voting result according to confirming, confirm and operation unit can verify check bit while being said, can adopt the following formula to calculate:
wherein,and +.>The three parameters in the triplet corresponding to the operation unit, which are determined by the ticket counter T based on the secure multiparty computing preprocessing function, may be 0 or any three values. d, d γ E γ The value can be any preset value, and can also be directly 0./>Verifiable check bits, z ', representing the AND operation cell determined by the ticket counter T' α Z' β Representing two mask voting results input to the AND operation unit,/->And +.>Representing the verifiable mask bit share of the input AND operation unit determined by the ticket counter T,/>Representing the verifiable mask bit share output by the and operation unit as determined by the ticket counter T.
Because the verifiable check bit is obtained through the calculation, the verifiable check bit comprises the message verification code corresponding to the check bit, and the ticket counter can directly determine the message verification code corresponding to the operation unit, namely the message verification code corresponding to the check bit, from the verifiable check bit corresponding to the operation unit. And determining the verification code promise value of the message verification code based on the homomorphic promise function. Thereafter, the sum of the promise values of the verification codes is determined as a promise value of the verification code aggregation, and the promise value of the verification code aggregation can be expressed as Wherein (1)>The message verification code of the AND operation unit W determined by the ticket counter T is represented, W represents the AND operation unit set, and Com (x) represents the homomorphic commitment function.
When determining the mask voting result and the tag value output by the and operation unit according to the determined tag value and the unit ciphertext in the step S102, the ticket counter may determine, for each unit ciphertext, the mask voting result to be verified output by the and operation unit, the tag value output by the and operation unit, and the message authentication code output by the and operation unit (i.e., the message authentication code corresponding to the mask voting result to be verified output by the and operation unit) according to the determined tag value and the unit ciphertext. And determining a secret key of the message verification code output by the AND operation unit and generated based on the secure multiparty calculation preprocessing function, and calculating according to the secret key and the mask voting result to be verified output by the AND operation unit to determine a first calculation result. And then judging whether the first calculation results are consistent with the message verification codes (namely the message verification codes output by the operation units) corresponding to the mask voting results to be verified. If yes, taking each mask voting result to be verified as the mask voting result output by the AND operation unit. If not, determining the voting party corresponding to the checking mask voting result which is not passed by the checking, and sending a checking failed message to the determined voting party.
When determining the voting result of the mask to be verified, the tag value and the message verification code, according to the determined tag value and the unit ciphertext, the voting result, the tag value and the message verification code can be calculated by adopting the following formulas:
wherein,the unit ciphertext corresponding to the arithmetic unit, representing that the voting party Di is sent to the voting party, t=z' α ,z′ α Represents the mask voting result input to the AND operation unit, s=z '' β ,z′ β Representing the result of the mask voting input to the AND operation unit, < >>Representing the tag value input to the AND operation unit, < ->Representing the tag value input to the AND operation unit, < ->Representing the result of the voting of the mask to be verified output by the AND operation unit,/->Representing the result of the mask voting to be verified +.>Corresponding message authentication code, i.e. the message authentication code outputted by the and operation unit,/->Intermediate tag value indicating the output of the AND operation unit, < >> Message authentication code representing the result of the masked votes to be authenticated of the other voters Dj determined by the voter Di, the message authentication code being determined by the voter according to the determined tag value and the unit ciphertext,/->A key of a message verification code representing the result of the masked voting to be verified output by the and operation unit, determined by the other voter Dj stored by the voter Di,/ >Represents the voting result of the mask to be verified, delta, which is output by the AND operation unit and determined by other voting parties Dj i Global key representing voting party Di, +.>The label value outputted from the AND operation section is represented. H (x) denotes a hash function, γ denotes an output of the and operation unit, and s, t denote two inputs of the and operation unit, respectively.
In this specification, the other voter may determine an initial tag value of the mask voting result according to the mask voting result published by the voter, and send the initial tag value to the voting center, where the initial tag value is a K-bit string randomly generated by the other voter based on the mask voting result. Each of the masked voting results published by each of the voters corresponds to an initial tag value generated by a plurality of voters. Therefore, in the step S100, the voter may receive the initial tag value corresponding to each mask voting result transmitted by each voter.
In this regard, in the step S102, the vote counter may count each mask voting result based on the previously constructed vote tree according to each mask voting result and each initial label value corresponding to each mask voting result, and determine a mask statistics result output by the vote tree. The specific process is similar to the above-mentioned process that each mask voting result corresponds to one initial tag value, except that each mask voting result corresponds to a plurality of initial tag values, and each exclusive-or operation unit and each tag value output by the exclusive-or operation unit are a set including a plurality of tag values, and the specific process is not described herein.
In this specification, when the ticket counter publishes each first result and the tag promise value, each first result and the tag promise value may be sent to the bulletin board, so that each voting party and the third party can learn each first result and the tag promise value. Of course, when the ticket counter publishes other content, such as the verification code aggregate promise value, the ticket counter may also send the content to be published to the bulletin board, which is not limited in detail in this specification.
The present disclosure also provides a method for electronic voting, where the method is applied to a voter, as shown in fig. 3, and fig. 3 is a schematic flow chart of another method for electronic voting provided in the present disclosure, and the method shown in fig. 3 is applied to the voter, and specifically includes the following steps:
s200: and determining a voting result according to voting options, and generating a mask bit share by adopting a safe multiparty calculation preprocessing function according to the topological structure of the vote tree pre-constructed by the vote counting party.
S202: processing the voting result according to the mask bit share, determining a mask voting result, publishing the mask voting result, generating an initial tag value corresponding to the mask voting result, sending the initial tag value to the vote counting party, enabling the vote counting party to count each mask voting result based on the vote counting tree according to the mask voting result published by each vote counting party and the received initial tag value, determining a mask counting result output by the vote counting tree, determining a first result and an intermediate tag value output by each operation node in the vote counting tree, determining a tag promise value according to each intermediate tag value, and publishing each first result and the tag promise value.
In order to protect privacy contained in the voting results, the voting party can firstly determine the voting results according to voting options, and a safe multiparty calculation preprocessing function is adopted to generate a mask bit share according to the topological structure of the voting tree which is pre-constructed by the voting party. And processing the voting result according to the mask bit share, determining and publishing the mask voting result, generating an initial tag value corresponding to the mask voting result, and transmitting the initial tag value to the ticket counter. The counting tree is constructed by counting parties according to the number of each voting party. The voting result is determined by the voting party according to the voting options, the voting scenes are different, the voting options are different, and the voting result is different, however, the voting party is also different, and the voting party and the data why the voting result can be in the specific different voting scenes are described in the above step S100, which is not repeated here. The secure multiparty computation preprocessing function is a function in the existing secure multiparty computation library, and the initial tag value corresponding to the generated mask voting result is a tag value which can be randomly generated by the voter based on the mask voting result.
Specifically, the voting party can determine the voting result according to the voting options, and according to the topology structure of the voting tree published by the voting party, a safe multiparty calculation preprocessing function is adopted to generate a mask bit share, and then the voting result is processed according to the mask bit share to determine the mask voting result, and an initial tag value corresponding to the mask voting result is generated. And publishing the mask voting result and transmitting the initial tag value to the ticket counter. The method comprises the steps of enabling a vote counting party to count each mask voting result based on a vote counting tree according to the mask voting result published by each vote counting party and the received initial label value, determining a mask counting result output by the vote counting tree, determining a first result and an intermediate label value output by each operation node in the vote counting tree, determining a label promise value according to each intermediate label value, and publishing each first result and the label promise value.
In this specification, the operation nodes may include and operation units, and one operation node may include one or more and operation units, so when each operation node includes a plurality of and operation units, respectively, when transmitting an initial tag value to a voter, a voter needs to transmit a unit ciphertext corresponding to the operation unit in a vote tree to the voter in addition to transmitting the initial tag value corresponding to the mask voting result to the voter. Thus, the voter may determine, for each of the compute nodes in the vote tree, and for each of the compute nodes and the compute units in turn, a verifiable mask bit share and a tag value input to the compute unit, determine a triplet of the compute unit, a verifiable mask bit share output by the compute unit, and a tag value output by the compute unit using a secure multiparty computation preprocessing function. Then, the unit ciphertext corresponding to the AND operation unit is determined according to the triplet, the verifiable mask bit share input to the AND operation unit, the tag value input to the AND operation unit, the verifiable mask bit share output by the AND operation unit, and the tag value output by the AND operation unit. And then, transmitting the unit ciphertext corresponding to each operation unit and the initial tag value corresponding to the mask voting result in the vote counting tree to the vote counting party.
If the operation node is an upstream operation node of a leaf node in the vote tree, the verifiable mask bit share input to the operation node is generated by adopting a safe multiparty calculation preprocessing function for the voter, and the label value input to the operation node is the result of exclusive OR operation between the bit string of K bits randomly generated by the voter or the bit string of K bits randomly generated by the voter and the global key, namely the initial label value. If the operation node is not the upstream operation node of the leaf node in the billing tree, the verifiable mask bit share and the tag value input to the operation node are the verifiable mask bit share and the tag value output by the last operation node of the operation node.
If the AND operation unit is the first operation unit in the operation node, the verifiable mask bit share and the tag value input to the AND operation unit are the verifiable mask bit share and the tag value input to the operation node. If the AND operation unit is not the first operation unit in the operation node, the verifiable mask bit share and the tag value of the AND operation unit are input as the verifiable mask bit share and the tag value of the last operation unit of the AND operation unit.
In addition, when the last arithmetic unit of the AND arithmetic unit is the AND arithmetic unit, a secure multiparty calculation preprocessing function is adopted to determine the verifiable mask bit share output by the last arithmetic unit of the AND arithmetic unit and serve as the verifiable mask bit share input to the AND arithmetic unit, and determine the tag value output by the last arithmetic unit of the AND arithmetic unit and serve as the tag value input to the AND arithmetic unit. Of course, in this specification, the operation node may further include a plurality of exclusive-or operation units, so when the last operation unit of the and operation unit may also be the exclusive-or operation unit, determining a verifiable mask bit share and a tag value of the last operation unit (i.e., the exclusive-or operation unit) input to the and operation unit, performing exclusive-or operation on the determined verifiable mask bit share, taking the result after the operation as the verifiable mask bit share output by the exclusive-or operation unit, performing exclusive-or operation on the determined tag value, and taking the result after the operation as the tag value output by the exclusive-or operation unit. And taking the verifiable mask bit share and the tag value output by the exclusive OR operation unit as the verifiable mask bit share and the tag value input into the AND operation unit.
When determining the unit ciphertext corresponding to the and operation unit according to the triplet, the verifiable mask bit share input to the and operation unit, the tag value input to the and operation unit, the verifiable mask bit share output by the and operation unit, and the tag value output by the and operation unit, the voting party may determine a first value according to a first numerical value in the triplet and the first verifiable mask bit share input to the and operation unit, and determine a second value according to a second numerical value in the triplet and the second verifiable mask bit share input to the and operation unit, and specifically may use the following formula to perform calculation:
wherein the triplet is three parameters generated by adopting a safe multiparty computing preprocessing function, and the triplet comprises a first value, a second value and a third value, namely the first value, the second value and the third value of the AND operation unit determined by the voting party Di are respectivelyAnd +.>The verifiable mask bit shares input to the and operation unit comprise a first verifiable mask bit share and a second verifiable mask bit share, i.e. the first verifiable mask bit share and the second verifiable mask bit share input to the and operation unit determined by voting party Di are respectively And +.>When the AND operation unit is the operation nodeA first arithmetic unit of the point, and the arithmetic node is an upstream arithmetic node of the leaf node in the ticketing tree,/->And +.>The voting party can be generated based on a secure multiparty calculation function, and can also be 0, and the specification is not particularly limited. />Representing the first value determined by voting party Di,/->Representing the second value determined by the voting party Di.
Above-mentionedAnd +.>When the value is not 0, the following formula can be adopted for expression:
wherein,verifiable mask bit shares of input to the operational node or the and operational unit, representing the generation of voting party Di,/->Mask bit share representing the generation of voting party Di,/->Representation->The corresponding message authentication code is used to authenticate the message,representing keys generated by other voters Dj that are entered into the operation node or corresponding to the message authentication code corresponding to the mask bit shares of the operation unit.
The first value and the second value are then sent to other voters. The other voter is a voter belonging to the operation node together with the voter, that is, the other voter is a voter other than the voter (i.e., the aforementioned voter Di, that is, the voter as the execution subject) among the voters for which data is input to the operation node. Receiving a third value and a fourth value sent by other voters, aggregating the received third value and the received first value to determine a first total value, and aggregating the received fourth value and the received second value to determine a second total value, wherein the method specifically can be calculated by adopting the following formula:
Wherein d γ Representing a first total value determined by the voter Di, n representing the number of voters,representing the first value determined by voting party Di,/->Representing a third value determined by the voter Dn and transmitting the third value to the voter Di, the first value being similar to the determination of the third value, but determined locally by a different voter. e, e γ Representing a second total value determined by the voting party Di,/>Representing the second value determined by the voting party Di. />A fourth value determined by the voter Dn is represented and the third value is sent to the voter Di, the second value being similar to the determination of the fourth value, but determined locally by a different voter.
Then, determining the mask voting result to be verified output by the AND operation unit according to the first total value, the second total value, the triples, the verifiable mask bit share output by the AND operation unit and the verifiable mask bit share input to the AND operation unit, wherein the mask voting result to be verified can be calculated by adopting the following formula:
wherein,representing the result of the voting by the mask to be verified, determined by the voting party Di, output by the and operation unit,/-, and>and representing the verifiable mask bit share which is determined by the voting party Di and is output by the AND operation unit, wherein the verifiable mask bit share is generated by the voting party Di through a safe multiparty computing preprocessing function, t and s are bit values, and each t and s are E {0,1}.
Then, according to the voting result of the mask to be verified output by the AND operation unit, the tag value input by the AND operation unit and the tag value output by the AND operation unit, determining the unit ciphertext corresponding to the AND operation unit, wherein the unit ciphertext can be calculated by adopting the following formula:
wherein,the unit ciphertext corresponding to the operation unit, which is determined by the voting party Di, may be 0, 1, or 0, or 1, so that there are 4 combinations of t and s, each of which corresponds to one unit ciphertext, and thus there are 4 unit ciphertexts corresponding to the operation unit. =value symbol = ->The tag value of the AND operation unit is input when the bit value determined by the voting party Di is t, and +.>The tag value of the AND operation unit is input when the bit value determined by the voting party Di is t, and gamma represents the output of the AND operation unit,/or%>A message authentication code representing the result of the mask voting to be authenticated outputted by the AND operation unit,/for the user>Representing the tag value, delta, output by the AND operation unit when the bit value determined by the voting party Di is 0 i Global key representing voting party Di, +.>And the key corresponding to the message verification code of the mask voting result to be verified, which is output by the operation unit and is determined by the other voting party Dj stored by the voting party Di.
If the AND operation unit is the first oneWhen the first operation unit in the operation node is the upstream operation node of the leaf node in the billing treeAnd->The K-bit strings are randomly generated by the voting party Di, and the bit values are t and s respectively.
In this specification, since the mask voting result of the voting party is published to all other voting parties (i.e., other voting parties except the voting party), the other voting parties can determine the initial tag value corresponding to the mask voting result according to the mask voting result published by the voting party, and send the initial tag value to the voting party. The initial tag value is a K-bit string randomly generated by the other voter based on the bit value of the mask voting result, and the specific process is similar to that of step S202, and will not be described again here. Based on this, the voter can receive each initial tag value corresponding to each mask voting result transmitted by each voter.
S204: and determining each first result published by the ticket counter and a label promise value.
S206: and determining the label value output by each operation node in the ticket counting tree according to each first result, determining the verification promise value of each label value according to the homomorphic promise function, and publishing the verification promise value.
S208: and carrying out public verification on the mask statistical result according to the tag promise value and the verification promise value.
The voting party determines each first result and label promise value published by the voting party, determines the label value output by each operation node in the voting tree according to each first result, determines the verification promise value of each label value according to homomorphic promise function, and publishes the verification promise value. And then, performing public verification on the mask statistical result according to the tag promise value and the verification promise value. When determining the label value output by each operation node in the vote tree according to each first result, the voter can determine the mask voting results published by other voters because each first result is the mask voting result output by each operation node in the vote tree, and calculate the mask statistics result output by the vote tree according to the mask voting result determined in step S202, the mask voting result of other voters and each first result according to each operation node in the vote tree, and determine the label value output by each operation node in the vote tree.
When determining the verification promise value of each tag value according to the homomorphic promise function, the voter can aggregate each tag value first, and then determine the verification promise value of the aggregated tag value based on the homomorphic promise function. The voting party may also determine the promise value corresponding to each tag value based on the homomorphic promise function, and use the aggregated result of each promise value as the mask promise value, which is not limited in this specification.
In the present specification, the operation node may further include at least one of an exclusive or operation unit and an operation unit, and each of the tag values corresponding to the verification acceptance value is a tag value output from each operation unit. In addition, since the mask voting result output by the exclusive or operation unit may be obtained by performing an exclusive or operation on the mask voting result input to the exclusive or operation unit, and the mask voting result of each voting party is published, that is, each party may learn the mask voting result of each voting party, when the mask statistics result is published and verified, the voting party may use only the determined mask voting result output by each and operation unit as the first result, determine each tag commitment value corresponding to the tag value output by each and operation unit, and publish each first result and the tag commitment value. Accordingly, the voter may determine and issue only the verification commitment value corresponding to the tag value outputted from the arithmetic unit. The verification promise value can be expressed asWherein (1)>Representing the label value output by the AND operation unit W determined by the voting party Di, W representing the AND operation unit set
In step S208, the voter may determine that the verification promise value published by the other voter is other verification promise value, aggregate the other verification promise value and the verification promise value, and verify the mask statistics according to the aggregated promise value and the tag promise value. Wherein, the promise value after aggregation can be expressed as: Where n represents the number of voters.
When the above-mentioned verification of the mask statistics is performed according to the aggregated promise value and the tag promise value, when the aggregated promise value and the tag promise value are consistent, it is described that the verification of the mask statistics is passed. That is to sayWhen the result is positive, the verification of the mask statistical result is passed. When the aggregated promise value and the label promise value are inconsistent or the formula is not established, the mask statistical result verification is not passed, and the voting party publishes a message that the mask statistical result verification is not passed. Wherein,representing a label commitment value published by the ticket counter.
In addition, in addition to determining whether the mask statistics result is accurate by verifying whether the tag value is accurate, whether the mask statistics result is accurate may be further determined by verifying the mask voting result output by the operation node or the operation unit. Therefore, when the above-mentioned aggregated promise value and label promise value are used for verifying the mask statistical result, when the aggregated promise value is identical to the label promise value, the mask voting result published by other voters can be determined. Then, for each AND operation unit, a mask voting result input to the AND operation unit is determined according to each mask voting result and each first result, and a verifiable mask bit share input to the AND operation unit and a verifiable mask bit share output by the AND operation unit are determined. Then, based on the determined verifiable mask bit shares and the mask voting results, verifiable check bits of the AND operation unit are determined. And determining the message verification code of the AND operation unit according to the verifiable verification bit, and determining the verification code commitment value of the message verification code based on the homomorphic commitment function. And then, determining the sum of the promise values of the verification codes as a verification aggregation promise value, and publishing the verification aggregation promise value. And then, determining an identifying code aggregate promise value published by the ticket counter, and carrying out public verification on the mask statistical result according to the identifying code aggregate promise value and the identifying aggregate promise value. Wherein, according to the determined verifiable mask bit share and the mask voting result, the verifiable check bit of the AND operation unit is determined, and the following formula can be adopted for calculation:
Wherein,verifiable check bits, z ', representing the AND operation cell determined by voting party Di' α Z' β Two mask voting results, which indicate the input of the and operation unit determined by the voting party Di,/, are given to>And +.>Representing the two verifiable mask bit shares, +.>Representing the verifiable mask bit share output by the and operation unit as determined by voting party Di.
Because the verifiable check bit is obtained through the calculation, the verifiable check bit comprises the message verification code corresponding to the check bit, and the voting party can directly determine the message verification code corresponding to the operation unit, namely the message verification code corresponding to the check bit, from the verifiable check bit corresponding to the operation unit. Determining the promise value of the verification code of the message verification code based on the homomorphic promise function, and determining the sum of the promise values of the verification codes as the promise value of verification aggregation, wherein the promise value of the verification aggregation can be expressed asWherein (1)>Representing the message authentication code determined by the voting party Di with the arithmetic unit w.
When the mask statistical result is publicly verified according to the verification code aggregate promise value and the verification aggregate promise value, the voter can determine the verification aggregate promise value published by other voters, aggregate the verification aggregate promise value of other voters and the determined verification aggregate promise value, and publicly verify the mask statistical result according to the aggregated verification promise value and the verification code aggregate promise value. Wherein the aggregated validation commitment value may be expressed as When the aggregated verification promise value and the verification code aggregate promise value are consistent, the verification of the mask statistical result is proved to pass, namely +.>When the result is positive, the verification of the mask statistical result is passed. When the aggregated verification promise value and the verification code aggregate promise value are inconsistent or the formula is not established, the mask statistical result verification is not passed, and the voting party publishes a message that the mask statistical result verification is not passed.
S210: and when the mask statistical result passes verification, determining mask bit shares corresponding to the mask statistical result, publishing the mask bit shares, decrypting the mask statistical result by the ticket counter according to the mask bit shares published by each voting party, determining a final voting result, and publishing the final voting result.
When the verification of the mask statistical result is passed, the voting party determines the mask bit share corresponding to the mask statistical result and publishes the mask bit share, so that the voting party decrypts the mask statistical result according to the mask bit shares published by each voting party, determines the final voting result and publishes the final voting result.
In order to ensure the accuracy of the mask bit shares published by each voter, when the verification of the mask statistical result passes, the voter can determine the mask bit shares corresponding to the mask statistical result, determine the mask promise value corresponding to the mask bit shares based on the homomorphic promise function, publish the mask promise value corresponding to the mask bit shares, enable the voter to perform public verification on each mask bit share according to the mask promise value corresponding to the mask bit shares published by each voter, decrypt the mask statistical result according to each mask bit share when each mask bit share passes, determine the final voting result, and publish the final voting result. The mask promise value is used for verifying whether the mask bit share is accurate or not, and comprises an original promise value and other promise values, so that when the mask promise value corresponding to the mask bit share is determined based on the homomorphic promise function and published, the voter can determine the promise value corresponding to the mask bit share as the original promise value based on the homomorphic promise function, determine the mask bit share corresponding to the mask statistical result published by other voters and determine other promise values based on the homomorphic promise function according to the mask bit shares published by other voters and publish the mask bit share, the original promise value and other promise values. The ticket counter determines the sum of the original promise values as a first value and the sum of the other promise values as a second value according to the original promise values and the other promise values published by the voting parties. When the first value is consistent with the second value, each mask bit share verification pass is determined.
In this specification, when a voter publishes a masked voting result, the masked voting result may be transmitted to a bulletin board so that other voters, and third parties can learn the masked voting result. Of course, when the voter publishes other content, such as the promise value, the promise value of the aggregation, and the promise value of the mask, the voter may also send the content to be published to the bulletin board, which is not limited in this specification.
The foregoing is a method of one or more implementations of the present specification, which further provides, based on the same ideas, a corresponding apparatus for electronic voting, the apparatus being applied to a ticketing party, as shown in fig. 4.
Fig. 4 is a schematic structural diagram of an apparatus for electronic voting provided in the present specification, including:
a first determining module 300, configured to determine a mask voting result published by each voting party, and receive a tag value corresponding to the mask voting result sent by each voting party, where the mask voting result is a result obtained by processing the voting result by the voting party according to a mask bit share, and the mask bit share is generated by the voting party based on a secure multiparty computing preprocessing function;
The vote counting module 302 is configured to count each mask voting result based on a pre-constructed vote counting tree according to each mask voting result and each initial label value, determine a mask counting result output by the vote counting tree, and determine a first result and an intermediate label value output by each operation node; wherein the ticketing tree comprises a plurality of operation nodes;
the publishing module 304 is configured to generate a tag commitment value of each intermediate tag value based on a homomorphic commitment function, and publish each first result and the tag commitment value, so that each voter publicly verifies the mask statistics result according to each first result and the tag commitment value published by the voter;
a second determining module 306, configured to determine a mask bit share corresponding to the mask statistics published by each voter when the mask statistics verification passes;
and a decryption module 308, configured to decrypt the mask statistics according to the mask bit shares, determine a final voting result, and publish the final voting result.
Optionally, the operation node includes a plurality of and operation units;
the publishing module 304 is specifically configured to determine, for each and operation unit, a mask voting result input to the and operation unit, and determine a verifiable mask bit share input to the and operation unit and a verifiable mask bit share output by the and operation unit based on a secure multiparty computation preprocessing function; determining verifiable check bits of the AND operation unit according to the determined verifiable mask bit shares and the mask voting result; determining a message verification code of the AND operation unit according to the verifiable check bit, and determining a verification code commitment value of the message verification code based on the homomorphic commitment function; and determining the sum of the promise values of the verification codes as a promise value of the verification code aggregation, and publishing the promise value of the verification code aggregation, the first results and the promise value of the label.
Optionally, the decryption module 308 is specifically configured to determine a mask promise value corresponding to the mask bit share published by each voter; performing public verification on each mask bit share according to each mask promise value; and when the mask bit share verification passes, decrypting the mask statistical result according to the mask bit shares to determine a final voting result.
Optionally, the masked commitment value includes an original commitment value and other commitment values;
the decryption module 308 is specifically configured to determine, for each voter, an original commitment value corresponding to the mask bit share published by the voter, where the original commitment value is a commitment value determined by the voter based on the mask bit share corresponding to the voter, and other commitment values are commitment values determined by the voter based on the mask bit shares published by other voters; determining the sum of the original promise values as a first value and determining the sum of the other promise values as a second value; and when the first value is consistent with the second value, determining that each mask bit share passes verification.
The present specification also provides an apparatus for electronic voting, the apparatus being applied to a voter as shown in figure 5.
Fig. 5 is a schematic structural diagram of another apparatus for electronic voting provided in the present specification, including:
the generating module 400 is configured to determine a voting result according to a voting option, and generate a mask bit share by adopting a secure multiparty calculation preprocessing function according to a topology structure of a vote tree pre-constructed by a vote counter;
a sending module 402, configured to process the voting result according to the mask bit share, determine a mask voting result, publish the mask voting result, generate an initial tag value corresponding to the mask voting result, send the initial tag value to the ticketing party, make the ticketing party count each mask voting result based on the ticketing tree according to the mask voting result published by each voting party and the received initial tag value, determine a mask statistics result output by the ticketing tree, determine a first result and an intermediate tag value output by each operation node in the ticketing tree, determine a tag promise value according to each intermediate tag value, and publish each first result and the tag promise value;
a determining module 404, configured to determine each first result and a tag promise value published by the ticket counter;
The promise module 406 is configured to determine, according to the first results, tag values output by the computing units in the ticketing tree, determine verification promise values of the tag values according to homomorphic promise functions, and publish the verification promise values;
a verification module 408, configured to perform public verification on the mask statistics according to the tag commitment value and the verification commitment value;
and the mask module 410 is configured to determine a mask bit share corresponding to the mask statistics and publish the mask bit share when the mask statistics passes verification, decrypt the mask statistics according to the mask bit shares published by each voter by the voter, determine a final voting result, and publish the final voting result.
Optionally, the verification module 408 is specifically configured to determine that the verification promise value published by the other voter is other verification promise value; aggregating the other verification promise values and the verification promise values; and carrying out public verification on the mask statistical result according to the aggregated promise value and the tag promise value.
Optionally, the operation node includes a plurality of and operation units;
The verification module 408 is specifically configured to determine a mask voting result published by the other voter when the aggregated promise value is consistent with the tag promise value; for each AND operation unit, determining a mask voting result input to the AND operation unit according to each mask voting result and each first result, and determining a verifiable mask bit share input to the AND operation unit and a verifiable mask bit share output by the AND operation unit; determining verifiable check bits of the AND operation unit according to the determined verifiable mask bit shares and the mask voting result; determining a message verification code of the AND operation unit according to the verifiable check bit, and determining a verification code commitment value of the message verification code based on the homomorphic commitment function; determining the sum of the promise values of all verification codes as a verification aggregation promise value, and publishing the verification aggregation promise value; and determining an identifying code aggregate promise value published by the ticket counter, and performing public verification on the mask statistical result according to the identifying code aggregate promise value and the identifying aggregate promise value.
Optionally, the masking module 410 is specifically configured to determine a masking bit share corresponding to the masking statistic; and determining a mask promise value corresponding to the mask bit share based on the homomorphic promise function, publishing, and enabling the ticket counter to perform public verification on each mask bit share according to the mask promise value corresponding to the mask bit share published by each voting party.
Optionally, the masked commitment value includes an original commitment value and other commitment values;
the masking module 410 is specifically configured to determine, based on the homomorphic commitment function, that a commitment value corresponding to the mask bit share is an original commitment value; and determining mask bit shares corresponding to the mask statistics results published by other voters, determining other commitment values based on the homomorphic commitment function according to the mask bit shares published by the other voters, and publishing the mask bit shares, the original commitment values and the other commitment values.
The present specification also provides a computer readable storage medium having stored thereon a computer program operable to perform a method of electronic voting as provided in figure 1 above.
The present specification also provides a schematic structural diagram of an electronic device corresponding to fig. 1 shown in fig. 6. At the hardware level, as shown in fig. 6, the electronic device includes a processor, an internal bus, a network interface, a memory, and a nonvolatile storage, and may of course include hardware required by other services. The processor reads the corresponding computer program from the non-volatile memory into memory and then runs to implement the method of electronic voting described above with respect to fig. 1.
Of course, other implementations, such as logic devices or combinations of hardware and software, are not excluded from the present description, that is, the execution subject of the following processing flows is not limited to each logic unit, but may be hardware or logic devices.
In the 90 s of the 20 th century, improvements to one technology could clearly be distinguished as improvements in hardware (e.g., improvements to circuit structures such as diodes, transistors, switches, etc.) or software (improvements to the process flow). However, with the development of technology, many improvements of the current method flows can be regarded as direct improvements of hardware circuit structures. Designers almost always obtain corresponding hardware circuit structures by programming improved method flows into hardware circuits. Therefore, an improvement of a method flow cannot be said to be realized by a hardware entity module. For example, a programmable logic device (Programmable Logic Device, PLD) (e.g., field programmable gate array (Field Programmable Gate Array, FPGA)) is an integrated circuit whose logic function is determined by the programming of the device by a user. A designer programs to "integrate" a digital system onto a PLD without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Moreover, nowadays, instead of manually manufacturing integrated circuit chips, such programming is mostly implemented by using "logic compiler" software, which is similar to the software compiler used in program development and writing, and the original code before the compiling is also written in a specific programming language, which is called hardware description language (Hardware Description Language, HDL), but not just one of the hdds, but a plurality of kinds, such as ABEL (Advanced Boolean Expression Language), AHDL (Altera Hardware Description Language), confluence, CUPL (Cornell University Programming Language), HDCal, JHDL (Java Hardware Description Language), lava, lola, myHDL, PALASM, RHDL (Ruby Hardware Description Language), etc., VHDL (Very-High-Speed Integrated Circuit Hardware Description Language) and Verilog are currently most commonly used. It will also be apparent to those skilled in the art that a hardware circuit implementing the logic method flow can be readily obtained by merely slightly programming the method flow into an integrated circuit using several of the hardware description languages described above.
The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer readable medium storing computer readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, application specific integrated circuits (Application Specific Integrated Circuit, ASIC), programmable logic controllers, and embedded microcontrollers, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, atmel AT91SAM, microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic of the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller in a pure computer readable program code, it is well possible to implement the same functionality by logically programming the method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers, etc. Such a controller may thus be regarded as a kind of hardware component, and means for performing various functions included therein may also be regarded as structures within the hardware component. Or even means for achieving the various functions may be regarded as either software modules implementing the methods or structures within hardware components.
The system, apparatus, module or unit set forth in the above embodiments may be implemented in particular by a computer chip or entity, or by a product having a certain function. One typical implementation is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being functionally divided into various units, respectively. Of course, the functions of each element may be implemented in one or more software and/or hardware elements when implemented in the present specification.
It will be appreciated by those skilled in the art that embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, the present specification may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present description can take the form of a computer program product on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
The present description is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the specification. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises the element.
It will be appreciated by those skilled in the art that embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, the present specification may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present description can take the form of a computer program product on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
The description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for system embodiments, since they are substantially similar to method embodiments, the description is relatively simple, as relevant to see a section of the description of method embodiments.
The foregoing is merely exemplary of the present disclosure and is not intended to limit the disclosure. Various modifications and alterations to this specification will become apparent to those skilled in the art. Any modifications, equivalent substitutions, improvements, or the like, which are within the spirit and principles of the present description, are intended to be included within the scope of the claims of the present description.
Claims (13)
1. A method of electronic voting, the method being applied to a ticker, the method comprising:
determining a mask voting result published by each voting party, and receiving an initial tag value corresponding to the mask voting result sent by each voting party, wherein the mask voting result is a result obtained by processing the voting result by the voting party according to a mask bit share, and the mask bit share is generated by the voting party based on a secure multiparty calculation preprocessing function;
According to each mask voting result and each initial label value, counting each mask voting result based on a pre-constructed vote counting tree, determining a mask counting result output by the vote counting tree, and determining a first result and an intermediate label value output by each operation node; wherein the ticketing tree comprises a plurality of operation nodes;
generating a tag commitment value of each intermediate tag value based on a homomorphic commitment function, and publishing each first result and the tag commitment value, so that each voting party publicly verifies the mask statistical result according to each first result and the tag commitment value published by the voting party;
when the mask statistical result verification passes, determining mask bit shares corresponding to the mask statistical result published by each voting party;
and decrypting the mask statistical result according to each mask bit share, determining a final voting result, and publishing the final voting result.
2. The method of claim 1, wherein the compute node comprises a plurality of and compute units;
publishing each first result and the tag commitment value, specifically including:
determining, for each and operation unit, a mask voting result input to the and operation unit, and determining a verifiable mask bit share input to the and operation unit and a verifiable mask bit share output by the and operation unit based on a secure multiparty computation preprocessing function;
Determining verifiable check bits of the AND operation unit according to the determined verifiable mask bit shares and the mask voting result;
determining a message verification code of the AND operation unit according to the verifiable check bit, and determining a verification code commitment value of the message verification code based on the homomorphic commitment function;
and determining the sum of the promise values of the verification codes as a promise value of the verification code aggregation, and publishing the promise value of the verification code aggregation, the first results and the promise value of the label.
3. The method according to claim 1, wherein decrypting the mask statistics based on the mask bit shares determines a final voting result, comprising:
determining a mask promise value corresponding to the mask bit share published by each voting party;
performing public verification on each mask bit share according to each mask promise value;
and when the mask bit share verification passes, decrypting the mask statistical result according to the mask bit shares to determine a final voting result.
4. The method of claim 3, wherein the masked commitment value comprises an original commitment value and other commitment values;
The method for determining the mask promise value corresponding to the mask bit share published by each voting party specifically comprises the following steps:
for each voting party, determining an original commitment value corresponding to the mask bit share published by the voting party and other commitment values, wherein the original commitment value is a commitment value determined by the voting party based on the mask bit share corresponding to the voting party, and the other commitment values are commitment values determined by the voting party based on the mask bit shares published by other voting parties;
performing public verification on each mask bit share according to each mask promise value, specifically including:
determining the sum of the original promise values as a first value and determining the sum of the other promise values as a second value;
and when the first value is consistent with the second value, determining that each mask bit share passes verification.
5. A method of electronic voting, the method being applied to a voter, the method comprising:
determining a voting result according to voting options, and generating a mask bit share by adopting a safe multiparty calculation preprocessing function according to a topological structure of a vote tree pre-constructed by a vote counting party;
processing the voting result according to the mask bit share, determining a mask voting result, publishing the mask voting result, generating an initial tag value corresponding to the mask voting result, transmitting the initial tag value to the vote counting party, enabling the vote counting party to count each mask voting result based on the vote counting tree according to the mask voting result published by each vote counting party and the received initial tag value, determining a mask counting result output by the vote counting tree, determining a first result and an intermediate tag value output by each operation node in the vote counting tree, determining a tag promise value according to each intermediate tag value, and publishing each first result and the tag promise value;
Determining each first result published by the ticket counter and a label promise value;
determining label values output by operation nodes in the ticket tree according to the first results, determining verification promise values of the label values according to homomorphic promise functions, and publishing the verification promise values;
performing public verification on the mask statistical result according to the tag promise value and the verification promise value;
and when the mask statistical result passes verification, determining mask bit shares corresponding to the mask statistical result, publishing the mask bit shares, decrypting the mask statistical result by the ticket counter according to the mask bit shares published by each voting party, determining a final voting result, and publishing the final voting result.
6. The method as recited in claim 5, wherein publicly verifying the masking statistics based on the tag commitment value and the verification commitment value, comprises:
determining the verification promise value published by other voters as other verification promise values;
aggregating the other verification promise values and the verification promise values;
and carrying out public verification on the mask statistical result according to the aggregated promise value and the tag promise value.
7. The method of claim 6, wherein the compute node comprises a plurality of and compute units;
performing public verification on the mask statistical result according to the aggregated promise value and the tag promise value, wherein the method specifically comprises the following steps:
when the aggregated promise value is consistent with the label promise value, determining mask voting results published by other voters;
for each AND operation unit, determining a mask voting result input to the AND operation unit according to each mask voting result and each first result, and determining a verifiable mask bit share input to the AND operation unit and a verifiable mask bit share output by the AND operation unit;
determining verifiable check bits of the AND operation unit according to the determined verifiable mask bit shares and the mask voting result;
determining a message verification code of the AND operation unit according to the verifiable check bit, and determining a verification code commitment value of the message verification code based on the homomorphic commitment function;
determining the sum of the promise values of all verification codes as a verification aggregation promise value, and publishing the verification aggregation promise value;
and determining an identifying code aggregate promise value published by the ticket counter, and performing public verification on the mask statistical result according to the identifying code aggregate promise value and the identifying aggregate promise value.
8. The method as in claim 5 wherein determining the mask bit shares corresponding to the mask statistics and publishing comprises:
determining a mask bit share corresponding to the mask statistics;
and determining a mask promise value corresponding to the mask bit share based on the homomorphic promise function, publishing, and enabling the ticket counter to perform public verification on each mask bit share according to the mask promise value corresponding to the mask bit share published by each voting party.
9. The method of claim 8, wherein the masked commitment value comprises an original commitment value and other commitment values;
based on the homomorphic commitment function, determining a mask commitment value corresponding to the mask bit share, and publishing, specifically including:
determining a commitment value corresponding to the mask bit share as an original commitment value based on the homomorphic commitment function;
and determining mask bit shares corresponding to the mask statistics results published by other voters, determining other commitment values based on the homomorphic commitment function according to the mask bit shares published by the other voters, and publishing the mask bit shares, the original commitment values and the other commitment values.
10. An apparatus for electronic voting, the apparatus being for use with a ticker, the apparatus comprising:
the first determining module is used for determining mask voting results published by each voting party and receiving initial tag values corresponding to the mask voting results sent by each voting party, wherein the mask voting results are results obtained by the voting party after processing the voting results according to mask bit shares, and the mask bit shares are generated by the voting party based on a secure multiparty computing preprocessing function;
the counting module is used for counting each mask voting result based on a pre-constructed counting tree according to each mask voting result and each initial label value, determining a mask counting result output by the counting tree, and determining a first result and an intermediate label value output by each operation node; wherein the ticketing tree comprises a plurality of operation nodes;
the publishing module is used for generating a label promise value of each intermediate label value based on the homomorphic promise function, and publishing each first result and the label promise value, so that each voting party can publicly verify the mask statistical result according to each first result and the label promise value published by the voting party;
The second determining module is used for determining mask bit shares corresponding to the mask statistical results published by each voting party when the mask statistical result verification passes;
and the decryption module is used for decrypting the mask statistical result according to each mask bit share, determining a final voting result and publishing the final voting result.
11. An apparatus for electronic voting, the apparatus being for use with a voter, the apparatus comprising:
the generation module is used for determining a voting result according to voting options, adopting a safe multiparty calculation preprocessing function according to the topological structure of the voting tree pre-constructed by the voting party, and generating a mask bit share;
the sending module is used for processing the voting result according to the mask bit share, determining a mask voting result, publishing, generating a label value corresponding to the mask voting result, sending the label value to the vote counting party, enabling the vote counting party to count each mask voting result based on the vote counting tree according to the mask voting result published by each vote counting party and the received label value, determining a mask counting result output by each vote counting tree, determining a first result and an intermediate label value output by each operation node in the vote counting tree, determining a label promise value according to each intermediate label value, and publishing each first result and the label promise value;
The determining module is used for determining each first result published by the ticket counter and a label promise value;
the promise module is used for determining the label value output by each operation unit in the ticket counting tree according to each first result, determining the verification promise value of each label value according to the homomorphic promise function, and publishing the verification promise value;
the verification module is used for carrying out public verification on the mask statistical result according to the tag promise value and the verification promise value;
and the mask module is used for determining mask bit shares corresponding to the mask statistical result and publishing when the mask statistical result passes verification, so that the ticket counter decrypts the mask statistical result according to the mask bit shares published by each voting party, determines a final voting result and publishes the final voting result.
12. A computer-readable storage medium, characterized in that the storage medium stores a computer program which, when executed by a processor, implements the method of any of the preceding claims 1-9.
13. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method of any of the preceding claims 1-9 when executing the program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311070364.2A CN117218758A (en) | 2023-08-23 | 2023-08-23 | Electronic voting method and device, storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311070364.2A CN117218758A (en) | 2023-08-23 | 2023-08-23 | Electronic voting method and device, storage medium and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117218758A true CN117218758A (en) | 2023-12-12 |
Family
ID=89050293
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311070364.2A Pending CN117218758A (en) | 2023-08-23 | 2023-08-23 | Electronic voting method and device, storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117218758A (en) |
-
2023
- 2023-08-23 CN CN202311070364.2A patent/CN117218758A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111401902B (en) | Service processing method, device and equipment based on block chain | |
| US8045708B2 (en) | Discrete key generation method and apparatus | |
| US9635053B2 (en) | Computing system with protocol protection mechanism and method of operation thereof | |
| JP2005521281A (en) | Authenticable location data | |
| CN112560019B (en) | Processing method, device and equipment of block chain data | |
| CN111339565B (en) | Business service providing method, device, equipment and system based on block chain | |
| CN112182506A (en) | Data compliance detection method, device and equipment | |
| CN112466032A (en) | Electronic voting method and device and electronic equipment | |
| CN117349671A (en) | Model training method and device, storage medium and electronic equipment | |
| CN112291321A (en) | Service processing method, device and system | |
| CN114422422B (en) | Data transmission method, device and system based on node information | |
| CN117218758A (en) | Electronic voting method and device, storage medium and electronic equipment | |
| CN113221176B (en) | Business processing method and device based on block chain and electronic equipment | |
| CN110995447B (en) | Data storage method, device, equipment and medium | |
| CN112418857B (en) | Hidden transaction method and device based on UTXO model and related products | |
| US9842086B2 (en) | Calculation device, calculation method, and program | |
| CN112182509A (en) | Method, device and equipment for detecting abnormity of compliance data | |
| CN117033442A (en) | Data aggregation method and device, storage medium and electronic equipment | |
| CN111641499A (en) | Block chain-based private key restoration method, device, equipment and medium | |
| CN110766407A (en) | Transaction verification method, accounting node and medium based on block chain | |
| CN118101181A (en) | Risk identification method and device, storage medium and electronic equipment | |
| CN113761496B (en) | Identity verification method and device based on blockchain and electronic equipment | |
| CN115037548B (en) | System, method, device, medium and equipment for secure multiparty computation of data based on blockchain | |
| CN117556476A (en) | Data verification method, device, equipment and medium | |
| CN115982742A (en) | Service execution method, device, storage medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |