JP2005311623A - System and method for electronic voting - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To execute signature preparation by exchanging data for voting so that information regarding the pros and cons cannot be known among all the members participating the voting. <P>SOLUTION: Both pro-terminals and con-terminals prepare divided signature data of pros or cons without declaring pros or cons when voting, and further, prepare signature data in the distributed signature. Then, the signature data by secret distribution can be realized. The information regarding the pros and cons cannot be read out from the transmitting/receiving data. Therefore, it is impossible to discriminate which terminal is for and which terminal is against. The distributed signature with anonymity can be realized. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a voting system on a network, and more particularly, an electronic voting system that realizes a vote of confidence using a distributed signature when there are k or more of n people (k <n). It relates to the electronic voting method.

In recent years, services such as electronic voting and electronic commerce using a network have been generally performed. At that time, public key encryption technology and digital signature technology are attracting attention as technologies that enable advanced use of the network. For example, Non-Patent Document 1 discloses a related art regarding such a digital signature.
"Standard Specifications For Public Key Cryptography (Draft Version 4)" IEEE P1363 Standard, IEEE, June 16, 1998

  In the digital signature technique described in Non-Patent Document 1 described above, the plaintext M to be signed is applied to the plaintext M by applying a secret key held secretly to itself and numerical information such as a random number generated by itself. A digital signature S is generated. The digital signature S 1 can be verified by applying a public key that makes a pair with the message M and the secret key to the digital signature S 1.

  Specifically, the participant A holds the public key p_a and the secret key s_a. The secret key s_a and the public key p_a have the following properties. Arbitrary prime numbers p and q are generated, and the product n = pq is used as a public key. Next, e and d satisfying ed = 1mod \ phi (n) are calculated, and e is a public key and d is a secret key. That is, p_a is (e, n) and s_a is d.

  Now, a case where the participant A adds a signature to the plaintext M using the secret key s_a will be described. Participant A calculates M ^ s_a mod (n) for plaintext M and sets it as signature sentence S. Participant A sends signature S and plaintext M to Participant B. Participant B calculates S ^ p_a mod (n) using public key p_a of participant A received in advance, and verifies whether S ^ p_a = M mod (n). If the equation holds, it can be seen that the signature S is signed with Participant A's private key. If the equation does not hold, it can be seen that the signature sentence S is not signed with Participant A's private key.

For this reason, if a secret key is known to a third party who does not have a legitimate authority, the digital signature may be illegally performed. With the spread of portable computers such as notebook computers and PDAs, theft and loss of computers are expected to increase in the future. Along with this, it is expected that the possibility of unauthorized use of a computer by a third party who does not have a legitimate authority and digital signatures will be increased. Therefore, as a technique for solving such problems, numerical information (secret key sharing) that can generate a secret key using numerical information owned by k persons in advance is given to any n persons in advance. Thus, a technique for distributing and managing secret keys has been proposed. A technique called a distributed signature has been proposed as a technique for performing a digital signature using a distributed management technique. Documents related to distributed signatures include those described in Non-Patent Document 2, for example.
Pierre-Alain Fouque and Jacques Stern, "Fully Distributed Threshold {RSA} under Standard Assumptions", Lecture Notes in Computer Science, vol.248, pp310--, 2001

  In the distributed signature technique described in Non-Patent Document 2, the secret key shares s_1 to s_n obtained by dividing the group secret key s are distributed to n users, and k users out of n users are distributed. Sign using your private key share. Note that since the group private key s itself is not calculated at the time of signing, there is no risk of the group private key s leaking.

  Here, a case where the distributed signature technique is applied to an electronic voting system will be described. It is considered acceptable to create a signature S with at least k people in favor of the plaintext M to be voted. Conversely, if only k-1 people or less are in favor, the signature S cannot be created. It is possible to construct a voting system by regarding it as being made.

  Hereinafter, a conventional technique for realizing a voting system using a distributed signature technique will be described. First, the network configuration will be described. FIG. 16 is a network configuration diagram showing a connection configuration between a terminal and a combiner for explaining this type of technology. In this network configuration, as shown in FIG. 16, five voting terminals (voting terminals, hereinafter simply referred to as “terminals”) terminals P_1, P_2, P_3, P_4, P_5 and one combiner 6 are connected by the same secure communication path. Terminals P_1 to P_5 are owned by users U1, U2, U3, U4 and U5, respectively, and users U1 to U5 belong to the same circle. Here, the display of (U1) for the terminal P_1 indicates that the terminal P_1 is owned by the user U1. The same applies to the other terminals P_2, P_3, P_4, and P_5.

  FIG. 17 is a block diagram showing an example of a terminal used in the voting system according to the conventional technique. The terminal includes an input receiving unit 11 that receives an input from the outside, a user input receiving unit 12 that receives a command input from a user, a transmission unit 14 that transmits data to the outside, and a statement of approval or disapproval for voting. The approval / disapproval section 8, a public data calculation section 9 that creates signature data, and a terminal data storage section 10 that stores terminal data. The voting system is configured by connecting these terminals via a plurality of networks. Each terminal is assigned a different terminal ID depending on the terminal. When a terminal communicates with another terminal, the terminal can know the address of the communication destination terminal on the network based on the communication destination terminal ID, and can perform communication based on the address. A combiner 6 exists on the network.

  FIG. 18 is a block diagram showing a configuration of a conventional combiner 6. As shown in FIG. 18, the combiner 6 includes an input receiving unit 31 that receives an input from the outside, a transmission unit 32 that transmits data to the outside, a voting start unit 33 that performs a voting operation start process, and signature data. It comprises a signature data totaling unit 34 for totaling and a pros and cons data totaling unit 35 for totaling pros and cons data. The combiner 6 performs a calculation based on the value received from each terminal and discloses the calculation result.

  In such a terminal, the following state is an initial state. That is, n terminals having terminal IDs 1 to n belonging to the same group exist on the network. Each terminal i holds a secret key share s_i. The public key PK corresponding to the secret key, the plaintext M to be signed, the number n of terminals, and the threshold value k are public information and are held in the data storage units of all terminals. Here, the secret key and the public key are assumed to be of an asymmetric cryptosystem.

  Next, an operation example when the group signs the plaintext M is shown. In the following description of the operation example, “participant” is synonymous with “terminal”.

(Phase1: Start of voting)
Voting start data indicating the start of voting is sent to each participant by any participant, combiner, or external third party. The voting start data includes the plaintext M to be signed and additional information such as the reason for requesting the signature and the requester.

(Phase 2: Pros and cons data sharing)
Participant i who has received the voting start data as an input determines whether or not the signature is possible from the additional information. Pros and cons data is sent to each participant and combiner as a pair with their own ID = i and a pros and cons flag (1 for agreeing to sign, 0 for disagreement). When sending / receiving of approval / disapproval data by all participants is completed, the participants can create a list of participants who agree with the signature (participants with approval / disapproval flag = 1).

(Phase3: Public data calculation)
The supporter i obtains S_i = M ^ (s_i Πj / (ji)) based on the list of supporters and sends the value to the combiner.

(Phase4: Signature data calculation)
When the combiner receives S_i from all the supporters, it calculates S = ΠS_i and publishes it. The signature text S obtained as a result is verified with the public key PK. If the verification is successful, it can be seen that the number of persons exceeding the threshold value k agrees. On the other hand, if the verification fails, it can be seen that only k-1 people or less were in favor. However, this method has a problem that anonymity regarding approval or disapproval is not ensured because each participant needs to convey the approval or disapproval flag indicating approval or disapproval to other participants.

  In the conventional signing method, k members in favor of each other communicate with each other at the time of signing. In doing so, it is necessary to identify who the k members are in favor of. In situations where it is not preferred to identify who the members are in favor, such a signature method is not preferred. Therefore, there is a need for a signature method with anonymity that can exchange data and create a signature so that all the members do not know the information about approval and disapproval.

  However, in the conventional (k, n) distributed signature method, anonymity is not ensured because who is the member in favor is specified at the time of signing.

  The present invention has been made in view of the above-mentioned problems of the prior art, and its purpose is to exchange data for voting and sign so that all members participating in the voting do not know the information about the pros and cons. To provide an electronic voting system and an electronic voting method that can be created.

  In order to achieve the above object, an electronic voting system of the present invention generates signature data from a voting start unit that generates voting start data indicating the start of electronic voting, and split signature data in favor or opposite received from each terminal. A combiner having a signature data totaling unit to be generated, a voting start unit that generates voting start data representing the start of electronic voting, and signature data that generates signature data from the approval or opposite split signature data received from the terminal A counting unit, voting start processing means for performing processing for voting start, means for creating split signature data for approval, means for creating opposite split signature data, and one of each split signature data Means for creating dummy data constituting a unit, an input receiving unit for receiving data from the combiner or other terminal, the combiner or other It is composed of a plurality of terminals having a transmission unit that sends data to the end, and upon receiving voting start data from the combiner, both the terminal in favor and the terminal in opposite form the divided signature data in favor or opposite, Furthermore, signature data is created by a combiner to realize signature data by secret sharing.

  Further, the electronic voting system of the present invention includes a voting start processing means for performing a process for voting start, a means for creating split signature data for approval, a means for creating opposite split signature data, Consists of a plurality of terminals having means for creating dummy data constituting a part of each divided signature data, an input receiving unit for receiving data from other terminals, and a transmitting unit for sending data to other terminals At least one of the plurality of terminals includes a voting start unit that generates voting start data indicating the start of electronic voting, and a signature that generates signature data from the approval or opposite split signature data received from each terminal. It has a function as a main terminal by having a data totaling unit, and the main terminal receives signature data in favor or opposite from each terminal and creates signature data Yes, when voting start data is received from the main terminal, both the terminal in favor and the terminal in the opposite direction create divided signature data in favor or opposite, and further create signature data in the main terminal to realize signature data by secret sharing Is.

  According to the present invention, the means for creating the divided signature data for approval and the means for creating the opposite divided signature data respectively create the divided interpolation coefficient data based on the own terminal ID and the other terminal ID. An interpolation coefficient data generation unit, an interpolation coefficient data transfer unit that generates intermediate interpolation coefficient data based on the divided interpolation coefficient data generated by the interpolation coefficient generation unit and the divided interpolation coefficient data from another terminal, and interpolation coefficient data transfer And an approver or opponent public data calculation unit that creates split signature data based on the intermediate interpolation coefficient data created in the part and the intermediate interpolation coefficient data from another terminal, and the terminal in favor or the opposite terminal In the above, different divided signature data are created by the same processing operation.

  In the present invention, intermediate dummy data is created and sent to another terminal before the dummy data is created, and dummy data is created based on the intermediate dummy data from each terminal. This makes it impossible to determine which terminal is in favor and which terminal is against.

  In addition, the electronic voting method of the present invention receives an electronic voting start command, obtains an ID of the own terminal, an approval / disapproval flag indicating whether the user of the own terminal agrees or disagrees, While receiving the ID from the other terminal, creating intermediate dummy data and sending it to the other terminal, receiving the intermediate dummy data from the other terminal, and the intermediate dummy data from each terminal In parallel with the step of creating dummy data by performing an arithmetic processing, and the process of creating the dummy data, for creating divided signature data reflecting that the user of the terminal is in favor The intermediate interpolation coefficient data is created, and when the user of the terminal is opposite, the intermediate interpolation coefficient data for creating the divided signature data reflecting the opposite is created. And up, and has a step of creating a split signature data using said dummy data and said intermediate interpolated coefficient data, and creating the signature data from the divided signature data created in each terminal. As a result, both the terminal in favor and the terminal in the opposite direction create divided signature data for or against, and then collect the divided signature data to create signature data to realize signature data by secret sharing. However, it is possible to make it impossible to determine which terminal is opposite.

  In the conventional distributed signature, it was not possible to secure anonymity because it was necessary to give the name of the proponent in advance, but in this method, it is not necessary to give the name of approval or disagreement, and the data to be sent or received Since the information cannot be read, an anonymous distributed signature can be performed.

  Hereinafter, an embodiment of the present invention will be described with reference to the drawings.

  As an embodiment of the present invention, an electronic voting system in which a user of a circle or community signs a message will be described below. Also in the present invention, the network configuration showing the connection configuration between the terminal and the combiner described above with reference to FIG. 16 is used. In this network configuration, five voting terminals (voting terminals, hereinafter simply referred to as “terminals”) terminals P_1, P_2, P_3, P_4, P_5 and one combiner 6 are the same safety. Connected by various communication paths. Terminals P_1 to P_5 are owned by users U1, U2, U3, U4 and U5, respectively, and users U1 to U5 belong to the same circle. Here, the display of (U1) for the terminal P_1 indicates that the terminal P_1 is owned by the user U1. The same applies to the other terminals P_2, P_3, P_4, and P_5. Assume that a request is received from the circle to sign the plaintext M using the circle secret key s.

  FIG. 1 is a block diagram showing a configuration of a terminal used in this electronic voting system. The terminal (represented by P_1. The other terminals P_2 to P_5 are also the same), as shown in FIG. 1, accepts an input from the outside, and accepts a command input from the user. User input reception unit 12, terminal data storage unit 13 for storing terminal data, transmission unit 14 for transmitting data to the outside, dummy seed generation unit 15 for generating random numbers for generating dummy data, and anonymous Dummy data creation unit 16 for creating dummy data for ensuring the performance, voting start processing unit 17 for starting the voting operation, interpolation coefficient data transfer unit 18 for transferring the interpolation coefficient data, and interpolation by the opponent An opponent interpolation coefficient creating unit 19 for creating a coefficient, an opponent public data calculating unit 20 for calculating the public data of the opponent, and an supporter interpolation coefficient creating unit 2 for creating an interpolation coefficient of the supporter When composed of favor's public data calculating unit 22 for calculating the public data favor's.

  The configuration content of the terminal will be described in more detail. The input receiving unit 11 not only receives an input, but also distributes the input to each block according to the content of the received input. The user input accepting unit 12 accepts an intention expression in favor of or against the signing of the signature, and sends the data to the terminal data storage unit 13. The terminal data storage unit 13 stores and holds data related to terminals (pros and cons, ID, address, share, etc.). In order to create dummy data, the dummy seed creation unit 15 generates an arbitrary value (random number; dummy seed) that becomes 1 when multiplied and sends it to the transmission unit 14 for distribution to other terminals. The dummy data creation unit 16 collects dummy seeds received from other terminals (or users) and sets them as dummy data. The voting start processing unit 17 transmits an ID related to its own terminal to other terminals as an initial procedure for obtaining the interpolation coefficient. The opponent interpolation coefficient creating unit 19 or the supporter interpolation coefficient creating unit 21 calculates a part of the opponent interpolation coefficient or the supporter interpolation coefficient of another terminal, respectively. The interpolation coefficient data transfer unit 18 performs an operation to relay the data created by the opponent interpolation coefficient creation unit 19 or the supporter interpolation coefficient creation unit 21. The opponent public data calculation unit 20 or the approver public data calculation unit 22 uses the interpolation coefficient data transfer unit 18 to convert the opponent interpolation coefficient or the supporter interpolation coefficient calculated (or calculated) by another terminal, respectively. To obtain the final opponent interpolation coefficient or the supporter interpolation coefficient.

  FIG. 2 is a block diagram showing the configuration of the combiner used in the present invention. As shown in FIG. 2, the combiner 6 includes an input receiving unit 31 that receives input from the outside, a transmission unit 32 that transmits data to the outside, a voting start unit 33 that performs a voting operation start process, and signature data. It comprises a signature data totaling unit 34 for totaling and a group data storage unit 36 for storing a list of addresses and IDs of all terminals included in the network in the present embodiment. The configuration content of the combiner 6 will be described in more detail. The transmission unit 32 receives data and a destination from the terminals P_1 to P_5, and sends the data to the destination. The voting start unit 33 sends voting start data representing the start of voting to each of the terminals P_1 to P_5. The signature data totaling unit 34 collects public data sent from the terminals P_1 to P_5 and creates a signature.

  In the operation of the electronic voting system, the terminals P_1 to P_5 and the combiner 6 do not necessarily have to be independent, and there are terminal devices that have both functions of the terminals P_1 to P_5 and the combiner 6. Also good.

  Hereinafter, the operation of the electronic voting system constituted by the terminals P_1 to P_5 and the combiner 6 will be described. For the sake of explanation, the operation is divided into five phases. In addition, even when the terminal user expresses an intention of approval in the respective phases, the operation may be different, and in this case, both operations will be described separately. In the following description, the users of the terminal P_1, the terminal P_2, and the terminal P_3 are in favor of the signature, and the users of the terminal P_4 and the terminal P_5 are in the opposite position of the signature. And In the description of each phase in the future, unless otherwise specified, the terminal P_1 indicates all terminals, the terminal P_2 represents a representative of the terminals in favor, and the terminal P_4 is the opposite terminal It represents the representative of That is, in the operation description, when there is a description “terminal P_1 is ~”, the operation is performed by all terminals in the same manner, and when there is a description “terminal P_2 is ~”, the operation Is performed in the same manner by a terminal that agrees, and when there is a description of “terminal P_4 is ~”, the operation is performed in the same way by the opposite terminal.

  As a description method, the terminal P_n represents an arbitrary terminal (both the user agrees and disagrees), the terminal P_S represents the terminal that the user has approved, and the terminal P_O has expressed the objection to the user A representative terminal is represented. For the sake of explanation, a terminal with terminal ID = i is represented as terminal P_i, a terminal with terminal ID = j is represented as P_j, and a terminal with terminal ID = m is represented as P_m, including terminal ID information.

Further, as an initial state, the terminal P_1 holds the following information in the terminal data storage unit.
-Secret information value s1 of terminal P_1 and terminal ID
-Addresses of terminal P_2 to terminal P_5, and terminal ID
-The address of the combiner. The same applies to terminal P_2 to terminal P_5.

  When communicating between terminals, authentication information exchanged or distributed in advance may be used to authenticate whether the communication partner is a correct voting terminal.

(Phase 1: Start voting)
FIG. 3 is a flowchart for explaining the operation of the voting start unit 33 of the combiner 6 at the start of voting. As shown in FIG. 3, the voting start unit 33 of the combiner 6 obtains a list of addresses and IDs of all terminals from the group data storage unit 36 in the processing step (hereinafter simply referred to as “step”) ST1 at the start of voting. To do. Next, the voting start unit 33 prepares a plaintext M to be signed and creates voting start data (M, n) (step ST2), and sends the list L and the plaintext M to the transmission unit 32 according to the address and ID. The voting start data is sent from the terminal P_1 to P_5 (step ST3). The voting start data includes the value of the average M to be signed. In the terminal P_n that has received the voting start data from the combiner 6, the input receiving unit 11 transfers the voting start data to the voting start processing unit 17, the user input receiving unit 12, and the dummy seed creating unit 15.

  FIG. 4 is a block diagram illustrating a configuration of the input receiving unit 11. As shown in FIG. 4, the input receiving unit 11 includes a data receiving unit 41 that receives data from the combiner 6 and other terminals, a data determination unit 42 that checks what kind of data the received data is, The data reading unit 43 that reads data from the terminal data storage unit 13 and the type of data input by the data receiving unit 41 indicate to which operating unit (functional unit) in its own terminal the data should be sent. A memory 44 storing a table and a data sending unit 45 are provided.

  FIG. 5 is a diagram showing an example of a table stored in the memory 44 in a list form. In FIG. 5, it is shown that the voting start data is transferred from the input receiving unit 11 to the voting start processing unit 17, the user input receiving unit 12, and the dummy seed creating unit 15. Further, it is shown that the interpolation coefficient creation request is transferred to the opponent interpolation coefficient creation unit 19 when the user of the terminal makes a negative vote (the table of pros and cons of the table is “opposite”). On the other hand, it is indicated that the interpolation coefficient creation request is transferred to the supporter interpolation coefficient creation unit 21 when the user of the terminal has voted for (the approval / disapproval column in the table is “Yes”). . The transfer destination is similarly shown for other data.

  FIG. 6 is a flowchart for explaining the basic operation of the input receiving unit 11. As shown in FIG. 6, the input receiving unit 11 inputs various data (step ST4), and the type of the input data is determined by the data determining unit 42 (step ST5). Next, the data reading unit 43 reads the approval / disapproval information of the user from the terminal data storage unit (step ST6), and the data sending unit 45 transfers the data to the function unit in the terminal according to the table of the memory 44 (step ST7). .

  Receiving the voting start data, the user input receiving unit 12 presents the plaintext M to be signed to the user and asks whether to approve or disagree to sign the plaintext M as a circle. There are various methods for asking questions. For example, there is a method of displaying a message on a display and prompting the user to input the intention using an input device such as a keyboard or a mouse. Information on whether or not to sign the plaintext M is accepted by the user input receiving unit 12, and if the user agrees, the approval / disapproval flag of the terminal data storage unit 13 is set to 1 indicating approval. If the user is against, the approval / disapproval flag of the terminal data storage unit 13 is rewritten to 0 indicating the opposite. And terminal P_N which complete | finished the process of a voting start phase produces the dummy data of Phase2 continuously.

(Phase2: Dummy data creation)
FIG. 7 is a flowchart for explaining intermediate dummy data creation processing corresponding to the first stage of dummy data creation processing. As shown in this figure, the dummy seed creation unit 15 of the terminal P_1 that has received the seed voting start data (M, n) (step ST11) is an arbitrary random number yij (1 ≦ j ≦ n) that becomes 1 when multiplied. ), That is, y11, y12, y13, y14, and y15 are generated (step ST12). The random number yij should be referred to as intermediate dummy data for creating formal dummy data later, and by the above definition that it becomes 1 when multiplied,
y11 × y12 × y13 × y14 × y15 = 1
It is. In addition, “i” of the random number yij represents itself (terminal thereof), and “j” represents a partner of transmission / reception of the data (here, random number). Then, the dummy seed creation unit 15 of the terminal P_1 transfers the random number y11 to the dummy data creation unit 16 of its own terminal (because j indicating the transmission partner is also 1), and other random numbers are assigned to the respective destinations. Are addressed so as to be corresponding terminals P_2 to P_5, and sent to the transmission unit 14. The transmission part 14 transmits data to each destination (step ST13). Similarly, for terminals P_2 to P_5, data is sent to terminals other than the terminal itself.

  FIG. 8 is a flowchart for explaining (formal) dummy data creation processing corresponding to the second stage of dummy data creation processing. As shown in this figure, intermediate dummy data yji (1 ≦ j ≦ n) is input to each terminal from another terminal (step ST21). As for the terminal P_1, the input receiving unit 11 receives intermediate dummy data yji (2≤j≤n), i.e., y21, y31, y41 from the terminal P_2, terminal P_3, terminal P_4, and terminal P_5, respectively. , Y51 is received (step ST22). The intermediate dummy data y11 has already been transferred from the dummy seed creation unit 15 of the own terminal to the dummy data creation unit 16. Since the received data is intermediate dummy data, the input receiving unit 11 transfers the intermediate dummy data to the dummy data creating unit 16 according to the table of FIG. Since each intermediate dummy data is sent at an arbitrary timing, the dummy data creating unit 16 checks whether or not intermediate dummy data has been received from all participants (all terminals) (step ST23). The input reception unit 11 may sequentially transfer the received intermediate dummy data to the dummy data creation unit 16, or may store a certain amount and then transfer the dummy data creation unit 16.

  The dummy data creation unit 16 of the terminal P_1 receives the intermediate dummy data y21, y31, y41, and y51 from all terminals (terminal P_2 to terminal P_5) other than itself by sending the data from the input receiving unit 11. When all are received, a calculation is performed to multiply all of them including the intermediate dummy data y11 of the own terminal to obtain dummy data yi, that is, y1 (step ST24).

  Next, the terminal P_1 refers to the approval / disapproval flag regarding the plaintext M in the terminal data storage unit 13 (step ST25), and when the approval / disapproval flag is 1 (agree), the dummy data y_1 is assigned to the approver public data calculation unit 22. If the approval / disapproval flag is 0 (opposite), the dummy data y1 is sent to the opponent public data calculation unit 20 (step ST27). Thus, by performing the processing operation of Phase 2, it becomes possible to create public data even in a terminal that asserts the opposite.

(Phase3-1: Interpolation coefficient creation start processing; common and negative)
Next, the operation of the voting start processing unit 17 will be described. FIG. 9 is a flowchart for explaining the operation of the voting start processing unit 17. The operation of the voting start processing unit 17 is executed in parallel with the processing operation of Phase 2 described above.

In the terminal P_1 that has received the voting start data from the combiner 6, when the voting start processing unit 17 receives the voting start data (M, L) from the input receiving unit 11 (step ST31), the voting start processing unit 17 self-registers from the terminal data storage unit 13. ID information (ID = i), that is, ID = 1 is read (step ST32), and the values of M and L are stored in the terminal data storage unit 13 (step ST33). Next, the voting start processing unit 17 calls the user input receiving unit 12 to acquire a pros and cons flag (1 in case of approval, 0 in case of negative) and stores this pros and cons flag in the terminal data storage unit 13. (Step ST34). Next, the voting start processing unit 17 requests the transmission unit 14 to create an interpolation coefficient creation request (ID = 1) and send the other terminal terminals P_2 to P_5 as destinations (step ST35). . Upon receiving the request, the transmission unit 14 sends an interpolation coefficient creation request to the terminals P_2 to P_5. The interpolation coefficient creation request includes the following information. The information is
・ Plaintext M
・ Terminal ID = 1 (terminal ID of own terminal)
It is. When receiving an interpolation coefficient creation request from another terminal, the input receiving unit 11 of each terminal refers to the approval / disapproval flag of the terminal data storage unit 13 of its own terminal, and whether the user agrees or disagrees with the signature of plaintext M Confirm. If the approval / disapproval flag is 1 (agree), the interpolation coefficient creation request is transferred to the approver interpolation coefficient creation section 21. If the approval / disapproval flag is 0 (opposite), the interpolation coefficient creation request is sent to the opponent interpolation coefficient creation section. 19 for transfer. Since the operation of Phase 3 is different from now on depending on whether the user of the terminal agrees or disagrees, each will be described.

(Phase3-2-1: Creation of divided interpolation coefficient data; agree)
Looking at the terminal P_2 (which is a representative of the terminal in favor), the input receiving unit 11 receives an interpolation coefficient creation request from the terminal P_1, the terminal P_3, the terminal P_4, and the terminal P_5. With reference to the approval / disapproval flag of the terminal data storage unit 13, it is confirmed whether the user of the terminal itself agrees or disagrees with the signature of plaintext M. Now, since the approval / disapproval flag of terminal P_2 is 1 (agree), the input reception part 11 transfers the interpolation coefficient preparation request to the approval person interpolation coefficient preparation part 21. FIG.

FIG. 10 is a flowchart for explaining the interpolation coefficient processing operation in the supporter interpolation coefficient creation unit 21. As shown in this figure, the supporter interpolation coefficient creating unit 21 transfers an interpolation coefficient creation request (ID = j) by transfer from the input receiving unit 11, that is, ID = 1, ID = 3, ID = 4, ID = 5, Is received (step ST41). Here, the interpolation coefficient creation request output by each terminal in step ST35 of the flowchart of FIG. 9 is ID = i, whereas the interpolation coefficient creation request received by the supporter interpolation coefficient creation unit 21 is ID = j. As described above, the transmitting terminal outputs an ID representing its own terminal (i.e., i), whereas when viewed from the receiving terminal, the data represents the partner of transmission and reception (i.e., j). This is because the data is substantially the same. Next, the supporter interpolation coefficient creation unit 21 reads ID = 2 of the terminal itself from the terminal data storage unit 13 (step ST42),
aji ＝ i / (ij)
Is calculated (step ST43). Next, the approver interpolation coefficient creating unit 21 calculates ajim (1 ≦ m ≦ n, i ≠ j) that becomes aji when multiplied (step ST44). This ajim is named “division interpolation coefficient data” here. Specifically, the divided interpolation coefficient data ajim obtained by the approver interpolation coefficient creating unit 21 of the terminal P_2 is specifically four random numbers a211, a213, a214 such that 2 / (2-1) = 2 when multiplied. A215. The supporter interpolation coefficient creation unit 21 sends the respective divided interpolation coefficient data a211, a213, a214, and a215 to the transmission unit 14 with the terminal P_1, the terminal P_3, the terminal P_4, and the terminal P_5 as destinations (step ST45). ). The transmission unit 14 transmits the respective divided interpolation coefficients received from the supporter interpolation coefficient creation unit 21 to the designated destination. The processing operation of the above Phase 3-2-1 is executed in all terminals for which the user has voted for.

(Phase 3-2-2: Create division interpolation coefficient data; opposite)
Looking at the terminal P_4 (representing the opposite terminal), the input receiving unit 11 receives an interpolation coefficient creation request from the terminal P_1, terminal P_2, terminal P_3, and terminal P_5. With reference to the approval / disapproval flag of the terminal data storage unit 13, it is confirmed whether the user of the terminal itself agrees or disagrees with the signature of plaintext M. Now, since the approval / disapproval flag of terminal P_4 is 0 (opposite), the input reception part 11 transfers the interpolation coefficient preparation request to the opponent interpolation coefficient preparation part 19. FIG.

  FIG. 11 is a flowchart for explaining the interpolation coefficient processing operation in the opponent interpolation coefficient creation unit 19. As shown in this figure, the opponent interpolation coefficient creation unit 19 receives an interpolation coefficient creation request (ID = j) by transfer from the input reception unit 11, that is, ID = 1, ID = 2, ID = 3, ID = 5, Is received (step ST51). Upon receiving the interpolation coefficient creation request, the opponent interpolation coefficient creation unit 19 of the terminal P_4 creates divided interpolation coefficient data a411, a412, a413, a415 (step ST52). In general, the divided interpolation coefficient data created by the opponent interpolation coefficient creating unit 19 is an arbitrary random number ajim (1 ≦ m ≦ n, i ≠ j) that becomes 1 when multiplied. Specifically, the divided interpolation coefficient data ajim obtained by the opponent interpolation coefficient creating unit 19 of the terminal P_4 is four random numbers a411, a412, a413, and a415 that are 1 when multiplied. The opponent interpolation coefficient creating unit 19 sends the respective divided interpolation coefficient data a411, a412, a413, a415 to the transmission unit 14 with the terminal P_1, the terminal P_2, the terminal P_3, and the terminal P_5 as destinations (step ST53). ). The transmission unit 14 transmits each divided interpolation coefficient received from the opponent interpolation coefficient creation unit 19 to the designated destination. The processing operation of the above Phase3-2-2 is executed in all terminals for which the user has voted against.

(Phase3-3: Interpolation coefficient data creation; common and negative)
FIG. 12 is a flowchart for explaining a processing operation in which each terminal receives divided interpolation coefficient data from another terminal and creates intermediate interpolation coefficient data in the interpolation coefficient data transfer unit 18 of its own terminal. As shown in this figure, the input reception unit 11 of the terminal P_1 receives the division interpolation coefficient data ajmi from the terminal P_2, the terminal P_3, the terminal P_4, and the terminal P_5. When receiving the divided interpolation coefficient data, the input receiving unit 11 transfers the data to the interpolation coefficient data transfer unit 18 in accordance with the transfer destination table (step ST61). Each data is sent at an arbitrary timing, but the input receiving unit 11 may sequentially transfer the received data to the interpolation coefficient data transfer unit 18, or after a certain amount of data is accumulated and transferred. Also good.

  The interpolation coefficient data transfer unit 18 of the terminal P_1 receives the divided interpolation coefficient data ajmi from all the terminals other than itself (terminal P_2 to terminal P_5) from the input receiving unit 11, specifically, the divided interpolation coefficient data. a121, a131, a141, a151, a211, a231, a241, a251, a311, a321, a341, a351, a411, a421, a431, a451, a511, a521, a531, a541 are received (step ST62). The interpolation coefficient data transfer unit 18 checks whether or not all the divided interpolation coefficient data has been received (step ST63), and when all the divided interpolation coefficient data is received, the second subscript of each divided interpolation coefficient data ajmi ( In other words, the calculation of multiplying the divided interpolation coefficient data with the same m) is executed, and the second of the subscripts of the newly multiplied divided interpolation coefficient data is the first and the third of the subscripts is the second Interpolation coefficient data aji is created (step ST64). Also, the interpolation coefficient data transfer unit 18 transfers the created intermediate interpolation coefficient data to the transmission unit 14 as a terminal having the terminal ID of the first subscript of the intermediate interpolation coefficient data (step ST65). Specifically, the data obtained by multiplying four of a121, a321, a421, and a521 is set as intermediate interpolation coefficient data a21, and the destination is transferred to the transmission unit 14 as the terminal P_2. Similarly, the interpolation coefficient data transfer unit 18 creates intermediate interpolation coefficient data a31, intermediate interpolation coefficient data a41, and intermediate interpolation coefficient data a51, and sets the destinations as a terminal P_3, a terminal P_4, and a terminal P_5, respectively. Forward to. The transmission unit 14 transfers the data received from the interpolation coefficient data transfer unit 18 to a designated destination.

(Phase4-1: Create public data; agree)
FIG. 13 is a flowchart for explaining the public data creation processing operation in the terminal for which the user voted for. As shown in this figure, the input receiving unit 11 of the terminal P_2 receives intermediate interpolation coefficient data aij from all terminals (step ST71). Further, the approver public data calculation unit 22 of the terminal P_2 receives y2 as dummy data yI from the dummy data creation unit 16 (processing of step ST26 in FIG. 8). When receiving the intermediate interpolation coefficient data, the input receiving unit 11 transfers the intermediate interpolation coefficient data to the approver public data calculation unit 22 in accordance with the transfer destination table of FIG. 5 (step ST72). The intermediate interpolation coefficient data is sent from each terminal at an arbitrary timing. However, the input reception unit 11 may sequentially transfer the intermediate interpolation coefficient data to the opponent public data calculation unit, or accumulate a certain amount. Then, you may transfer.

  The approver public data calculation unit 22 checks whether or not all the intermediate interpolation coefficient data a21, a23, a24, a25 have been received from the input receiving unit 11 (step ST73). If all intermediate interpolation coefficient data a21, a23, a24, a25 are received and dummy data y_2 is received from the dummy data creation unit 16, the approver public data calculation unit 22 determines that all intermediate interpolation coefficient data aij And ai is obtained (step ST74). Looking at the terminal P_2, the approver public data calculation unit 22 performs a calculation of multiplying all the intermediate interpolation coefficient data a21, a23, a24, and a25 to obtain a2 as ai (step ST74). Next, the approver public data calculation unit 22 uses the secret information si held in the terminal data storage unit 13 and ai obtained in step ST74 to raise M to (ai * si) and multiply the dummy data yi. The matching calculation is executed to obtain the divided signature data Si (step ST75). As for the terminal P_2, the approver public data calculation unit 22 calculates the divided signature data S2 according to the following procedure using the secret information s2 held in the terminal data storage unit 13.

S2 = M ^ (s2 * a21 * a23 * a24 * a25) * y2
Here, “^” in the above expression represents power calculation. Next, the approver public data calculation unit 22 transfers the divided signature data S2 to the transmission unit 14 with the destination as the combiner 6 (step ST76). The transmission unit 14 transfers the divided signature data S2 received from the approver public data calculation unit 22 to the combiner 6. The above approval public data creation operation is executed in all terminals for which the user has voted for approval.

(Phase4-2: Public data creation; opposite)
FIG. 14 is a flowchart for explaining the public data creation processing operation in the terminal on which the user has voted against. As shown in this figure, the input receiving unit 11 of the terminal P_4 receives the intermediate interpolation coefficient data aij from all terminals (step ST81). Further, the approver public data calculation unit 22 of the terminal P_4 receives y4 as dummy data yI from the dummy data creation unit 16 (processing of step ST27 in FIG. 8). When receiving the intermediate interpolation coefficient data, the input receiving unit 11 transfers the intermediate interpolation coefficient data to the opponent public data calculation unit 20 according to the transfer destination table of FIG. The intermediate interpolation coefficient data is sent from each terminal at an arbitrary timing. However, the input receiving unit 11 may sequentially transfer the intermediate interpolation coefficient data to the opponent public data calculation unit 20, or a predetermined amount. You may transfer after accumulating.

The opponent public data calculation unit 20 that has received the intermediate interpolation coefficient data a41, a42, a43, a45 from the input reception unit 11 and the dummy data y4 from the dummy data creation unit 16 calculates Si = yi, and divides the signature. Data Si is obtained (step ST82). For the terminal P_4, the divided signature data S4 is calculated according to the following procedure.
S4 = y4
Next, opponent public data calculation unit 20 transfers divided signature data S4 to transmission unit 14 with destination 6 as combiner 6 (step ST83). The transmission unit 14 transmits the divided signature data S4 received from the opponent public data calculation unit 20 to the combiner 6. The above opponent public data creation operation is executed in all terminals for which the user has voted against the opponent.

(Phase5: Signature data creation)
FIG. 15 is a flowchart for explaining the signature data totaling processing operation in the combiner 6. As shown in this figure, the input receiving unit 31 of the combiner 6 receives the divided signature data Si from all terminals (step ST91). The divided signature data received are S1, S2, S3, S4, and S5. When receiving the divided signature data, the input receiving unit 31 transfers the divided signature data to the signature data totaling unit 34 according to the transfer destination table of FIG. The split signature data is sent from each terminal at an arbitrary timing. However, the input receiving unit 31 may sequentially transfer the received split signature data to the signature data totaling unit 34 or store a certain amount. You may transfer it later.

  The signature data totaling unit 34 that has received the divided signature data from the input receiving unit 31 calculates the product of all the divided signature data and obtains the signature data S (step ST92). Then, the signature data totaling unit 34 transfers the obtained signature data S to the transmission unit 32 with all terminals as destinations (step ST93). The transmitting unit 32 transmits the signature data S received from the signature data totaling unit 34 to all terminals. This signature data is a value obtained by signing the plaintext M using the circle secret key s (that is, a value obtained from S = M ^ s).

  In the distributed signature of the present invention, it is not necessary to give a vote for approval or disapproval, and both the terminal of approval and the terminal of the opposite will create split signature data for approval or disagreement, and further generate the signature data with a combiner to distribute the secret Realize signature data by. In addition, because it is not possible to read information about approval or disapproval from the data sent and received, it is possible to make it impossible to determine which terminal agrees and which terminal disagrees, and it is possible to perform distributed signatures with anonymity Become.

The block diagram which shows the structure of the terminal used in the electronic voting system which concerns on one embodiment of this invention The block diagram which shows the structure of the combiner used by the said embodiment. In the said embodiment, it is a flowchart explaining operation | movement of the vote start part of a combiner in the case of a ballot start. The block diagram which shows the structure of an input reception part in the said embodiment. The figure which shows the example of the table stored in memory in the said embodiment in a list form format In the above embodiment, a flowchart for explaining the basic operation of the input receiving unit Flowchart for explaining intermediate dummy data creation processing corresponding to the first stage of dummy data creation processing in the embodiment Flowchart for explaining (formal) dummy data creation processing corresponding to the second stage of dummy data creation processing in the embodiment. Flowchart for explaining the operation of the voting start processing unit in the embodiment. In the above embodiment, a flowchart for explaining the interpolation coefficient processing operation in the supporter interpolation coefficient creation unit Flowchart explaining the interpolation coefficient processing operation in the opponent interpolation coefficient creation unit in the embodiment In the embodiment described above, a flowchart for explaining a processing operation in which each terminal receives divided interpolation coefficient data from another terminal and creates intermediate interpolation coefficient data in the interpolation coefficient data transfer unit of the terminal itself. In the embodiment, a flowchart for explaining a public data creation processing operation in a terminal for which a user has voted for In the embodiment, a flowchart for explaining a public data creation processing operation in a terminal on which a user has voted against In the embodiment, a flowchart for explaining the signature data totaling processing operation in the combiner Network configuration diagram showing a connection configuration between a terminal and a combiner for explaining the conventional technology The block diagram which shows an example of the terminal used for the voting system which concerns on the said prior art Block diagram showing the configuration of a conventional combiner

Explanation of symbols

6 Combiner 11, 31 Input accepting unit 12 User input accepting unit 13 Terminal data accumulating unit 14, 32 Transmitting unit 15 Dummy seed creation 16 Dummy data creating unit 17 Voting start processing unit 18 Interpolation coefficient data transfer unit 19 Opposite interpolation coefficient creation unit 20 Opponent Public Data Calculation Unit 21 Approvers Interpolation Coefficient Creation Unit 22 Approvers Public Data Calculation Unit 23 2

33 Voting start unit 34 Signature data totaling unit 36 Group data storage unit
P_1, P_2, P_3, P_4, P_5 terminal

Claims (12)

A combiner having a voting start unit that generates voting start data representing the start of electronic voting, and a signature data totaling unit that generates signature data from the split signature data in favor or opposite received from the terminal; and
A voting start processing means for performing a process for starting voting, a means for creating split signature data for approval, a means for creating opposite split signature data, and a part of each split signature data A means for creating dummy data; an input receiving unit for receiving data from the combiner or another terminal; and a transmission unit for sending data to the combiner or another terminal; receiving voting start data from the combiner And a plurality of terminals that create split signature data for or against
The electronic voting system, wherein the combiner receives divided signature data in favor or opposite from each terminal and creates signature data. A voting start processing means for performing a process for starting voting, a means for creating split signature data for approval, a means for creating opposite split signature data, and a part of each split signature data It is composed of a plurality of terminals having means for creating dummy data, an input receiving unit for receiving data from other terminals, and a transmitting unit for sending data to other terminals,
Among the plurality of terminals, at least one of the plurality of terminals is signature data for generating signature data from a voting start unit that generates voting start data indicating the start of electronic voting, and split signature data that is approved or opposite from each terminal. It has a function as a main terminal by having a counting part,
The electronic voting system, wherein the main terminal receives divided signature data in favor or opposite from each terminal and creates signature data. The means for creating the divided signature data for the approval includes an approval interpolation coefficient generation unit for generating the division interpolation coefficient data based on the own terminal ID and the other terminal ID, and the division interpolation generated in the approval interpolation coefficient generation unit. Interpolation coefficient data transfer unit for creating intermediate interpolation coefficient data based on coefficient data and divided interpolation coefficient data from another terminal, intermediate interpolation coefficient data created in the interpolation coefficient data transfer unit, and intermediate interpolation coefficient data from another terminal An approvers public data calculation unit that creates split signature data based on
The means for creating the opposite divided signature data includes an opponent interpolation coefficient creating unit that creates divided interpolation coefficient data composed of the number of terminals that have a predetermined value by arithmetic processing, and an opponent interpolation coefficient creating unit. An interpolation coefficient data transfer unit that creates intermediate interpolation coefficient data based on the created divided interpolation coefficient data and the divided interpolation coefficient data from another terminal, and the intermediate interpolation coefficient data created in the interpolation coefficient data transfer unit and the other terminal The electronic voting system according to claim 1, further comprising: an opponent public data calculation unit that creates divided signature data based on the intermediate interpolation coefficient data.   The means for creating dummy data includes a dummy seed creation unit that creates intermediate dummy data consisting of the number of terminals that have a predetermined value by an arithmetic process, the intermediate dummy data created by the dummy seed creation unit, and other terminals 4. The electronic voting system according to claim 1, further comprising: a dummy data creating unit that creates dummy data based on the intermediate dummy data from.   4. The electronic voting system according to claim 3, wherein the opponent interpolation coefficient creating unit creates divided interpolation coefficient data composed of the number of terminals which are 1 when multiplied.   The electronic voting system according to claim 4, wherein the dummy seed creation unit creates intermediate dummy data composed of the number of terminals equal to 1 when multiplied.   5. The electronic voting system according to claim 4, wherein the dummy data creation unit creates dummy data by multiplying the intermediate dummy data received from each terminal. Based on the own terminal ID (i) and the other terminal ID (j) that has sent the interpolation coefficient creation request,
aji ＝ i / (ij)
4. The division interpolation coefficient data consisting of the number ajim (1 ≦ m ≦ n, i ≠ j) of the number of terminals which are calculated to be aji when multiplied is further created. Electronic voting system. The opponent interpolation coefficient creation unit, based on its own terminal ID (i) and the other terminal ID (j) that has sent the request for interpolation coefficient creation,
a = 1
4. The electronic voting system according to claim 3, wherein divided interpolation coefficient data consisting of ajim (1 ≦ m ≦ n) corresponding to the number of terminals that are multiplied by 1 is created.   4. The electronic voting system according to claim 3, wherein the interpolation coefficient data transfer unit creates intermediate interpolation coefficient data by multiplying the divided interpolation coefficient data from each terminal.   The approver public data calculation unit uses the value ai obtained by multiplying the intermediate interpolation coefficient data from each terminal, the secret information si, and the dummy data yi to raise M to (ai * si) and increase the dummy 4. The electronic voting system according to claim 3, wherein a calculation for multiplying the data yi is executed to generate divided signature data. Receiving an electronic voting start command, obtaining an ID of the own terminal, and a pros and cons flag indicating whether the user of the own terminal is in favor or against;
While receiving the ID of the own terminal to another terminal, receiving the ID from the other terminal;
Creating intermediate dummy data and sending it to other terminals, while receiving intermediate dummy data from other terminals;
Calculating intermediate dummy data from each terminal to create dummy data;
In parallel with the process of creating the dummy data, intermediate interpolation coefficient data for creating divided signature data reflecting that the user of the terminal is in favor is created, Creating intermediate interpolation coefficient data for creating split signature data reflecting the opposite when the user is opposite;
Creating split signature data using the dummy data and the intermediate interpolation coefficient data;
Creating signature data from the split signature data created on each device;
An electronic voting method.

Images