Abstract
Blockchain-enabled voting (BEV) systems have emerged as the next generation of modern electronic voting (e-voting) systems, because the immutable property of the blockchain has made itself a perfect distributed ballot box. Further, recent investigations have utilized the smart contract to build a decentralized autonomous voting application over blockchain. We identify nine critical desiderata, such as scalability, verifiability, and robustness, that a BEV system can and should achieve. However, we find that existing BEV systems violate at least one of the nine desiderata. In light of this deficiency, we propose a novel BEV system, named Chaintegrity, that fulfills all the specified desiderata. In addition, to make our system more cost-effective, we also propose a hybrid data structure which combines the counting Bloom filter and the Merkle hash tree for fast authentication. To enhance robustness, we as well introduce the code-voting technique as a component in our system. Our empirical results also show that our system achieves high efficiency and enjoys low computational and communication overhead.
Similar content being viewed by others
Notes
It is also known as the double-spend problem, in terms of cryptocurrency and fintech.
So far, the highest transaction fee is up to 55.16 USD, which is reached at the end of 2017: https://bitinfocharts.com/comparison/bitcoin-transactionfees.html.
The smart contract is the script distributedly executed on all validation nodes. Thus, as regards the consistency of the blockchain, it is impossible for every node privately chooses the same random number.
This assumption is mitigated in Sect. 6.3.
Another possible detection on Alice’s registration trail is the transaction which smart contract sends back to Alice (in Step R6). This approach is executed on blockchain.
The partial decryption and combination algorithms refer to Appendix B.2. It is also noteworthy that a zero-knowledge proof \( ( R_{1}, R_{2}, e', z ) \leftarrow PoK_{cor}( C, {C_{i}}) \) generated by each election holder is published to ensure the correctness of the partial decryption.
References
Adida, B.: Helios: web-based open-audit voting. In: USENIX Security Symposium, vol. 17, pp. 335–348 (2008)
Agora: Bringing voting systems into the digital age. https://www.agora.vote/. Accessed 30 March 2019
Alvarez, R.M., Levin, I., Li, Y.: Fraud, convenience, and e-voting: how voting experience shapes opinions about voting technology. J. Inf. Technol. Polit. 15(2), 94–105 (2018)
Alves, J., Pinto, A.: On the use of the blockchain technology in electronic voting systems. In: International Symposium on Ambient Intelligence, pp. 323–330. Springer, Berlin (2018)
Androulaki, E., Barger, A., Bortnikov, V., Cachin, C., Christidis, K., De Caro, A., Enyeart, D., Ferris, C., Laventman, G., Manevich, Y., et al.: Hyperledger fabric: a distributed operating system for permissioned blockchains. In: Proceedings of the Thirteenth EuroSys Conference, p. 30. ACM (2018)
Bajak, F.: Apnewsbreak: Georgia election server wiped after suit filed. https://apnews.com/877ee1015f1c43f1965f63538b035d3f. Accessed 30 March 2019
Bartolucci, S., Bernat, P., Joseph, D.: Sharvot: secret share-based voting on the blockchain. In: Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain, pp. 30–34. ACM (2018)
Baudron, O., Fouque, P.A., Pointcheval, D., Stern, J., Poupard, G.: Practical multi-candidate election system. In: Proceedings of the Twentieth Annual ACM Symposium on Principles of Distributed Computing, pp. 274–283. ACM (2001)
Benet, J.: IPFS-content addressed, versioned, P2P file system. arXiv preprint arXiv:1407.3561 (2014)
Bentov, I., Kumaresan, R.: How to use Bitcoin to design fair protocols. In: Annual Cryptology Conference, pp. 421–439. Springer, Berlin (2014)
Bistarelli, S., Mantilacci, M., Santancini, P., Santini, F.: An end-to-end voting-system based on Bitcoin. In: Proceedings of the Symposium on Applied Computing, pp. 1836–1841. ACM, New York (2017)
Boneh, D., Franklin, M.: Efficient generation of shared RSA keys. In: Annual International Cryptology Conference, pp. 425–439. Springer, Berlin (1997)
Bonneau, J., Clark, J., Goldfeder, S.: On Bitcoin as a public randomness source. IACR Cryptology ePrint Archive 2015, p. 1015 (2015)
Breslow, A.D., Jayasena, N.S.: Morton filters: faster, space-efficient cuckoo filters via biasing, compression, and decoupled logical sparsity. Proc. VLDB Endow. 11(9), 1041–1055 (2018)
Cachin, C.: Architecture of the hyperledger blockchain fabric. In: Workshop on Distributed Cryptocurrencies and Consensus Ledgers, vol. 310 (2016)
Chaieb, M., Yousfi, S., Lafourcade, P., Robbana, R.: Verify-your-vote: a verifiable blockchain-based online voting protocol. In: European, Mediterranean, and Middle Eastern Conference on Information Systems, pp. 16–30. Springer, Berlin (2018)
Chaum, D.: Blind signatures for untraceable payments. In: Advances in Cryptology, pp. 199–203. Springer, Berlin (1983)
Chaum, D., Essex, A., Carback, R., Clark, J., Popoveniuc, S., Sherman, A., Vora, P.: Scantegrity: end-to-end voter-verifiable optical-scan voting. IEEE Secur. Priv. 6(3), 40–46 (2008)
Chen, C.M., Wang, K.H., Yeh, K.H., Xiang, B., Wu, T.Y.: Attacks and solutions on a three-party password-based authenticated key exchange protocol for wireless communications. J. Ambient Intell. Human. Comput. 10(8), 3133–3142 (2018)
Chen, C.M., Xiang, B., Liu, Y., Wang, K.H.: A secure authentication protocol for internet of vehicles. IEEE Access 7, 12047–12057 (2019)
Chow, S.S., Liu, J.K., Wong, D.S.: Robust receipt-free election system with ballot secrecy and verifiability. In: NDSS, vol. 8, pp. 81–94 (2008)
Croman, K., Decker, C., Eyal, I., Gencer, A.E., Juels, A., Kosba, A., Miller, A., Saxena, P., Shi, E., Sirer, E.G., et al.: On scaling decentralized blockchains. In: International Conference on Financial Cryptography and Data Security, pp. 106–125. Springer, Berlin (2016)
Damgård, I., Koprowski, M.: Practical threshold RSA signatures without a trusted dealer. In: International Conference on the Theory and Applications of Cryptographic Techniques, pp. 152–165. Springer, Berlin (2001)
DeMuro, J.: Here are the 10 sectors that blockchain will disrupt forever. https://www.techradar.com/news/here-are-the-10-sectors-that-blockchain-will-disrupt-forever. Accessed 30 March 2019
Douceur, J.R.: The Sybil attack. In: International Workshop on Peer-to-Peer Systems, pp. 251–260. Springer, Berlin (2002)
EOSIO: EOS.IO technical white paper v2. https://github.com/EOSIO/Documentation/blob/master/TechnicalWhitePaper.md. Accessed 30 March 2019
Ethereum: A next-generation smart contract and decentralized application platform. https://github.com/ethereum/wiki/wiki/White-Paper. Accessed 30 March 2019
Fan, B., Andersen, D.G., Kaminsky, M., Mitzenmacher, M.D.: Cuckoo filter: practically better than bloom. In: Proceedings of the 10th ACM International on Conference on Emerging Networking Experiments and Technologies, pp. 75–88. ACM, New York (2014)
Fan, L., Cao, P., Almeida, J., Broder, A.Z.: Summary cache: a scalable wide-area web cache sharing protocol. IEEE/ACM Trans. Netw. 8(3), 281–293 (2000)
FollowMyVote: The online voting platform of the future. https://followmyvote.com/. Accessed 30 March 2019
Fujioka, A., Okamoto, T., Ohta, K.: A practical secret voting scheme for large scale elections. In: International Workshop on the Theory and Application of Cryptographic Techniques, pp. 244–251. Springer, Berlin (1992)
Garay, J., Kiayias, A., Leonardos, N.: The Bitcoin backbone protocol: analysis and applications. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 281–310. Springer, Berlin (2015)
Gibson, J.P., Krimmer, R., Teague, V., Pomares, J.: A review of e-voting: the past, present and future. Ann. Telecommun. 71(7–8), 279–286 (2016)
Gramoli, V.: From blockchain consensus back to byzantine consensus. In: Future Generation Computer Systems (2017)
Hao, F., Ryan, P.Y., Zieliński, P.: Anonymous voting by two-round public discussion. IET Inf. Secur. 4(2), 62–67 (2010)
Heiberg, S., Kubjas, I., Siim, J., Willemson, J.: On trade-offs of applying block chains for electronic voting bulletin boards. In: E-Vote-ID 2018, p. 259 (2018)
Jiang, Q., Huang, X., Zhang, N., Zhang, K., Ma, X., Ma, J.: Shake to communicate: secure handshake acceleration-based pairing mechanism for wrist worn devices. IEEE Internet Things J. 6(3), 5618–5630 (2019)
Kokoris-Kogias, E., Jovanovic, P., Gasser, L., Gailly, N., Syta, E., Ford, B.: Omniledger: a secure, scale-out, decentralized ledger via sharding. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 583–598. IEEE (2018)
Kshetri, N., Voas, J.: Blockchain-enabled e-voting. IEEE Softw. 35(4), 95–99 (2018)
Ltd., O.: Oraclize documentation. https://docs.oraclize.it/. Accessed 30 March 2019
McCorry, P., Shahandashti, S.F., Hao, F.: A smart contract for boardroom voting with maximum voter privacy. In: International Conference on Financial Cryptography and Data Security, pp. 357–375. Springer, Berlin (2017)
Mercuri, R.T.: On auditing audit trails. Commun. ACM 46(1), 17–20 (2003)
Merkle, R.C.: Protocols for public key cryptosystems. In: 1980 IEEE Symposium on Security and Privacy, pp. 122–122. IEEE (1980)
Mitzenmacher, M.: Compressed bloom filters. IEEE/ACM Trans. Netw. 10(5), 604–612 (2002)
Nishide, T., Sakurai, K.: Distributed Paillier cryptosystem without trusted dealer. In: International Workshop on Information Security Applications. pp. 44–60. Springer, Berlin (2010)
Okamoto, T.: Provably secure and practical identification schemes and corresponding signature schemes. In: Annual International Cryptology Conference, pp. 31–53. Springer, Berlin (1992)
Okamoto, T.: Receipt-free electronic voting schemes for large scale elections. In: International Workshop on Security Protocols, pp. 25–35. Springer, Berlin (1997)
Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: International Conference on the Theory and Applications of Cryptographic Techniques, pp. 223–238. Springer, Berlin (1999)
Park, S., Rivest, R.L.: Towards secure quadratic voting. Public Choice 172(1–2), 151–175 (2017)
Pawlak, M., Guziur, J., Poniszewska-Marańda, A.: Voting process with blockchain technology: auditable blockchain voting system. In: International Conference on Intelligent Networking and Collaborative Systems, pp. 233–244. Springer, Berlin (2018)
Qin, Z., Sun, J., Wahaballa, A., Zheng, W., Xiong, H., Qin, Z.: A secure and privacy-preserving mobile wallet with outsourced verification in cloud computing. Comput. Stand. Interfaces 54, 55–60 (2017)
RANDAO: RANDAO: a DAO working as RNG of Ethereum. https://github.com/randao/randao/blob/master/README.md. Accessed 30 March 2019
Ryan, P.Y., Bismark, D., Heather, J., Schneider, S., Xia, Z.: Prêt à voter: a voter-verifiable voting system. IEEE Trans. Inf. Forensics Secur. 4(4), 662–673 (2009)
Schnorr, C.P.: Efficient signature generation by smart cards. J. Cryptol. 4(3), 161–174 (1991)
Scott, D.: North Carolina elections board orders new house election after ballot tampering scandal. https://www.vox.com/policy-and-politics/2019/2/21/18231981/north-carolina-election-fraud-new-nc-9-election. Accessed 30 March 2019
Takabatake, Y., Kotani, D., Okabe, Y.: An anonymous distributed electronic voting system using Zerocoin (2016)
Tian, H., Fu, L., He, J.: A simpler Bitcoin voting protocol. In: International Conference on Information Security and Cryptology, pp. 81–98. Springer, Berlin (2017)
TIVI: TIVI powered by smartmatic and cybernetica—tivi.io. https://tivi.io/. Accessed 30 March 2019
Wang, K.H., Mondal, S.K., Chan, K., Xie, X.: A review of contemporary e-voting: requirements, technology, systems and usability. Data Sci. Pattern Recogn. 1(1), 31–47 (2017)
Xiong, H.: Cost-effective scalable and anonymous certificateless remote authentication protocol. IEEE Trans. Inf. Forensics Secur. 9(12), 2327–2339 (2014)
Xiong, H., Qin, Z.: Revocable and scalable certificateless remote authentication protocol with anonymity for wireless body area networks. IEEE Trans. Inf. Forensics Secur. 10(7), 1442–1455 (2015)
Xiong, H., Mei, Q., Zhao, Y.: Efficient and provably secure certificateless parallel key-insulated signature without pairing for IIoT environments. IEEE Syst. J. (2018). https://doi.org/10.1109/JSYST.2018.2890126
Xiong, H., Zhang, H., Sun, J.: Attribute-based privacy-preserving data sharing for dynamic groups in cloud computing. IEEE Syst. J. (2018). https://doi.org/10.1109/JSYST.2018.2865221
Xiong, H., Zhao, Y., Peng, L., Zhang, H., Yeh, K.H.: Partially policy-hidden attribute-based broadcast encryption with secure delegation in edge computing. Future Gener. Comput. Syst. 97, 453–461 (2019)
Yaga, D., Mell, P., Roby, N., Scarfone, K.: Blockchain Technology Overview. Technical report, National Institute of Standards and Technology (2018)
Yang, X., Yi, X., Nepal, S., Han, F.: Decentralized voting: a self-tallying voting system using a smart contract on the Ethereum blockchain. In: International Conference on Web Information Systems Engineering, pp. 18–35. Springer, Berlin (2018)
Yu, B., Liu, J.K., Sakzad, A., Nepal, S., Steinfeld, R., Rimba, P., Au, M.H.: Platform-independent secure blockchain-based voting system. In: International Conference on Information Security, pp. 369–386. Springer, Berlin (2018)
Zagórski, F., Carback, R.T., Chaum, D., Clark, J., Essex, A., Vora, P.L.: Remotegrity: design and use of an end-to-end verifiable remote voting system. In: International Conference on Applied Cryptography and Network Security, pp. 441–457. Springer, Berlin (2013)
Zhang, H., Deng, E., Zhu, H., Cao, Z.: Smart contract for secure billing in ride-hailing service via blockchain. Peer-to-Peer Netw. Appl. 12(5), 1346–1357 (2019)
Zhang, B., Zhou, H.S.: Statement voting. In: Financial Cryptography and Data Security 2019 (2018)
Zhao, Z., Chan, T.H.H.: How to vote privately using Bitcoin. In: International Conference on Information and Communications Security, pp. 82–96. Springer, Berlin (2015)
Zheng, H., Xue, M., Lu, H., Hao, S., Zhu, H., Liang, X., Ross, K.W.: Smoke Screener or Straight Shooter: Detecting Elite Sybil Attacks in User-Review Social Networks, NDSS (2018)
Acknowledgements
We thank the anonymous reviewers for their invaluable comments and suggestions. This work was supported in part by the 13th Five-Year Plan of National Cryptography Development Fund for Cryptographic Theory of China under Grant MMJJ20170204, in part by the Fundamental Research Funds for the Central Universities under Grant ZYGX2016J091, the Guangxi Colleges and Universities Key Laboratory of Cloud Computing and Complex Systems, and in part by the Natural Science Foundation of China under Grants U1401257, 61472064, and 61602096, Sichuan Science and Technology Project under Grant 2018KZ007.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendices
Appendix A: Digital signature
1.1 Appendix A.1: Schnorr signature
In this signature scheme [54], p and q are primes, which \( q | p - 1 \), \( q \geqslant 2^{140} \), \( p \geqslant 2^{512} \). An integer \( t = O(|p|)\) (e.g., \( t \ge 20 \)), and let g be a generator of a multiplicative subgroup of \( Z_{p} \) with order q. m is the message to be signed. Let s denotes the Signer’s private key, which is a random number chosen by the Signer in \( \{ 1, 2, \ldots , q \} \). And v denotes the Signer’s corresponding public key, which is the number \( v = g^{-s} \bmod p \).
1.2 Appendix A.2: Okamoto–Schnorr blind signature
In practice, we use the Okamoto–Schnorr blind signature [46]. In this blind signature scheme, all the parameters are the same as the Schnorr Signature above. And the details of this blind signature scheme are as follow:
Remark The Okamoto–Schnorr blind signature requires one more round, i.e., the commit phase, than the original blind signature. In the adaptation to our scheme, all election holders generate such a commitment to the legitimate voters and allocate to them in advance. In the authentication process, the voter triggers the sortition smart contract to choose one specific election holder. Then the voter selects the corresponding commitment to blind the ballot and then sends the blinded message to the smart contract. Other steps will follow the protocol described in the main part of our paper.
Appendix B: Homomorphic encryption
1.1 Appendix B.1: Paillier encryption
In our system, we use the Paillier encryption scheme [48] to achieve homomorphic encryption, and the details of this scheme are as follow.
In this encryption scheme, choose two prime numbers p and q, which \({ gcd}(p, q-1) = { gcd}(p-1, q) = 1 \). Then \( \lambda = \mathrm{lcm} (p-1, q-1)\) and \( N = p \cdot q\). Define \( L(b)= \frac{b-1}{N} \), where \( b \in Z^{*}_{N^{2}} \). Choose a random element g, where \( g \in Z^{*}_{{N^{2}}} \). Compute \( \mu = (L(g^{\lambda } \bmod \ N^{2}))^{-1} \bmod N \). The public key is (N, g) and the secret key is \( ( \lambda , \mu , p, q ) \). Then let \(\ell \in Z_{N}\) be the plaintext. To encrypt the plaintext, select a random number \( r \in Z^{*}_{N} \) and compute the ciphertext \( C = g^{\ell } r^{N} \bmod N^{2} \). To decrypt the ciphertext, compute \( \ell = (L(C^{\lambda } \bmod N^{2}) \cdot \mu ) \bmod N \).
Additive Homomorphic Property
For anyone who has the public key and the different ciphertexts \( c_{1} = g^{\ell _{1}} r^{N}_{1} \bmod N^{2} \) and \( c_{2} = g^{\ell _{2}} r^{N}_{2} \bmod N^{2} \) of plaintexts \( \ell _{1} \) and \( \ell _{2} \) from different users, the encryption of \( \ell _{1} + \ell _{2} \) is easy to generate by \( c_{1} \cdot c_{2} = g^{\ell _{1}+\ell _{2}} r^{N}_{1} r^{N}_{2} \bmod N^{2} \).
For \( \rho \) users, the encryption of \( \varSigma _{i=1}^{\rho } \ell _{i} \) can be generated by \( \varPi _{i=1}^{\rho } c_{i} = \varPi _{i=1}^{\rho } g^{\ell _{i}} r^{N}_{i} \bmod N^{2} \). To decrypt the ciphertext, compute
1.2 Appendix B.2: Threshold version of Paillier encryption
Suppose there are n parties sharing the secret together. And if there are fewer than \( t+1 \) valid partial decryption shares of the parties, the ciphertext cannot be decrypted. The parties execute the distributed RSA modulus generation protocol and the key generation algorithm in [12, 45].
After the algorithm is successfully executed, the public key (N, g) is published with an agreed global parameter \( \theta \) which is used to combine partial ciphertexts. Each party \( P_{i} \) gets a share of secret key which is the polynomial f(i) . Also, \( P_{i} \) generates and distributes a verification key \( VK_{i} = v^{\varDelta f(i)} \bmod N^2\) where \(v \in _R Q_{N^2}\). The verification key is used to proof the correctness of partial decryption (see “Appendix B.3”).
Let \( \ell \) be the plaintext, and the ciphertext is generated by \( C = g^{\ell }r^{N} \bmod N^{2} \). Then, the following steps can be performed by any \( t+1 \) parties to decrypt the message:
-
1.
Decryption Each party \( P_{i} \) generates and shares the partial decryption \( C_{i} = C^{2 \varDelta f(i)} \bmod N^{2} \) where \( \varDelta = n! \).
-
2.
Combination Define \( L(u) = \frac{u-1}{N} \), \( \lambda ^{S}_{x,i} = \varPi _{i' \in S \setminus \{i\}} \frac{x-i'}{i-i'}\) and \( \mu _{i} = \varDelta \times \lambda ^{S}_{0,i} \in {\mathbb {Z}} \). And the message can be recovered through
$$\begin{aligned} \ell = L( \varPi _{i \in S} C^{2\mu _{i}}_{i} \bmod N^{2}) \times \frac{1}{-4 \varDelta ^{2}\theta } \bmod N. \end{aligned}$$
1.3 Appendix B.3: Zero-knowledge proofs
Non-interactive zero-knowledge proof of membership [8]
In this section, an efficient non-interactive proof of knowledge scheme is described as follows. If Alice has a ciphertext c of the message m which is in a set of n plaintext. She can use this scheme to prove that the ciphertext c is from one of n plaintext in a set.
Let N be the RSA modulus of Paillier encryption system. Define \( \gamma = \{ \ell _{1}, \ell _{2}, \ldots , \ell _{\rho } \}\) as the set of \( \rho \) encoded candidates. Let P denote the set of n messages and C denote the ciphertext. And g is the public key in the Paillier encryption scheme. Furthermore, we define that \( a \div b \) equals the quotient in the division of a by b. In this proof, the Prover and the Verifier are involved.
Non-interactive zero-knowledge proof of correctness of partial decryption [23]
In this section, a non-interactive zero-knowledge proof of correctness of partial decryption scheme is described as follows. If Alice decrypts the ciphertext c to get the partial decryption message \( c_{i} \). She can use this scheme to prove that the partial decryption message \( c_{i} \) is decrypted correctly with her partial private key.
The party \( P_{i} \) takes \( f(i), v, VK_{i} = v^{\varDelta f(i)} \), \( C \in Z_{N^{2}} \) as input, and the partial decryption \( C_{i} = C^{2\varDelta f(i)} \bmod N^{2} \) is generated. Then the zero-knowledge proof protocol is executed to prove the equality that \( f(i) = \log _{C^{4\varDelta }}(C_{i})^{2} = \log _{v^{\varDelta }} VK_{i} \). The steps of this non-interactive proof are as follows:
Rights and permissions
About this article
Cite this article
Zhang, S., Wang, L. & Xiong, H. Chaintegrity: blockchain-enabled large-scale e-voting system with robustness and universal verifiability. Int. J. Inf. Secur. 19, 323–341 (2020). https://doi.org/10.1007/s10207-019-00465-8
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-019-00465-8