A trusted electronic election system requires that all the involved information must go public, that is, it focuses not only on transparency but also privacy issues. In other words, each ballot should be counted anonymously, correctly, and efficiently. In this work, a lightweight E-voting system is proposed for voters to minimize their trust in the authority or government. We ensure the transparency of election by putting all message on the Ethereum blockchain, in the meantime, the privacy of individual voter is protected via an efficient and effective ring signature mechanism. Besides, the attractive self-tallying feature is also built in our system, which guarantees that everyone who can access the blockchain network is able to tally the result on his own, no third party is required after voting phase. More importantly, we ensure the correctness of voting results and keep the Ethereum gas cost of individual participant as low as possible, at the same time. Clearly, the pre-described characteristics make our system more suitable for large-scale election.
Although some countries have begun to use electronic voting for national scale election[estonia-voting], there is still no suitable, trusted, efficient electronic voting system for people because it requires many contradictory properties. The election needs one or more authority for both authentication and protect the privacy of participant, however, it is difficult for voter to believe in the government or authority that will always follow the rules or never get hacked. There have been many studies and discussion on elections[voting-emp0], [voting-emp1] open all ballot to ensure transparent, then permute for anonymity, but it is still centralized and tally phase is time-consuming. [voting-emp2] proposed Open Vote network protocol, it is decentralized, anonymous and transparent. But it cannot tally the result even only one voter doesn't cast his ballot, which make their scheme only suitable for small-scale voting. With the development of blockchain, some work has discuss, electronic voting can use it as immutable, public bulletin board. [voting-emp3] run Open Vote protocol on Ethereum smart contract, make whole process more convenient. [voting-emp4,5] build their voting system based on blockchain. [voting-emp4] require all voter open their mask after voting, which property cause the same problem as [voting-emp2,3], and it is obviously unreasonable to force each voter to pay a deposit before voting. [voting-emp5] proposed a simple and efficient scheme, and introduced multiple authority to protect privacy of voter. But it is centralized and has some information that is not completely transparent.
The most important element in the electronic election is Anonymous. The relationship between voter and their ballot must not be revealed. Thus, we need a special digital signature scheme called ring signature[ring1], which was first proposed by Ron Rivest, Adi Shamir, and Yael Tauman in 2001. Ring signature has the property that a signer in a particular group can signs the message as group member, and verifier cannot distinguish the identity of signer. We can simply take this method to make voter sign the ballot anonymously but there will be another problem: a voter can cast their ballot twice. This is equivalent to double-spending issue on blockchain network. Thus, we adopt one-time ring signatures[ring2] proposed by Nicolas van Saberhagen, which ensures that a voter with one key-pair can only signs once, but can still sign as a particular group. We describe the one-time ring signature as following:
Common parameters are: q: a prime number E: an elliptic curve equation G: a base point l: a prime order of the base point ! " : a cryptographic hash function {0,1} * → ( ) ! " : a cryptographic hash function !(# $ ) → !(# $ )
• Generation Assume there are a public key set { # $ |$ ∈ [1, *] } , and a signer owns a private key ! " corresponding to a public key ! " . First, he computes another public key ! = $ % & ’ () % ) called “key image”, then applies the following transformations:
! " # " $, "' " = ) # " $ + + " , " , “’ " ≠ ) ! " # " $ % (' " ), "+ " = -# " $ % (’ " ) + / " 0, “+ " ≠ -! " and ! " are random number selected from [1, . . . , %] , then, compute the non-interactive challenge ! = # $ (&, ( 1 , . . . , ( + , , 1 , . . . , , + )
Finally, the signer compute
-./ 0, “% " = (
The one-time ring signature is
• Verification
Any verifier can apply the transformation
then checks if the equation
= & ’ (), + 0 ’ , . . . , + # ’ , . 0 ’ , . . . . # ’ ) holds.
With aforementioned one-time ring signature, voters can cast their ballot among particular set. But there is still one more thing, the information on the ballot cannot be public until tally phase. Thus, the message must be send after encryption.
We apply the unlinkable payments scheme proposed by Nicolas van Saberhagen [ring-sig2], which allows sender to generate different destination base on the same public key. In the other word, once we encode the candidate into public key, voters can send transaction to different address even though they cast to the same candidate.
It means that voters can obfuscate the observers who they actually vote for. Stealth address can be incorporated into our system as following:
• A candidate ! " ( or so called receiver ) has two standard elliptic key pair: (” # , % # ) , ( # $ , & $ ) , where ! " = $ " %, ’ " = ( " % .
• For a voter ( or so called sender ) who want to generate a stealth address for selected candidate ! " :
He chooses a random number ! ∈ [1, ‘-1] and compute ! = $% , the corresponding stealth address !" = $ % (’” ( )* + , ( , then a ballot for the candidate ! " is (”#, %) .
• Once the verifier get the private keys: (" # , & # ) of " # and the ballot information ("#, %) , he can compute
If the ballot is directed to corresponding ! " :
However, there may be too many redundancies computation when verifying ballots. We can further simplify the computation of tally by sharing all candidates’ first priva
This content is AI-processed based on open access ArXiv data.
