A secure end-to-end verifiable e-voting system using blockchain and cloud server

Abstract

We propose a cryptographic technique for an authenticated, end-to-end verifiable and secret ballot election. Currently, almost all verifiable e-voting systems require trusted authorities to perform the tallying process except for the DRE-i and DRE-ip systems. We have shown a weakness of the DRE-ip system and proposed a solution. We propose a secure and verifiable voter registration and authentication mechanism. The proposed scheme prevents ballot stuffing attack. We have modified the DRE-ip system so that no adversary can create and post a valid ballot on the public bulletin board without detection. We propose a method for publishing the final tally without revealing the tally from individual Direct-Recording Electronic (DRE) machines using secure multi-party computation and non-interactive zero-knowledge (NIZK) proof. We propose two methods to store these ballots using blockchain and cloud server. To the best of our knowledge, it is the first end-to-end verifiable DRE based e-voting system using blockchain. We provide security proofs to prove the security properties of the proposed scheme. We prove that the efficient NIZK proof proposed by Lin et al. in APSIPA ASC 2019 is not correct since it does not satisfy the witness indistinguishability property of a zero-knowledge proof. We introduce an improved NIZK proof that boosts the efficiency of the system. The experimental data obtained from our tests show the protocol’s potential for real-world deployment.

Introduction

Election is a process of establishing the democracy in the country. It is also one of the most challenging task, one whose constraints are remarkably strict. Each voter should receive assurance that her vote is cast as intended, recorded as cast and tallied as recorded. In addition, the election system as a whole should ensure that voter coercion is unlikely, even when voters are willing to be influenced. There has been extensive adoption of Direct-Recording Electronic (DRE) devices for voting at polling stations around the world. Starting with the seminal work by Chaum, published in IEEE Security & Privacy [1] in 2004, research on end-to-end (E2E) verifiable e-voting has become a thriving field. Informally, the notion of E2E verifiability refers to have three properties: $\left(1\right)$ each voter is able to verify if her vote has been cast as intended; $\left(2\right)$ each voter is able to verify if her vote has been recorded as cast; $\left(3\right)$ anyone can verify if all the votes have been tallied as recorded. By contrast, in traditional paper-based voting system, a voter cannot verify how her vote is recorded and tallied in the voting process. As with traditional elections, voters go to their polling station, prove their eligibility for casting votes by presenting their identity card. The voter is given a token [2] that allows her to cast vote for her chosen candidate. Therefore, the system depends on trustworthy individual at the polling stations, thus leading to the introduction of automated paperless secure e-voting system. In this paper, we propose a secure authenticated DRE based E2E verifiable e-voting system without tallying authorities.

Hao et al. proposed a voting system, called DRE-i (DRE with integrity) [3], to achieve E2E verifiability without involving any tallying authorities (TAs). However, the pre-computation strategy requires that the pre-computed data is securely stored and accessed during the voting phase. This introduces the possibility for an adversary to break into the secure storage module and compromise the privacy of all ballots. To overcome this issue, Shahandashti et al. provided a voting system, called DRE-ip [4] (DRE-i with enhanced privacy). DRE-ip achieves E2E verifiability without TAs and simultaneously a significantly stronger privacy guarantee than DRE-i. However, both DRE-i and DRE-ip systems necessitate the requirement of a secure append-only public bulletin board (BB). If the BB or the voting machine or the private key of the signature is compromised, an attacker can change some ballots and add additional ballots as well in such a way that it cannot be detected by the DRE-ip tally verification algorithm. The private key of the signature might be compromised at the setup stage.

In his PhD thesis, Benaloh [5] assumes BBs with a secure append-only write operations, also stressing out that “implementing such bulletin boards may be problem unto itself”. Although the assumption that the BB is a trusted centralized entity is common in the literature, the importance of removing the BB as a single point of failure has been extensively discussed in the recent works of Culnane and Schneider [6], Chondros et al. [7] and Kiayias et al. [8]. In [8], Kiayias et al. show a weakness of the bulletin board proposed in [6] and improve the system. However, in [8], for $n$ peers, the minimum number of honest item collection peers that receive and store submitted items must be greater than $2n∕3$ to ensure correct behavior of their bulletin board design. In [9], Küsters et al. raise awareness of an attack, which they call a clash attack, on the verifiability of some of the well-known e-voting systems (for example, ThreeBallot and VAV voting systems [10], a variant of the Helios voting system [11] and the Wombat Voting system [12]). Küsters et al. show that, if the voting machine and the bulletin board collaborate, a bulletin board can replace some ballots by its choice so that it cannot be detected. In [13], Benaloh et al. describe their Trash attack on some well-known verifiable e-voting systems if the bulletin board is compromised.

Instead of assuming a secure append-only public bulletin board, we have modified the DRE-ip algorithm to make it tamper-evident and have proposed two methods (depending on how the election is arranged) to store the ballots using blockchain and cloud server. Since the inception of Bitcoin [14] in 2008, researchers have proposed numerous blockchain-enabled solutions for problems in areas such as artificial intelligent, big data management [15], internet of things [16], 5G [17], health-care [18] and shipping [19] etc. A comprehensive literature review of blockchain-based solutions can be found at [20]. We have measured the costs in terms of Ethereum Gas (and US dollars) to verify and store each ballot on Ethereum blockchain. In this case, all the ballots and public keys of the system remain tamper-resistant. This system prevents coercion even when voters are willing to be influenced. For example, voters may collude with an adversary to vote in favor of adversary’s chosen candidate and may intend to prove their choice of vote after the voting process. Our proposed system uses the exponential ElGamal cryptosystem to encrypt a vote. The system generates two distinct generators of the group whose logarithmic relationship is unknown. The system securely deletes the random variable and the vote (‘confirmed’ vote) for each voter. Consequently, the voter cannot prove her chosen candidate to the adversary. Thus, this kind of coercion can be avoided. Normally, some kinds of coercion-resistance are also provided by the supervised environment of the polling station voting [21]. In addition, since each DRE machine normally covers voting process for small regions, revealing the tally from each DRE machine discloses the distribution of voters against various political parties in small regions. Disclosure of this distribution may impact financial investments, economic development and social security of those small regions. This is also a breach of voter’s privacy to some extent. We propose a secure multi-party computation scheme with non-interactive zero-knowledge (NIZK) proof to compute the final tally correctly while keeping the tally from each DRE machine secret.

We also propose a novel method for voter registration and authentication in a verifiable manner using Fuzzy Vault algorithm [22]. As opposed to the traditional biometric based authentication systems, we do not store the biometric template (fingerprint) of individual voters. There are some privacy and security advantages of our proposed voter registration and authentication system. First, we store a biometrically encrypted key corresponding to an individual voter from which neither the biometric nor the key can be retrieved. The secret key itself is independent of the biometric and can be changed or modified. Secondly, we do not rely on fingerprint alone for authentication since people leave fingerprint everywhere inadvertently. In addition, there may be Mafia-owned businesses that collect fingerprint data in large quantities if there is any exploit path. Thirdly, we present a two factor authentication scheme relying on fingerprint of the voter and a smart card (containing a secret key) given to the voter. Fourthly, our scheme is publicly verifiable. We show that the correctness of our system is verifiable by the public. As a result, the system thwarts ballot stuffing attack.

Our contributions. Our contributions in this article include the following.

• We have shown one weakness of the DRE-ip system. An attacker can post ballots in such a way that it cannot be detected by the tally verification process. We have proposed a solution to prevent this attack.

• We propose a secure and verifiable voter registration and authentication mechanism using voter’s biometric information (fingerprint). The proposed system prevents the well-known ballot stuffing attack.

• We also propose a method for publishing the final tally when multiple DRE machines are used in a regional zone keeping the result (i.e. tally) from each DRE machine secret. By a regional zone, we mean a constituency from where a candidate is to be elected such as a district instead of the whole country. Thus, our system hides the distribution of voters against various political parties in small areas where DRE machines are used.

• Depending on how the election is organized, we propose two methods to store the ballots on a public bulletin board.

• To the best of our knowledge, it is the first end-to-end verifiable DRE based e-voting system using blockchain.

• We prove that our scheme satisfies the eligibility verifiability property. We also provide security proofs to show that the proposed protocol is end-to-end verifiable as well as preserves each voter’s privacy and the integrity of the system.

• We prove that the efficient NIZK proof algorithm proposed by Lin et al. [23] is not correct since it does not satisfy the properties of a zero-knowledge proof. We propose an efficient 1-out-of-n NIZK algorithm (i.e. the prover Algorithm 3 and the verifier Algorithm 4) involving conjunction and disjunction of multiple assertions. The security proofs of the proposed efficient NIZK proof algorithm are given in Appendix B.

• We have analyzed the performance of our scheme involving our proposed NIZK proof systems and compared it with existing protocols.