Electronic Voting Protocol Using Identity-Based Cryptography

Gallegos-Garcia, Gina; Tapia-Recillas, Horacio

doi:https://doi.org/10.1155/2015/741031

The Scientific World Journal

On this page

Abstract Introduction Preliminaries Results Conclusion Acknowledgments References Copyright Related Articles

Research Article | Open Access

Volume 2015 | Article ID 741031 | https://doi.org/10.1155/2015/741031

Electronic Voting Protocol Using Identity-Based Cryptography

Gina Gallegos-Garcia¹and Horacio Tapia-Recillas²

Academic Editor: Ting-Yi Chang

Received09 Feb 2015

Revised04 May 2015

Accepted06 May 2015

Published24 May 2015

Abstract

Electronic voting protocols proposed to date meet their properties based on Public Key Cryptography (PKC), which offers high flexibility through key agreement protocols and authentication mechanisms. However, when PKC is used, it is necessary to implement Certification Authority (CA) to provide certificates which bind public keys to entities and enable verification of such public key bindings. Consequently, the components of the protocol increase notably. An alternative is to use Identity-Based Encryption (IBE). With this kind of cryptography, it is possible to have all the benefits offered by PKC, without neither the need of certificates nor all the core components of a Public Key Infrastructure (PKI). Considering the aforementioned, in this paper we propose an electronic voting protocol, which meets the privacy and robustness properties by using bilinear maps.

1. Introduction

Since 1964, considerable efforts have been made to improve the efficiency of election processes that has brought, as a consequence, a wide range of proposals on such topic.

Electronic voting has been mentioned in different media as the use of computers or computerized voting equipment to cast ballots in an election, which nowadays are a reasonable alternative to conventional elections and other opinion expressing processes [1–5]. Roughly speaking an electronic voting protocol, used to develop an electronic voting process, involves three main entities: voters, registration authorities, and counting authorities who interact with each other during four main phases: registration, authentication, voting, and counting [6, 7], from which authentication is out of our scope.

In order to use an electronic voting protocol inside an electronic voting process, it should satisfy several properties [8]. However, proposed protocol meets privacy and robustness properties by using bilinear maps.(i)Privacy: a vote must be kept secret from any coalition of authorities.(ii)Robustness: the protocol can be developed even if there are entities who do not give correct information. In other words, this property is against dishonest users.

In this paper a voting protocol based on bilinear maps [9, 10] satisfying privacy, uncoercibility, and robustness is proposed. The paper is organized as follows: in Section 2 some intractable problems on finite groups are recalled. The security of the proposed protocol is based on these intractable problems. In Section 3 the proposed protocol is presented. An analysis of privacy and robustness properties is given in Section 4. Obtained results are showed in Section 5. Section 6 presents concluding remarks and final references are listed.

2. Preliminaries

Let be a cyclic group of order written additively. With such a group , the following hard cryptographic problems are defined:(i)Discrete Logarithm Problem (DLP): given , find an integer such that whenever such integer exists.(ii)Computational Diffie-Hellman Problem (CDHP): given a triple for , find the element .(iii)Decision Diffie-Hellman Problem (DDHP): given a quadruple for , decide whether or not.

We assume throughout the paper that DLP and CDHP are intractable, which means that there does not exist a Polynomial Time Algorithm to solve them with nonnegligible probability. When the DDHP is easy but the CDHP is hard on the group is called a Gap Diffie-Hellman (GDH) group. Such a group can be found on supersingular elliptic curves or hyperelliptic curves over finite fields [11, 12]. The proposed electronic voting protocol can be built on any GDH group.

3. The Proposed Electronic Voting Protocol

The protocol is divided into three phases: setup, voting, and counting. In the setup stage the key pairs to be used during the voting and counting phases are generated. The generation of these key pairs involves the participation of entities , where [12–14]. Each entity broadcasts and receives specific information by using Shamir’s secret-sharing scheme in order to generate its public and private shares [15]. In the voting phase voters encrypt votes and ask a blind signature [13, 14]. In the counting phase, a Combining Entity reconstructs the signatures of the votes and verifies and decrypts them [13, 14, 16, 17].

The Combining Entity, who does not have any private key, decrypts the votes by combining decryption shares, which are generated by each entity , after which the votes are counted and the tally is published.

The three phases are detailed as follows.

3.1. Setup Phase

(1)Let and be cyclic groups of the same order which is assumed to be a prime number, with , and let be a nondegenerated bilinear mapping. Let and be two hash functions. This information is known to all entities , where . Furthermore, each entity chooses a binary string, an element of , corresponding to information identifying this entity, for example, an e-mail address, an IP address, and telephone number. The entity sends information to each to generate the public encryption key and its respective private decryption key as follows:(a)Entity randomly selects , keeps it in secret, and broadcasts .(b)Entity randomly picks up a polynomial of degree such that . The integer is taken sufficiently large.(c) computes and broadcasts for and sends to each for , where .(2)After receives from entity , , it does the following:(a) verifies by checking that , for each , . If the check fails, broadcasts a complaint against .(b)It computes its private share and keeps it in secret. This may be considered as an element of . Each calculates its public share and computes the public encryption key .(3)With the above calculations, the public key is and its respective private key, that is distributed to every entity , is .(4)Let be the binary sequence identifying the receiver, also called Combining Entity, and let ; all entities compute their private encryption private share .(5)In order to generate the signature and verification key pair, each entity sends the following information to each . This is done by using the same (additive) group as follows:(a)Entity randomly selects , keeps it in secret, and broadcasts .(b)It picks up randomly a polynomial of degree such that . Note that the polynomials , despite having the same degree, are different.(c)It computes and broadcasts and sends to each for , .(6)After receives from entity , , it does the following:(a) verifies by checking that . If the check fails, broadcasts a complaint against .(b)It computes its private share and keeps it in secret. The element can be regarded as an element of .(c)Then, each calculates its public share and computes the public verification key .(7)With the above calculations, the public key is ; it means that and its respective private key that is distributed to every entity is .

3.2. Voting Phase

(1)Let be the bilinear pairing mentioned above. To encrypt a vote as a message, the voter chooses an option and selects . Then, it codifies as an element of . After that, the voter selects any and computes one scalar multiplication and one bilinear pairing obtaining the encrypted vote given by , where and .(2)The voter gets the blinded encrypted vote by choosing randomly and calculating . After that, is sent to each entity in order to ask for an -shadow-blind signature to each entity , with .(3)Each entity computes and sends it back to the voter. Since , as well.(4)The voter calculates the i-shadow-signature of each entity by computing . Since is an element of so is .(5)Considering a storage device, the vote and the i-shadow-signatures are stored as , where is computed as in the previous step.

3.3. Counting Phase

(1)To rebuild and verify the signature of each vote, the independent Combining Entity proceeds as follows:(a)It selects a subset of shadow-signatures, that is, , and computes , where denotes the Lagrange coefficient associated with the polynomial given by ([17]). Observe that in particular .(b)It verifies the signature by checking that .(2)To decrypt the votes, the procedure is as follows:(a)Each entity calculates its decryption share for every vote cast and sends to the Combining Entity, who selects a set of decryption shares and computes , where denotes the Lagrange coefficient associated with the polynomial given by ([17]).(3)Once is determined, the vote is decrypted by computing .(4)The votes are counted and the tally is published. The voter can check if its vote was counted by comparing its receipt with the announced results.

4. Properties Analysis

4.1. Privacy

The proposed electronic voting protocol meets the privacy property by using a threshold encryption scheme and its respective signature version, which is probably secure under the Computational Bilinear Diffie-Hellman Problem. With this, only the Combining Entity, jointly with at least entities, is the only one who is able to decrypt votes and verify signatures during the counting stage. The correctness is shown as follows from the signature verification in Section 3.3:and from the decryption votes, also in Section 3.3:Then,

4.2. Robustness

The proposed electronic voting protocol meets robustness property by using bilinear properties in such way that each entity has to prove, in a noninteractive way, the equality of two inverses of the isomorphism induced by the bilinear map .

To do this, each entity chooses a random and computes , and a hash of the tuple , .

Then, entity computes and joins the tuple to its share in order that other entities can check that Both equalities hold as we can see as follows:

4.3. Security Analysis

In the proposed protocol we assume that any attacker who wishes to break the privacy in the proposed electronic voting protocol is fully aware of the public key and any algorithms that may be used as part of the protocol. The information that is denied to the attacker is the private key for encryption during the voting phases.

The nature of the relation between the public and private keys means that it is possible for any asymmetric scheme to achieve a perfect notion of security. Public keys, by definition, must contain enough information to compute their associated private key. In such case it may be theoretically possible to recover the private key from the public key; it is not computationally feasible to do so. Considering that and that we cannot derive definite mathematical statements about the security of the protocol, we do prove that a reduction exists between the difficulty of breaking the protocol and the difficulty of solving a well-studied mathematical problem.

The reductionist approach is used to prove the security in our protocol relying on assumptions about the hardness of some mathematical problems. All of this is made in order to prove its security. We give some definitions as follows.

Definition 1. Given two groups and of the same prime order , a bilinear map , and a generator of , the Decisional Bilinear Diffie-Hellman Problem (DBDHP) in is to decide whether given and an element .

Definition 2. Given two groups and of the same prime order , a bilinear map , and a generator of , the Computational Bilinear Diffie-Hellman Problem (CBDHP) in is to compute given .

In other words, security of proposed protocol is based on hardness assumptions for problems in groups equipped with a pairing. The advantage of solving such assumptions is given as follows.

Definition 3. The advantage of an algorithm in solving the Bilinear Diffie-Hellman Problem (BDHP) in iswhere and we assume that parameters as output by the algorithm PairingGen on input are given to as additional inputs. We say that the BDHP is hard in if no Polynomial Time Algorithm that solves the BDHP in has a nonnegligible advantage, as a function of the security parameter .

Definition 4. The advantage of an algorithm in solving the Decisional Bilinear Diffie-Hellman Problem (DBDHP) in iswhere and . Moreover, we assume that parameters as output by the algorithm PairingGen on input are given to as additional inputs. We say that the DBDHP is hard in if no Polynomial Time Algorithm that solves the DBDHP in has a nonnegligible advantage, as a function of the security parameter .

Definition 5. The advantage of an algorithm in solving the Computational Bilinear Diffie-Hellman Problem (CBDHP) in iswhere and . Moreover, we assume that parameters as output by the algorithm PairingGen on input are given to as additional inputs. We say that the CBDHP is hard in if no Polynomial Time Algorithm that solves the CBDHP in has a nonnegligible advantage, as a function of the security parameter .

Considering the aforementioned, to break our protocol from the privacy point of view, first of all, attacker must break the atomic primitives our cryptographic protocol is based on in addition to getting nonnegligible advantage in the above definitions.

5. Results

In order to get a comparison between the proposed protocol and related work, results are shown from two points of view; Table 1 shows the first one, which is viewed from the total number of PKI components that the proposed protocol would use to develop a voting process. In such table PKI Component 1 and PKI Component 2 mean certification and trust authorities, respectively. Both of them are main components in a PKI. In that table it is possible to see that the number of components required increases depending on the number of voters participating in the voting protocol. Moreover, the proposed electronic voting protocol meets privacy and robustness based on Diffie-Hellman problems, which become as secure as [5] and more secure than [1–4], as [5] reports. In this sense CBDHP means Computational Bilinear Diffie-Hellman Problem.

On the other hand, the second point of view is from the computations needed to develop the proposed protocol, which depends on the number of cryptographic operations used in comparison with the proposed one. Operations considered are modular addition (+), modular multiplication (), exponentiation , inversion , point addition , and scalar multiplication . Moreover, means voter and parameter represents the total number of shareholders who participate during the voting process with and denotes the threshold that the voting protocol considers for counting stage. It is important to say that our protocol involves operations based on groups, finite fields, and field extensions, which are made by using polynomials to represent the field elements that bilinear maps use.

In Table 2 it is possible to see that even though the proposed protocol does not involve exponentiations and point additions, it does use several computations of bilinear maps, which involves additions and multiplications over a finite field and its extensions, a technique called tower fields. However, even though the proposed protocol has the highest computational cost, bilinear maps can be addressed by using cryptoaccelerators, which efficiently develops such kind of cryptographic operations. The inclusion of such processors is considered to be cheaper and preferred than the components of a Public Key Infrastructure.

6. Conclusion

Electronic voting protocols that include as main construction blocks blind signatures and homomorphic and secret sharing techniques have been developed in last years. In this paper we present a protocol that is based on blind signatures and secret sharing techniques, using blind signatures and encryption schemes as the main construction blocks. The main difference with protocols proposed to date is that its functionality is based on bilinear maps and secret sharing schemes, which are used jointly with their respective properties to meet expectations of privacy and robustness. Bilinear maps develop high cost operations which can be addressed by using cryptoaccelerators to efficiently develop this sort of operations. As a result, we eliminate the need of implementing a Public Key Infrastructure (PKI).

In addition the proposed protocol is based on the difficulty of solving the Computational Diffie-Hellman Problem (CDHP) and the Bilinear Diffie-Hellman Problem (BDHP); due to its construction it can be found on supersingular elliptic curves or hyperelliptic curves over finite fields; as a consequence no algorithm exists as yet capable of solving such problems in polynomial time.

According to what was mentioned above, it is easy to see that proposed protocol highlights the balance between security and efficiency. In other words, from the security point of view, the proposed protocol is based on the difficulty of solving the Computational Diffie-Hellman Problem (CDHP) and the Bilinear Diffie-Hellman Problem (BDHP). From the efficiency point of view, we eliminate the need of implementing the components of a Public Key Infrastructure (PKI) and leave as consideration the development of cryptographic operations by using cryptoaccelerators.

The protocol presented here could be used, for instance, in a voting system based on Direct Recording Electronic (DRE) systems, which provides authentication of the voter’s identity based on official documents presented to the electoral authority.

Moreover, the voter’s receipt could be used to meet requirements of verifiability and accuracy. Thus, in order to verify if the votes were recorded and counted, the receipt should appear on a bulletin board in which it is displayed together with the final tally. If any voter does not find his/her hash value on the bulletin board, he/she can register a complaint with election officials.

Conflict of Interests

The authors declare that there is no conflict of interests regarding the publication of this paper.

Acknowledgments

The authors thank the Instituto Politecnico Nacional and the Consejo Nacional de Ciencia y Tecnología. The research for this paper was financially supported by Project Grant no. SIP-2014-RE/123, CONACyT 216533.

References

R. Cramer, R. Gennaro, and B. Schoenmakers, “A secure and optimally efficient multi-authority election scheme,” in Advances in Cryptology—EUROCRYPT '97, vol. 1233 of Lecture Notes in Computer Science, pp. 361–376, Springer, Berlin, Germany, 1997.
View at: Publisher Site | Google Scholar
Y. Mu and V. Varadharajan, “Anonymuos secure e-voting over a network,” in Proceedings of the 14th Annual Computer Security Applications Conference, pp. 293–299, IEEE Computer Society, 1998.
View at: Google Scholar
M. Ohkubo, F. Miura, M. Abe, A. Fujioka, and T. Okamoto, “An improvement on a practical secret voting scheme,” in Information Security, vol. 1729 of Lecture Notes in Computer Science, pp. 225–234, Springer, Berlin, Germany, 1999.
View at: Publisher Site | Google Scholar
O. Baudron, P. Fouque, D. Pointcheval, G. Poupard, and J. Stern, “Practical multi-candidate election system,” in Proceedings of the 20th Annual ACM Symposium on Principles of Distributed Computing (PODC '01), pp. 274–283, ACM, 2001.
View at: Publisher Site | Google Scholar
G. Gallegos-García, R. Gómez-Cárdenas, and G. I. Duchén-Sánchez, “Identity based threshold cryptography and blind signatures for electronic voting,” WSEAS Transactions on Computers, vol. 9, no. 1, pp. 62–71, 2010.
View at: Google Scholar
Internet Policy Institute, Report of the National Workshop on Internet Voting: Issues and Research Agenda, Internet Policy Institute, 2001.
T. Kohno, A. Stubblefield, A. D. Rubin, and D. S. Wallach, “Analysis of an electronic voting system,” in Proceedings of the IEEE Symposium on Security and Privacy, pp. 27–40, IEEE, May 2004.
View at: Publisher Site | Google Scholar
D. A. Gritzalis, “Principles and requirements for a secure e-voting system,” Computers and Security, vol. 21, no. 6, pp. 539–556, 2002.
View at: Publisher Site | Google Scholar
P. Barreto, H. Kim, and M. Scott, “Efficient algorithms for pairing-based cryptosystems,” in Advances in Cryptology—Crypto '02, vol. 2442 of Lecture Notes in Computer Science, pp. 354–368, Springer, 2003.
View at: Google Scholar
J. L. Beuchat, N. Brisebarre, J. Detrey, E. Okamoto, M. Shirase, and T. Takagi, “Algorithms and arithmetic operators for computing the ηT pairing in characteristic three,” IEEE Transactions on Computers, vol. 57, no. 11, pp. 1454–1468, 2008.
View at: Publisher Site | Google Scholar | MathSciNet
H. Cohen and F. Gerhard, Handbook of Elliptic and Hyperelliptic Curve Cryptography, Chapman & Hall/CRC, Taylor & Francis, 2006.
D. Boneh and M. Franklin, “Identity-based encryption from the Weil pairing,” in Advances in Cryptology—CRYPTO 2001: Proceedings of the 21st Annual International Cryptology Conference, Santa Barbara, California, USA, August 19–23, 2001, vol. 2139 of Lecture Notes in Computer Science, pp. 213–229, Springer, Berlin, Germany, 2001.
View at: Publisher Site | Google Scholar
B. Libert and J.-J. Quisquater, “Efficient revocation and threshold pairing based cryptosystems,” in Proceedings of the 22nd Annual ACM Symposium on Principles of Distributed Computing (PODC '03), pp. 163–171, July 2003.
View at: Google Scholar
D. Liem, F. Zhang, and K. Kim, “A new threshold blind signature scheme from pairings,” in Proceedings of the Symposium on Cryptography and Information Security, Hamamatsu, Japan, 2003.
View at: Google Scholar
A. Shamir, “How to share a secret,” Communications of the ACM, vol. 22, no. 11, pp. 612–613, 1979.
View at: Publisher Site | Google Scholar | MathSciNet
Y. Desmedt, “Threshold cryptosystems,” in Advances in Cryptology—AUSCRYPT '92, J. Seberry and Y. Zheng, Eds., vol. 718 of Lecture Notes in Computer Science, pp. 1–14, Springer, Berlin, Germany, 1993.
View at: Publisher Site | Google Scholar
A. Boldyreva, “Efficient threshold signature, multisignature and blind signature schemes based on the Gap-Diffie-Hellman-Group signature scheme,” in Proceedings of the International Workshop on Public Key Cryptography (PKC '03), vol. 2139 of Lecture Notes in Computer Science, pp. 31–46, Springer, 2003.
View at: Google Scholar

Copyright

Copyright © 2015 Gina Gallegos-Garcia and Horacio Tapia-Recillas. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

4774

Downloads

1096

Citations