The Scientific World Journal

Volume 2015 (2015), Article ID 741031, 6 pages

http://dx.doi.org/10.1155/2015/741031

## Electronic Voting Protocol Using Identity-Based Cryptography

^{1}Sección de Estudios de Posgrado e Investigación, Escuela Superior de Ingeniería Mecánica y Eléctrica, Instituto Politécnico Nacional, Avenida Santa Ana 1000, San Francisco, Culhuacan, Coyoacan, 04430 México City, DF, Mexico^{2}Departamento de Matematicas, Universidad Autónoma Metropolitana Iztapalapa, San Rafael Atlixco 186, Vicentina, Iztapalapa, 09340 México City, DF, Mexico

Received 9 February 2015; Revised 4 May 2015; Accepted 6 May 2015

Academic Editor: Ting-Yi Chang

Copyright © 2015 Gina Gallegos-Garcia and Horacio Tapia-Recillas. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

#### Abstract

Electronic voting protocols proposed to date meet their properties based on Public Key Cryptography (PKC), which offers high flexibility through key agreement protocols and authentication mechanisms. However, when PKC is used, it is necessary to implement Certification Authority (CA) to provide certificates which bind public keys to entities and enable verification of such public key bindings. Consequently, the components of the protocol increase notably. An alternative is to use Identity-Based Encryption (IBE). With this kind of cryptography, it is possible to have all the benefits offered by PKC, without neither the need of certificates nor all the core components of a Public Key Infrastructure (PKI). Considering the aforementioned, in this paper we propose an electronic voting protocol, which meets the privacy and robustness properties by using bilinear maps.

#### 1. Introduction

Since 1964, considerable efforts have been made to improve the efficiency of election processes that has brought, as a consequence, a wide range of proposals on such topic.

Electronic voting has been mentioned in different media as the use of computers or computerized voting equipment to cast ballots in an election, which nowadays are a reasonable alternative to conventional elections and other opinion expressing processes [1–5]. Roughly speaking an electronic voting protocol, used to develop an electronic voting process, involves three main entities: voters, registration authorities, and counting authorities who interact with each other during four main phases: registration, authentication, voting, and counting [6, 7], from which authentication is out of our scope.

In order to use an electronic voting protocol inside an electronic voting process, it should satisfy several properties [8]. However, proposed protocol meets privacy and robustness properties by using bilinear maps.(i)Privacy: a vote must be kept secret from any coalition of authorities.(ii)Robustness: the protocol can be developed even if there are entities who do not give correct information. In other words, this property is against dishonest users.

In this paper a voting protocol based on bilinear maps [9, 10] satisfying privacy, uncoercibility, and robustness is proposed. The paper is organized as follows: in Section 2 some intractable problems on finite groups are recalled. The security of the proposed protocol is based on these intractable problems. In Section 3 the proposed protocol is presented. An analysis of privacy and robustness properties is given in Section 4. Obtained results are showed in Section 5. Section 6 presents concluding remarks and final references are listed.

#### 2. Preliminaries

Let be a cyclic group of order written additively. With such a group , the following hard cryptographic problems are defined:(i)Discrete Logarithm Problem (DLP): given , find an integer such that whenever such integer exists.(ii)Computational Diffie-Hellman Problem (CDHP): given a triple for , find the element .(iii)Decision Diffie-Hellman Problem (DDHP): given a quadruple for , decide whether or not.

We assume throughout the paper that DLP and CDHP are intractable, which means that there does not exist a Polynomial Time Algorithm to solve them with nonnegligible probability. When the DDHP is easy but the CDHP is hard on the group is called a Gap Diffie-Hellman (GDH) group. Such a group can be found on supersingular elliptic curves or hyperelliptic curves over finite fields [11, 12]. The proposed electronic voting protocol can be built on any GDH group.

#### 3. The Proposed Electronic Voting Protocol

The protocol is divided into three phases: setup, voting, and counting. In the setup stage the key pairs to be used during the voting and counting phases are generated. The generation of these key pairs involves the participation of entities , where [12–14]. Each entity broadcasts and receives specific information by using Shamir’s secret-sharing scheme in order to generate its public and private shares [15]. In the voting phase voters encrypt votes and ask a blind signature [13, 14]. In the counting phase, a Combining Entity reconstructs the signatures of the votes and verifies and decrypts them [13, 14, 16, 17].

The Combining Entity, who does not have any private key, decrypts the votes by combining decryption shares, which are generated by each entity , after which the votes are counted and the tally is published.

The three phases are detailed as follows.

##### 3.1. Setup Phase

(1)Let and be cyclic groups of the same order which is assumed to be a prime number, with , and let be a nondegenerated bilinear mapping. Let and be two hash functions. This information is known to all entities , where . Furthermore, each entity chooses a binary string, an element of , corresponding to information identifying this entity, for example, an e-mail address, an IP address, and telephone number. The entity sends information to each to generate the public encryption key and its respective private decryption key as follows:(a)Entity randomly selects , keeps it in secret, and broadcasts .(b)Entity randomly picks up a polynomial of degree such that . The integer is taken sufficiently large.(c) computes and broadcasts for and sends to each for , where .(2)After receives from entity , , it does the following:(a) verifies by checking that , for each , . If the check fails, broadcasts a complaint against .(b)It computes its private share and keeps it in secret. This may be considered as an element of . Each calculates its public share and computes the public encryption key .(3)With the above calculations, the public key is and its respective private key, that is distributed to every entity , is .(4)Let be the binary sequence identifying the receiver, also called Combining Entity, and let ; all entities compute their private encryption private share .(5)In order to generate the signature and verification key pair, each entity sends the following information to each . This is done by using the same (additive) group as follows:(a)Entity randomly selects , keeps it in secret, and broadcasts .(b)It picks up randomly a polynomial of degree such that . Note that the polynomials , despite having the same degree, are different.(c)It computes and broadcasts and sends to each for , .(6)After receives from entity , , it does the following:(a) verifies by checking that . If the check fails, broadcasts a complaint against .(b)It computes its private share and keeps it in secret. The element can be regarded as an element of .(c)Then, each calculates its public share and computes the public verification key .(7)With the above calculations, the public key is ; it means that and its respective private key that is distributed to every entity is .

##### 3.2. Voting Phase

(1)Let be the bilinear pairing mentioned above. To encrypt a vote as a message, the voter chooses an option and selects . Then, it codifies as an element of . After that, the voter selects any and computes one scalar multiplication and one bilinear pairing obtaining the encrypted vote given by , where and .(2)The voter gets the blinded encrypted vote by choosing randomly and calculating . After that, is sent to each entity in order to ask for an -shadow-blind signature to each entity , with .(3)Each entity computes and sends it back to the voter. Since , as well.(4)The voter calculates the* i-shadow-signature* of each entity by computing . Since is an element of so is .(5)Considering a storage device, the vote and the* i-shadow-signatures* are stored as , where is computed as in the previous step.

##### 3.3. Counting Phase

(1)To rebuild and verify the signature of each vote, the independent Combining Entity proceeds as follows:(a)It selects a subset of shadow-signatures, that is, , and computes , where denotes the Lagrange coefficient associated with the polynomial given by ([17]). Observe that in particular .(b)It verifies the signature by checking that .(2)To decrypt the votes, the procedure is as follows:(a)Each entity calculates its decryption share for every vote cast and sends to the Combining Entity, who selects a set of decryption shares and computes , where denotes the Lagrange coefficient associated with the polynomial given by ([17]).(3)Once is determined, the vote is decrypted by computing .(4)The votes are counted and the tally is published. The voter can check if its vote was counted by comparing its receipt with the announced results.

#### 4. Properties Analysis

##### 4.1. Privacy

The proposed electronic voting protocol meets the privacy property by using a threshold encryption scheme and its respective signature version, which is probably secure under the Computational Bilinear Diffie-Hellman Problem. With this, only the Combining Entity, jointly with at least entities, is the only one who is able to decrypt votes and verify signatures during the counting stage. The correctness is shown as follows from the signature verification in Section 3.3:and from the decryption votes, also in Section 3.3:Then,

##### 4.2. Robustness

The proposed electronic voting protocol meets robustness property by using bilinear properties in such way that each entity has to prove, in a noninteractive way, the equality of two inverses of the isomorphism induced by the bilinear map .

To do this, each entity chooses a random and computes , and a hash of the tuple , .

Then, entity computes and joins the tuple to its share in order that other entities can check that Both equalities hold as we can see as follows:

##### 4.3. Security Analysis

In the proposed protocol we assume that any attacker who wishes to break the privacy in the proposed electronic voting protocol is fully aware of the public key and any algorithms that may be used as part of the protocol. The information that is denied to the attacker is the private key for encryption during the voting phases.

The nature of the relation between the public and private keys means that it is possible for any asymmetric scheme to achieve a perfect notion of security. Public keys, by definition, must contain enough information to compute their associated private key. In such case it may be theoretically possible to recover the private key from the public key; it is not computationally feasible to do so. Considering that and that we cannot derive definite mathematical statements about the security of the protocol, we do prove that a reduction exists between the difficulty of breaking the protocol and the difficulty of solving a well-studied mathematical problem.

The reductionist approach is used to prove the security in our protocol relying on assumptions about the hardness of some mathematical problems. All of this is made in order to prove its security. We give some definitions as follows.

*Definition 1. *Given two groups and of the same prime order , a bilinear map , and a generator of , the Decisional Bilinear Diffie-Hellman Problem (DBDHP) in is to decide whether given and an element .

*Definition 2. *Given two groups and of the same prime order , a bilinear map , and a generator of , the Computational Bilinear Diffie-Hellman Problem (CBDHP) in is to compute given .

In other words, security of proposed protocol is based on hardness assumptions for problems in groups equipped with a pairing. The advantage of solving such assumptions is given as follows.

*Definition 3. *The advantage of an algorithm in solving the Bilinear Diffie-Hellman Problem (BDHP) in iswhere and we assume that parameters as output by the algorithm* PairingGen* on input are given to as additional inputs. We say that the BDHP is hard in if no Polynomial Time Algorithm that solves the BDHP in has a nonnegligible advantage, as a function of the security parameter .

*Definition 4. *The advantage of an algorithm in solving the Decisional Bilinear Diffie-Hellman Problem (DBDHP) in iswhere and . Moreover, we assume that parameters as output by the algorithm* PairingGen* on input are given to as additional inputs. We say that the DBDHP is hard in if no Polynomial Time Algorithm that solves the DBDHP in has a nonnegligible advantage, as a function of the security parameter .

*Definition 5. *The advantage of an algorithm in solving the Computational Bilinear Diffie-Hellman Problem (CBDHP) in iswhere and . Moreover, we assume that parameters as output by the algorithm* PairingGen* on input are given to as additional inputs. We say that the CBDHP is hard in if no Polynomial Time Algorithm that solves the CBDHP in has a nonnegligible advantage, as a function of the security parameter .

Considering the aforementioned, to break our protocol from the privacy point of view, first of all, attacker must break the atomic primitives our cryptographic protocol is based on in addition to getting nonnegligible advantage in the above definitions.

#### 5. Results

In order to get a comparison between the proposed protocol and related work, results are shown from two points of view; Table 1 shows the first one, which is viewed from the total number of PKI components that the proposed protocol would use to develop a voting process. In such table PKI Component 1 and PKI Component 2 mean certification and trust authorities, respectively. Both of them are main components in a PKI. In that table it is possible to see that the number of components required increases depending on the number of voters participating in the voting protocol. Moreover, the proposed electronic voting protocol meets privacy and robustness based on Diffie-Hellman problems, which become as secure as [5] and more secure than [1–4], as [5] reports. In this sense CBDHP means Computational Bilinear Diffie-Hellman Problem.