Ballot-Cancellation Protocol of E-voting Based on Two Independent Authorities

Recently, many e-voting systems have been proposed for successful election. It should be satisfied many requirements for successful e-voting. In this paper, we propose the ballot-cancellation scheme in order to manage invalid ballots. Many proposed e-voting systems have been proposed without considering invalid ballots. It can be happened an invalid ballot during e-voting, and then we should consider to treat the invalid ballot keeping the privacy and the security. Introduction It has been proposing many e-voting systems based on cryptography techniques [3][5][9][10]. A few systems of these are used in real election. But, most of proposed e-voting schemes had overlooked about a ballot-cancellation, which can cancel the ballot in voting results with keeping the privacy and the security. We should consider many situations for secure e-voting. Also, we found the special character on an absentee voting in Japan election law. According to Japan election law, after an absentee voter enforces the voting, if an absentee voter died or lost the right of casting the ballot before the Election Day, it is the invalid ballot. And then, we should cancel that ballot in the tallying with keeping the privacy and universal verifiability of an absentee voter. In this paper we consider the ballot-cancellation scheme including an absentee e-voting. For the successful e-voting system, we must consider an absentee voter together with a general voter. For the ballot-cancellation scheme, we use the modified r-residue cryptography using homomorphic encryption. When the ballot is cancelled, everyone can not know the vote. That is, it is kept the private. After a voter cast the voting, the vote is double encrypted by two public keys of administrator and tallier. In our scheme, the ballot is cancelled without knowing the content of voting and the mark remains in the bulletin board. We introduced the double encryption of [9]. Our ballot-cancellation protocol In our scheme, the ballot-cancellation was based on r-th residue using homomorphic encryption. After a voter enforces the vote, a voter encrypts the voting content with r-th residue encryption. The voting content is exponential i v and the exponential of the encrypted voting content i Z is i k . First, our system checks the value of i k , and then if 0 = i k , the encrypted voting content is 1. We can do the ballot-cancellation without knowing the voting content. So, it keeps a voter’s privacy. There is an example of the ballot-cancellation as follows: 10 10 9 9 8 8 7 7 6 6 5 5 4 4 3 3 2 2 1 1 10 1 ) ( K K K K K K K K K K i i K i Z Z Z Z Z Z Z Z Z Z Z Z = =∏ = (1) Suppose 0 4 1 = = k k (In e-voting, 1 k and 4 k are invalid ballot (cancel)). The result of equation (1) is as follows. 10 10 9 9 8 8 7 7 6 6 5 5 3 3 2 2 K K K K K K K K Z Z Z Z Z Z Z Z Z = (2) In the equation (2), 1 k and 4 k do not give the influence others variables. Requirements for proposal e-voting system In this paper, our goal is the secret e-voting including an absentee voter that can cancel the ballot. So, it should be satisfied as the following requirements. Privacy : Privacy is the basic requirement in E-voting. The concept of privacy is that all votes must be secret. That is, everyone should not know to associate individual votes and voters. Security : Many researches had been processing for the security of e-voting system. Most of e-voting systems consist of a few authorities. For the security, above all, it should not be concentrate the responsibility on voting results in an authority. Also, each authority enables the mutual checking on the vote result. In e-voting system, it is very important for the security to share equally roles on e-voting. Ballot-Cancellation : It can be happened the situation that the ballot is cancelled in the tallying. For example, forge of voting, the voting by illegal voter and so on. It can not stop the voting due to a few illegal voters. When it does the ballot-cancellation, it must keep the transparency on the privacy and the fairness of an absentee voter. For really e-voting system, it needs the ballot-cancellation scheme. Universal verifiability : Generally, a voter wants to know whether one's ballot includes exactly in the tallying or not. A voter can be claimed one's ballot to election office. The e-voting system should always prepare it. Robustness : The voting system should be successful regardless of partial failure of the system. Fairness : Nothing can after affect the voting. Construction of proposal e-voting system Construction of our e-voting Our e-voting system consists of four organizations. That is, Voter (a general voter and an absentee voter), Tallier, Administrator including a voter's list and Bulletin board. (1) Voter A voter is divided into a general voter and an absentee voter. In this paper, we explain the e-voting in aspect of an absentee voter. A person who can not go to the voting place in Election Day is an absentee voter because of the public business or health and so on. The definition of an absentee voter is different by the election law of each country. An absentee e-voting can be connecting with a military voting because a military takes the best high ratio in absentee voters. An absentee voter must previously reserve to Election office. (2) Administrator Administrator has a list of legitimated absentee voters and plays the role of the determination whether the ballot is valid or not and verifies the unresuability. The roles of Administrator are as follow s. Verify whether an absentee voter is a regal voter or not / whether voting is one time or not. Cast a mark 'verified' on the bulletin board (3 )Tallier Tallier verifies the received voting result from administrator whether this result is valid or not. Tallier computes voting results and announces voting results. The detailed roles are as follows. Compute voting results Compare with the number of voter that is computed by administrator Send voting results to bulletin board (4) Bulletin Board In bulletin board, everyone can see whether a voter votes or not. But, they can not erase and modify voting contents. Keeping the security of absentee voter, we can know only the fact whether an absentee voter votes or not. In the real absentee voting, an absentee voter can not know the transmission of one’s voting content. Also, absentee voter can request for the verification whether the content of absentee voting is exactly counted or not. For these, we use the Bulletin board. Table 1. Notation for proposal e-voting system Voter Administrator Tallier Voter: i V ID of each voter: i ID Voting contents of Voter: i v ( i v = 0 or 1) i σ : voter’s sign (RSA digital signature) i e : blind value Public key : < A A N e , > Private key : < A A A q p d , , > ) 1 )( 1 ( mod 1 , − − ≡ = A A A A A A A q p N e q p N A e T A N N ≥ A A q p , : large prime numbers i k : Variable of the right of casting the ballot on Voter ( i k = 0 or 1) M : Summation of voting results A σ : Absentee center’s sign (RSA digital signature) Public key : < T T y N , > ( T T T q p N ⋅ = , T y is random number) Private key : < T T q p , > T T q p , : large prime numbers Procedure of proposed e-voting system for an absentee voter (1) Stage I : Double encryption Voter i V selects vote i v and encrypts i v with the public-key < T T y N , > of Tallier. T i v r i v T i N x y Z mod = (3) Voter i V sends i Z to Administrator A. Administrator A encrypts i Z twice with the public-key < A A N e , > of Administrator A . A N e i Z i C A mod = (4) (2) Stage II : Blind Signature Voter i V blinds i C as follows. ) , ( i i i r C x e = (5) , where i r is a randomly chosen blinding factor. Voter i V signs i e as ) ( i i i e s σ = and sends < i i i s e ID , , > to administrator A . Administrator A checks the follows parts. . i s is a valid signature of i e . i ID is registered in a list and voter i V has the right to vote If all checks pass, Administrator A sings i d as follows and sends it to voter: ) ( i A i e d σ = Voter i V unblinds i d to obtain the signature i y as follows: ) , ( i i i r d y δ = (6) Voter i V checks that i y is a valid signature of administer for message i x . Administrator A announces the number of voters who were given the administrator’s signature, and sends < i i i s e ID , , > to bulletin board. Voter i V sends < i i y C , > to administrator A via an anonymous channel. (3) Stage III : The ballot-cancellation Administrator A checks the signature i y of the ballot i C using the administrator’s verification key. If the check succeeds, Administrator A decrypts i C using private key < A A A q p d , , > and gets i Z . Administrator A checks the voter’s right of casting the ballot and sends results to bulletin board. (Invalid ballot i k =0, Valid ballot i k =1) Administrator A computes the product for the collection as equation (12) ∏ = = h i A i c N Z Z 1 mod (7) Administrator A creates ID A ID and encrypts A ID , c Z with Administrator A ’s private key < A A A q p d , , >. A c A d A N Z ID mod , ) ( (8) In order to confirm the computed c Z by Administrator A , Voting center computes