A Secure E-voting Architecture

Download PDF
8 downloads 14568 Views 125KB Size Report
Comment
Electronic voting has many advantages over the traditional way ... signing process and the signature, which is later ... a username along with a pin number that is.
A Secure E-voting Architecture A. S. Sodiya, S. A. Onashoga, and D.I. Adelani Department of Computer Science, University of Agriculture, Abeokuta, Nigeria [email protected], [email protected], [email protected]

Abstract The constant development in computer technology now gives rise to an efficient way of using computer or electronic medium of voting. However, it is being faced with the problem of nonanonymity, coercion and bribery. In this paper, elliptic curve is combined with ElGamal cryptosystem to enhance the security of e-voting architecture. Several points from (x, y) coordinates from elliptic curve are used instead of using a large integer along with ElGamal encryption that is based on probabilistic encryption (produces several ciphertexts) which is used to ensure anonymity, non-coercion and receipt-freeness. A voter can also revote to find an appropriate answer to coercion at another location. With the proposed architecture, e-voting system should be fair.

Key Words: anonymity, coercion, EC-ElGamal, elliptic curves, receipt-freeness.

1. Introduction Voting is the procedure that allows every members of an organisation or community to choose representatives who will hold positions of authority within it. The chance to decide who governs at each level serves as an opportunity for the public to make choices about the policies, programs, and future directions of government actions (Ginsberg, 2005). Therefore, it is the civic right of every citizen to choose into power their intended candidate in a democratic system; this must be done without electoral fraud. There is concern in many democracies about the declining rates in voter turnout and more generally, the (perceived) trend towards political apathy. To reverse this, and to promote political activity, political reform is needed. One of the measures considered is to simplify the election procedure by introducing electronic voting, and in particular

Internet voting. It is expected that this will increased voter convenience and voter confidence in the accuracy of election results [8] An electronic voting (e-voting) system is a voting system in which the election data is recorded, stored and processed primarily as digital information. (Network Voting System Standards,VoteHere, Inc., 2002). It uses an electronic means of casting and counting votes. Electronic voting has many advantages over the traditional way of voting. Some of these advantages are lesser cost, faster tabulation of results, greater accuracy, and lower risk of human and mechanical errors. It offers improved accessibility for the people with disabilities, and it provides multiplelanguage support for the ballots. However, e-voting also allows for the possibility of adversaries to affect or even disrupt the voting in an easier way even if there is only a tiny security flaw in the design. It has been widely recognized that a secure e-voting scheme should satisfy not only completeness, privacy, nonreusability, eligibility, fairness, verifiability, and robustness, but also receipt-freeness and noncoercion. In conventional voting systems, a voting booth not only allows voters to keep their ballots secret, but also prevents ballot (or vote) selling and coercion. [11] E-voting can be efficiently secured by cryptography. In this work, we proposed a secure evoting architecture based on Elliptic Curve ElGamal (EC-ELGAMAL) cryptography. Elliptic curve discrete logarithm is the underlying principle for the security of the voting scheme. The major concern of this work is to design an e-voting architecture that ensures privacy, non-coercion and receipt-freeness. This can be ensured if the voter cannot prove to the coercer or for receipt (bribery) the way he/she has voted. Each voter’s vote is encrypted and sent to the voting authority and later decrypted in the tallying phase.

2.

Literature Review

Chaum [3] pioneered the notion of e-voting and he introduced the concept of a mix-net, which is a cryptographic alternative to an anonymous channel. A mix net is composed of several linked servers called mixes. Each mix takes a batch of messages (e.g. encrypted votes), randomises it and then outputs a batch of permuted messages such that the input and output messages cannot be linked. Another type is the re-encryption net was proposed by [9] in which all votes are encrypted with the public key of the first mix, and then randomised reencryption takes place at each layer in a verifiable way. The concept of blind signatures was introduced by Chaum [2] as a method to digitally authenticate a message without knowing the contents of the message. A distinguishing feature of blind signatures is that they cannot be linked: the signer cannot derive the correspondence between the signing process and the signature, which is later made public. Benaloh [6][7] proposed a model based on homomorphic secret sharing scheme. With such schemes there is an operation ⊕ defined on the share space, such that the “sum” of the shares of any two secrets x1 and x2 is a share of the secret x1 ⊕ x2. In the voting scheme, each voter shares his/her vote among n voting authorities. The shares are encrypted with the public key of the receiving authority, authenticated, and posted on a bulletin board. At the end of the voting period each authority adds all the received shares to get a share of the sum of the tally. Finally the authorities combine their shares to get the tally. Cramer et al [11] proposed an election model which uses the special properties of homomorphic encryption algorithms to establish universal verifiability in large-scale elections, while retaining privacy for individual votes. With homomorphic encryptions, there is an operation ⊕ defined on the message space and an operation ⊗ defined on the cipher space, such that the “product” of the encryptions of any two votes v1, v2: E (v1) ⊗ E(v2) is the encryption E (v1 ⊕ v2) of the “sum” of the votes. The notions of receipt-freeness and noncoercion were introduced to deal with vote-selling and coercion in e-voting systems by Benaloh, J., [6] With receipt-freeness, the voter is the adversary: the voter should not be able to convince

a third party of the value of the vote, even if the voter wants to (e.g. for reward). With non-coercion, the adversary is a coercer: the coercer should not be able to extract the value of the vote from the voter, even if the voter is forced to. Liaw [5] proposed an e-voting protocol using smart cards, which allows the voter to ask the centre to recount his vote by sending the receipt, if his/her vote has not been counted, but this approach does not satisfy the requirement of non-coercion. Recently, Magkos et al [4] proposed a receipt-free e-voting scheme based on the virtual voting booth that is implemented with a smart card. Receiptfreeness is achieved by distributing the voting procedure between the voter and the smart card. The voter and the smart card jointly contribute randomness for the encryption of the ballot. However, Magkos Burmester-Chrissikopoulos’ evoting scheme must assume that the briber or the coercer does not monitor the voter during the every moment of voting, which is clearly unreasonable, that is, it cannot effectively prevent bribe and coercion in practical environments. Wei-Chi et al [12] in their paper described an evoting scheme that can solve or at least lessen the problems of bribe and coercion, and can be realized with current techniques. By using smart cards to randomize part of the content of the ballot, the voter cannot construct a receipt. By using physical voting booths, bribers and coercers cannot monitor the voter while he votes. Unlike conventional voting systems, the voter of the proposed scheme can choose any voting booth that is convenient and safe to him. Chinniah et al [10] in their paper described a new multi-authority electronic voting scheme based on elliptic curves is proposed. According to the proposed scheme, each voter casts the vote as a point on the elliptic curve and the final tally is computed with the assistance of multiple authorities. A trusted centre is involved in the scheme to distribute the shared secret key among the authorities and the Shamir (t, n) threshold scheme is used for key distribution. The proposed scheme also meets the essential requirements of evoting system. Ultimately, the proposed voting scheme fortifies the security properties of the electronic voting procedure, since the secrecy of the particularized vote is preserved by ElGamal cryptosystem and Elliptic curve discrete logarithm problem.

3.

The Proposed E-voting Scheme

The proposed e-voting scheme is divided into four major phases: Registration, Validation, Casting and Tallying

3.1

Eligible voter

Registration Phase

Prior to the election, voters will have to prove their identity and eligibility. An electoral roll is created. The age of each person is checked and the national registration database to ensure he/she is not involved in crime before registration. All voters’ information is sent to database acting as the voters register. Also, biometric features like fingerprint or face recognition can be very useful during registration of voters. The voter will provide a username along with a pin number that is randomly generated by the computer to log-in the user during the validation phase. Therefore, the eligible voter will have ensured that the username and pin number are safe. This will be used during the validation phase.

3.2

REGISTRATION

VALIDATION

(Username and Pin number)

(elliptic curve parameters, a, b, p)

EC-ELGAMAL is used to get encrypted vote based on points (of encrypted vote)

ELECTION CONTROLLER

Validation Phase

During the election, voters are authenticated before casting their vote. This is similar to manual voter’s verification in the traditional system of voting to ensure that the registration numbers are confirmed on the voters register. Each voter will have to supply the pair of username and pin number. When a voter is authenticated, he can now vote for the candidate of his choice, otherwise, he will be denied access. It should be noted that only one vote per voter is allowed in this e-voting system.

3.3

VOTING

Casting Phase

Voters cast their vote. Each voter’s choice is directly transferred to the tallying phase. In this phase, we want to ensure anonymity, noncoerciveness and receipt-freeness. Anonymity ensures that each vote cannot be linked to the person that cast it. When there is receipt-freeness and no coercion, the voter will not be able to prove to the coercer the way he voted or to receive a receipt (bribe). The best way to do this is by cryptography. EC-ELGAMAL is used to ensure security of the vote by encrypting each vote. A single vote (e.g. Party name) can be encrypted to (p-1) ciphertexts for a prime, p. A voter can come back to revote when he/she is not being coerced.

TALLYING

Decryption and vote counting

AUDIT TRAIL Figure 1: E-voting Architecture based on EC-ELGAMAL

3.3.1

EC-ElGamal Encryption

This encryption uses points on an elliptic curve for encryption parameters of an ElGamal Encryption except the private key. It randomly selects points from the elliptic curve. The algorithm to get all available points on elliptic curve is stated below. The mathematical operations of ECC is defined over the elliptic curve y2 = x3 + ax + b, where 4a3 + 27b2 ≠ 0. Each value of the ‘a’ and ‘b’ gives a different elliptic curve. All points (x, y) which satisfies the above equation plus a point at infinity lies on the elliptic curve. The public key is a point in the curve and the private key is a random

number. The public key is obtained by multiplying the private key with the generator point G in the curve. The generator point G, the curve parameters ‘a’ and ‘b’, together with few more constants constitute the domain parameter of ECC. One main advantage of ECC is its small key size. A 160-bit key in ECC is considered to be as secured as 1024-bit key in RSA. Algorithm to determine all the points in an elliptic curve EllipticCurve_points(p, a, b) // p is the modulus { x=0 while (x