Secure i-Voting Scheme with Blockchain Technology and Blind Signature

Mahmoud Al-Rawy and Atilla Elci

Cite: Al-Rawy M., Elci A. Secure i-Voting Scheme with Blockchain Technology and Blind Signature. J. Digit. Sci. 1(1), 3-14 (2019). https://doi.org/10.33847/2686-8296.1.1_1

Abstract. In the last four years, blockchain technology affected largely all aspects of our lives. Blockchain started to launch a new technological revolution of storing digital transactions over the Internet, verifying the authenticity, licensing and providing the highest degree of security and encryption. Blockchain usage started with digital currency then its implementation extended to many industries such as voting, health records, copywriters, real estates and so on. However, it is time to upgrade the election scenario from practicing paper-based elections to use modern technologies in order to facilitate our lives. The fact that the blockchain technology has demonstrated almost infinite immutability and high resistance against hacking, lends credit to employ it in securing election data from fraud by saving every single piece of data, record or transaction with unchangeable history. In this paper, we propose and test implement a robust online voting system based on blockchain in order to prevent election forgery and ease the voting process for citizens. The essence of our research lies in abandoning alterable traditional databases and replacing them with two private blockchains that use the peer-to-peer network. Along with the blockchains, we utilized blind signature to maintain vote/voter privacy in order to safeguard voter eligibility validation against manipulation and forgery.  Lastly, we discuss a threat model, and suggest solutions overcome it; we also suggest a solution to identity impersonation and vote-selling problems.

Keywords: Blockchain, Internet Voting, Vote/Voter privacy, Blind Signatures, Public-Private Key algorithm anonymization.

References

  1. Brightwell, I., Cucurull, J., Galindo, D., Guasch, S.: An overview of the iVote 2015 voting system, New South Wales Electoral Commission,  Australia, Scytl Secure Electronic Voting, Spain (2015)
  2. Rivest, R., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM, February (1978)
  3. Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system, http://bitcoin.org/bitcoin.pdf, (2008)
  4. Glaser, F.: Pervasive Decentralisation of Digital Infrastructures:  A Framework for Blockchain enabled System and Use Case Analysis. Hawaii International Conference on System Sciences, Goethe University Frankfurt, Hawaii, (2017)
  5. Kizhakkedathil, N.: A Study Into The Prospects Of Implementing End-To-End Verifiability In Estonia Voting. Tallinn University Of Technology, Faculty of Information Technology, Department of Computer Science, Tallinn (2016)
  6. Zyskind, G., Nathan, O., Pantland, A.: Decentralizing Privacy: Using Blockchain to Protect Personal Data. IEEE CS Security and Privacy Workshops, (2015)
  7. Lyon, D.: National IDs in a Global World: Surveillance, Security, and Citizenship. Case Western Reserve Journal of International Law Cleveland, Ohio, vol. 44, pp. 607–623, (2010)
  8. Johnson, D., Menezes, A.: The Elliptic Curve Digital Signature Algorithm (ECDSA). Technical Report CORR 99-34, Dept. of C&O, University of Waterloo, Canada (1999).
  9. M’Raihi, D., Machani, S., Pei, M., Rydell, J.: TOTP: Time-Based One-Time Password Algorithm, Internet Engineering Task Force (IETF), (2011)
  10. Dunphy, P., Adleman, L.: A First Look at Identity Management Schemes on the Blockchain. IEEE, VASCO Data Security, (2018)
  11. Hastings ,N., Peralta, R., Popoveniuc, S., Regenscheid  A.: Security considerations for remote electronic UOCAVA voting. National Institute of Standards and Technology, NISTIR 7770, Feb (2011)
  12. Springall, D., Finkenauer, T., Durumeric, Z., Kitcat, J., Hursti, H., MacAlpine, M., Halderman, J. J.: Security Analysis of the Estonian Internet Voting System, University of Michigan , Open Rights Group,  ACM New York (2014)
  13. Halderman, J. A.,  Teague, V.: The New South Wales iVote System: Security Failures and Verification Flaws in a Live Online Election, University of Michigan, University of Melbourne, arXiv:1504.05646v2 [cs.CR] Jun (2015)
  14.  Adrian, D., Bhargavan, K., Durumeric, Z., Gaudry, P., Green, M., Halderman, J. A., Heninger,  N., Springall, D., Thome, E., Valenta, L., VanderSloot, B., Wustrow, E.,    Zanella-Beeguelin, S., Zimmermann, P.: Imperfect forward secrecy: How Diffie-Hellman fails in practice, May (2015)
  15. Durumeric, Z., Adrian, D., Mirian, A., Bailey, M., Halderman  J. A.: Tracking the FREAK attack, https://freakattack.com/
  16. McKay, R.: Flaws in iVote’s re-vote process which attempts to defeat coercers, http://www.bigpulse.com/governmentelections#changevoteaw
  17. Jones,D. W., Simons, B.: Broken Ballots: Will Your Vote Count?, Stanford University Center for the Study of Language and Information, California (2012)
  18. Cross-Site Scripting, http://shiflett.org/articles/cross-site-scripting
  19. Parsovs, A.: Practical issues with TLS client certificate authentication, University of Tartu, Software Technology and Applications Competence Center, Estonia (2014).
  20. Moura, T., Gomes, A.: Blockchain voting and its effects on election transparency and voter confidence, Proceedings of the 18th Annual International Conference on Digital Government Research, ACM, pp. 574–575, USA(2017)
  21. McCorry, P., Shahandashti, S. F., Hao, F.: A smart contract for boardroom voting with maximum voter privacy, in International Conference on Financial Cryptography and Data Security. Springer, pp. 357–375, (2017)
  22. Danchev, D.: Study finds the average price for renting a botnet, ZDNet, May (2010), http://www.zdnet.com/blog/security/study-finds-theaverage-price-for-renting-a-otnet/6528.
  23. Vonnegut, S.: Preventing XSS: 3 Ways to Keep Cross-Site Scripting Out of Your Apps, Oct (2017), http://www.zdnet.com/blog/security/study-finds-theaverage-price-for-renting-a-otnet/6528
  24. Vonnegut, M.: FREAK Attack: What You Need to Know, March (2015), http://www.zdnet.com/blog/security/study-finds-theaverage-price-for-renting-a-otnet/6528
  25. Chaum, D. L.: Untraceable electronic mail, return addresses and digital pseudonyms, technical note programming techniques and data structures, Advances in Information Security, 7, 211-219 (1981)
  26. Czepluch, J. S., Lollike, N. Z., and Malone, S. O.: The use of block chain technology in different application domains, IT University of Copenhagen, Copenhagen, (2015).
  27. Jason, P. C., and Yuichi, K.: E-voting system based on the bitcoin protocol and blind signatures, E-voting system based on the bitcoin protocol and blind signatures, 10, 1, 14-22 (2017).
  28. Bartolucci, S., Bernat, P., and Joseph, D.: SHARVOT: secret SHARe-based voting on the blockchain, 1st International Workshop on Emerging Trends in Software Engineering for Blockchain, Gothenburg, 30-34 (2018).
  29. Ayed, B. A.: A conceptual secure blockchain-based electronic voting System, International Journal of Network Security and Its Applications (IJNSA), 9, 3, 1-9 (2017).
  30. Al-Rawy M., Elci A. (2019) A Design for Blockchain-Based Digital Voting System. In: Antipova T., Rocha A. (eds) Digital Science. DSIC18 2018. Advances in Intelligent Systems and Computing, vol 850. Springer, Cham, pp. 397-407.

Published online 22.12.2019