Due to rapid growth of network technology, e-voting systems have been expected to make our modern social life more convenient, efficient and inexpensive. We even see that electronic polling is now a viable alternative for many non-governmental elections and surveys, and it is likely to become viable soon for governmental elections as well. Like in traditional election systems, democracy and privacy are very important issues to be considered carefully in the design of an e-voting system. The security characteristics of a secure voting system are summarized as follows :
From the viewpoint of underlying cryptographic mechanisms, most existing e-voting schemes in recent years can be roughly classified into three categories:
The first category of the schemes is inefficient because of the
complexity of the all-or-nothing protocol. In order to keep different voters
from being assigned the same tag, a method to avoid conflict is addressed
in , the method is not quite acceptable
because increasing number of identification
tags can not efficiently reduce the probability of conflict,
but tremendously increase the computational complexity. Actually, the
computational complexity of these schemes goes far beyond what a practical
system could handle. This is determined by the complexity of the
all-or-nothing protocol itself, on which all the schemes are based.
Abstractly, the blind
signature based schemes are similar to those based on all-or-nothing.
The difference is that blind signature, instead of all-or-nothing protocol,
is used to dissociate ballots from voters in signature based schemes.
The schemes of the
first two categories satisfy all of the properties mentioned above,
but the blind signature based schemes are much more efficient because
of their low complexity of computation and simplicity of protocols.
This is why they are more practical.
The schemes based on probabilistic
encryption and homomorphic functions are designed to be receipt-free.
In such schemes,
it is difficult for a voter to prove to someone else that how he voted,
therefore buying and selling votes could be avoided.
However, these schemes not only are very sophisticated with very high
computational complexity (because of probabilistic encryption), but
also have two physical assumptions: "secure booth" and "secure channel"
(between the authority and booth) - even if the the assumption could
come true , these kind of schemes make the election go back to the
traditional fashion - the voters must go to the booth to cast their
ballots, and it
is thought inconvenient and practically unacceptable in most current
applications of e-voting . Because of the computational complexity
and physical assumptions, these schemes may only be theoretically
interesting.
In fact, most current implementations of e-voting systems are
based on blind signature due to the consideration of computational
complexity .
In this paper, we propose a new practical e-voting scheme, which is
also blind signature based. We achieve all the desired properties
of eligibility, unreusability, untraceability, unduplicatability,
unchangeability and verifiability at the cost of receipt-freeness.
Unlike previous blind signature based schemes, in which the ballots
of voters are signed by an authority, the authority in our scheme
signed its blind signature on voters' public keys, called tallying keys.
The voters keep and use their corresponding private keys,
called voting keys to sign their ballots in elections hereafter.
With the the blind signature of the authority on the tallying
keys, the tallier (as well
as other interested person) can verify the authenticity of tallying
keys of authorized voters. And with the authenticated tallying keys,
the validity
of ballots can be verified. The blind signature is used in the scheme
to dissociate tallying key from the identity of the voter to achieve
untracebility.
Having the authority sign blind signature on tallying keys instead of
ballots, the voters are
able to change their minds in voting period, and also, only one
registration is needed for multiple selections - this simplifies the
administration of elections. Moreover, it is more difficult for anyone
(including the authority) to cast votes for abstaining voters
in our scheme than the
in previous ones , because after the registration, all
of the validated tallying keys will be published and only the authorized
voters who hold
the corresponding voting keys can sign valid ballots.
In our scheme, a voter also can correct his miscounted vote (if any)
without
revealing his ballots. Because of the simplicity of the protocols, low
complexity of computation, as well as efficiency of administration,
we believe it is a practical e-voting scheme, especially suitable for the
elections of some community, such as campus election, no matter how
large the election scale is.