EP1017025A2 - Gesichertes elektronisches Abstimmverfahren ohne Empfangsbestätigung und dazugehöriges System - Google Patents

Gesichertes elektronisches Abstimmverfahren ohne Empfangsbestätigung und dazugehöriges System Download PDF

Info

Publication number
EP1017025A2
EP1017025A2 EP99250450A EP99250450A EP1017025A2 EP 1017025 A2 EP1017025 A2 EP 1017025A2 EP 99250450 A EP99250450 A EP 99250450A EP 99250450 A EP99250450 A EP 99250450A EP 1017025 A2 EP1017025 A2 EP 1017025A2
Authority
EP
European Patent Office
Prior art keywords
vote
voting data
proofs
voting
selecting device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP99250450A
Other languages
English (en)
French (fr)
Other versions
EP1017025A3 (de
Inventor
Kazue Sako
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NEC Corp
Original Assignee
NEC Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NEC Corp filed Critical NEC Corp
Publication of EP1017025A2 publication Critical patent/EP1017025A2/de
Publication of EP1017025A3 publication Critical patent/EP1017025A3/de
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C13/00Voting apparatus

Definitions

  • the invention relates to an advantageous receipt-free electronic voting method and system, in particular, to an algorithm which is based on number theory and which is used for a secure receipt-free electronic voting system.
  • a receipt which represents a fact that a voter casts a ballot for a candidate is provided, unlike previous non-electronic voting protocols. Due to the existence of the receipt, a voter may sell his/her ballot, or a third party may force a voter to cast a ballot for a specific candidate.
  • a trusted center In the protocol, a trusted center generates for each voter a pair of ballots consisting of a "yes" vote and a "no" vote in random order. Using a trusted beacon and a physical voting booth, the center proves to the public that the ballot indeed includes a well-formed (yes/no) or (no/yes) pair and at the same time proves to the verifier which pair it is.
  • the physical apparatus ensures that by the time the verifier is able to communicate with an outsider, the verifier can forge a proof that the ballot is (yes/no) and also forge a proof that it is (no/yes). Thus, such a proof cease to provide either proof as a receipt.
  • Niemi and Renvall tried to solve this problem in an article by Niemi and Renvall, entitled “How to prevent buying of votes in computer elections,” in ASIACRYPT '94, 1994, pp. 141 to 148. They also use a physical voting booth where a voter performs multiparty computation with all the centers.
  • a third receipt-free electronic voting protocol disclosed in Japanese Laying-Open Publication No. H08-315053 (namely, 315053/1996).
  • the third protocol includes the following three steps.
  • the first step is to publish, at a vote generating center, a set of voting slips which include all votes corresponding to possible candidates, to each voter.
  • the second step is to transfer the voting slips to the voter from the vote generating center via a shuffling center.
  • the third step is to perform anonymous voting by the voter.
  • Each voter can see which voting slip corresponds to a specific voting action by storing an original arrangement of the set of the voting slips and a result of shuffling in the second step.
  • Each voter submits one of the voting slips received to a counting center via a secure anonymous channel. Then, the counting center counts up the number of the submitted voting slips.
  • a one-way secure anti-eavesdropping channel which prevents from eavesdropping along with the route from the vote generating center to a vote selecting device.
  • an anonymous channel to send a voting message from the vote selecting device to the counting center.
  • the amount of computational complexity of the anonymous channel is proportional to the number of voters. Therefore, to realize communication through the anonymous channel, a great amount of computational complexity is required.
  • a fourth receipt-free electronic voting protocol has been proposed such as disclosed in an article by Okamoto, entitled “Receipt-free electronic voting schemes for large scale elections” in Security Protocols '97, pp. 25 to 35 or disclosed in Japanese Laying-Open Publication No. H10-74182(namely, 74182/1998).
  • a secure receipt-free voting method is achieved using a secure anonymous channel between a voter and a counting center.
  • a secure and anti-eavesdropping channel mean that the channel can transfer messages from a center without a third party's access or detection of the messages.
  • anti-eavesdropping channel serves to transfer messages without monitoring or detecting on the way.
  • designated-verifier proofs are used.
  • the designated-verifier proof is a protocol which proves by using a public key of a verifier etc. According to the protocol, a verifier understand the correctness of proofs, but a person other than the verifier can not understand the correctness of the proofs even if the verifier transfers the proofs received by himself/herself to the person.
  • a receipt-free electronic voting method comprises four steps.
  • the first step is publishing, at a vote generating center, voting data to each voter.
  • the voting data is configured so that all of possibles choices for voting may be selected. Herein, it is assumed that there are L choices.
  • the vote generating center produces the voting data for each voter i and proves that the voting data are produced correctly. Further, the vote generating center transmits contents of the voting data only to the voter via a secure anti-eavesdropping channel and proves that the correspondence of the voting data to the voter is correct by using the designated-verifier proofs protocol.
  • the second step is transferring, at the vote generating center, the voting data to the voter via a converting center.
  • Each converting center converts the voting data corresponding to a voter i via a conversion network, as a result, outputs a converted voting data.
  • the converting center proves correctness of the operation, that is, proves that the converted voting data are correctly produced by converting the received voting data using proper conversion parameters. Further, how the received data are converted and a part of the conversion parameters are transferred only to the voter via the secure anti-eavesdropping channel, and proves that the conversion is correctly performed by using the designated-verifier proofs protocol.
  • the second step is optional; if the step is omitted, the vote generating center directly transfers the voting data to the voter via a bulletin board.
  • the third step is voting by a voter.
  • each voter can find that how the voter should select data corresponding to the object which the voter wants to vote for among the voting data.
  • Each voter selects the data corresponding to object which the voter wants to vote for as voted data, and submits the voted data to a counting center via the bulletin board.
  • the fourth step is counting, at the counting center, the voted data.
  • the counting center accumulates the voted data of each voter keeping encrypted. To count the votes, the accumulated and encrypted data are decrypted.
  • Such a vote counting method is, for example, described in an article entitled "A secure and optimally efficient multi-authority election scheme" in Advances in Cryptology, Eurocrypt'97, 1997, pp. 103 to 118. As described in the article, it is preferable to properly control decrypting authority at the counting center so that the counting center may not decrypt each of the encrypted and voted data and as a result, leak a secret of the encrypted and voted data.
  • a number of methods has been proposed for such an object. One of the methods is explained in an article entitled “A Threshold Cryptosystem without a Trusted Party" in Advances in Cryptology, Eurocrypt '91, 1991, pp. 522 to 526.
  • the contents of voting are concealed also to the vote generating center because each of the converting centers converts the voting data which are produced by the vote generating center.
  • a set of encrypted votes representing all of possible choices for voting may be used as the voting data including all possible choices for voting.
  • Correspondence between the encrypted votes and the choices for voting may be used as contents of voting data.
  • the voting data may be converted by switching the sequence in the set of the encrypted votes.
  • contents of converted voting data are represented by the switched order.
  • an encrypted vote representing a choice for voting may also be used as voting data.
  • another choice for voting may be selected.
  • the voting data may represent all choices for voting by converting the voting data. That is, even if the same vote is selected, different representation of the vote can be achieved by employing different generating methods and different selecting methods.
  • a receipt-free electronic voting method comprises the steps of (a) generating voting data and posting them to a bulletin board, (b) sending a secret message to a vote selecting device without being monitored, (c) selecting, at the selecting device, a vote using the voting data on the bulletin board, and (d) counting, at a counting center, the votes.
  • a receipt-free electronic voting system comprises one or more vote generating centers, a plurality of vote selecting devices, a bulletin board, and a vote counting center. Furthermore, the vote generating center generates voting data, posts them to the bulletin board, and sends a secret message to each vote selecting device without being monitored, each of the vote selecting devices selects a vote using the voting data via the bulletin board, and the vote counting device counts the votes.
  • a recording medium readable by a computer tangibly embodying a program of instructions executable by the computer to perform a receipt-free electronic voting method.
  • the method comprises the steps of (a) generating voting data and posting them to a bulletin board, (b) sending a secret message to a vote selecting device without being monitored, (c) selecting, at the selecting device, a vote using the voting data on the bulletin board, and (d) counting, at a counting center, the votes.
  • a secure receipt-free electronic voting method according to a first embodiment of the invention with reference to Figs. 1 and 2.
  • a plurality of vote selecting devices 12(i), a vote generating center 10, and a vote counting center 15 are connected to a bulletin board 13 via, for example, the internet.
  • the vote generating center 10 is also connected to each of the vote selecting devices 12(i) via an anti-eavesdropping channel 16(i).
  • the vote generating center 10 includes proving process 20, data configuring process 26, and contents transferring process 28.
  • the contents transferring process 28 employs a contents proofs algorithm 22.
  • the vote selecting center 12(i) includes a verifying process 24, a selecting process 25, and an invalidating process 27.
  • Voting data is also assumed to be composed of a random sequence of a pair of the vote "1" and the vote "0" subjected to rearrangement and to be given to each of the vote selecting device 12(i).
  • the vote generating center 10 publicly proves that the voting data are correctly generated. This proving is performed by the proving process 20. Further, contents of the voting data to the vote selecting device 12(i), (that is, how the votes are arranged) are transferred in secret to the vote selecting 12(i) via an anti-eavesdropping channel 16(i). Simultaneously, the vote generating center 10 proves that the contents are correct via the anti-eavesdropping channel 16(i).
  • the transferring and proving are performed by the contents transferring process 28 in a manner to be described later.
  • the vote selecting device 12(i) is also given secret messages sent from the vote generating center 10 via a physically anti-eavesdropping channel 16(i) and selects its own vote with reference to the secret messages by the use of the voting data.
  • the vote which is selected by the vote selecting devices 12(1), 12(2),..., 12(1), is encrypted into an encrypted vote and is transferred to the vote counting center 15 through the bulletin board 13. All of the encrypted votes are accumulated at the vote counting center 15.
  • the vote counting center 15 decrypts the accumulated and encrypted votes to detect results of voting.
  • Each of the vote generating center 10, the vote selecting devices 12(l), and the vote counting center 15 may be preferably implemented by a personal computer, but may be a workstation or the like.
  • the vote generating center 10 generates voting data, that is, a set of encrypted votes including the vote "0" and the vote "1" by executing the data configuring process 26.
  • the center 10 executes the data configuring process 26 for each vote selecting device 12(i) by individually using a selected random number.
  • Encryption of the vote “0" and the vote “1” should be adapted to be supplied to the bulletin board 13.
  • the vote "0" and the vote “1” may be encrypted by using a method disclosed in the above mentioned article "A Secure and Optimally Efficient Multi-Authority Election Scheme”.
  • each of constants p, g, h, G is at first determined as a common constant selected for all vote selecting devices in the manner mentioned in the above referenced article.
  • the vote generating center 10 re-encrypts the v1 and v0 using the randomly selected random numbers ri1 and ri2, respectively, and generates vi1 and vi0 in the data configuring process 26.
  • the vote generating center 10 transfers the set of voting data (viA, viB) to the bulletin board.
  • each of viA and viB may take vi0 or vi1, and the set (viA, viB) takes the order (vi0, vi1) with probability of 1/2.
  • the set (viA, viB) takes the order (vi1, vi0) with probability of 1/2.
  • the vote generating center 10 proves that the result of re-encrypting the vote "1" is either of (viA, viB) and the result of re-encrypting the vote "0" is either of (viA, viB).
  • the process 28 correctly transfers the contents of voting data which may includes the order (vi1, vi0) or (vi0, vi1) to one of the vote selecting devices 12(i) via the anti-eavesdropping channel 16.
  • voting data may include the order (vi1, vi0) or (vi0, vi1)
  • the proofs are performed by designated-verifier proofs using a public key of the vote selection device 12(i).
  • a re-encryption proof algorithm is described below in more detail which proves that the result of re-encrypting v is v' using designated-verifier proofs.
  • the vote generating center transfers the contents of voting data and designated-verifier proofs representing its correctness to the vote selecting device 12(i) via the anti-eavesdropping channel 16.
  • the vote selecting device 12(i) verifies the correctness of the contents proofs algorithm using the verifying process 42. If the correctness is verified, the vote selecting device 12 (i) executes the selection process 25 and selects one among the voting data consisting of a set of encrypted votes in the bulletin board. The vote selecting device can select correctly because the device is informed of the arrangement of the encrypted data included in the voting data by the contents transferring process.
  • Votes selected by the vote selecting device 12(i) are supplied to the vote counting center 15 as well as the other votes selected by the other vote selecting device.
  • Both of the algorithms include proving a device and a verifying device.
  • the proving device is a vote generating center.
  • the verifying device is a vote selecting device when the designated-verifier re-encryption proofs algorithm is used, or is a public including the vote selecting device when the OR proofs algorithm is used.
  • a proofs protocol holds by using a proper hash function H even if the proving device and the verifying device do not communicate with each other.
  • d1 + d2 H(x, y, x1, y1, x2, y2, a1, a2, b1, b2).
  • it may be not like the above proofs algorithm using a hash function but like an interactive proofs algorithm having a verifying device which selects c at random.
  • the proving process 20 is not a method which employs the above OR proofs algorithm twice but any algorithm which may prove that given voting data can represent all of choices for voting without concretely denoting correspondence relationship to each choice.
  • it may be an algorithm which proves that a result of re-encrypting a vote "1" is either viA or viB with the OR proofs algorithm and then proves that a result of multiplying the viA and viB for each element is equal to a result of re-encrypting (1,1).
  • c H(x, y, x', y', a, b, s).
  • the designated-verifier re-encrypting proofs algorithm may not be the above method.
  • the contents transferring process 28 need not use the designated-verifier re-encrypting proofs algorithm.
  • the process 28 can use any algorithm as long as contents of each voting data to be transferred are proved in a manner in which only specific verifiers can recognize the correctness
  • the vote selecting device 12(i) performs invalidating process 27 to invalidate proofs of the vote generating center after the center sends a secret message.
  • the invalidating process 27 informs the center of a value of z' and makes the center have ability of providing incorrect information later or ability of posting the value of z' to a bulletin board 13.
  • a conversion network 11 including a plurality of converting centers 11(1), 11(2), ...,11(m) may be incorporated, as shown in Figs. 3 and 4.
  • the voting data which are generated by the vote generating center 10 and forwarded to the vote selecting device 12(i) passes through the conversion network 11 before the voting data arrives at the vote selecting device 12(i).
  • Each of the converting center includes a calculating device, and may be preferably implemented by a personal computer.
  • the center may be a workstation or the like.
  • Each of the converting centers informs the vote selecting device of how the voting data are converted via secure anti-eavesdropping channel 17(j).
  • Each of the converting centers proves to the vote selecting device that the conversion is correctly performed and incorrect information is not provided, as similar to the vote generating center. This operation is performed by proving process 31 and correspondence proofs algorithm 33.
  • the converting center 11(i) performs converting process 30 and proving process 31, and sends its output.
  • the proving process 31 proves that conversion is correctly and publicly performed.
  • Correspondence transferring process 32 proves that how the actual conversion is performed and information is not incorrect only to the vote selecting device with the designated-verifier correspondence proofs algorithm 33.
  • a Converting algorithm re-encrypts the encrypted vote V1 and V2 using generated random numbers c1 and c2, sends the result in random order as VA and VB.
  • the proving process 31 is used to prove that the converting center correctly performs the converting algorithm.
  • the proving process 31 includes a proving device and a verifying device.
  • the proving device is the converting center.
  • the verifying device may be any entity including the vote selecting device. This concretely means that it is satisfied to prove that a result of re-encrypting V1 is either VA or VB, and a result of re-encrypting V2 is either VA or VB by using the above mentioned OR proofs algorithm.
  • Proving process may be performed in any algorithm as long as the algorithm can prove that a given set of output cryptogram is produced by replacing a set of input cryptogram without showing concrete replace method.
  • the algorithm may prove that a result of encrypting V1 is either VA or VB by using the OR proofs algorithm, and the result of encrypting (1, 1) is equal to a result of multiplying VA by VB for each element.
  • Voting data sent from the vote generating center are sequentially processed by the converting center 11(1), 11(2),...,11(m), until the last center sends to each vote selecting device a set of randomly and untraceably arranged and encrypted votes.
  • the vote selecting device 12(i) selects a vote using a secret message sent from the vote generating center and the converting center via secure anti-eavesdropping channels 16(i), 17(1), 17(2), ...,17(m). Validating of proofs of the converting center is performed as similar to the validation of proofs of the vote generating center.
  • the vote generating center 10 proves that a result of re-encrypting vote "i" is included in voting data for each vote "i” to prove that the voting data supplied from the vote generating center 10 includes all votes "i".
  • an example of the OR proofs algorithm which proves that a result of encrypting v is one of v1, v2, ...,and vL may be achieved as follows.
  • a re-encrypting algorithm may be employed which proves that a result of re-encrypting each vote "i" is a specific vj using the above designated-verifier algorithm.
  • the proving process 31 or the correspondence transferring process 33 also may employ the OR proofs algorithm (multi value version) or the re-encrypting algorithm which proves using the above designated-verifier.
  • voting data are configured of an encrypted vote.
  • Other choice for voting may be selected by selecting a conversion parameter and converting the voting data with the selected conversion parameter.
  • the second embodiment of the invention is schematically the same as the first embodiment of the invention. Thus, explanation is focused about points different from the first embodiment of the invention with reference to Figs. 1 and 2.
  • voting allowed to be chosen on a vote "1" or a vote "0".
  • the voting data is also arranged to be composed of a random choice of the vote "1" or the vote "0" subjected to rearrangement and to be given to each of the vote selecting device 12(i).
  • the vote generating center 10 publicly proves that the voting data is generated correctly.
  • the process 20 secretly transfers to the vote selecting device 12(i) via anti-eavesdropping channel 16(i), contents of the voting data, that is which vote is included in the voting data.
  • the vote generating center 10 proves that the contents of the voting data is correct via the anti-eavesdropping channel 16(i).
  • the transferring and proving are performed by the contents transferring process 28 as described later.
  • the vote selecting device 12(i) selects the voting data itself or opposite vote to the voting data using a secret message sent from the vote generating center 10 via the physically anti-eavesdropping channel 16(i). Votes which are selected by the vote selecting devices 12(1), 12(2),..., 12(1) are transferred to the vote counting center 15 via the bulletin board. All encrypted votes are accumulated at the vote counting center 15, a result of voting is determined by decrypting the accumulated cryptograms.
  • Each of the vote generating center 10, the vote selecting center 12(i), and the vote counting center 15 includes a calculation device may be preferably implemented by a personal computer, but may be a workstation or the like.
  • the vote generating center 10 generates voting data consisting of vote “0" or vote "1" and transfers it to each vote selecting device 12(i) by performing the data configuring process 26.
  • the center 10 performs data configuring process for each vote selecting device 12(i) using independently selected random number.
  • An aspect of voting using the vote "1" and the vote "0" is similar to the first embodiment of the invention.
  • the vote generating center 10 selects v1 or v0 with probability of 1/2, re-encrypts the selected vote using a randomly selected random number ri1, and generates viA as the voting data.
  • the vote generating center 10 posts the voting data viA to the bulletin board.
  • the vote generating center 10 proves that a result of re-encrypting the vote "1" is either viA or viA ⁇ (-1) to prove that the voting data viA is the correct vote "1" or the correct vote "0".
  • the OR proofs algorithm which proves that a result of re-encrypting v is either v1 or v2, similar to the algorithm used in the first embodiment of the invention may be used.
  • the process transfers contents of the voting, that is, whether contents of viA is the vote "1" or the vote "0", to the vote selecting device 12(i) via the anti-eavesdropping channel 16.
  • the fact that the correspondence is correct is proved by proving via a similar anti-eavesdropping channel 16 that a result of re-encrypting the vote "1" is viA or that a result of re-encrypting the vote "0" is viA.
  • the proving is performed using a designated-verifier proof with a public key of the vote selecting device 12(i).
  • a re-encrypting proofs algorithm which proves that a result of re-encrypting v is v' using the designated-verifier proofs algorithm, similar to the algorithm used in the first embodiment of the invention may be used.
  • the vote generating center transfers the contents of the voting data and designated-verifier proofs representing the correctness of the voting data to the vote selecting device 12(i) via the anti-eavesdropping channel 16 as described above.
  • the vote selecting device 12(i) verifies the correctness of the contents proofs algorithm in the verifying process 24. When the correctness is verified, the vote selecting device 12(i) performs the selecting process 25, and selects a vote reflecting voters will from the voting data in the bulletin board and the reverse of the voting data. The vote selecting device may select correctly, because the contents of the voting data are correctly transferred to the vote selecting device by the contents transferring process.
  • a conversion network 11 including a plurality of converting centers 11(1), 11(2), ..., 11(m) may be incorporated as shown in Figs. 3 and 4.
  • the voting data which are generated by the vote generating center 10 and are transferred to the vote selecting device 12(i) passed through the conversion network 11 before the voting data arrive at the vote selecting device 12(i).
  • Each of the converting centers informs the vote selecting device of how the voting data are converted via secure anti-eavesdropping channel 17(j).
  • Each of the converting centers proves to the vote selecting device that the conversion is correctly performed and incorrect information is not provided, as similar to the vote generating center. This operation is performed by proving process 31 and correspondence proofs algorithm 33.
  • Fig. 5 shows an operation of the converting center 11(i).
  • the converting center 11(i) performs the converting process 30 and the proving process 31, and sends its output.
  • the proving process 31 publicly proves that conversion is correctly performed.
  • the correspondence transferring process 32 proves how the actual conversion is performed and that information is not incorrect only to the vote selecting device with the designated-verifier correspondence proofs algorithm 33.
  • the converting algorithm selects v1 or v1 ⁇ (-1) with a probability of 1/2, re-encrypts the selected value with random number c, and sends the result as VA.
  • the proving process 31 is used to prove that the converting center correctly performs the converting algorithm.
  • the proving process 31 includes a proving device and a verifying device.
  • the proving device is the converting center.
  • the verifying device may be any entity including the vote selecting device. This concretely means that it satisfies to prove that a result of re-encrypting V1 is either VA or VA ⁇ (-1) by using the above mentioned OR proofs algorithm.
  • Proving process may use any algorithm which may prove that given output voting data is a result of re-encrypting input voting data itself or reverse of the input voting data, without showing whether actual reverse is performed or not.
  • the process informs the vote selecting device 12(i) of whether V1 is re-encrypted or the reverse of V1 is re-encrypted.
  • the correctness of the converting is proved by proving that a result of re-encrypting V1 is VA when V1 is re-encrypted and that a result of re-encrypting V1 ⁇ (-1) is VA with designated-verifier proofs when the reverse of V1 is re-encrypted. This is achieved by using the designated-verifier re-encryption proofs algorithm.
  • the voting data sent from the vote generating center are sequentially processed by the converting centers 11(1), 11(2), ...,11(m) and these processes are repeated until the last converting center randomly and traceably converts the voting data and sends it to each vote selecting device.
  • the vote selecting device 12(i) selects a vote via the secure anti-eavesdropping channels 16(i), 17(1), 17(2), ...,17(m) using secret messages received from the vote generating center and the converting center.
  • Invalidation of proving of that converting center is implemented similar to the invalidation of proving of the vote generating center.
  • a voting scheme which selects one from vote "0" and vote "1" is illustrated.
  • a voting scheme which selects one among more than three votes an aspect of the embodiment may be adopted.
  • a vote "i" (i represents the numbers from 1 to L) is represented as a vector having L elements each element taking 1 in i-th element and 0 in the other elements, for example, (0, ..., 0, 1, 0,..., 0).
  • an aspect of encrypting of the vector is defined as a result of re-encrypting (1, G) about the i-th element, or as a result of re-encrypting (1,1) about the other elements.
  • each converting center performs predetermined number of times of shift operations for each element of the input voting data which form a vector having L values, and secretly informs the vote selecting device of the number of times of the shift operations.
  • the vote selecting device may select encrypted vote by selecting the number of shift operations for each element of L values of the voting data which may be converted to his/her own vote based on the final voting data.
  • the vote generating center 10 proves that predetermined number of times of shift operations for vote "1" represented as (1, 0, ...,0) leads to the generated voting data representing vote "i". This proving may be performed by using the above OR proofs algorithm in a two-dimensional manner.
  • the proving process 31 or the correspondence transferring process 32 may use the above described OR proofs algorithm (two-dimensional version) or the re-encryption proofs algorithm in a plurality of times in the same way.
  • the system includes the vote generating center 10, the vote selecting devices 12(1), 12(2), ..., 12(1), and the vote counting center 15, each of which operates on a personal computer or a workstation connected to a previous type of bulletin board 13.
  • the vote generating center 10 may transfer secret messages to each vote selecting device via secure anti-eavesdropping channels 16(1), 16(2), ..., 16(1). All of the elements which perform message transferring processes including a sending section, a verifying device, and a center) send or receive messages via the bulletin board 13 or receive the messages between them with the exception of sending secret messages by the vote generating center to the vote selecting via the anti-eavesdropping channels.
  • the vote generating center or the vote selecting device is also operable as the vote counting center.
  • the personal computer may store a software which may performs the above method or may include the elements shown in Fig. 2 as a hardware or a software.
  • the vote generating center 10 generates voting data using the data configuration process 26 and sends the voting data to the vote selecting device 12(i).
  • the vote generating center then performs the proving process 20.
  • Outputs of the contents transferring process 28 and the contents proofs algorithm 22 which the correctness of the contents are sent to the vote selecting device 12(i) via the anti-eavesdropping channel 16(i).
  • the other output from the vote generating center 10 are sent to the bulletin board 13.
  • the vote selecting device 12(i) performs the verifying process 24 and the selecting process 25, and outputs encrypted votes selected by using voting data on the bulletin board.
  • the encrypted votes selected by each of the vote selecting devices 12(1), 12(2), ...,12(1) are transferred to the vote counting center 15 via the bulletin board.
  • a system of the second embodiment of the invention which uses a conversion network.
  • the system includes the vote generating center 10, the converting centers 11(1), 11(2), ...,11(m), the vote selecting devices 12(1), 12(2), ..., 12(1), and the vote counting center 15, each of which operates on a personal computer or a workstation connected to a previous type of bulletin board 13.
  • the vote generating center 10 may transfer secret messages to each vote selecting device via secure anti-eavesdropping channels 16(1), 16(2), ..., 16(1).
  • the system includes the anti-eavesdropping channels 17(1), 17(2), ...17(m), and may transfer secret messages from the converting centers 11(1), 11(2), ...11(m) to the vote selecting device 12(i) via the channels.
  • All of the elements which perform a message transferring process (including a sending section, a verifying device, and a center) send or receive messages via the bulletin board 13 or receive the messages between them with the exception of sending secret messages by the vote generating center to the vote selecting device via the anti-eavesdropping channels.
  • the vote generating center or the vote selecting device is also operable as the vote counting center or converting center.
  • the personal computer may store a software which may performs the above method or may include the elements shown in Figs. 4 and 5 as a hardware or a software.
  • the vote generating center 10 generates voting data generates voting message for the vote selecting device 12(i) and sends the voting data to the bulletin board 13. Then, the converting center 11(1) reads the voting data from the bulletin board 13, performs the converting process 30 and the proving process 31, and sends the converted voting data to the bulletin board 13.
  • the converting center 11(1) sends secret messages which include outputs of the correspondence transferring process 32 and the correspondence proofs algorithm 33 which proves the correctness of the correspondence, to the selecting device 12(i) via the anti-eavesdropping channel 17(1).
  • the following converting centers reads the output of the previous center from the bulletin board 13 and sends its own output to the bulletin board to provide it to the next center.
  • the converting centers 11(1) also send secret messages to the vote selecting device 12(i) via the anti-eavesdropping channel 17(1).
  • the selecting device 12(i) reads the last converting center's output, performs the verifying process 35 and the selecting process 36, and sends the vote selected using the voting data on the bulletin board.
  • the encrypted votes selected by each of the vote selecting devices 12(1), 12(2), ...,12(1) are transferred to the vote counting center 15 via the bulletin board.
  • the vote selecting device 12(i) After the vote generating center sends the secret messages, the vote selecting device 12(i) performs the invalidating process 37 and proves the validation of the center.
  • the converting center 11 (i) includes the converting process 30, the proving process 31, and the correspondence transferring process 32, and performs them. Further, the correspondence transferring process 32 uses the correspondence proofs algorithm 33.

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Time Recorders, Dirve Recorders, Access Control (AREA)
EP99250450A 1998-12-28 1999-12-28 Gesichertes elektronisches Abstimmverfahren ohne Empfangsbestätigung und dazugehöriges System Withdrawn EP1017025A3 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP37176898 1998-12-28
JP37176898A JP3233119B2 (ja) 1998-12-28 1998-12-28 レシートフリー電子投票方法および装置

Publications (2)

Publication Number Publication Date
EP1017025A2 true EP1017025A2 (de) 2000-07-05
EP1017025A3 EP1017025A3 (de) 2000-07-26

Family

ID=18499272

Family Applications (1)

Application Number Title Priority Date Filing Date
EP99250450A Withdrawn EP1017025A3 (de) 1998-12-28 1999-12-28 Gesichertes elektronisches Abstimmverfahren ohne Empfangsbestätigung und dazugehöriges System

Country Status (2)

Country Link
EP (1) EP1017025A3 (de)
JP (1) JP3233119B2 (de)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7260552B2 (en) 2001-12-12 2007-08-21 Scytl Online World Security, Sa Secure remote electronic voting system and cryptographic protocols and computer programs employed
WO2008109277A1 (en) * 2007-03-08 2008-09-12 Motorola, Inc. Apparatus and methods for generating an implicit vote for a media item based on user behavior relative to a media client

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4523788B2 (ja) * 2004-04-02 2010-08-11 日本電信電話株式会社 無証拠投票システム、管理装置、集計装置及びプログラム

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH08315053A (ja) 1995-05-19 1996-11-29 Nec Corp レシートフリー電子投票方式
JPH1074182A (ja) 1996-08-30 1998-03-17 Nippon Telegr & Teleph Corp <Ntt> 電子無記名投票方法

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5495532A (en) * 1994-08-19 1996-02-27 Nec Research Institute, Inc. Secure electronic voting using partially compatible homomorphisms
FR2738934B1 (fr) * 1995-09-15 1997-11-28 Thomson Multimedia Sa Systeme de comptabilisation anonyme d'informations a des fins statistiques, notamment pour des operations de vote electronique ou de releves periodiques de consommation

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH08315053A (ja) 1995-05-19 1996-11-29 Nec Corp レシートフリー電子投票方式
JPH1074182A (ja) 1996-08-30 1998-03-17 Nippon Telegr & Teleph Corp <Ntt> 電子無記名投票方法

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7260552B2 (en) 2001-12-12 2007-08-21 Scytl Online World Security, Sa Secure remote electronic voting system and cryptographic protocols and computer programs employed
WO2008109277A1 (en) * 2007-03-08 2008-09-12 Motorola, Inc. Apparatus and methods for generating an implicit vote for a media item based on user behavior relative to a media client

Also Published As

Publication number Publication date
JP3233119B2 (ja) 2001-11-26
JP2000194782A (ja) 2000-07-14
EP1017025A3 (de) 2000-07-26

Similar Documents

Publication Publication Date Title
Wang et al. Privacy-preserving cloud-based road condition monitoring with source authentication in VANETs
Blaze et al. Divertible protocols and atomic proxy cryptography
Hirt et al. Efficient receipt-free voting based on homomorphic encryption
US5647000A (en) Failsafe key escrow system
US8661240B2 (en) Joint encryption of data
EP4046325A1 (de) Digitale signaturerzeugung unter verwendung einer kalten brieftasche
Zheng et al. A practical quantum designated verifier signature scheme for E-voting applications
EP2509050B1 (de) Verfahren zur überprüfung der richtigen registrierung einer informationseinheit
Yan et al. Cheating identifiable (k, n) threshold quantum secret sharing scheme
Cheng et al. Lightweight noninteractive membership authentication and group key establishment for WSNs
AU8656498A (en) Auto-recoverable auto-certifiable cryptosystems
Gao et al. Quantum election protocol based on quantum public key cryptosystem
Han et al. Adaptive secure multicast in wireless networks
Zheng Shortened digital signature, signcryption and compact and unforgeable key agreement schemes
Impagliazzo et al. Anonymous credentials with biometrically-enforced non-transferability
Zwierko et al. A light-weight e-voting system with distributed trust
EP1017025A2 (de) Gesichertes elektronisches Abstimmverfahren ohne Empfangsbestätigung und dazugehöriges System
Hsu et al. Non‐interactive integrated membership authentication and group arithmetic computation output for 5G sensor networks
Sun et al. A new post-quantum voting protocol based on physical laws: Z. Sun et al.
JP4146252B2 (ja) 不正者特定可能な匿名通信方法、それに使用される利用者装置、及び中継サーバ装置
Zhang et al. A lightweight electronic voting scheme based on blind signature and Kerberos mechanism
Okamoto et al. Quantum voting scheme based on conjugate coding
Dharminder et al. A Novel Post-quantum Piekert’s Reconciliation-Based Forward Secure Authentication Key Agreement for Mobile Devices
Chander The state-of-the-art cryptography techniques for secure data transmission
KV Secured and Decentralized System for e-voting with Hybrid Cryptography and Blockchain.

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

PUAL Search report despatched

Free format text: ORIGINAL CODE: 0009013

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): DE FR GB

AX Request for extension of the european patent

Free format text: AL;LT;LV;MK;RO;SI

AK Designated contracting states

Kind code of ref document: A3

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

AX Request for extension of the european patent

Free format text: AL;LT;LV;MK;RO;SI

17P Request for examination filed

Effective date: 20000817

AKX Designation fees paid

Free format text: DE FR GB

17Q First examination report despatched

Effective date: 20100119

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20100601