基于区块链和SM9数字签名的代理投票方案

doi:10.3969/j.issn.1671-1122.2024.01.004

摘要/Abstract

摘要：

随着互联网的普及，电子投票技术逐渐替代传统纸质投票技术。然而，传统的电子投票方案主要针对一人一票制来设计方案，在一些特殊的投票场景下，一人一票制投票方式不再适用。例如，投票者不具备专业知识却也需要投票的场景，投票者由于不能理解选举的内容而消极投票，造成选举结果不专业和不公正等问题。此外，传统的电子投票技术还存在选举过程不透明和选票不可验证等问题。针对上述问题，文章提出一种基于区块链和SM9数字签名的代理投票方案。该方案首先使用区块链技术解决选票的全局可验证问题，其次使用零知识范围证明技术解决恶意选票值的问题，然后利用基于椭圆曲线的改进ElGamal算法的同态性质实现选票加密和自计票功能，最后使用SM9数字签名算法和变色龙哈希函数设计的代理投票凭证实现投票权的转让过程。通过安全性分析，证明了文章所提方案满足鲁棒性、合法性、机密性、全局可验证性和公平性。理论分析和实验数据表明，文章所提方案性能良好，适用于需要专业知识场景下的选举。

关键词: 电子代理投票, 区块链, SM9数字签名算法, 变色龙哈希函数, 范围证明

Abstract:

With the popularization of the Internet, electronic voting technology is gradually replacing traditional paper voting. However, traditional electronic voting schemes are mainly designed for the one-person-one-vote system, and this voting system will no longer be applicable in some special voting scenarios. For example, in the scenario where voters must vote despite lacking professional knowledge. In this case, voters without professional knowledge generally cannot understand the content of the election, so they will vote negatively, resulting in unprofessional and unfair election results. In addition, traditional electronic voting technology also has problems with opaque election process and unverifiable votes. To address these problems, this paper proposed the proxy voting scheme based on the blockchain and SM9 digital signature to solve these problems. This algorithm first used blockchain technology to solve the problem of verifiable votes, then used the zero-knowledge range proof technique to prevent malicious vote scores, and then the homomorphic property of the modified ElGamal algorithm based on the elliptic curve was used to realize the function of ballot encryption and self-counting. Finally, voting rights transfer process was realized by the proxy voting certificate designed by SM9 digital signature algorithm and chameleon Hash function. Through the security analysis, it is proved that the proposed scheme satisfies robustness, legitimacy, confidentiality, global verifiability, and fairness. Theoretical analysis and experimental data show that the proposed scheme performs well, and can be applied to an election that requires professional knowledge.

Key words: electronic proxy voting, blockchain, SM9 digital signature algorithm, chameleon Hash function, range proof

中图分类号:

TP309

朱郭诚, 何德彪, 安浩杨, 彭聪. 基于区块链和SM9数字签名的代理投票方案[J]. 信息网络安全, 2024, 24(1): 36-47.

ZHU Guocheng, HE Debiao, AN Haoyang, PENG Cong. The Proxy Voting Scheme Based on the Blockchain and SM9 Digital Signature[J]. Netinfo Security, 2024, 24(1): 36-47.

图/表 12

图1

表1

图2

图3

图4

表2

表3

表4

图5

表5

表6

图6

参考文献 28

[1]	XU Guangxia, DONG Jingnan, MA Chuang, et al. A Certificateless Signcryption Mechanism Based on Blockchain for Edge Computing[J]. IEEE Internet of Things Journal, 2022, 10(14): 11960-11974. doi: 10.1109/JIOT.2022.3151359 URL
[2]	LIU Feng, YANG Jie, LI Zhibin, et al. A Secure Multi-Party Computation Protocol for Universal Data Privacy Protection Based on Blockchain[J]. Journal of Computer Research and Development, 2021, 58(2): 281-290.
	刘峰, 杨杰, 李志斌, 等. 一种基于区块链的泛用型数据隐私保护的安全多方计算协议[J]. 计算机研究与发展, 2021, 58(2): 281-290.
[3]	LIU Feng, ZHANG Jiahao, ZHOU Junjie, et al. Novel Hash-Time-Lock-Contract Based Cross-Chain Token Swap Mechanism of Blockchain[J]. Computer Science, 2022, 49(1): 336-344. doi: 10.11896/jsjkx.210600170
	刘峰, 张嘉淏, 周俊杰, 等. 基于改进哈希时间锁的区块链跨链资产交互协议[J]. 计算机科学, 2022, 49(1): 336-344. doi: 10.11896/jsjkx.210600170
[4]	LIU Feng, LI Zhihan, JIA Kun, et al. Bitcoin Address Clustering Based on Change Address Improvement[EB/OL]. (2023-01-31) [2023-02-10]. https://ieeexplore.ieee.org/document/10034437.
[5]	LIU Feng, WANG Yifan, YANG Jie, et al. Blockchain-Based High-Threshold Signature Protocol Integrating DKG and BLS[J]. Computer Science, 2021, 48(11): 46-53. doi: 10.11896/jsjkx.210200129
	刘峰, 王一帆, 杨杰, 等. 一种基于区块链的融合DKG与BLS的高阈值签名协议[J]. 计算机科学, 2021, 48(11): 46-53. doi: 10.11896/jsjkx.210200129
[6]	HAO Feng, KREEGER M N, RANDELL B, et al. Every Vote Counts: Ensuring Integrity in {Large-Scale} Electronic Voting[C]// USENIX. 2014 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections (EVT/WOTE 14). Berkley: USENIX, 2014: 1-25.
[7]	ZHAO Zhichao, CHAN T H H. How to Vote Privately Using Bitcoin[C]// Springer. International Conference on Information and Communications Security. Heidelberg: Springer, 2015: 82-96.
[8]	NAKAMOTO S. Bitcoin: A Peer-to-Peer Electronic Cash System[EB/OL]. (2008-10-31) [2023-02-10]. https://www.researchgate.net/publication/228640975_Bitcoin_A_Peer-to-Peer_Electronic_Cash_System.
[9]	CRUZ J P, KAJI Y. E-Voting System Based on the Bitcoin Protocol and Blind Signatures[J]. IPSJ Transactions on Mathematical Modeling and Its Applications, 2017, 10(1): 14-22.
[10]	KULYK O, NEUMANN S, MARKY K, et al. Coercion-Resistant Proxy Voting[J]. Computers & Security, 2017(71): 88-99.
[11]	FAN Xingyue, WU Ting, ZHENG Qiuhua, et al. Hse-Voting: A Secure High-Efficiency Electronic Voting Scheme Based on Homomorphic Signcryption[J]. Future Generation Computer Systems, 2020(111): 754-762.
[12]	HUANG Jun, HE Debiao, OBAIDAT M S, et al. The Application of the Blockchain Technology in Voting Systems: A Review[J]. ACM Computing Surveys (CSUR), 2021, 54(3): 1-28.
[13]	HUANG Jun, HE Debiao, CHEN Yitao, et al. A Blockchain-Based Self-Tallying Voting Protocol with Maximum Voter Privacy[J]. IEEE Transactions on Network Science and Engineering, 2022, 9(5): 3808-3820. doi: 10.1109/TNSE.2022.3190909 URL
[14]	WOOD G. Ethereum: A Secure Decentralised Generalised Transaction Ledger[J]. Ethereum Project Yellow Paper, 2014(151): 1-32.
[15]	CAI Juliang, TAO Xiaofeng, WANG Chenyu. Cooperative Authentication Scheme for Heterogeneous Networks Based on Identity Group Signature and Blockchain[EB/OL]. (2023-01-08) [2023-02-10]. https://ieeexplore.ieee.org/document/10213226/metrics#metrics.
[16]	BEN-OR M, GOLDREICH O, GOLDWASSER S, et al. Everything Provable is Provable in Zero-Knowledge[C]// Springer. Conference on the Theory and Application of Cryptography. Heidelberg: Springer, 1988: 37-56.
[17]	WATERS B. Efficient Identity-Based Encryption without Random Oracles[C]// Springer. 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Heidelberg: Springer, 2005: 114-127.
[18]	BARRETO P S L M, NAEHRIG M. Pairing-Friendly Elliptic Curves of Prime Order[C]// Springer. Selected Areas in Cryptography(SAC 2005). Heidelberg: Springer, 2006: 319-331.
[19]	BONEH D, BOYEN X. Short Signatures without Random Oracles[C]// Springer. International Conference on the Theory and Applications of Cryptographic Techniques. Heidelberg: Springer, 2004: 56-73.
[20]	CAMENISCH J, CHAABOUNI R, SHELAT A, et al. Efficient Protocols for Set Membership and Range Proofs[C]// Springer. International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT 2008). Heidelberg: Springer, 2008: 234-252.
[21]	KRAWCZYK H, RABIN T. Chameleon Hashing and Signatures[EB/OL]. (1998-03-17) [2023-02-10]. .
[22]	CHEN Xiaofeng, ZHANG Fangguo, SUSILO W, et al. Efficient Generic on-Line/off-Line Signatures without Key Exposure[C]// Springer. International Conference on Applied Cryptography and Network Security. Heidelberg: Springer, 2007: 18-30.
[23]	XU Guangxia, ZHANG Jiajun, CLIFF U G O, et al. An Efficient Blockchain-Based Privacy-Preserving Scheme with Attribute and Homomorphic Encryption[J]. International Journal of Intelligent Systems, 2022, 178(21): 4192-4203.
[24]	ELGAMAL T. A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms[J]. IEEE Transactions on Information Theory, 1985, 31(4): 469-472. doi: 10.1109/TIT.1985.1057074 URL
[25]	FAUST S, KOHLWEISS M, MARSON G A, et al. On the Non-Malleability of the Fiat-Shamir Transform[C]// Springer. International Conference on Cryptology in India. Heidelberg: Springer, 2012: 60-79.
[26]	YANG Xuechao, YI Xun, NEPAL S, et al. Blockchain Voting: Publicly Verifiable Online Voting Protocol without Trusted Tallying Authorities[J]. Future Generation Computer Systems, 2020(112): 859-874.
[27]	KIAYIAS A, YUNG M. Self-Tallying Elections and Perfect Ballot Secrecy[C]// Springer. 5th International Workshop on Practice and Theory in Public Key Cryptosystems. Heidelberg: Springer, 2002: 141-158.
[28]	QU Wenlei, WU Lei, WANG Wei, et al. A Electronic Voting Protocol Based on Blockchain and Homomorphic Signcryption[EB/OL]. (2020-06-16) [2023-02-10]. https://onlinelibrary.wiley.com/doi/abs/10.1002/cpe.5817.

符号	定义
$q$	大素数
$Z_{q}^{*}$	由$1,2,\cdots,q-1$组成的整数集合
${{G}_{1}},{{G}_{2}}$	阶为$q$的加法循环群
${{G}_{T}}$	阶为$q$的乘法循环群
${{P}_{1}},{{P}_{2}}$	群${{G}_{1}},{{G}_{2}}$的生成元
${{g}^{u}}$	乘法群${{G}_{T}}$中元素$g$的$u$次幂
$\left[ k \right]P$	椭圆曲线上点$P$的$k$倍点
$e$	从${{G}_{1}}\times {{G}_{2}}$到${{G}_{T}}$的双线性对映射
${{H}_{1}}(\cdot ),{{H}_{2}}(\cdot ),{{H}_{3}}(\cdot ),F(\cdot )$	由密码杂凑函数派生的密码函数，均为${{\{0,1\}}^{}}\to Z_{q}^{}$
$x\|\|y$	x与y的拼接，其中x, y可以是比特串
$\alpha,{{P}_{pub}}$	EA的公私钥对，$\alpha $为私钥，${{P}_{pub}}=\left[ \alpha \right]{{P}_{2}}$为公钥
$I{{D}_{{{A}_{i}}}},{{d}_{I{{D}_{{{A}_{i}}}}}},{{x}_{{{A}_{i}}}}$	投票授权者A_i的可辨别标识，部分私钥、秘密值
${{X}_{{{A}_{i}}}},us{{k}_{{{A}_{i}}}}$	投票授权者A_i的公私钥对
$({{Y}_{j}},{{Z}_{j}}),\left( {{y}_{j}},{{z}_{j}} \right)$	代理投票者$P{{V}_{j}}$的公私钥对，前者为公钥，后者为私钥
$p{{k}_{{{C}_{j}}}},s{{k}_{{{C}_{j}}}}$	候选者${{C}_{j}}$的公私钥对
${{m}_{i}},{{\sigma }_{i}}$	选票值${{m}_{i}}$及其签名值${{\sigma }_{i}}$
$Ballo{{t}_{P{{V}_{j}},{{C}_{j}}}}$	代理投票者$P{{V}_{j}}$为候选者${{C}_{j}}$投出的完整选票
$toke{{n}_{\left( i,j \right)}}$	A_i对$P{{V}_{j}}$代理优先级凭证，本文中默认最多可以授权给4个代理投票者。取值为${{\phi }_{token}}=\left\{ 0,1,2,3 \right\}$，值越小，优先级越高
$T{{K}_{\left( i,j \right)}}=\left( TK{{1}_{\left( i,j \right)}},TK{{2}_{\left( i,j \right)}},toke{{n}_{\left( i,j \right)}} \right)$	投票授权者授权A_i对代理投票者$P{{V}_{j}}$的投票授权凭证

安全性目标	文献[26]方案	文献[27]方案	文献[28]方案	文献[11]方案	本文方案
鲁棒性	?	?	√	√	√
机密性	√	√	?	√	√
合法性	√	√	√	√	√
公平性	√	√	√	√	√
全局可验性	√	√	?	?	√

符号	定义
${{t}_{m}}$	一次模乘运算的时间
${{E}_{1}}$	群G₁中的点乘运算
${{E}_{2}}$	群G₂中的点乘运算
${{t}_{p}}$	一次模幂运算的时间
${{t}_{Inv}}$	一次模逆运算的时间
${{t}_{BP}}$	一次双线性对运算的时间
${{t}_{c}}$	暴力求解最终选票值的时间
${{n}_{c}}$	候选者人数
${{n}_{v}}$	投票者人数
$\left\| {{G}_{1}} \right\|$	G₁中元素的比特长度
$\left\| {{G}_{2}} \right\|$	G₂中元素的比特长度
$\left\| {{G}_{T}} \right\|$	G_T中元素的比特长度
$\left\| Z_{q}^{\text{*}} \right\|$	$Z_{q}^{\text{*}}$中元素的比特长度
$l$	选票中合法分值的最大值

投票阶段	本文方案		文献[13]方案
投票阶段	计算开销	通信开销	计算开销	通信开销
系统初始化	E₂+l(t_Inv+E₁)	l\|G₁\|+\|G₂\|	—	2i（大整数比特长）
代理投票者注册	2E₁	2\|G₁\|	t_m	3\|Z_q^*\|
投票授权者注册	2E₁+2E₂+2t_Inv+ t_m+3t_hash	\|G₂\|	—	—
候选者注册	E₁	\|G₁\|	—	(l+2)\|Z_q^*\|
代理凭证生成	4(t_BP+t_m+t_p+ 2E₁+t_hash)	\|Z_q^*\|+3\|G₁\|	—	—
投票	n_c(7E₁+2t_BP+ 4t_m+t_h)	n_c(7\|G₁\|+\|G_T\|+ 4\|Z_q^*\|)	n_c(8_tp+7t_m+ t_hash)	n_c(\|G_T\|+ 11\|Z_q^*\|)
验票	n_c(7E₁+E₂+5t_BP+ t_m+t_p+4t_hash)	—	n_c(8_tp+5_tm+ t_hash)	—
计票	n_c(4n_vE₁+t_c)	—	n_c((3n_v+1)t_m+(n_v+ 1)t_p+t_c)	—

符号	描述	时间/ms
${{E}_{1}}$	群${{G}_{1}}$中的点乘运算	1.730
E₂	群${{G}_{2}}$中的点乘运算	5.190
${{t}_{p}}$	群${{G}_{T}}$中的取幂运算	19.070
${{t}_{BP}}$	Type 3双线性对运算	62.340
${{t}_{m}}$	群G_T中的模乘运算	0.040
${{t}_{Inv}}$	Type 3双线性对中$Z_{q}^{*}$上的模逆运算	0.002
${{t}_{hash}}$	SHA-256哈希运算所用时间	0.057