Confidentiality in Mobile Voting System

Submitted By
Tasnia Bushra

11-19762-3

Mohammad Shawon Morshed Chowdhury

11-19552-3

Muhib Hassan Khan

11-20029-3

Under the supervision of

Dr. Dip Nandi
Assistant Professor &
Head of Undergraduate Program
Department of Computer Science

A project submitted in partial fulfillment of the requirements for the Degree of

Bachelor of Science in Computer Science and Engineering

Department of Computer Science

Faculty of Science & Information Technology
American International University - Bangladesh

Summer 2014-2015

Acknowledgements

At first we would like to express countless gratitude to our honorable supervisor Dr.
Dip Nandi for introducing to this interesting topic and guiding us. His profound
knowledge in this field, keen interest, patience and continuous support lead to the
completion of our work. His instructions have contributed greatly in every aspect of
the thesis.

Finally, appreciation are placed for respectable parents, honorable teachers, fellow
classmates and friends for sharing their knowledge and ideas that contributed In
accomplishing this thesis and to all who participated in many ways during this thesis.

Abstract

Voting is the most important civil right for the people of a democratic country by
which the civilians can ensure that the state is being governed according to the
peoples opinions. Voting has been applied as a means of expressing peoples
opinions for centuries, but the mobile voting system is a relatively new concept. The
voting system should be as perfect as possible to establish a complete democratic
country. We have analyzed all the previous works done relevant to electronic voting
system and briefly discussed the proposed methods of previous researchers. Among
all the aspects and issues in achieving a reliable mobile voting system, we have
narrowed down to three main issues where perfection is yet to be achieved. These
issues are Authenticity, Security and Confidentiality. Confidentiality is one of the
most crucial issue and possibly the most important from the voters point of view,
which ensures the anonymity of the voters identity and the vote content. The
commonly used techniques for ensuring vote and voter confidentiality are
Homomorphic System, Mix-net Protocol and Blind Signature System. In this thesis we
have accumulated all the drawbacks of the existing techniques and proposed a
solution of our own in order to achieve the highest level of confidentiality possible.

Contents

Topic

Page

Declaration

Approval

ii

Acknowledgement

iii

Abstract

iv

Contents

Chapter 1 Introduction

1.1 Thesis Overview

1.2 Goal

1.3 Contribution

Chapter 2 Literature Review

2.1 Desired Properties

2.2 Existing Literature

2.3 Overview of Mobile Voting System

Chapter 3 Issue Analysis

3.1 Issues

3.2 Authenticity Issues

3.3 Security Issues

3.4 Confidentiality Issues

10

Chapter 4 Confidentiality Domain

12

4.1 Introduction

12

4.2 Existing Techniques

12

4.3 Homomorphic Encryption

13

4.3.1 Properties of Homomorphic Encryption

14

4.3.1.1 Re-randomizable Encryption/Re-encryption

14

4.3.1.2 Random self-reducibility

14

4.3.1.3 Verifiable Encryption/Fair Encryptions

14

4.3.1.4 Protection of Mobile Agents

4.3.1.5 Multiparty Computation

14
15

4.3.1.6 Secret Sharing Scheme

4.3.1.7 Zero-knowledge Proof
4.3.1.8 Watermarking and Fingerprinting Schemes

15
15

4.3.1.9 Oblivious Transfer

15

4.3.1.10 Commitment schemes

16

4.3.1.11 Lottery protocols

16

4.3.2 Homomorphic Encryption-based Voting Schemes

16

4.3.3 Drawbacks of Homomorphic Encryption

16

4.4 Mixnet Protocol

4.4.1 Uses of Mixnet Protocol

17
17

4.4.1.1 Decryption Mix-nets

17

4.4.1.2 Re-encryption Mix-nets

17

4.4.2 Robustness

18

4.4.3 Application of Electronic Voting

18

4.4.4 Advantages

18

4.4.5 Drawbacks

18

4.5 Blind Signature

18

4.5.1 Typical Analogy of Blind Signature

19

4.5.2 Application in Electronic Voting System

19

4.5.3 Generic Notation of Blind Signature

19

4.5.4 Application to Electrical Voting Scheme

20

4.5.5 Existing Scheme

20

4.5.6 Advantage

20

4.5.7 Drawbacks

20

Chapter 5 Proposed Method

22

5.1 Proposed Method

22

Chapter 6 Conclusion
6.1 Conclusion

References

24
24
vii

Chapter 1

Introduction
This thesis work is focused on the confidentiality of mobile voting system.
Confidentiality is one of the crucial parts in mobile voting but has not been
completely achieved in any system. Thus to ensure complete confidentiality we
analyzed and worked on the existing techniques in order to propose a better
solution.
In the world of democratic revolution voting is the most important civil right for a
citizen of a democratic country. Though almost all of the voting systems are manual
which uses ballot papers, in 1964 electronic voting system was first introduced in
USA [43]. But in the 21st century which is also acknowledged for the biggest
technological revolutions, use of mobile phone is continuously increasing and
spreading in every level in society. Thus the technologies are used to make every
possible work easy and simple, including the voting system. We tried to make the
mobile voting system more secure by ensuring confidentiality of the votes and the
voters identities, and also proposed a solution to reduce some of the drawbacks of
the existing systems.

1.1

Thesis Overview

The contents of this thesis have been divided into several chapters. The overview of
each chapter is described below:
In chapter 1 we discussed about our thesis goals, contribution and motivation.
We introduced the topic before detailed explanations.
In chapter 2 we discussed literature reviews on security issues in mobile voting
system from different papers. We also identified the existing domains, desired
properties to fulfill the requirements of mobile voting system and discuss each of
their literature reviews.
In chapter 3 we analyzed the different issues faced in mobile voting system and
identified and classified into different domains
In chapter 4 we selected our focused domain to work on and discussed the
necessity and importance of that domain and the method used in that domain.

In chapter 5 we proposed a solution based on different techniques introduced in

chapter 4 and discussed its advantages.
Chapter 6 consists of the conclusion of our thesis and our future work.

1.2 Goal
The main objectives of this thesis work are Introducing more security in mobile voting.
Achieving confidentiality for voters.
Introducing new methods for achieving the confidentiality.

1.3 Contribution
Main contributions of this work have been outlined below:
To ensure the confidentiality of the voters
To ensure the security for the vote
To reduce the drawbacks of the existing methods for confidentiality

Chapter 2

Literature review
In this chapter we identified the properties of mobile voting system. We also
discussed the literature and the past works on the mobile voting system and by
studying the previous works and literatures; we classified the different domains in
mobile voting system.

2.1 Desired Properties

In a secure mobile voting system there are some desired properties that must be
achieved for the total security of the system.[7] Researchers have reached a
consensus pack of four core properties which are must for the electric voting system
(Cranor and Cytron 1997)[6]
Accuracy:
1. Its not possible for a vote to be altered.
2. Its not possible for a validated vote to be eliminated from the final tally.
Democracy:
1. It permits only eligible voters can vote.
2. It ensures that eligible voters can vote only once.
Privacy:
No individual other than the voter can gain any knowledge about his/her vote.
For different scenarios we can specify privacy to be
Perfect privacy: No coalition of participants (voters or authorities), not
including the voter himself, can gain any information about the voters vote.
n-Perfect privacy: No coalition of at most n authorities and any number of
voters, not containing the voter himself, can gain any information about the voters
vote.
Verifiability: anyone can independently verify that all votes have been counted
correctly.

There are also some important properties described by different researchers which
are,
Receipt-freeness:
Voters must neither be able to obtain nor construct a receipt which can prove
the content of their vote. This property is desired in order to help prevent voting
coercion.
Robustness:
Faulty behavior of n-coalition of authorities can be tolerated. Faulty coalition of
any number of users can be tolerated. Any cheating voter can be detected.

2.2 Existing Literature

A secure mobile voting system aims to ensure the security for the vote and the
caster. The modular square root and blind signature system satisfies basic
requirements of election for example- confidentiality of voter, secrecy of ballot,
voter anonymity and has less computation cost. Due to third party certificate
authority involvement, distribution of certificates to voters for authentication
purposes, delays occurred which makes the process time consuming and because of
third party involvement the possibility of vote infringement from the third party
cannot be overlooked. [1]
A mobile voting system using GSM technology to authenticate votes and voters by
GSM operator consists of three levels: pre voting level; voting level and post voting
level. System consists of four parts: mobile phone; authentication server, verification
server and counting server. Voter secrecy is ensured by using blind signature system.
Due to GSM authentication setup public key overhead is mostly reduced. Extra work
is required to deal with the trust retained on authentication server, end user device
(ME) and application security. [2]
Also GSM mobile phone voting system can be used to cast vote without registering
for voting in advance and going to polling booths. System prevents double voting but
for security purposes no cryptographic algorithm is used. [3]
A secure mobile phone voting system using public key encryption algorithm RSA
protocol involves three phases: access control phase; voting phase and election
administrator server phase. First phase holds validation and identification for the
applied voters. Voting phase accomplished by ciphering voter data using RSA

algorithm while the election administrator server phase classifies ending result by
decrypting received encrypted data using RSA private key. System has shortcomings
like no online registration and high computational cost and communication overhead
due to RSA algorithm. [4]
A real-world electronic voting system for mobile voter verification is achieved by
collaboration of SIM card and identity card (IC) fixed in mobile phone with dual SIM
card holder. It consists of mobile voter, base station (BS), certificate authority (CA),
electoral commission (EC), mix server (MS) and court for election (CE). Mobile phone
voting system runs in three phases: setup and registering phase, voting phase and
totaling phase. At least one of the mix servers should be reliable and tampering
proof. Certificate authority, electoral commission and mix server have own
public/private keys. When mobile phone voter registers with certificate authority, CA
will compute two PINs and issue an identity card and passes PIN1 to voter via safe
channel. Voter has no access to PIN2 protected in secure memory of IC. After voter
registration with election commission it will calculates PIN3 and passes to voter via
protected channel. During polling period voters are reminded by SMS to cast their
votes to election commission. At first the voter inserts SIM card and IC into his
mobile phone with dual SIM card holder. Secondly the voter chooses his/her selected
candidate. Base station validates the voter on the basis of SIM. If the voter is
authentic then base station will forward voter request to certificate authority and
then to election commission. CA and EC jointly validate voter on the basis of MAC
(Message Authentication Code). During polling election commission, certificate
authority and base station preserve all exchanged messages. When voting is
complete, election commission shows all votes in lexicographic order. Mix server
collects all votes and confirms their signs. If signs are real then votes are decrypted
using their private key. Mix server will organize all votes in lexicographic order and
will forward them to EC with their signs. Election commission validates these signs.
During totaling EC and every mix server preserve all substituted messages and nonrepudiation evidences of message source and message transfer for record purposes.
[5]

2.3 Overview of Mobile Voting System

The main process of mobile voting system is almost standard although different
types of voting system exist. Any mobile voting system should include these entities:
[8]

Entities
Voter
Registration Server

Voting Server

Overview
A voter has the right for voting, and he votes in the
election.
Registration authority or authorities register eligible voters
to registration server before the election days. These
authorities ensure that only registered voters can vote.
Votes casted by voters are stored in this server for tallying
and authentication.

Authentication
Server

The casted vote must be authenticated to be counted in

the final tally.

Tallying Server

The tallying server collects the casted votes and tallies the
results of the election.

Any e-voting system should also involve these four phases: [9]
Registration: Voters register themselves to registration authorities, and the list of
eligible voters is compiled before the election days.
Authentication and Authorization: On the election days registered voters request
ballot or voting privilege from the registration authorities. Registration authorities
check the credentials of those attempting to vote and only allow those who are
eligible and registered before.
Voting: Voters cast their vote.
Tallying: The tallying authorities count the votes and announce the election results.

Chapter 3

Issue Analysis
In this chapter we analyzed the main issues for mobile voting system and identified
and classified them into different domains such as Authentication, Confidentiality
and Security. We also explained existing techniques for each of the issues.

3.1 Issues
The importance of security in elections cannot be underestimated, if not well
planned and designed, mobile voting can undermine the confidence in the whole
electoral process. The future of a country rests on public confidence that the people
have the power to elect their own government. Any process that has the potential to
threaten the integrity of the system, or even the perceived integrity of the system,
should be treated with the utmost caution and suspicion. Security issues of mobile
voting systems can be discussed from many points of view such as technology driven,
political science driven, or judicial driven. We discuss the issues with a technological
view, focusing especially on voting servers and clients, and the network
infrastructure enabling the client-server-connections.
In technological view a mobile voting system security is the most crucial part. Many
researchers tried to find out the security issues in a mobile voting system but there
are too many variables to consider. But there are three main issues the researchers
agree on which are most crucial.

Issues
Authenticity

Overview
This domain includes identification and authentication of
voters, system operators, election officials, and system
components. Mobile voting systems must identify and
authenticate voters in order to verify their eligibility and
provide them the permission to vote.

Confidentiality

Security

Voting systems must protect the confidentiality of sensitive

information connected to the system. Mobile voting systems
must protect the information of voters and the casted votes
from being used illegitimately.
Security issues include secure programming principles, and
independent testing and certification authorities are required
to prevent cheating by the developers/vendors. [10] [11]

3.2 Authenticity Issues

Proper voter authentication is required to ensure only eligible voters can cast their
votes and a valid voter contributes a single vote to the final tally. A mobile voting
system will typically verify credentials it is provided with, and assume the person
providing those credentials is the legitimate owner. As credentials may come from
the voters mobile rather than from the human voter him/herself, the voters mobile
may gain direct, unrestricted access to the voting credentials. The binding between
voters and identities, and between identities and credentials, is established through
voter Authorization.
In the GSM based mobile voting system voter authentication is done through GSM
mobile operator. Subscriber validation is done through GSM challenge-response
protocol. Due to GSM authentication setup public key overhead is mostly reduced.
Extra work is required to deal with the trust retained on authentication server, enduser device (ME) and application security. [2]
The mobile phone intermediate e-voting system is based on the extended Paillers
encryptions system. Aim of the system is to enforce the cut-of-the choose method to
exclude the computational zero knowledge evidences and express effectiveness of
the system. Proposed system is slightly safer in simulation-based prototype. [44]
GSM verification system used to provide voter confirmation enhances security, voter
mobility and reduces public-key overhead by using global system for mobile
communication technology. Making authentication centers more secure and reliable
is the main purpose of the system. [5]
A mobile ad hoc network (MANET) can be quickly deployed as needed as it consists
of some available mobile nodes with wireless network interfaces to form a

temporary network. In MANETs, nodes use wireless radio technology to

communicate with each other directly if they are both within wireless transmitter
range. However, since there is no stationary infrastructure or centralized
administration such as base stations, communication nodes must act as routers for
themselves and also rely on other nodes to relay communication data.
Moreover, several key features of MANETs must be taken into consideration if they
are to be used [45, 46], including limited power, limited memory, and limited
calculation capacity. In MANETs, security is a more important issue when compared
to wire or other wireless systems. A malicious node or an intruder can easily
eavesdrop on the communication channels between ad hoc nodes and discovers
sensitive information. This is known as, a passive or eavesdropping attack.
Eavesdropping attacks can cause many threats to the security and privacy of the
network. On the other hand, malicious nodes can inject false messages, alter them,
or re-send them on the communication channels between nodes and disrupt the
communication among these nodes in the network. This is known as an active attack,
and includes impersonation attacks, replay attacks, and man-in-the-middle attacks.
As a result of the threat posed by the above-mentioned attacks, there are many
cryptographic techniques commonly used to design security countermeasures for
MANETs such as symmetric-key (secret key), asymmetric-key (public and private
key), and one-way hash functions [47].

3.3 Security Issues

Cryptography can protect any data that is communicated from one system to another as well
as stored data. For example, the data which travels through the network between the voting
system and the voters mobile can be efficiently protected from unauthorized access via
protocols like Secure Socket Layer (SSL) or Transport Layer Security (TLS) [12]. SSL and TLS are
widely-deployed encryption mechanisms and are often used to protect communications
between a web server and browsers. When used with mutual authentication, these protocols
provide end-to-end security. When used to protect data at-rest, cryptographic keys can be split
between several people, requiring an arbitrary number of key holders to come together to
decrypt data. Such mechanisms offer protection against insider attacks, as long as a small
number of insiders can be trusted to not collude in an attack. Proper cryptographic key
management is very important for achieving protection using cryptographic techniques. Keys
must be generated, stored, used, and destroyed in specific ways to ensure there are not ways
to bypass the cryptographic protections.

A Mobile Secure E-voting Applet System (M-SEAS) was proposed by Stefano

Campanelli et al [13], along with standard cryptographic mechanisms, specially an
effective use of blind signatures [14] which makes it possible to sign a message
without being aware of its content.
Upon applying a blind signature, making message m not understandable, party i can apply a
signature, obtaining
{(m)blind}pk1 i
Then, who has originally applied the blinding can also remove it (notation ), though
maintaining the signature. The following qualitative equation holds:
{m}pk1 i {(m)blind}pk1 i
There are three entities involved in the protocol. The pollster P, representing the set of
hardware/software modules through which a voter can cast its ballot; the validator V, a server
that first checks the eligibility of the pollster P and the uniqueness of its submission, and then it
validates the submitted vote; the tallier T, a server that counts all the validated votes.
Bit-commitment [15] is one of the basic components of many cryptographic protocols. In a bitcommitment scheme, the sender A sends an encrypted message m to the receiver B in such a
way that when later on A sends B the key to decrypt the message, B can be confident that it is
the right key to the message m and the decrypted message B gets is the same message m that
A committed to with B.
In RSA-based design, which is currently the most prevalent public key cryptosystem,
the system CAs RSA key pair is denoted as {SK; PK}, where SK is the system
secret/private key and PK is the system public key. SK is used to sign certificates for
all entities in the network. A certificate signed by SK can be verified by the wellknown system public key pK. By threshold secret sharing, SK is shared among the
network entities. Each entity vi holds a secret share Pvi, and any K of such secret
shareholders can collectively function as the role of CA.
Besides the system key pair, each entity vi also maintains a personal RSA private and
public key pair {sKi, pKi}. This pair of personal keys is used in end-to-end security to
realize cipher key exchange, message privacy, message integrity, and non-repudiation.
[16]

3.4 Confidentiality Issues

Ensuring confidentiality of the voters identities and the votes during and after the
election is extremely important, otherwise the whole system would fall apart and the
voters would lose confidence in the system. After verifying the voters identity and
checking that the voter hasnt voted more than once, the e-voting device selects and

transmits an encryption key according to the encryption method being applied to

guarantee the confidentiality of the voter. A mobile terminal encrypts the vote
content and transmits the encrypted vote content to an e-voting device, which stores
the content and does not reveal it until voting time is finished. Meanwhile, a mobile
communication server that receives the encrypted vote content and the ID of a
mobile terminal always deletes ID. So, an e-voting device receives only content of
voting. After the voting time has passed, an e-voting device decrypts the stored
encrypted vote content and checks the voting selection to count the vote. [17]
A concrete cryptographic protocol is needed to guarantee the anonymity and the
confidentiality of a voter. Although there are a lot of electronic voting mechanism
using multiparty protocol [18, 19] and anonymous communication [20], more
reviews are required in the aspect of efficiency and secrecy.
In cryptographic voting schemes, ballots are modeled as a tuple of (ID, Vote)
containing the identity of the voter ID and its corresponding vote Vote. The ID-Vote
relationships must be kept private according to the privacy requirement. This is
possible by either preserving the confidentiality of the vote as
(ID, Conf(Vote))
or by preserving the confidentiality of the voters identity as
(Conf(ID), Vote)
where Conf is a function providing confidentiality service.

Chapter 4

Confidentiality Domain
Among the three major issues faced in a mobile voting system, we have focused on
the confidentiality issues. In this chapter we described the cruciality of this domain
and the existing methods which are being applied to deal with this issue.

4.1 Introduction
Among the three major issues described in the previous chapter, confidentiality is
the most crucial and important from a voters point of view. In an election the voters
confidentiality and his vote must remain anonymous. No voter will be interested to
use a system where the confidential information of a voter might get exposed. With
this concern to strengthen the confidentiality of the voter and his vote we chose this
domain to find the most secure method to make sure the votes and the voters
remain anonymous.

4.2 Existing Techniques

To ensure the confidentiality of the voter many researchers proposed different
models and techniques. It is needed to design a concrete cryptographic protocol to
guarantee the anonymity and the confidentiality of a voter. Although there are a lot
of electronic voting mechanism using multiparty protocol [2, 3] and anonymous
communication [4], more reviews are required in the aspect of efficiency and
secrecy. But among those three technique are well acknowledged by the most of the
researcher.
Techniques

Homomorphic
encryption

Overview

These voting protocols avoids the use of anonymous

channels by splitting individual ballots into a number of
pieces and casting each piece to a separate tallier. The
final result of the election comes from joining all partial
tallies and cryptographic mechanisms are used to
ensure the accuracy of the final tally.

Mixnet Protocol

The fundamental principle of mixing-based voting

protocols is to send ballots blindly validated to the vote
collection servers through some sort of anonymous
channel that severs the link between the voters
identity and their vote.

Blind signature

Blind signatures allow a person to sign an encrypted

message without decrypting it. In the voting schemes an
authority signs the vote and sends it back to the voter
as a proof that his vote is valid and was kept a secret.

4.3 Homomorphic Encryption

Homomorphic encryption allows computations to be carried out on ciphertext and
generating an encrypted result which matches the result of operations performed on
the plaintext after decryption. [24, 25]
Let the message space (M, o) be a finite (semi-) group, and let G be the security
parameter. A homomorphic public-key encryption scheme (or homomorphic
cryptosystem) on M is a quadruple (K, E, D, A) of probabilistic, expected polynomial
time algorithms, satisfying the following functionalities
Key Generation: On input 1 the algorithm K outputs an encryption/decryption
key pair
(ke, kd) = k K
where K denotes the key space.
Encryption: On inputs 1, ke, and an element m M the encryption algorithm E
outputs a ciphertext c C where C denotes the ciphertexts space.
Decryption: The decryption algorithm D is deterministic. On inputs 1, k, and an
element c C it outputs an element in the message space M so that for all m M
if c = E(11, ke, m) then Prob[D( 1, k, c) m] is negligible,
i.e., it holds that
Prob[D(1, k, c) m] 2- .

Homomorphic Property: A is an algorithm that on inputs 1, ke and elements c1,

c2 C outputs an element c3 C so that for all m1, m2 M it holds,
if m3 = m1 o m2 and c1 = E(1, ke, m1) and c2 = E(1 , ke, m2), then
Prob[D{A(1 , ke, c1, c2)}] m3] is negligible.
For a homomorphic encryption scheme to be efficient, it is crucial to make sure that
the size of the ciphertexts remains polynomial bounded in the security parameter G
during repeated computations. The security aspects, definitions, and models of
homomorphic cryptosystems are the same as those for other cryptosystems.

4.3.1 Properties of Homomorphic Encryption Schemes

Homomorphic encryption schemes have some interesting mathematical properties.
In the following, we mention some of these properties.

4.3.1.1 Re-randomizable encryption/re-encryption

Re-randomizable crypto- systems are probabilistic cryptosystems with the additional
property that given the public key ke and an encryption Eke(m, r) of a message m M
under the public key ke and a random number r Z it is possible to efficiently convert
Eke(m, r) into another encryption Eke(m, r) that is perfectly indistinguishable from a
fresh encryption of m under the public key ke. This property is also called reencryption. Every probabilistic homomorphic cryptosystem is re-randomizable.
Without loss of generality, we assume that the cryptosystem is additively
homomorphic. Given Eke (m, r) and the public key ke, we can compute Eke (0, r) for a
random number r and hence compute the following:
Add (Eke(m, r), Eke(0, r)) = Eke(m+0, r) = Eke(m, r).
Where r is an appropriate random number.

4.3.1.2 Random Self-educibility

Along with the possibility of re-encryption comes the property of random selfreducibility concerning the problem of computing the plaintext from the ciphertexts.
A cryptosystem is called random self-reducible if any algorithm that can break anontrivial fraction of ciphertexts can also break a random instance with significant
probability.

4.3.1.3 Verifiable Encryptions / Fair Encryptions

If an encryption is verifiable, it provides a mechanism to check the correctness of
encrypted data without compromising on the secrecy of the data. For instance, this is
useful in voting schemes to convince any observer that the encrypted name of a
candidate, i.e., the encrypted vote is indeed in the list of candidates. Verifiable
encryptions are also called fair encryptions.

4.3.1.4 Protection of Mobile Agents

One of the most interesting applications of homomorphic encryption is its use in
protection of mobile agents. Since all conventional computer architectures are based
on binary strings and only require multiplication and addition, such homomorphic
cryptosystems would offer the possibility to encrypt a whole program so that it is still
executable. Hence, it could be used to protect mobile agents against malicious hosts
by encrypting those. The protection of mobile agents by homomorphic encryption
can be used in two ways:
(i) Computing with encrypted functions and (ii) computing with encrypted data.
Computation with encrypted functions is a special case of protection of mobile
agents. In such scenarios, a secret function is publicly evaluated in such a way that
the function remains secret. Using homomorphic cryptosystems the encrypted
function can be evaluated which guarantees its privacy. Homomorphic schemes also
work on encrypted data to compute publicly while maintaining the privacy of the
secret data. This can be done encrypting the data in advance and then exploiting the
homomorphic property to compute with encrypted data.

4.3.1.5 Multiparty Computation

In multiparty computation schemes, several parties are interested in computing a
common, public function on their inputs while keeping their individual inputs private.
Usually in multiparty computation protocols, we have a set of n 2 players whereas
in computing with encrypted data scenarios n = 2. Furthermore, in multi-party
computation protocols, the function that should be computed is publicly known,
whereas in the area of computing with encrypted data it is a private input of one
party.

4.3.1.6 Secret Sharing Scheme

In secret sharing schemes, parties share a secret so that no individual party can
reconstruct the secret from the information available to it. However, if some parties
cooperate with each other, they may be able to reconstruct the secret. In this
scenario, the homomorphic property implies that the composition of the shares of
the secret is equivalent to the shares of the composition of the secrets so unless all
the parties cooperate, it is not possible to reconstruct the secret.

4.3.1.7 Zero-knowledge Proofs

This is a fundamental primitive of cryptographic protocols and serves as an example
of a theoretical application of homomorphic cryptosystems. Zero-knowledge proofs
guarantee that the protocol communicates exactly the knowledge that was intended,
and no (zero) extra knowledge. In election schemes, the homomorphic property
provides a tool to obtain the tally given the encrypted votes without decrypting the
individual votes.

4.3.1.8 Watermarking and Fingerprinting Schemes

Digital watermarking and fingerprinting schemes integrate additional information
into digital data. The homomorphic property is used to add a mark to previously
encrypted data. In general, watermarks are used to identify the owner/seller of
digital goods to ensure the copyright. In fingerprinting schemes, the person who buys
the data should be identifiable by the merchant to ensure that data is not illegally
redistributed.

4.3.1.9 Oblivious Transfer

Usually in a two-party 1-out-of-2 oblivious transfer protocol, the first party sends a
bit to the second party in such a way that the second party receives it with
probability , without the first party knowing whether or not the second party
received the bit.

4.3.1.10 Commitment Schemes

Commitment schemes are some fundamental cryptographic primitives. In a
commitment scheme, a player makes a commitment. H/She is able to choose a value
from some set and commit to her choice such that h/she can no longer change

his/her mind. H/She does not have to reveal her choice although h/she may do so at
some point later. Some commitment schemes can be efficiently implemented using
homomorphic property.

4.3.1.11 Lottery Protocols

Usually in a cryptographic lottery, a number pointing to the winning ticket has to be
jointly and randomly chosen by all participants. Using a homomorphic encryption
scheme this can be achieved as follows: Each player chooses a random number
which is then encrypted. Then using the homomorphic property the encryption of
the sum of the random values can be efficiently computed. The combination of this
and a threshold decryption scheme leads to the desired functionality.

4.3.2 Homomorphic Encryption-based Voting Schemes

In schemes using the (ID, Conf(Vote)) approach, protection is offered against the
voting strategy of a particular voter. An encryption function E is used to encrypt the
vote, such that the integrity and confidentiality of the vote are preserved.
For n voters, and i = 1, 2, , n, voter Vi forms his/her ballot ci by encrypting his/her
vote vi using a homomorphic encryption function
Eas ci= E(vi).
Ballot ci is then submitted to the tally authorities. After the voting period has ended,
tally authorities reveal the voting result from decrypting the combination of n ballots,
where individual ballot ci is not decrypted. Tabulation of ballots is possible by
exploiting the homomorphism property of the encryption function. For example:
E(v1) *E(v2) * *E(vi) *... *E(vn) = E(v1+ v2+ + vi+ + vn) [27]
The homomorphism is inherited from the use of exponentiation in the encryption
process.
Using this approach, the universal verifiability property is also satisfied, since the
ballots are published, and everyone can check whether there are any ballots
excluded from the tabulation. [26]

4.3.3 Drawbacks of Homomorphic Encryption

Complicated:
Noise introduction

 Noise removal through refreshing

Many variables to adjust for
Slow:
Refreshing can take up to 30 minutes depending on public key size
Key generation can take over 2 hours for very large public key sizes
Big:
High computational and size overhead [28]

4.4 Mixnet Protocol

MIX-net systems protect the privacy of participants by clouding together their
transactions through cascades of third parties. [29] In 1981, David Chaum introduced
the concept of MIX - a third party that combines and forwards messages from
several senders to several recipients, so that no relation between any particular
sender and any particular recipient can be observed externally.
The MIX approach has been applied to untraceable digital pseudonyms [29],
synchronous and asynchronous communication systems [32], [31], [30], [34], as well
as electronic voting [33]. These applications rely not just on one MIX but on cascades
of multiple Mixes forming a MIX-net. The MIX-net clouds the relation between
messages (or pseudonyms), senders, and recipients even more: each message may
go through several Mixes before reaching its final destination.

4.4.1 Uses of Mixnet Protocol

Purchasing a good, sending a message, or voting in an election, and so on. Mix-nets
are used to shuffle the order of votes to insure anonymity in the voting. In the mix
net protocol an ordered list of the votes is sent through the network of authorities,
where each authority shuffles the list with a secret permutation. We describe two
types of mix-net protocols: decryption mix-nets and re-encryption mix-nets.

4.4.1.1 Decryption Mix-nets

A decryption mix-net does not have a final decryption phase. Rather, the initial
encryption phase E encrypts its inputs by applying a concatenation of k encryption
operations to each input; each mix removes one of these encryptions by applying a
corresponding decryption algorithm; it then mixes all its decrypted inputs by
applying a secret random permutation to them. More specifically, each mix has its
own pair of keys. [36]

4.4.1.2 Re-encryption Mix-nets

As opposed to a mix phase in a decryption mix-net, whose role is both to mix and to
partially decrypt, the role of a mix phase in a re-encryption mix-net is only to mix.
Note, however, that a mix which merely scrambles the inputs is not good enough.
This is so, since by merely scrambling, the resulting set of ciphertexts does not
change, and thus for each resulting ciphertext it is easy to recover the voter
associated with it. So an extra operation is needed in order to mix in an
unrecoverable way. In a re-encryption mix-net, the extra operation added to each
mix phase is a re-encryption operation. [36]

4.4.2 Robustness
Robustness of a mix net can be obtained in several different ways, namely cut-and
choose [30, 31]; repetition robustness; standard zero-knowledge proofs in sorting
networks; use of multiple participants per layer [37, 38]; error detecting techniques ;
and techniques based on secret sharing. A robust mix net should:
1. Operate correctly: the output should correspond to a permutation of the
input,
2. Provide privacy: an observer should not be able to determine which input
element corresponds to a given output element (and vice versa) in any way, and
3. be robust: deliver proofs that it has operated correctly. In addition, it is
beneficial if any interested party is able to check the proof or evaluate the
evidence; a property also known as public verifiability.

4.4.3 Application to Electronic Voting

When processing votes, it is desirable that once the encrypted votes are decrypted,
no one will be able to match the decrypted vote with the voter, not even the
authorities responsible for decrypting and tallying. Mix-nets, the cryptographic
primitive described above, is able to achieve this.

4.4.4 Advantages
The use of mix-nets can allow for n-perfect privacy property. In the scheme described
above, compromised voting equipment will be unable to match a particular vote to a
voter. In addition, since the vote will be encrypted with multiple mix server keys, it
will take more than a single malicious mix server to compromise a voter's vote.

4.4.5 Drawbacks
As described earlier in the homomorphic section, tallying cannot begin until all voters
have cast their vote.

4.5 Blind Signature

In the world of cryptographic security digital signature started a revolution from
1988. The idea of digital signature first proposed with a notation by Whitfield Diffie
and Martin Hellman In 1976 though they only conjectured that such schemes
existed. Soon Ronald, Shamir an Adleman proposed a detailed signature technique
which is known as RSA algorithm. In 1988, Shafi Goldwasser, Silvio Micali, and Ronald
Rivest became the first to rigorously define the security requirements of digital
signature schemes.
Though Digital signature proposed in 1988 David Chaum proposed another technique
which is extend of digital signature known as blind signature.
Blind signature is a scheme which allows a person to get his message signed by
another party without getting any information revealed to the other party. Simply it
allows to sign an encrypted message without decrypting it. [39]

4.5.1 Typical Analogy of Blind Signature

Enclosing a message in a carbon paper lined envelop.

Writing a signature on the outside of the envelope.
Leaves a carbon copy of the signature on the paper inside the envelope.
The signer does not view the message content.
But a third party later can verify the signature.

Blind signatures are typically employed in privacy-related protocols where the signer
and message author are different parties. Blind signature schemes are mostly used in
applications where sender privacy is important. This includes various "digital cash"
schemes, untraceable money transfer and voting protocols.

4.5.2 Application in Electronic Voting System

In any voting system there has to be an authority who will ensure that a vote has
been received, without gaining any knowledge on the content of the vote. Blind
signature system allows the authority to sign a confirmation message that a vote has

been received and sending the confirmation message back to the votet without
disrupting the integrity of the vote. [40]

4.5.3 Generic Notation of Blind Signature

The blind signature of a message M that consists of five properties < , c, , , >,
where is polynomial-time probabilistic algorithm that constructs the signer's public
key pk and secret key sk, c is polynomial-time blinding algorithm that takes a
message m M, public key pk and a random string r as an input and constructs a
blind message m, is a polynomial-time signing algorithm that takes as an input
blind message m and secret key sk and constructs blind signature s on m, is
polynomial-time retrieving algorithm that takes as an input blind signature s and
random string r and extracts signature s on m, is a polynomial-time signature
verifying algorithm that takes as an input pair of message and signature (m, s) and a
private key pk and outputs yes or no. [41]

4.5.4 Application to Electrical Voting Scheme

A trusted authority helps the voter to create a unique token which will be used later
to vote. Only the voter is privy to this token. The validity of this token is verifiable by
anyone. Voter sends his vote along with the token in anonymous channel to the
authority. To ensure the voters eligibility and singularity of the vote, the authority
verifies that the token is not forged or already in use. The structure of the token is
specified in the voting schemes and the token might contain various encrypted
information about the user. However, it must not be possible for anyone to extract
information about the voter's identity from the token. Each voter must obtain a
unique token [42].

4.5.5 Existing Scheme

In this scheme, the vote is blinded in order to ensure confidentiality. When voting, a
voter must get the signature of the validator. For this scheme B is a ballot, (n, e) is
validator's public key and (n, d) is validator's secret key. The following is sent to the
validator.
B= re B mod n

The random number r (gcd(n, r) = 1) blinds the value in order to conceal the ballot
from the validator. After verifying the voter, the validator signs the ballot.
S = (B)d = rBd mod n
After receiving B the voter unbinds the ballot and computes the true signature S.
S = S r-1 mod n = B d

4.5.6 Advantage
The biggest advantage of blind signature in electrical voting scheme is efficiency and
voters confidentiality. The voting phase as well as tallying phase is more efficient
when compared to other schemes. [40]

4.5.7 Drawbacks
One drawback is that many common voting schemes using blind signatures are
unable to ensure the universal verifiability property [40]. Universal Verifiability is
anyone can verify that the protocol correctly processes and tallies all the valid votes.
This is due to the inability to handle voters who abstain from voting. In this case,
malicious authorities may impersonate because an outsider will not be able to notice
this.

Chapter 5

Proposed Method
5.1 Proposed Method
From the discussions and analyzations in the earlier chapters, it is clear that none of
the existing methods can perfectly satisfy all the desired properties for a perfectly
confidential mobile voting system. Homomorphic system has very simple tallying
system but cannot achieve receipt-freeness. Mixnet system has the ability to
implement n-perfect privacy but all the vote must cast the votes before it can begin
tallying which is clearly time consuming. As well as blind signature method is very
efficient to authenticate the votes and voters identities but cannot ensure universal
verifiability.
We proposed a system by using three different encryption protocols at the same
time to reduce each others drawbacks. Lets assume voter is V, vote m. by Mixnet
system M can be encrypted for casting with a secret key sk (sk, M). By using Blind
signature after using Mixnet the encrypted vote can be authorized for counted
without enclosing the information of the voter V.
S= r Vsk mod A
where A is validator and r is a random number to conceal the massage from
validator. Now let the voter V=1, 2, .., i. By using Homomorphic system we can start
tallying exact moment the vote has casted and count it for final tally.
E(S1) *E(S2) * *E(Si) *... *E(Sn) = E(S1+ S2+ + Si+ + Sn)

We see that homomorphic system can satisfy the drawbacks of Mixnet system
because as homomorphic system collects the vote, it can also tally the vote for the
final count. On the other hand, the receipt-freeness can be achieved by Mixnet
systems strong encryption methods. As mentioned in earlier chapter, re-encryption
Mixnet uses different keys and shuffles those keys to make it almost impossible to
access the votes without the right key. The blind signature can make it more secure
by authenticating the encrypted vote and ensuring that the voter is eligible to cast
vote and has voted only once.
By using Mixnet and homomorphic system the confidentiality of the vote and voter
increase drastically. It ensures the confidentiality of the voter ID and the vote as well
as authorizes it by using blind signature which ensures that the voter is eligible to
vote and the vote has been counted.

Chapter 6

Conclusion
6.1 Conclusion
Implementation of a mobile voting system has many issues that are yet to be solved.
In our paper, we have focused on the major issues in obtaining a completely secure
mobile voting system and proposed a solution which ensures more efficiency than all
the existing solutions.
The major issues that we faced in designing a mobile voting system are security
issues, authenticity issues and confidentiality issues. Due to time constraint, we
focused on confidentiality issues and discussed three major existing systems which
include homomorphic system, mix net system, and digital and blind signature which
is applied in order to ensure and maintain the voter id and the records of casted
votes in order to attain a completely secure, confidential and authentic mobile voting
system.
We proposed a solution to keep the voter list and casted votes hidden by encrypting
the lists using homomorphic system and then shuffling them using mix net system.
Using our method, we removed the disadvantages of the mix net system which can
only keep one of the elements hidden, not both. By keeping both the elements
hidden, we can drastically increase the confidentiality rate of the mobile voting
system and by using homomorphic system alongside the mix-net protocol we can
also begin tallying before the voting has been completed and count the casted vote
in the final tally.
The only disadvantage we faced while designing our system is the time complexity,
due to applying two different encryption algorithms in all the data, it will take almost
twice as time to get the final tallied results. Due to time constraint, we could not
manage to find the solution to this complexity. Our future work will focus on
reducing the time complexity and implementation of a completely secure, authentic
and confidential mobile voting system.

References
[1] X. Yi, P. Cerone, and Y. Zhang, Secure Electronic Voting for Mobile Communications, in Proc.
Vehicular Technology Conference, vol. 2, 2006.
[2] Y. Feng, S. L. Ng, and S.S. Grosche, An Electronic Voting System Using GSM Mobile
Technology, Department of Mathematics Royal Holloway, University of London Egham, Surrey
TW20 0EX England, England Technical Report RHUL MA2006
[3] K. Kim, and D. Hong, Electronic Voting System using Mobile Terminal, World Academy of
Science, Engineering and Technology, pp. 33-37, 2007.
[4] Y. Qiu, and H. Zhu, Somewhat Secure Mobile Electronic-voting Systems Based on the Cutand-Choose Mechanism, International Conference on Computational Intelligence and Security,
Proc. IEEE International conference on Computational Intelligence and Security (CIS09), vol. 1,
pp. 446-450, July 2009.
[5] X. Yi, and E. Komodo, Practical Mobile Electronic Election, IEEE/SICE International Symposium
on System Integration (SII), pp.1119-1124, 20-22 Dec. 2011.
[6] L. Fouard, M. Duclos, and P. Lafourcade. Survey on electronic voting schemes, 2007.
[7] B. Chevallier-Mames, P.A. Fouque, D. Pointcheval, and J. Traore. On some incompatible
properties of voting schemes. In IAVoSS Workshop on Trustworthy Elections, WOTE06. Citeseer,
2006.
[8] L. F. Cranor, and R. K. Cytron, Sensus: A security- conscious electronic polling system for the
internet. Hawaii International Conference on System Sciences, 1997, 3:560.
[9] A. Rubin, Security considerations for remote electronic voting over the Internet. The
of USENIX and SAGE, 2001, 1(26):pp. 2028.

Magazine

[10] Jefferson, D. and Rubin, A. and Simons, B. and Wagner, D. (2004), A Security Analysis of the
Secure Electronic Registration and Voting Experiment (SERVE).
[11] Aditya, Riza, Boyd, Colin, Dawson, Edward, & Lee, Byoungcheon (2004) Implementation Issues
in Secure E-Voting Schemes. In Kozan, E (Ed.) Proceedings of Abstracts and Papers of the Fifth
Asia- Pacific Industrial Engineering and Management Systems (APIEMS) Conference 2004 and
the Seventh Asia-Pacific Division Meeting of the International Foundation of production
Research, 12-15 December 2004, Gold Coast, Australia.
[12] Dierks, T. and Rescorla, E., The TLS Protocol Version 1.2, Internet Engineering Task Force,
Request for Comment 5246, August 2008.
[13] Stefano Campanelli, Alessandro Falleni, Fabio Martinelli, Marinella Petrocchi, Anna Vaccarelli
Mobile implementation and formal verification of an e-voting system IITCNR, Via G. Moruzzi
1, 56124 Pisa, Italy.

[14] D. Chaum. Blind Signatures for Untraceable Payments. In Proc. of Crypto82, pages 199203.
Plenum, NY, 1983.
[15] Manish Kumar1*, T.V.Suresh Kumar1, M. Hanumanthappa2, D Evangelin Geetha1, Secure
Mobile Based Voting System,
[16] Jiejun Kong, Petros Zerfos, HaiyunLuo, Songwu Lu, Providing Robust and Ubiquitous Security
Support for Mobile Ad-Hoc Networks Lixia Zhang Computer Science Department
[17] Keonwoo Kim, and Dowon Hong, Electronic Voting System using Mobile Terminal, World
Academy of Science, Engineering and Technology International Journal of Electrical, Computer,
Electronics and Communication Engineering Vol:1 No:8, 2007.
[18] J. D. Cohen and M. J. Fisher, A robust and verifiable cryptographically secure election system,
In Proc. 26th IEEE Symp. On Foundations of Comp. Science, pp 372-382, Portland, 1985.
[19] A. C. Yao, How to generate and exchange secrets, In Proc. of 27th IEEE Symp. On Foundations
of Comp. Science, pp 162-167, Toronto, 1986.
[20] C. S. Park, K. Itoh, and K. Kurosawa, Efficient anonymous channel and all/nothing election
scheme, EROCRYPT 93, pp 248-259, Springer-Verlag, Lecture Notes in Computer Science No.
765, 1994.
[21] Riza Aditya*, Byoungcheon Lee*,**, Colin Boyd* and Ed Dawson, IMPLEMENTATION ISSUES IN
SECURE E-VOTING SCHEMES, Kozan, E (Ed.) Proceedings of Abstracts and Papers (On CD-ROM)
of the Fifth Asia-Pacific Industrial Engineering and Management Systems (APIEMS) Conference
2004 and the Seventh Asia-Pacific Division Meeting of the International Foundation of
Production Research, 12-15 December 2004, Gold Coast, Australia.
[21] Manish Kumar1*, T.V. Suresh Kumar1, M. Hanumanthappa2, D Evangelin Geetha1, Secure
Mobile Based Voting System,
[22] MohibUllah, Arif Iqbal Umar, Noor ul Amin, Nizamuddin, An Efficient and Secure Mobile Phone
Voting System, 978-1-4799-0615-4/13/$31.00 2013 IEEE
[23] Yang Feng, Siaw-Lynn Ng and Scarlet Schwiderski-Grosche, An Electronic Voting System Using
GSM Mobile Technology, Technical Report RHULMA20065 26 June 2006
[24] Craig Stuntz (2010-03-18). "What is Homomorphic Encryption, and Why Should I Care?"
[25] A. Neff. A verifiable secret shuffle and its application to e-voting. In P. Samarati, editor.
[26] Riza Aditya, Byoungcheon Lee, Colin Boyd and Ed Dawson, Implementation Issues In secure EVoting Schemes, *Information Security Research Centre, Queensland University of Technology,
Joongbu University 101 Daebak-Ro, Chuboo-Meon, Kumsan-Gun, Chungnam, 312-702, Korea
[27] The URL for the group is http://grouper.ieee.org/groups/scc38/1622/, last accessed 7 October
2004.

[28] Sara Jackson, A Critique of Fully Homomorphic Encryption.

[29] Alessandro Acquisti An User-centric MIX-net Protocol to Protect Privacy_ New Orleans, US
November 2002.
[30] M. Abe. Universally verifiable mix-net with verification work independent of the number of mixservers. In K. Nyberg, editor, EUROCRYPT 98, volume 1403 of Lecture Notes in Computer
Science, pages 437447. Springer-Verlag, 1998.
[31] W. Ogata, K. Kurosawa, K. Sako, and K. Takatani. Fault tolerant anonymous channel. In Proc.
ICICS 97, volume 1334 of Lecture Notes in Computer Science, pages 440444, 1997.
[32] M. Jakobsson. A practical mix. In K. Nyberg, editor, EUROCRYPT 98, volume 1403 of
Lecture Notes in Computer Science, pages 448461. Springer- Verlag, 1998.
[33] M. Jakobsson. Flash mixing. In PODC 99, pages 8389. ACM, 1999.
[34] M. Mitomo and K. Kurosawa. Attack for flash MIX. In T. Okamoto, editor, ASIACRYPT 00, volume
1976 of Lecture Notes in Computer Science, pages 192204. Springer-Verlag, 2000
[35] M. Abe. Mix-networks on permutation networks. In K-Y. Lam, E. Okamoto, and C. Xing, editors,
ASIACRYPT 99, volume 1716 of Lecture Notes in Computer Science, pages 258273. SpringerVerlag, 1999.
[36] M. Jakobsson and A. Juels. Millimix: Mixing in small batches, June 1999. DIMACS Technical
Report 99-33.
[37] Y. Desmedt and K. Kurosawa. How to break a practical mix and design a new one. In B. Preneel,
editor, EUROCRYPT 00, volume 1807 of Lecture Notes in Computer Science, pages 557 572.
Springer-Verlag, 2000.
[38] M. Ohkubo and M. Abe. A lengthinvariant hybrid mix. In T. Okamoto, editor, ASIACRYPT 00,
volume 1976
[39] Blind Signatures for Untraceable Payments, D. Chaum, Advances in Cryptology Proceedings of
Crypto 82, D. Chaum, R.L. Rivest, & A.T. Sherman (Eds.), Plenum, pp. 199-203.
[40] Schliebner D. Electronic remote voting. Master's thesis, Humboldt-University of Berlin, 2011.
[41] Z. Rjaskova. Electronic voting schemes. Diplomovapraca, Bratislava, 2002.
[42] S. Ibrahim, M. Kamat, M. Salleh, and S.R.A. Aziz. Secure e-voting with blind signature. In
telecommunication Technology, 2003. NCTT 2003 Proceedings. 4th National Conference on,
pages 193{197. IEEE, 2003.
[43] NESlR 76-687 EFFECTIVE USE OF COMPUTING TECHNOLOGY IN VOTE-TALLYING Roy G.
Saltman, Standards and Technology Information Technology Divisim Institute for Computer
Sciences and Technology National Bureau of Standards Washington, 0. C. 20234

[44] K. Kim, and D. Hong, Electronic Voting System using Mobile Terminal, World Academy of
Science, Engineering and Technology, pp. 33-37, 2007.
[45] D. Chaum, Untraceable electronic mail, return addresses and digital pseudonyms,
Communications of the ACM, vol. 24, no. 2, pp. 8488, 1981.
[46] Yu-Yi Chen, Jinn-Ke Jan, and Chin-Ling Chen, The design of a secure anonymous Internet voting
system, Computers & Security, vol. 23, no. 4, pp. 330337, 2004.
[47] M. Ramkumar and N. Memon, An ecient key predistribution scheme for ad hoc network
security, IEEE Journal on Selected Areas in Communications, vol. 23, no. 3, pp. 611621, 2005.