基于ThreeBallot的投票协议优化方案

Improved voting scheme based on ThreeBallot voting scheme

为了适应电子选举的多种投票场景,针对选民隐私与选票公开可验证之间的矛盾,提出了基于ThreeBallot投票方案的改进方案。该方案首先针对ThreeBallot方案原本的一些问题进行了优化,比如ThreeBallot投票方案在攻击者收集了足够多的票据后,有较大概率可以重构出投票人的选票信息,从而破坏方案的匿名性,改进后的方案优化了票据的生成过程,引入了假选票承诺机制,切断了票据与投票者之间的联系,使得针对该投票方案的选票重构攻击不再奏效。其次优化后的方案可以更容易地进行公告板的管理与展示,使得投票过程更加清晰直观。改进后的方案利用更加巧妙的设计,使得投票者可以在不泄露自身隐私的情况下,验证自己的选票被系统正确地公开记录。从模拟投票的实验中也可以清楚得看到,与ThreeBallot方案相比,改进后的方案在计票环节工作量与原方案在同一数量级,但是具有更好的安全性,所有尝试通过收据对原始选票的重构攻击均不成功。该方案可以作为新一代投票系统的设计依据,让投票系统在不泄露投票者隐私的情况下,可以全网公开投票结果,使投票结果更令人信服。

To adapt a voting system to more situations,and coordinate the contradiction between privacy and public verifiability,an optimized voting scheme based on ThreeBallot was proposed.Firstly,the drawback of ThreeBallot voting scheme was solved by the optimized scheme.For example,when an attacker collects enough vote receipts,he can reconstruct the ballot via the information in the receipts,thus the privacy is infringed.The voting ticket generation process was optimized,with the help of dummy vote,the connection between the vote and the voter was cut off,so that the reconstruction attack on the voting scheme no longer worked.By using the optimized scheme,it is easier to manage the bulletin board,and the voting process is more clear and intuitive.The optimized scheme let the voter can verify whether his/her vote was correctly recorded without leaking the privacy.From the experiment of vote process,it is clear that,compared to the ThreeBallot scheme,the optimized scheme had the same level of difficulty in counting vote,and provided a higher level of security,all the attempts of reconstruction attack failed.This solution can serve as the basis for a new generation of voting system to release vote to the Internet bulletin for verification without leaking voter’s privacy.