Electronic trust services are becoming an integral part of the information space. Their use is governed by Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC [1] which establishes terms and conditions. With the reliable implementation of such basic services as an electronic signature and electronic authentication, it is possible to build more complex systems that rely on them, for example, an electronic voting system. Remote (electronic) voting has many advantages. It is assumed that they are more convenient for end-users because people can vote without leaving home; this increases the activity of voters. Maintenance of electronic voting is cheaper: instead of permanently printing ballots, it's enough to develop a system once. In addition, the assumption that no one can interfere with the program on the voting device implies that electronic voting is less susceptible to corruption, administrative pressure, and human factors. However, this raises a number of specific problems that hinder the integrity of elections. Remotely, it is much more difficult to authorize a voter or make sure that no one has influenced the voting process. On the other hand, the Internet provides more opportunities for checking by ordinary voters whether the voice is correctly taken into account. Currently, electronic voting is fully legal or partially applicable in many countries of the world [2]. Since more and more people are involved in them, the need for safer and more efficient methods for their implementation is increasing, which is what special cryptographic protocols are designed for [3][4][5][6][7][8].
It should be noted that today the developing process of any system has to take into account the evolution of quantum computers and as a result the growth of computational speed. In the conditional of current cyber threats secure of the system should not base only on key parameters cryptographical secure [9][10][11]. Important point is to ensure the resilience of the system. From this point of view blockchain technology might be useful.
The main purpose of this paper is to formulate the development principles for a decentralized e-voting system that would prevail over existing e-voting systems without a decentralized structure.
The system of electronic voting is a set of interrelated rules, methods, processes, tools, and technologies, as well as legal norms that together provide and regulate the remote legitimate voting of authorized users (voters). Components (subsystems / levels) of the electronic voting system (see Fig. 1): legal level (laws and other regulatory documents); organizational level (e-voting system architecture); process level (processes for participants); technological level (methods, tools, protocols, technologies).
Fig. 1. Levels of electronic voting system Requirements for secret e-voting systems [12].
no one except the voter should know his choice; only legitimate members can vote, and moreover only once; the decision of the voter cannot be secretly or explicitly changed by anyone (except, perhaps, by himself). In addition, the desired requirements are set out [12]:
Desirable:
each legitimate participant can check whether his voice is correctly counted; each legitimate participant may change his mind and change his choice within a certain period of time; the system should be protected from the sale of votes by voters; in case the vote is incorrectly counted, each legitimate participant can report this to the system without revealing his anonymity; it is impossible to track where the voter remotely voted from; operator authentication; you can find out who participated in the vote, and who -no; maintaining the system should not require a lot of resources; the system must be fault tolerant in case of technical malfunctions (loss of power supply), unintended (loss of the key by the voter) and malicious (intentionally disguising itself as another voter, DoS / DDoS) attacks.
The major threats to systems of this type are:
legitimate voter cannot vote; loss of voter anonymity; registration of non-existent voters; the use of blank ballots that registered but did not participate in the election.
The architecture of the decentralized e-voting system is two-level and consists of two intersecting blockchain networks, the lower network is a decentralized electronic identification infrastructure (DI eID), and the upper network is a decentralized infrastructure for voting itself and counting the results (DI voting) (see Fig. 2).
This infrastructure should provide a procedure for the reliable identification of users and a list of legitimate voters' establishment. It consists of providers of identification services (hereinafter -IdP providers). It is necessary to ensure the implementation of the identification using:
e-passport of the citizen; electronic signature (including both software and hardware implementation (token))
According to the requirements, the following entries may act as identity providers: Bank institutions; Mobile operators; Migration Service Centers (Administrative Service Centers -ASC); Certification authorities of the national digital signature system.
Provisions for the operation of providers are established by the Law of Ukraine "On Electronic Trust Services", implemented by the EU Regulation and other international and national normative documents.
Each identity provider has a pre-generated local database of its users, which contains their identities and possibly local IDs. The responsibility for the secure storage and correct use of local databases rests with identity providers.
In order to organize the identification infrastructure within a decentralized electronic voting system, the identity providers are combined into a separate private permissioned blockchain network. In this network, each of the identity provider acts as a validator node. It should be noted that complex and energy-intensive consensus protocols are not required for such a network because the network connects trusted ("honest") nodes.
The infrastructure should provide for the process of the remote voting of registered (authorized) legitimate voters and the process of results counting. In addition, generation processes for voters' wallets and candidates' wallets should be organized in this infrastructure. For the organization voting infrastructure under the decentralized electronic voting system, the representative offices responsible for conducting the election process (A1, A2, ..., An), like identification providers, are combined into a separate private blockchain network, in which each of Ai acts as a validator node -collectively they represent a decentralized Agency (A). Similar to the upper blockchain network, the lower one also does not need to use complex and energy-intensive consensus protocols because the network connects trusted ("honest") nodes. Validator nodes form purses for legitimate voters and carry out voter authentication. They are also responsible for the process of wallet generation for alternatives (candidates).
The voting protocol in a decentralized electronic voting system consists of the following steps:
1. Formation of the of legitimate voters' list in a decentralized electronic identification infrastructure; 2. Generation of legitimate voters' wallets in a decentralized infrastructure for remote voting and results counting; 3. Candidates registration in a decentralized infrastructure for remote voting and results counting; 4. Voters' authentication in decentralized infrastructure for remote voting and results counting; 5. Voting in a decentralized infrastructure for voting and results counting; 6. Counting of votes in a decentralized infrastructure for voting and results counting.
The implementation of this protocol using blockchain technology allows depending on the needs of the target system to change the order of some stages (basically the fourth and fifth) without loss of reliability. The direct sequence (fourth to fifth) implies that only authenticated users (legitimate voters) are allowed to vote. The reverse sequence (fifth to fourth) allows participation in the voting process of potential violators (illegitimate voters), but due to the peculiarities of the implementation of the transaction consensus mechanism, and accordingly, the votes of illegitimate users will not be taken into account. This is based on the assertion that in any blockchain network, a transaction is considered validated only if both conditions are fulfilled:
1. the format and signatures of the transaction are verified; 2. validator nodes have reached consensus on including this transaction in the block chain.
The principles of building a decentralized infrastructure for remote voting and counting results do not allow validation nodes to include a transaction from an illegitimate voter in the blockchain since the first condition will not be fulfilled (transaction signature will not be valid).
Forming lists of legitimate voters occurs in the lower blockchain network. Each potential voter independently generates a key pair (SK; PK). Then he/she sents a request to be included in the voters' list to one of his/her available identity provider, in which he/she provides his/her with his identification information and public key.
The format of the request depends on the available communication channels between the voter and the identity provider. It can be made remotely via the Internet provided there is a reliable communication channel (see Fig. 3b), or such an identification request can be made personally by a potential voter within the identity provider controlled zone. If the request is made remotely, the responsibility for complying with the key pair generation rules rests with the user. If the request is made personally within the controlled zone, the identity provider is responsible for complying with the conditions of the generation of the key pair of the user.
If a potential voter already has generated key pair as required by one of the identification providers, he or she may use it. In this case, the public key certificate must be included in the request to the provider (see Fig. 3a).
If a positional voter does not have a local ID in any of the identity provider database, he or she must undergo a primary identification procedure with one of the identity providers and only then be included in the list of legitimate voters (see Fig. 3c). The initial identification procedure should be conducted in accordance with the rules of a certain identity provider.
Thus, when the time allotted for forming legitimate voters' list has run out, an anonymous (depersonalized) list of potential legitimate voters is created in the lower blockchain, and the Agency receives a list of all registered legitimate voters, but voters remain anonymous. The identification processes for different types of users are shown on the figures 4a-4c. ( ) H ID , where ID is the user ID in the following sequence: (series and passport number of the citizen); and H is a cryptographic hash function
The ID format must be the same for all identity providers. This condition makes it impossible for voters to re-register with different identity provider.
The process of generating a voter wallet (see Fig. 5) is initiated by the validator node of the upper blockchain network when it receives the public key from any of the identity providers in the form of a transaction. The voter wallet's initial balance is 0. Candidates are registered in the top blockchain network. Hereinafter, the Agency will be understood to mean the totality of territorial polling stations combined into a separate private permissioned blockchain.
Responsibility for the candidates' registration rests on the Agency (upper blockchain validators) (see Fig. 6).
Representatives of the Agency are responsible for conducting the initial identification of the candidates and initiate a transaction for the inclusion of the candidate which means the generation of the candidate wallet with zero starting balance (see Fig. 7).
A voter who has received confirmation from the identity provider for admission to the voting process and wishes to participate in the voting will contact one of the Agency's nodes for the authentication procedure (see Fig. 8). The user can only authenticate with a private key (SK), provided that there is a corresponding public key (PK) in the Agency's blockchain network.
If the authentication process (see Fig. 9) was successful, the balance of the voter's wallet is increased by 1 token. Voters who have undergone an authentication procedure will make a choice by forwarding a token to one of the wallets which corresponds to the registered candidate by forming a corresponding transaction, which they sign with their own private key (see Fig. 10).
Vote counting is done automatically. The results will become available to everyone after the voting time has elapsed.
In the face of cyber threats, the deployment of reliable electronic services systems becomes an important task. The analysis showed that blockchain technology can be useful for this purpose. Particularly, for developing electronic voting systems. Classical systems do not meet all desired requirements for voting systems (for example, a voter cannot check whether his voice is correctly taken into account and, if necessary, inform the authorized bodies about this).
In the paper, the new concept for developing a decentralized electronic voting system using blockchain technology is proposed. The two-level architecture provides a secure voting process without redundancy of existing (not based on blockchain) systems. The presented blockchain-based voting protocol has six steps that ensure all requirements that are put forward to such types of protocols including voting transparency and anonymity. Proposed blockchain-based approach has several advantages: central trust point absence, as a result there is no directed attack aim; reducing material costs for each stage of voting (since there is no need to print ballots, deliver them to polling stations).
Moreover, it should be noted that blockchain technology is more convenient for switching to post-quantum crypto primitives. Such an opportunity is also an important advantage in conditions of rapid evolution of quantum computers. It can also be used in other important applications [13][14][15][16][17].