Faculty of Automation and Computer Science Bachelor Program: Systems Engineering HYPERVOTE: THE SECURITY OF A DECENTRALIZED ELECTRONIC VOTING SYSTEM… [604669]

Faculty of Automation and Computer Science

Bachelor Program: Systems Engineering

HYPERVOTE:
THE SECURITY OF A DECENTRALIZED
ELECTRONIC VOTING SYSTEM

Bachelor Thesis

Student: [anonimizat] :
Prof. Bogdan GROZA , Habil. PhD. Eng.

Timișoara ,
June 2017

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
2

Table of Contents

1. Introduction ………………………….. ………………………….. ………………………….. ………………………….. …4
1.1 Context ………………………….. ………………………….. ………………………….. ………………………….. ….4
1.2 Problem statem ent ………………………….. ………………………….. ………………………….. …………….. 5
1.3 Structure of this project ………………………….. ………………………….. ………………………….. ……… 5
2. State -of-the-art ………………………….. ………………………….. ………………………….. ……………………….. 7
2.1 Electronic voting around the world ………………………….. ………………………….. ………………….. 7
2.2 Electronic voting systems around the world ………………………….. ………………………….. …….. 8
3. Theoretical aspects ………………………….. ………………………….. ………………………….. …………………. 9
3.1 Cryptography ………………………….. ………………………….. ………………………….. …………………….. 9
3.2 Symmetric Key Encryption and Public Key Encryption ………………………….. …………………. 9
3.3 The Discrete Logarithm Problem ………………………….. ………………………….. …………………… 12
3.4 Diffie -Hellman key exchange ………………………….. ………………………….. ………………………… 14
3.5 The ElGamal encryption scheme ………………………….. ………………………….. ………………….. 17
3.5.1 Security of ElGamal ………………………….. ………………………….. ………………………….. …… 19
3.5.2 Efficiency of ElGamal ………………………….. ………………………….. ………………………….. … 20
3.6 Threshold cryptosystem ………………………….. ………………………….. ………………………….. …… 20
3.7 Homomorp hic encryption ………………………….. ………………………….. ………………………….. …. 21
3.8 Multiplicative vs Additive Homomorphism – ElGamal ………………………….. …………………. 22
3.9 Merkle Tree structure ………………………….. ………………………….. ………………………….. …….. 224
4. Implementation of security mechanisms ………………………….. ………………………….. ……………… 26
4.1 The election scheme ………………………….. ………………………….. ………………………….. ………… 26
4.2 Choosing the right encryption/decryption algorithm ………………………….. …………………….. 26
4.3 C++ implementation of ElGamal ………………………….. ………………………….. ……………………. 27

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
3
4.3.1 ElGamal class ………………………….. ………………………….. ………………………….. …………… 33
4.3.2 GenerateParameters class ………………………….. ………………………….. …………………….. 34
4.3.3 Transformer class ………………………….. ………………………….. ………………………….. ……… 34
4.3.4 Encrypter class ………………………….. ………………………….. ………………………….. ………….. 34
4.3.5 Decrypter class ………………………….. ………………………….. ………………………….. …………. 34
4.3.6 ElGamalCrypto class ………………………….. ………………………….. ………………………….. …. 35
4.4 The voting mechanism ………………………….. ………………………….. ………………………….. …….. 35
5. Conclusions and Future Work ………………………….. ………………………….. ………………………….. .. 41
5.1 Conclusions ………………………….. ………………………….. ………………………….. …………………….. 41
5.2 Future work ………………………….. ………………………….. ………………………….. ……………………… 41
6. References ………………………….. ………………………….. ………………………….. ………………………….. . 43

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
4

1. Introduction
1.1 Context
Governments and democratic organizations need some mechanisms to allow voters to vote.
Traditionally, for voters, elections are the official mechanisms through which they can
express their choices democratically, while polls are one of the best unofficial ways for
finding voters’ options.
In both elections and polls, privacy and security are mandatory requirements. Mechanisms
that guarantee voters’ security and privacy can be expensive and/or time consuming for their
administrators and inconvenient f or voters. Organizing secure elections becomes even more
difficult when voters are d istribut ed over a large geographic area. These are some of the
reasons why electronic voting can successfully be proposed.
The first ideas regarding this subject appe ared in the 80s, and ideas developed over this
time make it increasingly credible for its use in a computerized environment.
The use of Information Technology (IT) in the electoral process is continuously growing
worldwide. Even though most applicat ions appear in the administrative/back -office services,
for election administration, including electronic electoral registers, IT has eventually reached
voters’ homes.
In 2017, the us e of IT is no longer a novelty regarding election management. Most
countries in the world take advantage of the Internet and IT in various ways.

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
5

1.2 Problem statement
As the world diminishes, security seems to be more difficult and harder to overcome. The
explosion of technology has given us a number of new security challenges that we have not
even figured out since the beginning of the millennium. With these new issues , however, new
solutions came.
Nowadays, almost everything can be done online. This raises the question „Why don’t we
vote online? ”. The benefits are obvious, the necessary technology is available , so what is the
hold up ? Security.
People are pro ne to fear of the unknown. Despite having put almost every aspect of their
lives online, they hesitate to vote this way. Concerns about hacking, vote robbing , and corrupt
data kept the voting process from being as effective and efficient as possible. Many of these
concerns are over -inflated by the media, focusing only on the rare lapses of technology rather
than on all the findings in the field of online security and how they have positively affected
our lives.
HyperVote comes as a solution to all this problems. It is designed to be an electronic
voting system that makes voting efficient by using the revolutionary blockchain technology
and secure with the help of cryptographic techniques. The use of ElGamal encryption
guarantees anonymity of the voters and confidentialit y of the votes.

1.3 Structure of this p roject
For a better understanding, the structure of this project is the following:
Chapter 1 consists of some introductory ideas regarding electronic voting systems , in
general, and about HyperVote .

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
6

Chapter 2 present s the state -of-the-art, giving some details about how electronic voting
systems are used around the world .
Chapter 3 is dedicated to the theoretical aspects underlying the implementation of security
mechanisms for the system , necessary for understanding them .
Chapter 4 explaines the implementation of security mechanisms .
Chapter 5 represents the final conclusion .
Chapter 6 is a list of all references used for realizing this project.

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
7

2. State -of-the-art
2.1 Electronic voting around the world

„ Recent research has shown that 31 countries around the world have used non -remote
electronic voting machines for binding political elections at some point. Some of these
countries have experimented with EVMs and then decided not to continue with their use, in
some cases after using them for many years. EVMs are being used in 20 countries, with six of
these countries still piloting the technology. Globally, very different trends are seen in
different regions. Europe and North America can be seen as moving away from the use of
EVMs, while South America and Asia show increasing interest in using electronic voting
technologies. Unfortunately, no similar research is available for the global us e of electronic
counting technologies. ” [1]
Figure 1 presents how electronic voting is used around the world:

Figure 1 – World map of electronic voting [2]

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
8

2.2 Electronic voting systems around the world
Brazil
Brazil is one of only 3 countries that use a national electronic voting system. The system is
based on DRE (direct-recording electronic ) voting machines and is in use since 1996. In
2012, a biometric system for voter authentication was added. The system do es not have
VVPAT (voter verification paper audit trail ).
Estonia
Estonia is the second of the three countries to use a nation -wide electronic voting system
and the only one in the world to use a national Internet voting system. The first test of this
voting system took place in 2005, with the occasion of local elections , when electronic vote
was used throughout the country, which was a world premiere.
India
India is the last country to use the electronic voting system at national level . Like Brazil,
India uses DRE voting machines. Like Brazil, the voting machines used in India do not have
VVPAT.

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
9

3. Theoretical aspects

3.1 Cryptography

Cryptography represents the study of how to convert information from a regular and
comprehensible structure into an unclear, unreadable form without special knowledge – the
encryption practice . In the past, cryptography has contributed to securing important
communication , such as that of military leaders, diplomats or spies. In the last decades,
cryptography has expanded its attributions. Examples include schemes such secure e-
commerce , digital rights management for intellectual property protection or digital signatures
and digital cash. Cryptography is now often integrated into the computing and
telecommunication infrastructure, with users not even be ing aware of its presence.

3.2 Symmetric Key Encryption and Public Key Encryption

In today’s environment, encryption is an important part of computing. In order to keep
your files secure and have secure communication, you need to use encryption.
Encryption is the process of scrambling data so it cannot be read by a third party, if it is
intercepted by a third party . There are two types of encryption schemes that are used today .
These are symmetric key (Figure 2) and public key encryption (Figure 3) .

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
10

Figure 2 – Symmetric key cryptosystem [3]
Symmetric key encription uses the same key to encrypt data as to decrypt data, and this
generally makes it faster than p ublic key encryption. The probem with this method of
encryption is in order for data to be decrypted, the key must be available. This causes two
problems: first, the key needs to be sto red securely. If an attacker was to gain access to this
key, they could decryp t any data that was encrypted using the key. It is common for
symmetric keys to be stored in a safe place and only accessed when required. The next
problem is that if another party needs to decrypt the information. In order for this to occur, a
secure channel needs to be used to transfer the key.
Public key encryption uses two keys: a public and a private key. As an example, we
assume that two people want to communicate with each other. In between them, there is a
third party that is trying to eavesdrop on their conversation. With traditional encryption that
uses the same key, the problem is getting the key to the second party without the third party
obtaining the key. Whith public key encryption, the key is required to encrypt traffic.
However, it does not need to be secured. If a third party was to obtain the public key, they
would not be able to decrypt any data that was encrypted using it. In order to decrypt the data ,
a private key is needed. The private key does not need to be stored securely, but the advantage

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
11

is that the encryption can occur without it. This means that the private key never needs to be
transferred, and thus there is no chance that it can be inter cepted by a third party.

Figure 3 – Public key cryptosystem [3]
The mathematics behind such a system are complex. When data is encrypted using the
public key, it is done in a way where there is a large number of possible solutions available. In
order to decrypt the data, one would need to test every single solution until finding the right
one. Although possible, depending of how big the key that is being use is, the process could
take 100 years. If you have the private key, the private key adds enoug h information to the
puzzle so that there is only one solution.
Public key encryption is generally slower when compared with symmetric key encryption
and thus, even though it has advantages over symmetric key, for reasons of performance,
symmetric key will be used ins tead of public key encryption. Like many other aspects in
computing , it comes down to a tradeoff between performance and security. In order to get a
good mix of performance and security, it is possible to combine public key encryption with
symmetric key encryption.

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
12

In some cases, public key encryption is used to exchange keys and symmetric key
encryption is used to encrypt the data. The principle is that a strong algorithm with a large key
should be used to encrypt the key. Public key encryption is very useful to perform key
exchanges securel y. Once the key exchange is performed, another encryption algorithm, that
is faster and uses a smaller key, can be used. This could be another public key encryption
algorithm or a symmetric key algorithm.
The next use of publikc key encryption with s ymmetric keys is to protect the symmetric
key. Encryption , like Windows F ile Encryption, uses a symmetric key that is stored in the file.
To protect the symmetric key, it is encrypted using a public key. This gives a fast algorithm
for encrypting files and keeps the keys seif. Encryption systems like BitLocker use similar
methods. This is why reformatting a computer or deleting a user, can lead to losing access to
encrypted files. The new operating system or user does not have the private keys that were
associated with the user or operating system that are required to access the symmetric key.
For these reasons, symmetric key encryption is often used when performance is required.
Public key encryption is used when we want the decryption to occur without the private key.
Some systems combine the two t o give multiple users access. For example, Windows File
Encryption uses a com bination of both encryption types so that multiple users, including
recovery users can access the symmetric key. When multiple users req uire access, the
symmetric key is simply encrypted multiple times with each of therequired public keys. It
should be pointed out that either method can meet the needs of data encryption and
communication, but combining the two often gives a good tradeoff b etween performance and
security.

3.3 The Discrete Logarithm Problem
Discrete logarithms are like continuous logarithms, but over a discrete group.
For continuous logarithms, when we are given ax=b, if we know a and b, we can calculate
x as being x=log a b, and there are efficient ways to compute this logarithms. One of the
earliest usees of computers was to compute these types of logarithms.

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
13

With discrete numbers, ax=b mod n and x=dlog a b. This turns out to be, as everyone can
tell, a v ery hard problem when n is a large prime number. For certain choices of a,b and n, the
discrete logarithm would never exist, but if we choose n as a large prime number and a as a
generator, by definition, it must exist.
A number g is called a generat or if, raised to each power , it gives the permutation of the
numbers in the group Zn (g1, g2, .., gn-1 is a permutation of 1,2, .., n -1). None of the known
solutions for solving a discrete logarithm render polynomial time. The fastest known solutions
are exponential. That means, essentialy, that the only way to solv e this is t o try all possible
powers until findng the one that works. So , as long as this is the best solution for discrete
logarithms, then, for a very large n, it is intractable no matter how many computer resources
are available, and it cannot be done using an exponential search. As long as no one can f ind a
fast way to solve the discrete logarithm problem, as long as n is large and an arbitrary instance
of this problem, it should be hard to compute x, given a and b and the modulus. Even with
having access to all computational power on Earth, running through all possible solutions
would take thousands of years.
It seems that a large part of the Internet traffic is using one of the few groups of order
1024 -bits or less (for example: cyclic groups with order of the Oakley primes specified
in RFC 2409 ). The Logjam attack used this vulnerability to compromise a variety of Internet
services that allowed the use of groups whose order was a 512 -bit prime number, so
called export grade . [4]
According to the authors of this attack, in order to solve the discrete logarithm problem for
a prime of 1024 bits one should use a d ifficult precomputation, that would be within the
budget of a large national intelligence agency such as the U.S. National Security
Agency (NSA). The Logjam authors speculate that precomputation against widely reused
1024 DH primes is behind claims in leaked NSA documents that NSA is able to break much
of current cryptography. [4]

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
14

3.4 Diffie -Hellman key exchange

Figure 4 – The Diffie -Hellman key exchange [5]

The Diffie –Hellman key exchange method (Figure 4) , also known as the public key
distribution method, is named after two specialsts at Standford University Whitfield
Diffie and Martin Hellman . In 1976, they invented a method by which two parties ca n agree
to communicate through secret messages without the need for a third party, an off -line
exchange or the transmission of any secret between them. It is one of the earliest practical
examples of public key exchange .

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
15

Before the existence of public key methods such as Diffie -Hellma n, cryptographic keys
were transmitted in physical form . We can see, for example, a list of keys for the German
Enigma cipher, presented in Figure 5 :

Figure 5 – List of Enigma keys [6]

The Diffie -Hellman key exchange protocol consists of the following steps : [7]
First, Alice and Bob together choose a large prime number p, and a primitive root g
modulo p.
◦Finding the (g, p) pair, with p – a large prime and g – a primitive root mod p is quite
simple .
◦Fiding a primitive root can be quite difficult, given a particular choice of p, unless the
factorization of p – 1 is known. Therefore, in practice , one chooses p su ch that p – 1 has a
convenient factorization: this makes it easy to test whether a given element r is a primitive
root modulo p.
◦One way to find such a p is to choose a random large number and then search through
primes larger than that, attempting at each stage to factor p – 1 by removing small divisors

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
16

less than some particular bound (e.g., 106 ) and then checking the remaining term using a
primality test.
Alice chooses her secret integer a, and sends ga (mod p) to Bob.
Bob chooses his secret integer b, and sends gb (mod p) to Alice.
The secret key s represents th value gab (mod p), which both Alice and Bob can compute.
◦Alice knows a, and has the value of gb from Bob, so she only has to raise gb to the a-th
power.
◦Similarly, Bob knows b and has the value of ga from Alice, so he only has to raise ga to
the b-th power.
Example:
In the original implementation of the Diffie -Hellman protocol, which is also the simplest ,
it is used the multiplica tive group of integers modulo p, where p is prime , and g is a primitive
root modulo p. The reason behind choosing p ang g in this way , is ensuring that the shared
secret that results can take any value from 1 to p–1.
1. Alice and Bob jointly decide to use a modulus p = 17 and base g = 3 (which is
a primitive root modulo 17).
2. Alice chooses her secret integer a = 15, then sends Bob A = ga mod p
 A = 315 mod 17 = 6
3. Bob choo ses his secret integer b = 13, then sends Alice B = gb mod p
 B = 313 mod 17 = 12
4. Alice calculates s = Ba mod p
 s = 1215 mod 17 = 10
5. Bob calculates s = Ab mod p
 s = 613 mod 17 = 10
6. Alice and Bob now share a secret: the number 10.

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
17

The reasons why both parties have come to the same value s, is the following:
Ab mod p = gab mod p = gba mod p = Ba mod p.
More exactly ,
(ga mod p)b mod p = (gb mod p)a mod p.
The only values that must be kept secret are a, b, and (gab mod p = gba mod p). The rest of
the values (p, g, ga mod p, gb mod p) can be made public . After the two parties calculate the
shared secret , they use it as an encryption key. It is known only to them, and it can be used for
sending messages across the same open communications channel.
To make this example more secure, the values a, b, and p would have to be much higher ,
because n mod 23 has only 23 results . If we choose, for example, p to be 600 digits long, then
not even the fastest computers would not find a if it is given g, p and ga mod p. This is
the discrete logarithm problem . The modular exponentiation (ga mod p) can be done
efficiently even for large numbers. Also, g is usually a sm all integer .

3.5 The ElGamal encryption scheme
ElGamal is an asymetric key encryption, that uses the Diffie -Hellman key exchange ,
published by Taher Elgamal in 1985. I ts security relies on the diffi culty of computing discrete
logarithms.
The encryp tion scheme works as following:
First, Bob must create his public key.
◦ For this, he must choos p – a prime number and a – a primitive root modulo p such that it
is diffi cult to compute discrete logarithms modulo p ( he must ensur e that p – 1 has a large
prime divisor ).
◦ Bob then chooses d – an integer that satisfies the property 0 < d < p – 1, and calculates b
= ad (mod p).

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
18

◦ Bob’s public key is the pair (p, a, b).
Now we suppose that Alice wants to send a message to Bob.
◦ Alice converts her message into an integer m modulo p.
◦Then, she chooses k – a random integer satisfying the property 0 < k < p – 1 and c alculat es
r = ak (mod p) and t = bkm (mod p).
◦ She sends (r, t) to Bob.
After receiv ing a ciphertext (r, t), Bob can recover the value of m by calculating t · r−d ≡
(bkm)(a –kd) ≡ (a kdm)(a –kd) ≡ m (mod p)
Example [7]:
We suppose we have p = 44927, a = 7, d = 22105 .
◦ Bob’s public key is the pair (p,a,b). W e calculate b = ad ≡ 40909 (mod p), so Bob ’s
public key is (p, a, b) = (44927, 7, 40909)
◦ For encod ing, we choose k – a random with the property 0 < k < p – 1. For example, k =
6708. We calculate r = ak ≡ 12510 (mod p) and t = bkm ≡ 12749 (mod p), so the ciphertext
Alice sends will be (r, t) = (12510, 12749)
◦ When decrypt ing, Bob computes r−d ≡ 11355 ( mod p) and multiplies it by t, obtain ing the
result m = 10101 , as he should.
The implementation of ElGamal uses only modular exponentiation and inversion (in order
to compute r−d ). These two operations are both very fast .
For demonstrating the security of ElGamal, we consider the fo llowing scenario:
◦ We s uppose Eve intercepts the transmitted information . This means that she knows the
values of p, a, b, r, and t.
◦ She wants to calculate the value of m, m = t · b−k ≡ t · a−dk ≡ t · r−d modulo p.

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
19

◦ If she knows d , she can decrypt using the same procedure as Bob. But finding d from
Bob’s public key would mean that Eve has to calculate the discrete logarithm log a b, which
we assume she cannot do.
◦ Also, Alice chooses k randomly, so r = ak is be a random integer modulo p, as will t =
bkm, provided the fact that m ≠ 0.
◦ Knowing r alone is not enough , since, in order to calculate k, Eve would need to calculate
the discrete logarithm log ar. Knowing t is also not enough either, because in order for Eve to
calculate m she would have to know bk , which would also require knowing k.
Eve would need to evaluate a discrete logarithm, regardless the quantities desired to be
computed in order to decrypt a ciphertext.
◦ It is not known if breaking the ElGamal encryption is equivalent to evaluating discrete
logarithms.
◦ However, breaking ElGamal encryption and breaking Di ffie-Hellman are equivalent to
one another . This means that an algorithm for decrypting ElGamal ciphertexts m odulo p can
be used to break Diffie -Hellman mod p, and vice versa.

3.5.1 Security of ElGamal

The properties of the underlying group G and any padding scheme used on the messages
are two factors on which the security of the ElGamal scheme depends .
The encryption function is one-way if the computational Diffie –Hellman
assumption (CDH) holds in the underlying cyclic group G. [8]
ElGamal achieves semantic security if the decisional D iffie–Hellman assumption (DDH)
holds in G.[8] Semantic security is not implied by the computat ional Diffie –Hellman
assumption alone.

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
20

ElGamal is not secure under CCA (chosen ciphertext attack ), given the fact that the
encryption is unconditionally malleable . Given a ciphertext (c1,c2) of a possibly unknown
message m, one can easily c onstruct a valid ciphertext (c1,2c2) of the message 2m.
Either the scheme is modified, or a padding is used in order t o achieve chosen -ciphertext
security. DDH assumption may or may not be necessary (depending on the change we make) .
For achieving security against CCA, o ther ElGamal related schemes have been proposed.
For example, The Crame r–Shoup cryptosystem is secure under CCA assuming DDH holds
for G. Its proof does not use the random oracle model . Another proposed scheme is DHAES ,
whose proof requires an assumption that is weaker than the DDH assumption. [9]

3.5.2 Efficiency of ElGamal

A general ElGamal encryption produces a 2:1 expansion in size from plaintext to
ciphertext. This comes as a consequence of the fact that the ElGamal encryption
is probabilistic (a single plaintext can be encrypted to many possible ciphertexts ).
ElGamal encryption requires two exponentiations , but these exponentiations can be
calcula ted ahead of time if need be , considering the fact that they are independent of the
messag . Decryption requires just one exponentiation. [10]

3.6 Threshold cryptosystem
In cryptography, a „threshold cryptosystem ” is a cryptosystem in which several parties
(more than the threshold number) must cooperate in the decryption process to decrypt a
ciphertext . The message is encrypted with a public key and the corresponding private key
is split to the participating parties. If the number of par ties is n, the system is called (t,n)-
threshold. This means that at least t of the parties can efficiently decrypt the encrypted
message , while less than t have no useful information. If we have a (t,n)-threshold signature
scheme , where at least t parties are required for creating a signature. [11]

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
21

Threshold versions (that are as secure as the original encryption schemes) have been
defined for the following asymmetric cryptosystems :
 RSA
 Paillier cryptosystem
 Damgård –Jurik cryptosystem
 ElGamal
The most common application is in the sto rage of secrets in multiple locations to prevent
the capture of the ciphertext and the subsequent performance of cryptanalysis on that
cyphertext. Most often the secrets that are „split” are the secret key material of a public key
cryptography key pair or the ciphertext of stored password hashes.
Historically, only organizations with very valuable secrets, such as certificate authorities ,
militaries, and governments, would make use of the technology. However, in October 2012
after a number of large public website password ci phertext compromises, RSA
Security announced that it would be releasing software that makes the technology a vailable to
the general public. One of the earliest imple mentations of the notion was done in the 1990 ’s
by Certco ’s design for the original Secure electronic transaction planned deployment. [11]

3.7 Homomorphic encryption
Homomorphic encryption is an operation performed on a set of ciphertexts such that
decrypting the result of the operation is the same as the result of some operation performed on
the plaintexts .
A given cryptosystem is considered additively homomorphic if :
∃△: ε(x 1 ) △ ε(x 2 ) = ε(x 1 + x 2 )
where ε – encryption , xn – plaintext , △- operation . [12]

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
22

3.8 Multip licative vs Additive Homomorphism – ElGamal

Multiplicatively Homomorphic ElGamal [13]
ElGamal encryption is a case of homomorphic encryption. When used with a safe prime
modulus, p = 2q + 1 (this is necessary for semantic security), we c onsider ElGamal as
described by:
E : Gq → Gq x Gq
where G q is a subgroup order q of ( ℤp)*, the multiplicative group of integers modulo p.
The function E for ElGamal is specified as:
E(m) = (gr, m · hr)
where x is the secret key, h the public key , g the generator, m the message, and r the random
number .
The pair of values on the right corresponds to the product space G q x G q above, ie a pair of
two values each in G q. ElGamal as defined is multiplicatively homomorphic:
E : (Gq, •)→(G q x Gq, •)
where • denotes multiplication. This means that:
E(m 1) · E(m 2) = E(m 1·m2)
E(m 1) · E(m 2) = (gr1,m1·hr1)( gr2,m2·hr2) = (gr1+r2,(m 1·m2)hr1+r2) = E(m 1·m2)

which shows that ElGamal encryption is in fact homomorphic with respect to multiplication.
The multiplicative homorphic property of standard ElGamal is used, for example, in voting
protocols that employ a re -encryption mixnet. In such a scheme each mixing authority
permutes and re -encrypts votes handling them as input to the next authority. The re –
encryption of each vote is necessary, otherwise a simple permutation would allow identifying
votes by matching ciphertexts. This re -encryption step corresp onds to this operation :
E(1) · E(m)
which multiplies, in the ciphertext space, the original vote by 1.

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
23

This allows changing the ciphertext without changing the vote it represents
E(1) · E(m) = E(1 · m) = E(m)
And the vote is unchanged, by the multiplicative homomorphic property.

Additively Homomorphic ElGamal [13]
With a small change , ElGamal can support addition instead of multiplication. In this case
we have :
E : Zq → Gq x Gq
and, as before , x is the secret key , h the public key , g the generator , m the message , and r the
random number.
But now, we have a different function :
E(m) = (gr, gm · hr)
as opposed to standard ElGamal, our previous case, where we had :
E(m) = (gr, m · hr)
When encrypting a message m, we are now first transforming it into gm and then we
proceed as before. In other words, the scheme is the same as before except the message takes
the form gm instead of m. This alternate scheme, sometimes called exponential ElGamal, is
additively homomorphic:
E : (Gq, •)→(Gq x Gq, +)
featuring the + on the right hand side, and should satisfy
E(m 1) · E(m 2) = E(m 1 + m2)
To verify it :
E(m 1) · E(m 2) = (gr1, gm1 · hr1) · (gr2, gm2 · hr2) = (gr1+r2, gm1 gm2· hr1+r2)
= (gr1+r2, gm1+m2· hr1+r2)
= E(m 1 + m2)

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
24

3.9 Merkle Tree structure

A Merkle tree is a type of data structure, named after Ralph Merkle, who patented it in
1979 , used i n cryptography and computer science . [14] In this type of tree tree, every non -leaf
node is labelled with the hash of the labels or values (in case of leaves) of its child nodes.
Merkle trees are used for large data structure s, in order to allow efficient and secure
verification of the contents . Hash trees are a generalization of hash lists and hash chains . An
example of a Merkle tree is shown in Figure 6.

Figure 6 – Merkle Tree structure[15]

In the case of hash lists, we need an amount of data proportional to the number of nodes in
order to demonstrate that a node is part of the list. For demonstrating that a leaf node is part of
a given hash tree, the amount of data proportional to the logarithm of the number of nodes of
the tree . [16]
A hash tree is a tree of hashes in which the leaves are hashes of data blocks in, for
instance, a file or set of files. Nodes further up in the tree are the hashes of their respective
children.

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
25

Most hash tree implementations are binary (two child nodes under each node) but they can
just as well use many more child nodes under each node.
Usually, a cryptographic hash function such as SHA -2 is used for the hashing. If the hash
tree only needs to protect against unintentional damage, much less secure checksums such
as CRCs can be used.
In the top of a hash tree there is a top hash (or root hash or master hash ). Before
downloading a file on a peer -to-peer network, in most cases the top hash is acquired from a
trusted source, for instance a friend or a web site that is known to have good
recommendations of files to download. When the top hash is available, the hash tree can be
received from any non -trusted source, like any peer in the peer -to-peer network. Then, the
received hash tree is checked against the trusted top hash, and if the hash tree is damaged or
fake, another hash tree from another source will be tried until the program finds one that
matches the top hash.
The main difference from a hash list is that one branch of the hash tree can be downloaded
at a time and the integrity of ea ch branch can be checked immediately, even though the whole
tree is not available yet. This can be an advantage since it is efficient to split files up in very
small data blocks so that only small blocks have to be re -downloaded if they get damaged. If
the hashed file is very big, such a hash tree or hash list becomes fairly big. But if it is a tree,
one small branch can be downloaded quickly, the integrity of the branch can be checked, and
then the downloading of data blocks can start.
Hash trees can be used to verify any kind of data stored, handled and transferred in and
between computers. Currently the main use of hash trees is to make sure that data blocks
received from other peers in a peer-to-peer network are received undamaged and unaltered,
and even to check that the other peers do not lie and send fake blocks. Suggestions have been
made to use hash trees in trusted computing systems.[17] Hash trees are also used in hash-
based cryptography . [18]

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
26

4. Implementation of security me chanisms

After 1986, various voting protocols were published, each with its advantages and
disadvantages. See for example [19] (the first widely used voting protocol), [20] , [21] , [22] , [23] .
HyperVote is an electronic voting system based on [24].

4.1 The election scheme
Put simply , the el ection scheme is the following:
 The participants in the election protocol are n authorities A 1, . . . , A n and l voters
V1, . . ., V l .
 Each voter V i posts a ballot (x i, yi) to the bulletin board; (x, y) = (gα, hαGb).
 When the voting process is over, the product
is formed.
 Finally, the authorities jointly e xecute the decryption for (X, Y ).

4.2 Choosing the right encryption/decryption algorithm
According to the protoc ol described in [24], encryption and decryption of the votes must be
done using a multiplicatively homomorphic scheme.
RSA is the first public -key encryption scheme with a homomorphic property. However, for
security, RSA has to pad a message with random bits before encryption to achieve semantic
security. The padding results in RSA losing the homomorphic property .

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
27

The confidentiality of the vote in our electronic voting system is guaranteed by using the
ElGamal encryption scheme. Being additively homomorphic, this scheme can ensure the fact
that the product of the ciphertexts will decrypt to the sum of their cor responding plaintexts,
meaning that after decrypting the bulletin board containing the votes, we will only find out the
sum of the votes for each candidate, not the value of each individual vote.
Some advantages of ElGamal over RSA are the following:
 ElGamal is semantically secure „out-of-the-box”
 ElGamal allows smaller signature, faster key generation, and is slightly faster for
signing
 RSA decryption is a bit slower than ElGamal decryption
 The ElGamal algorithm is more secure as compared to RSA algorithm because it
generates more complex cipher text

4.3 C++ implementation of ElGamal
The C++ programming language does not provide a built -in type that can be used for
working with very large integers. As a result, when implementing the ElGamal algorithm, I
used the following data types and fu nctions from the GNU Multiple Precision Arithmet ic
Library . [25]
 mpz_t
The C data type for a multiple precision integer .
Example: mpz_t a, b, m, dec;

 void mpz_init (mpz_t x)
Initialize s x, and set s its value to 0.
Example: mpz_init(dec); mpz_init(a); mpz_init(b); mpz_init(m);

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
28

 gmp_printf
Accept s format strings similar to the standard C printf. A format specification is of the
form:
% [flags] [width] [.[precision]] [type] conv
GMP adds types ‘Z’, ‘Q’ and ‘F’ for mpz_t, mpq_t and mpf_t respectively, ‘M’ for
mp_limb_t, and ‘N’ for an mp_limb_t array. ‘Z’, ‘Q’, ‘M’ and ‘N’ behave like integers. ‘Q’
will print a ‘/’ and a denominator, if needed. ‘F’ behaves like a float.
Example: gmp_printf( „n= %Zd \ng= %Zd \nh= %Zd \nx= %Zd \n”, sk.n,sk.g,sk.h,sk.x);

 size_t mpz_inp_raw (mpz_ t rop, FILE *stream)
Input from stdio stream stream in the format written by mpz_out_raw , and put the result in
rop. Return the number of bytes read, or if an error occurred, return 0. This routine can read
the output from mpz_out_raw also from GMP 1, in spite of changes necessary for
compatibility between 32 -bit and 64 -bit machines.
Example: mpz_inp_raw(a,encfi le);

 size_t mpz_o ut_raw (FILE *stream, const mpz_ t op)
Output op on stdio stream stream, in raw binary format. The integer is written in a portable
format, with 4 bytes of size information, and that many bytes of limbs. Both the size and the
limbs are written in decreasing significance order (i.e., in big -endian).
The output can be read with mpz_inp_raw.
Return the number of bytes written, or if an error occurred, return 0.
The output of this can not be read by mpz_inp_raw from GM P 1, because of changes
necessary for compatibility between 32 -bit and 64 -bit machines.

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
29

Example: mpz_out_raw(decfile,m);

 void mpz_clears (mpz_ t x, …)
Free the space occupied by a NULL -terminated list of mpz_t variables
For example: mpz_clears(dec, a, b, m, NULL);

 void mpz_init_set_ui (mpz_ t rop, unsigned long int op)
Initialize rop with limb space and set the initial numeric value from op.
Once the integer has been initialized, it can be used as the source or destination operand
for the ordinary integer functions.
Exapmle: mpz_init_set_ui(m,msg);

 void mpz_import (mpz_t rop, size_t count, int order, size_ t size, int endian, size_ t
nails, const void *op)
Set rop from an array of word data at op.
The parameters specify the format of the data. Count many words are read, each size bytes.
Order can be 1 for most significant word first or -1 for least significant first. Within each
word endian can be 1 for most significant byte first, -1 for least sign ificant first, or 0 for the
native endianness of the host CPU. The most significant nails bits of each word are skipped,
this can be 0 to use the full words.
There is no sign taken from the data, rop will simply be a positive integer. An application
can handle any sign itself, and apply it for instance with mpz_neg.
There are no data alignment restrictions on op, any address is allowed.

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
30

Example: mpz_import (r, size,1, sizeof (char), 0,0, buffer);

 size_t mpz_sizeinbase (const mpz_ t op, int base)
Return the size of op measured in numbe r of digits in the given base. B ase can vary from 2
to 62. The sign of op is ignored, just the absolute value is used. The result will be either exact
or 1 too big. If base is a power of 2, the r esult is always exact. If op is zero the return value is
always 1.
This function can be used to determine the space required when converting op to a string.
The right amount of allocation is normally two more than the value returned by
mpz_sizeinbase , one extra for a minus sign and one for the null -terminator.
It will be noted that mpz_sizeinbase(op,2) can be used to locate the most significant 1 bit
in op, counting from 1.
Example: mpz_sizeinbase(max,2);

 int mpz_cmp (const mpz_t op1, const mpz_ t op2)
Compare op1 and op2. Return a positive value if op1 > op2, zero if op1 = op2, or a
negative value if op1 < op2.
Example: (mpz_cmp(r,max)>=0)

 void mpz_nextprime (mpz_t rop, const mpz_ t op)
Set rop to the next prime greater than op. This function uses a probabilistic algorithm to
identify primes. For practical purposes it’s adequate, the chance of a composite passing will
be extremely small.
Example: mpz_nextprime(r,r);

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
31

 void mpz_powm_sec (mpz_t rop, const mpz_t base, const mpz_ t exp, const mpz_ t
mod)
Set rop to baseexp mod mod.
It is required that exp > 0 and that mod is odd.
This function is designed to take the same time and have the same cache access patterns
for any two same -size arguments, assuming tha t function arguments are placed at the same
position and that the machine state is identical upon function entry. This function is intended
for cryptographic purposes.
Example: mpz_powm_sec(sk ->h,sk ->g,sk ->x,sk ->n);

 void mpz_set (mpz_t rop, const mpz_ t op)
Set the value of rop from op.
Example: mpz_set(pk ->n,sk ->n);

 int mpz_invert (mpz_t rop, const mpz_ t op1, co nst mpz_ t op2)
Compute the inverse of op1 modulo op2 and put the result in rop. If the inverse exists, the
return value is non-zero and rop will satisfy 0 ≤ rop < |op2| (with rop = 0 possible only when
|op2| = 1, i.e., in the somewhat degenerate zero ring). If an inverse doesn’t exist the return
value is zero and rop is undefined. The behaviour of this function is undefined w hen op2 is
zero.
Example: mpz_invert(inv_s,s,sk ->n);

 void mpz_mul (mpz_t rop, const mpz_t op1, const mpz_ t op2)
Set rop to op1 × op2.
Example: mpz_mul(msg,c2,inv_s);

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
32

 void mpz_mod (mpz_ t r, const mpz_t n, const mpz_ t d)
Set r to n mod d. The sign of the divisor is ignored; the result is always non -negative.
Example: mpz_mod(msg,msg,sk ->n);

The C++ implemenation of ElGamal consists of the following classes :
• ElGamal : a class that implements the ElGamal PKC ;
• GenerateParameters : a class used for generating primes p and generators g mod p ,
so that gk % p for 0 <= k < p -1 run through all the non -zero integers mod p; [26]
• Generator Test : a class that can be used for testing the isGenerator() method of the
GenerateParameters class;
• Transformer : a class containing static methods suggested for applying the PKC ;
• Encrypter and Decrypter (subclasses of Transformer ) : classes that implement
encrypt ion/decrypt ion using a n ElGamal instance ;

• ElGamalCrypto : a class used for encrypting/ decrypting files.

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
33

4.3.1 ElGamal class

Implements the ElGamal PKC.
There are two constructors:
 Given an integer key size k, generate a random prime p with k bits and
generator g mod p . Let a be a random , 1<a<p -1, and let r=ga mod p. Save p,g,a
in ElGamalConfig.txt , in hexadecimal format. Initialise secure random number
generator for use in encryption.
 Default constructor: read p,g,a from configuration file and compute r=ga mod
p, initialise secure random number generator for use in encryption.
The class has:
(1) a simple encrypt method which takes m, generates a random k, 0<k<p -1, and
returns c 0 = gk mod p and c 1 = mrk mod p.
(2) a companion decrypt method which recovers c 1*c0–a mod p = m.
These are the ElGamal encryption and decryption algorithms. Thus, if a sender publishes
(p,g,r) , the receiver can send m to them by making a random k and computing c 0,c1, as per (1),
sending these to the sender, who can recover m by using function (2) .
Rk=(ga)k=gak=(gk)a is a „shared secret” analogous to the agreed session key of the Diffie –
Hellman protocol.
The functions (1) and (2) are implemented also in the associated classes Encrypter and
Decrypter : in association with the methods for blocking/ unblocking an array of bytes,
inherited from Transformer , they make a practical cryptosystem.
There are methods to return a Encrypter object, an Decrypter object for working with data
files.
The cla ss also has two method s which can be used to generate ElGamal instances:

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
34

– ElGamal Generate : invokes constructor (1) (which saves p, g , a in the configuration file) and
generates a „random ” ElGamal system of the required bit -size.
– ElGamal Test (with no arguments) : tests the saved system with a random as „message ” and
uses the simple encrypt/ decrypt methods.

4.3.2 GenerateParameters class

Has a method PrimeAndGenerator() , which makes a sa fe prime (of specified bit length) p
and a generator mod p.

4.3.3 Transformer class

This is a base class with methods for blocking/unblocking/padding/unpadding an array of
bytes, and an abstract method for transforming. Again, the encrypter and decrypter are
subclasses.

4.3.4 Encrypter class

Subclass of Transformer ; implements the encryption transformation.

4.3.5 Decrypter class

Subclass of Transformer ; implements the decryption transformation.

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
35

4.3.6 ElGamalCrypto class

This class is used for encryption / decryption of files. The main method constructs a n
ElGamal object (by default – using va lues in ElGamalConfig.txt ). D epending on the
argument, it calls the ElGamal object ’s factory method to obtain an encrypter or a decrypter.
Then, it r eads input file into an array of bytes, t ransforms the array u sing the
encrypter/decrypter and w rites the transformed array to a file.

To sum up th ose listed above, applying the ElGamal algorithm consists of the following
steps:
-we u se ElGamal to generate a random ElGamal system, save it and test the saved
configuration on a random number .
-we u se Generator Test to experiment with prime and generators.
-we u se ElGama lCrypto to encrypt/ decrypt using the system saved in ElGamalConfig.txt .

4.4 The voting mechanism

Figure 7 – The voting mechanism

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
36

The voting mechanism presented in Figure 7 consists of the following steps:
We consider a vote can have one of the values 1 or 0, for YES or NO. After Voter 1
chooses his option, he sends a cipher text containing the ElGamal encryption of the vote gv,
with v=1 for the candidate he wants to vote with, and with v=0, for the rest of t he candidates .
Once the encrypted value of the vote is sent to a candidate, it goes into the corresponding
ballot box, where it is multiplied with the value that already exists there.
We consider (X,Y) as being the final product of the encrypted votes,which can be found in
a ballot box , after the voting process is over .

Figure 8 – The decryption process

We consider n authorities participate in the decryption process, as shown in Figure 8.
When the final product (X,Y) is formed, X is sent to the first authority in the group. This
authority g enerates a secret random number, r 1, and raises X to the power of r 1 sending Xr1 to
the second authority . The second authority generates its own secret random number, r 2, and
raises the value received from authority number 1 to the power of r 2. This process is repeated
for all the authorities.

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
37

We use the calculation shown in Figure 9, in order to find the sum of the votes . Given the
fact that ElGamal is a multiplicatively homomorphic algorithm, t he product of all ElGamal
encrypted votes decrypts to the sum of these votes, not to the individual value of each one.

Figure 9 – Calculating the sum of the votes

In Table 1, we can see the parameters of the EncryptedVote table :

1. table EncryptedVote {
2. session_name: string (required, key);
3. domain_name: string (required);
4. ledger_name: string (required);
5.
6. description: string;
7. // (x,y) = (g^r, h^r.G^v), where v {0,1} is the vote {no, yes}
8. x: string;
9. y: string;
10. }
Table 1 – The EncryptedVote table

The account_add_encryptedvote function has the declaration shown in Table 2:

1. // voting
2. void account_add_encryptedvote( const flatbuffers::String *acc_pub_key,
const flatbuffers::Vector<uint8_t> *asset_fb);

Table 2 – account_add_encryptedvote function

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
38

This function computes the product of voter’s X and Y (xTx,yTx ) and candidate’s X and
Y (xAcc, yAcc) , as we can see in Table 3 :

1. // compute product of X and Y
2. mpz_t xTx ( vote->x()->c_str() );
3. mpz_t yTx ( vote->y()->c_str() );
4. mpz_t xAcc ( account_vote ->x()->c_str() ); // default to 1 if x is 0
5. mpz_t yAcc ( account_vote ->y()->c_str() ); // default to 1 if y is 0

Table 3 – Computing the product of X and Y

Also, it updates the EncryptedVote table , as we can see in Table 4 :

1. auto copy_asset =
2. iroha::CreateAsset(fbb, iroha::AnyAsset::EncryptedVote,
3. iroha::CreateEncryptedVote(fbb, fbb.CreateSharedString(account_vote –
>session_name()),
4. fbb.CreateSharedString(account_vote ->domain_name()),
5. fbb.CreateSharedString(account_vote ->ledger_name()),
6. fbb.CreateSharedString(account_vote ->description()),
7. fbb.CreateSharedString( IntToString(xTx*xAcc) ),
8. fbb.CreateSharedString( IntToString(yTx*yAcc) )).Union()

9. );
Table 4 – Updating the EncryptedVote table

The account_sub tract_encryptedvote function has the declaration shown in T able 5 :

1. void account_subtract_encryptedvote( const flatbuffers::String *acc_pub_key,
const flatbuffers::Vector<uint8_t> *asset_fb);

Table 5 – account_subtract_encryptedvote function

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
39

Table 6 shows how t his function subtracts the vote from the voter’s account and sets X and
Y on „0” , so he can not vote multiple times :

1. auto copy_asset =
2. iroha::CreateAsset(fbb, iroha::AnyAsset::EncryptedVote,
3. iroha::CreateEncryptedVote(fbb, fbb.CreateSharedString(account_vot
e->session_name()),
4. fbb.CreateSharedString(account_vote ->domain_name()),
5. fbb.CreateSharedString(account_vote ->ledger_name()),
6. fbb.CreateSharedString(account_vote ->description()),
7. fbb.CreateSharedString( „0” ),
8. fbb.CreateSharedString( „0” )).Union()
9. );

Table 6 – Subtracting the vote from voter’s account

The add function uses the account_add_encryptedvote function to add the vote to the
candidate’s account , as shown in Table 7 :

1. void WSV::add( const iroha::Add *command) {
2. if (command ->asset_nested_root() –
>asset_type() == iroha::AnyAsset::EncryptedVote) {
3. account_add_encryptedvote(command ->accPubKey(), command->asset());
4. } else
5. if (command ->asset_nested_root() –
>asset_type() != iroha::AnyAsset::Currency) {
6. printf(„This asset is not a currency \n”);
7. throw exception::InternalError::NOT_IMPLEMENTED;
8. } else {
9. account_add_currency(command ->accPubKey(), command->asset());
10. }
11. account_add_currency(command ->accPubKey(), command->asset());
12. }

Table 7 – add function

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
40

The subtract function uses the account_ subtract _encryptedvote function to subtract the
vote to the voter’s account , as we can see in Table 8 :

1. void WSV::subtract( const iroha::Subtract *command) {
2. if (command ->asset_nested_root() –
>asset_type() == iroha::AnyAsset::EncryptedVote) {
3. this->account_subtract_encryptedvote(command ->accPubKey(), command-
>asset());
4. } else
5. if (command ->asset_nested_root() –
>asset_type() != iroha::AnyAsset::Currency)
6. throw exception::InternalError::NOT_IMPLEMENTED;
7. this->account_subtract_currency(command ->accPubKey(), command->asset());
8. else {
9. this->account_subtract_currency(command ->accPubKey(), command-
>asset());
10. }
11. }

Table 8 – subtract function

The transfer function is used to subtract the vote from the voter’s account and add it to the
candidate’s account , as shown in Table 9 :

1. void WSV::transfer( const iroha::Transfer *command) {
2.
3. if (command ->asset_nested_root() –
>asset_type() == iroha::AnyAsset::EncryptedVote) {
4. this->account_subtract_encryptedvote(command ->sender(), command->asset());
5. this->account_add_encryptedvote(command ->receiver(), command->asset());
6. } else
7. if (command ->asset_nested_root() ->asset_type() != iroha::AnyAsset::Currency)
8. throw exception::InternalError::NOT_IMPLEMENTED;
9.
10. this->account_subtract_currency(command ->sender(), command->asset());
11. this->account_add_currency(command ->receiver(), command->asset());
12. else {
13.
14. this->account_subtract_currency(command ->sender(), command->asset());
15. this->account_add_currency(command ->receiver(), command->asset());
16. }
17. }

Table 9 – transfer function

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
41

5.Conclusions and Future Work

5.1 Conclusions
Every day, we become more and more dependent on technology because we discover that
it makes our lives easier. We all use computers, smartphones, smart TVs or even
revolutionary tools that control our entire house. If there are systems and applications for
everything , why don’t we implemen t an electronic voting system to reduce the necessary
resources needed for traditional voting systems?
People are predisp osed to a fear of the unknown and d espite the fact that they have put
nearly every other facet of their lives online, they are hesi tant to vote this way.
This project comes as a solution to this problem. HyperVote is a decentralized electronic
voting system that is based on a scheme that guarantees privacy, universal verifiability, and
robustness. Our electronic voting system is designed to make voting efficient by using the
revolutionary blockchain technology and secure with the help of cryp tographic techniques. It
offers anony mity because votes are encrypted , confidentiality , because the use of a
homomorphic algorithm results in finding the sum of all votes, and not the individual value of
each one and accountability , because the use of a blockchain guarantees the fact that all the
votes are taken into consideration .

5.2 Future work
HyperVote can be adapted, in the future, by adding new functionalities. For example, one
functionality would allow voter s to vote multiple times during the election period, with only
the last vote counted .
This project was created as a collabora tion with Saguaro Technology, so beside its
electoral function, it will further be used and adapted to the requirement of one of the
company’s customers. This requirement consist in a network of printers which store

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
42

encrypted files in a blockchain. Once retrieved from the blockchain, f iles will be decrypt ed
and print ed.

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
43

6. References

[1]:https://www.ndi.org/e -voting -guide/electronic -voting -and-counting -around -the-world
[2017 , April 14]
[2]:http://publications.atlanticcouncil.org/renminbi/index.php [2017, April 14]
[3]:https://www.esat.kuleuven.be/cosic/publications/talk -78.pdf [2017, April 14 ]
[4]:https://en.wikipedia.org/wiki/Discrete_logarithm [2017, April 14 ]
[5]:https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange#/media/File:
Diffie -Hellman_Key_Exchange.svg [2017, April 14 ]
[6]:https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange#/media/File:
Enigma_keylist_3_rotor.jpg [2017, April 14 ]
[7]:https://web.math.rochester.edu/people/faculty/edummit/docs/cryptography _3_discrete_log
arithms _in_cryptography.pdf [2017, April 14 ]
[8]:http://crypto.cs.uiuc.edu/wiki/index.php/Elgamal_encryption_scheme [2017, April 14]
[9]:M. Abdalla, M. Bellare, P. Rogaway, DHAES, An encryption scheme based on the Diffie –
Hellman Problem (Appendix A)
[10]:https://en.wikipedia.org/wiki/ElGamal_encryption [2017, April 14]
[11]:https://en.wikipedia.org/wiki/Threshold_cryptosystem [2017, April 14]
[12]:Liam Morris – Analysis of partially and fully homomorphic encryption
[13]:https://nvotes.com/multiplicative -vs-additive -homomorphic -elgamal/ [2017, April 14]

HyperVote: The security of a decentralized electronic voting system
_______________________________________________________
44

[14]:R. C. Merkle, A Digital Signature Based on a C onventional Encryption
Function . Advances in Cryptology — CRYPTO '87. Lecture Notes in Computer Science,
p. 369
[15]:https://en.wikipedia.org/wiki/Merkle_tree#/media/File:Hash_Tree.svg [2017, April 14]
[16]:G. Becker, Merkle Signature Schemes, Merkle Trees and Their Cryptanalysis , Ruhr –
Universität Bochum, page 16
[17]:J. Kilian, Improved efficient arguments
[18]:https://en.wikipedia.org/wiki/Merkle_tree [2017, April 14]
[19]:J. Benaloh – Verifiable sectret -ballot elections , Ph.D thesis, Yale University, Technical
report 561 (1987)
[20]:J.D. Cohen – Improving Privacy in Cryptographic Elections
[21]: K. Iversen – A criptographic scheme for c omputerized general elections , proc. Crypto 1,
Springer LNCS 576 (1992), pages 405 – 419.
[22]:H. Nurmi, A. Salomaa, L. Santean – Secret ballot elections in computer networks ,
Computer and Security 10 (1991), pages 553 – 560.
[23]:C. Park, K. Itoh, K. Kurosawa – Efficient anonymous channel and all or nothing election
scheme , Proc. Eurocrypt 3, Springer LNCS 765 (1994), pages 248 – 259.
[24]:R. Cramer, R. Gennaro, B. Schoenmakers – A Secure and Optimally Efficient Multi –
Authority Election Scheme . In Advances in Cryptography – EUROCRYPT ’97 , pages 103 -118
[27]:https://gmplib.org/gmp -man-6.1.2.pdf [2017, May 19]
[28]:R. Crandall , C. Pomerance . Chapter 5, Prime Numbers: A computational perspective ,
2nd ed., Springer