В we settled on the fact that in the remote electronic voting system we are considering, a cryptographic algorithm of “blind electronic signature” is used to ensure the secrecy of voting and voter anonymization. In this article, we will look at it in more detail.
First, let's turn to the well-known and familiar electronic signature algorithm, which is widely used in information systems for various purposes. An electronic signature is based on cryptographic algorithms of asymmetric encryption. Asymmetric encryption is encryption using 2 keys: one of them is used for encryption, the other for decryption. They are called public (public) and private key. The public key is known to others, and the private key is known only to the owner of the electronic signature and is stored in a place inaccessible to others.
When signing, the following happens: first, an electronic document, using mathematical transformations, is reduced to a sequence of characters of a certain size - this is called a hash function.
The resulting character sequence (a hash of the document) is encrypted by the sender of the document using the private key and sent to the recipient together with the public key. The recipient decrypts the character sequence using the public key, applies exactly the same hash function to the document, and compares the conversion result with the decryption result. If everything matches, then no changes were made to the document after it was signed by the sender.
The described actions allow you to make sure that the document has not been changed, but do not allow you to make sure that the sender is really who he claims to be. Therefore, we need a third party that is trusted by both the sender and the recipient. To do this, before sending the document, the sender turns to a third party and asks her to sign his public key with her electronic signature. The sender now sends the recipient the document, their public key, and a third party's signature on their key. The recipient verifies the third party's signature on the public key and trusts the received document's signature.
Now let's move on to what a "blind signature" is and how it can help us with anonymization.
Let's imagine that in the example described above, the sender is the voter, the document is the ballot, and the recipient is the election commission, or, as we said, the “vote accounting and counting component”. As a third party (validator), we will have the component "List of voters". In this case, the process can proceed as follows.
The voter on his device generates a pair of keys - private and public. Since these keys are generated on his personal browser device, they are known only to him.
Using these keys, he will sign the ballot to control its integrity. He sends the signed ballot and the public key to the election commission. For a ballot to be accepted by the Distributed Storage and Scoring component, it must verify that the public key is signed by the validator.
The validator (the Voter List component) will sign the public key only after it has verified that the voter is present in the voter list.
To solve the problem of maintaining the secrecy of voting, the public key of the voter, created on his device, should not be known to anyone. It turns out that the validator must sign what he does not know. The task seems impossible, but here cryptographic algorithms come to the rescue - in this case, the "blind signature" algorithm
First, the public key must be masked on the voter's device. Masking is the execution of separate mathematical operations on the user's device. Imagine that you conceived some random number from 1 to 100, then conceived a second random number from 1 to 10 and a third, from 10 to 50, raised the originally conceived number to the power of the second number, and divided without a remainder by the third. The result was reported to others. It will not be difficult for you to restore the original number, since you know the sequence of actions and the numbers you conceived. But the people around you won't be able to do it.
Masking (blinding) of the public key is performed according to a special cryptographic algorithm. As a result, the validator signs the masked public key, while the original key is unknown to it. But the features of the algorithm are that the user (voter), having received a signature for a masked key, can make inverse transformations and get a valid signature for the original, unmasked key.
The described algorithm is widely used in secret voting protocols. The remote electronic voting system currently uses the RSA algorithm with a key length of 4096 bits for blind signature.
In general, the anonymization procedure is as follows.
- When creating a vote, a separate “validator” key pair is created, the public key is written to the blockchain. A unique key pair is created for each vote.
- The user is identified in the identification system (in this case, in the ESIA), and provides permission to transfer his identification data from the identification system to the PTC DEG.
- The "List of Voters" component of the PTC DEG checks whether the user is in the list of voters.
- On the user's device, his private keys are created - private and public, known only to him.
- On the user's device, the public key is masked
- Together with the identification data and the masked public key, the user accesses the "List of voters" component
- The component once again checks the presence of the user in the list and the fact that he did not receive the signature earlier
- If all checks are successful, the key is signed
- The fact of signing the key is recorded in the blockchain
- The user on his device removes the mask from the public key and receives a private key, a public key and a signature for the public key, while all the keys are known only to him.
- After that, the user is transferred to an anonymous zone - to a separate site edg2020.gov.ru, where it is impossible to identify him (for example, before the transition, he can connect a VPN or change the Internet provider, completely changing the IP address)
- The acceptance of the ballot will depend only on whether the signature of the “validator” passes the verification and whether such a key has not been used before.
Next, we describe the algorithm from the point of view of cryptography.
Signature and designation parameters:
M – in padding FDN format for signature.
Source: habr.com