ProHoster > Blog > Administration > Overview of the system of remote electronic voting of the CEC of the Russian Federation

Overview of the system of remote electronic voting of the CEC of the Russian Federation

On August 31, 2020, a public test of the remote electronic voting system (hereinafter referred to as DEG) took place using blockchain technology, developed by order of the CEC of the Russian Federation.

To get acquainted with the new e-voting system and understand what role the blockchain technology plays in it and what other components are used, we are starting a series of publications on the main technical solutions used in the system. We propose to start in order - with the requirements for the system and the functions of the participants in the process

System requirements

The basic requirements for any voting system are generally the same for both traditional face-to-face voting and remote electronic voting, and are defined by Federal Law No. 12.06.2002-FZ of 67. electoral rights and the right to participate in a referendum of citizens of the Russian Federation.

  1. Voting in elections and referendums is secret, excluding the possibility of any control over the will of a citizen (Article 7).
  2. The opportunity to vote should be given only to persons who have an active right to vote in this voting.
  3. One voter - one vote, "double" voting is not allowed.
  4. The voting process must be open and transparent to voters and observers.
  5. The invariability of the cast vote must be ensured.
  6. It should not be possible to calculate the intermediate results of the vote before it ends.

So, we have three participants: the voter, the election commission and the observer, between which the order of interaction is determined. A fourth participant can also be singled out - the bodies that register citizens on the territory (primarily the bodies of the Ministry of Internal Affairs, as well as other executive bodies), since active suffrage is associated with citizenship and place of registration.

All these participants interact with each other.

Interaction Protocol

Consider the process of voting in a traditional polling station, with a ballot box and paper ballots. In a simplified form, it looks like this: a voter comes to the polling station and presents an identity document (passport). A precinct election commission operates at the polling station, a member of which checks the identity of the voter and whether he is on the list of voters that was compiled earlier. If the voter is found, the member of the commission issues a ballot to the voter, and the voter signs to receive the ballot. After that, the voter goes to the voting booth, fills out the ballot, and puts it in the ballot box. In order for all procedures to be observed strictly according to the law, all this is monitored by observers (representatives of candidates, public monitoring institutions). After the completion of voting, the election commission, in the presence of observers, counts the votes and establishes the voting results.

The properties necessary for voting in the traditional voting system are provided by organizational measures and the established procedure for the interaction of participants: checking voters' passports, personally signing for ballots, using voting booths and sealed ballot boxes, the procedure for counting votes, etc.

For an information system, which is a remote electronic voting system, this interaction procedure is called a protocol. Since all interaction with us becomes digital, this protocol can be considered as an algorithm that implements individual components of the system, and a set of organizational and technical measures performed by users.

Digital interaction imposes certain requirements on the implemented algorithms. Let's look at the actions performed on the traditional site in terms of information systems and how it is implemented in the DEG system we are considering.

Let’s say right away that blockchain technology is not a “silver bullet” here that solves all issues. To create such a system, it was necessary to develop a large number of software and hardware components responsible for different tasks, and to connect them with a single process and protocol. But at the same time, all these components interact with the blockchain platform.

System Components

From a technical point of view, the DEG system is a software and hardware complex (hereinafter referred to as PTC), which combines a set of components to ensure the interaction of participants in the electoral process in a single information environment.

The scheme of interaction between the components and participants of the PTK DEG system is shown in the figure below.

Overview of the system of remote electronic voting of the CEC of the Russian Federation
Clickable

Remote voting process

Now we will consider in detail the process of remote electronic voting and its implementation by the components of the PTC DEG.

According to the Procedure for remote electronic voting, in order to be included in the list of participants in remote electronic voting, a voter must submit an application on the State Services portal. At the same time, only those users who have a verified account and have been successfully compared with the register of voters, referendum participants of the GAS "Vybory" system can submit such an application. After receiving the application, the voter's data is once again checked by the CEC of Russia and uploaded to component "List of voters" PTK DEG. The download process is accompanied by the recording of unique identifiers in the blockchain. Members of the election commission and observers have access to view the list with the help of a special workstation located in the premises of the election commission.

When a voter visits a polling station, he is authenticated (compared with passport data) and identified in the voter list, as well as checking that this voter has not previously received a ballot. Here is an important point - it is impossible to establish whether the voter put the received ballot into the ballot box or not, only the fact that the ballot has already been issued earlier. In the case of PTK DEG, a voter's visit is a user's request to DEG Portal - this is a site located at vybory.gov.ru Like the traditional site, the site contains information materials about ongoing election campaigns, information about candidates and other information. For identification and authentication, the ESIA of the State Services Portal is used. Thus, the general identification scheme is preserved both when submitting an application and when voting.

After that, the anonymization procedure begins - the voter is given a ballot that does not contain any identification marks: it does not have a number, it is in no way associated with the voter to whom it was issued. It is interesting to consider the option when the polling station is equipped with electronic voting complexes - in this case, anonymization is performed as follows: instead of a paper ballot, the voter is invited to choose from a pile of any card with a barcode, with which he will approach the voting device. The card does not contain any data about the voter, only a code that determines which ballot should be provided by the device when such a card is presented. With a fully digital interaction, the main task is to implement such an anonymization algorithm so that, on the one hand, it is impossible to establish any user identification data, and on the other hand, to provide voting only to those users who were previously identified in the list. To solve it, the PTK DEG uses a cryptographic algorithm, known in the professional environment as a “blind electronic signature”. We will talk about it in detail in the following publications, and also publish the source code, you can also collect additional information from publications on the Internet by keywords - "secret voting cryptographic protocols" or "blind signature"

Then the voter fills out the ballot in a place where it is impossible to see the choice made (closed booth) - if in our information system the voter votes remotely, then the only such place is the user's personal device. To do this, the user is first transferred to another domain − to the anonymous zone. Before the transition, you can raise the VPN connection and change the IP address. It is on this domain that the bulletin is displayed and the user's choice is processed. The source code that runs on the user's device is initially open - it can be seen in the browser.

After the choice is made, the ballot is encrypted on the user's device using a special encryption scheme, sent and recorded in component "Distributed storage and counting of votes"built on the blockchain platform.

One of the most important characteristics of the protocol is the impossibility of knowing the results of the vote before it is completed. In the traditional polling station, this is ensured by sealing the ballot box and monitoring by observers. In digital interaction, the best solution is to encrypt the voter's choice. The encryption algorithm used excludes the possibility of disclosing the results before the completion of voting. To do this, a scheme with two keys is used: one (public) key, which is known to all participants, encrypts the voice. It cannot be decrypted with the same key; a second (private) key is needed. The private key is shared among the participants of the electoral process (members of electoral commissions, members of the public chamber, operators of counting servers, and so on) in such a way that each separate part of the key is useless. You can start decryption only after the private key has been collected. In the system under consideration, the procedure for separating keys includes several stages: separating a part of the key within the system, separating the key outside the system, and forming a common public key. We will show the process of encryption and working with cryptographic keys in detail in the following publications.

After the key is collected and loaded, the calculation of the results begins for their further fixation in the blockchain and subsequent announcement. A feature of the system under consideration is the use of homomorphic encryption technology. We will describe this algorithm in detail in future publications and explain why this technology is widely used to create voting systems. And now we note its main feature: the encrypted ballots recorded in the accounting system can be combined without decryption in such a way that the result of decrypting such a combined ciphertext will be the summed value for each choice in the ballots. At the same time, the system, of course, implements mathematical proofs of the correctness of such a calculation, which are also recorded in the accounting system and can be verified by observers.

Below is a diagram of the voting process.

Overview of the system of remote electronic voting of the CEC of the Russian Federation
Clickable

Blockchain platform

Now that we have analyzed the main features of the implementation of the remote electronic voting system, let's answer the question we started with - what role does the blockchain technology play in this and what tasks can it solve?

In the implemented remote voting system, blockchain technology solves a certain range of tasks.

  • The basic task is to ensure the immutability of information within the framework of voting, and, first of all, the votes of voters.
  • Ensuring the transparency of execution and the immutability of the program code implemented in the form of smart contracts.
  • Ensuring the protection and immutability of the data used in the voting process: the list of voters, the keys used to encrypt ballots at various stages of the cryptographic protocol, and so on.
  • Ensuring decentralized data storage, while each participant has an absolutely identical copy, confirmed by the properties of consensus in the network.
  • The ability to view transactions and track the progress of voting, which is fully reflected in the block chains, from its inception to the recording of the calculated results.

Thus, we see that without the use of this technology, it is almost impossible to achieve the necessary properties in the voting system, as well as trust in it.

The functionality of the applied blockchain platform is enriched with the use of smart contracts. Smart contracts verify each transaction with encrypted ballots for the authenticity of the electronic and blind signatures, and also perform basic checks on the correctness of filling out the encrypted ballot.

At the same time, in the considered system of remote electronic voting, the “Distributed storage and counting of votes” component is not limited to blockchain nodes. For each node, a separate server can be deployed, which implements the main cryptographic functions of the voting protocol - counting servers.

Counting servers

These are decentralized components that provide a procedure for distributed generation of the ballot encryption key, as well as decryption and calculation of voting results. Their tasks include:

  • Ensuring distributed generation of a part of the bulletin encryption key. The key generation procedure will be covered in the following articles;
  • Checking the correctness of the encrypted ballot (without decrypting it);
  • Processing ballots in encrypted form to form the final ciphertext;
  • Distributed decoding of final results.

Each stage of the execution of the cryptographic protocol is recorded in the blockchain platform and can be checked for correctness by observers.

To give the system the necessary properties at various stages of the voting process, the following cryptographic algorithms are used:

  • Electronic signature;
  • Blind signature of the voter's public key;
  • ElGamal encryption scheme on elliptic curves;
  • Zero-knowledge proofs;
  • Protocol DKG (Distributed Key Generation) Pedersen 91;
  • Private key sharing protocol according to the Shamir scheme.

The cryptographic service will be discussed in more detail in the following articles.

Results

Let's sum up some intermediate result of consideration of the system of remote electronic voting. We briefly described the process and the main components that implement it, and also identified the means to achieve the properties necessary for any voting system:

  • Voter verifiability. The system only accepts votes from verified voters. This property is provided by identifying and authenticating voters, as well as fixing the list of voters and the fact of providing access to the ballot in the blockchain.
  • Anonymity. The system ensures the secrecy of voting, enshrined in the legislation of the Russian Federation, the identity of the voter cannot be determined from the encrypted ballot. Implemented using the "blind signature" algorithm and an anonymous zone for filling out and sending the ballot.
  • Voting privacy. The organizers and other participants of the voting cannot find out the result of the voting until it ends, the votes are counted and the final results are deciphered. Confidentiality is achieved by encrypting the ballots and not being able to decrypt until the end of voting.
  • Data immutability. Data on the will of voters cannot be changed or deleted. Immutable data storage is provided by the blockchain platform.
  • Verifiability. An observer can check that the votes were counted correctly.
  • Reliability. The architecture of the system is based on the principles of decentralization, ensuring the absence of a single “point of failure”.

Source: habr.com

Add a comment