Novel Blind Signcryption Scheme for E-Voting System Based on Elliptic Curves

To make the electoral process more secure, comfortable, and universal, it is essential to use modern cryptographic techniques for ensuring the anonymity of information in the electronic voting system. In many emerging applications like electronic voting data anonymity as well as un-traceability are the most essential security properties. To ensure these properties we present here in this paper a more secure and comparatively efficient blind signcryption scheme using the Elliptic Curve Cryptosystem (ECC). The existing e-voting schemes are based on El-Gamal and the Rivest-Shamir-Adleman ( RSA) cryptosystems which are not only expensive approaches but also lack the security features like unlinkability and forward secrecy. In our proposed scheme we use a low-cost elliptic curve cryptosystem with 160 bits key as compared to El-Gamal 2048 bits key and RSA 1024 bits key. In this scheme signer signs the message blindly without knowing the original contents then the voter forward signcrypted vote to polling server. The polling server is the actual voter data verifier or validator. The polling server checks the validity/authenticity of the voter and has the right to accept or reject the vote. Moreover, this scheme offers forward secrecy, unlinkability, and non-repudiation in addition to the basic security features like confidentiality, authenticity, integrity, and unforgeability. Overall performance evaluation proves that our scheme is comparatively more efficient in terms of computational and communicational costs. Furthermore, this scheme is suitable for the e-voting system due to its lower cost and extra security features.


INTRODUCTION
-voting is a confinement environment that aims to provide a secure and efficient voting mechanism within Internet of Things (IoT) services. However, this mechanism faces many security concerns like voter anonymity and fraud etc. In the literature, different e-voting schemes could be found [1][2][3][4][5][6] using different security mechanisms.

Perfectness:
A valid voter will always be accepted by the administrator. Robustness: An attacker or dishonest voter is not able to disturb the overall system. Un-reusability: A voter cannot cast more than one votes. Fairness: Fairness and transparency is ensured in every aspect throughout the system. Public Verifiability: The results will be publically verifiable. Individual Verifiability: Every voter can verify the vote individually.
This paper aims to introduce and develop a novel cryptosystem that satisfies the basic security requirement of e-voting with comparatively minimal operational cost. Therefore, the blind signature is the best security primitive used to achieve these goals.

BLIND SIGNCRYPTION BASED E-VOTING SYSTEMS
Many kinds of widely recognized e-voting systems have been proposed that used more complex algorithmic structures to achieve security features required for e-voting systems. We are using a blind signcryption approach in this paper. The approach is easily adaptable in such kind of environments. Evoting scenario is shown in Fig. 1. Chaum [1] had given an idea of a blind signature for the first time. In his proposed scheme, the signature is generated outside the documents and the carbon copy is placed inside secret documents to make the same copy of signature inside without signer knowing about internal documents/contents (the signer is not allowed to see the contents of documents). Signed documents are encrypted and forwarded to servers/verifier for necessary action and maintaining the records. To operate blind signature with encryption at a time is referred to as digital blind signcryption which is a flavor of signcryption.
Signcryption was introduced by Zhang [7] for the first time. This cryptographic primitive combines signature and encryption logically in a single step to reduce operational cost. Blind signcryption is used to ensure anonymous communications in electronic voting. Anonymous communication is gaining importance in various fields and applications such as online transactions and mobile phone voting [8]. Blind signcryption ensures confidentiality with anonymous communication at once due to which it is applicable in a democratic environment which allows freedom of thought and opinion [8]. We also suggest here that the advanced version of blind signcryption will be applicable for a specified citizen's portal system as well. Moreover, the goal of this study is to introduce efficient blind signcryption for e-voting with comparatively lower cost and high security with smaller key size and efficiency.
Our scheme ensures the following properties; (

RELATED WORK
Chaum et al. [9] introduced the idea of a blind signature that ensured sender anonymity and presented an untraceable online payment scheme. Brands [10] also presented a resistive scheme for double-spending anonymous communication and payment system after the identification of the same problem. This is an electronic cash scheme with some conditions and restrictions.
Nikooghadam and Zakerolhosseini [11] proposed an elliptic curve-based blind signature which was more efficient compared with Discrete Logarithm Problem (DLP) based schemes. Chakraborty and Mehta [12] proposed an ECC based signature scheme. This scheme introduced a duel encryption mechanism on the requestor side. A signer can decrypt outer encryption and the internal encryption use to hide the contents from the signer.
Awasthi and Lal [13] introduced DLP based blind signcryption for the first time. This scheme faced high operational costs and a lack of public verifiability. Xiuying and Dake [14] presented a DLP based blind signcryption scheme with public verifiability (i.e., in case of any dispute third party can verify and dissolve the issues). Howover, this scheme was impractical for resource constraint environments due to its comparatively high cost. In reference [15] and [16] ECC based blind signcryption schemes have been presented. Those schemes used complex structures due to which could not get much attraction from the research community.
In the modern era, e-voting has got more attention from the research community. It is the objective to introduce a more mature and implementable e-voting system that will be trustworthy, free from faults, robust and inexpensive. Furthermore, the system can preserve the rights of citizens of the regions or countries where it is supposed to be used. Our new proposed scheme ensures election mechanism integrity, reduces the risks in threat circumstances and removes all the flaws found in traditional and manual systems.
The remaining sections of this paper are organized as follows: description and methodology is reflected in section 4, section 5 presents scheme participants, section 6 presents proposed scheme. Detailed security and cost comparison is presented in section 7, and section 8 concludes the paper. The system operates in presence of the internet where authorized voters cast vote from any place using electronic devices. Polling servers count overall votes at the end and ensure voters anonymity. Our system generally is comprised of three participants that are signer/Polling station, voter, and Polling server. Further, we structured the proposed algorithm in four phases to generate keys, establish sessions between two parties, blind signcryption, and unsigncryption.

SCHEME PARTICIPANTS
Proposed scheme participant details are as under: Signer/Polling Station: At polling station, the signer blindly sign the message for a voter without knowing about the contents of the message.
Voter: Voter communicates the polling server anonymously. He/she forwards signcrypted vote/data to the polling server.
Polling Server: Polling server is an actual voter's data verifier that obtains voter signcrypted message and verifies after unsigncryption. It checks validity. If vote is authentic then it adds the vote to the voter list and maintains the record, otherwise rejects the vote. Fig. 3 shows the above three phases of the scheme participants. The symbols/parameters used throughout this manuscript are described in Table 1.

PROPOSED SCHEME PHASES
In this section, we discuss the scheme details and its working principles.
Setup phase: This phase defines security parameters using the elliptic curve cryptosystem.
Assume that ≥ 2 ../ be a large prime number and a and b are two values specified by F 2 over ECC. An elliptic curve E F over finite field F 2 is defined as: E F ∶ y . = x 6 + ax + b G is a base point on E of order n ≥ 2 ../ ; hash function is denoted by h; message is denoted by m and encryption/decryption is denoted by E . /D . where k is a secret key and c is the ciphertext.

Key Generation Phase: Each voter chooses his/her
private key Pri and computes Pub . Then, obtains a certificate from a concern certificate authority. The procedure is summarized below: • Polling station/signer selects a randomly private key Pri where Pri equal to d ∈ @1, … , n − 1C and computes public key Pub as P = d . D • Requester/voter selects a randomly private key Pri where private key equal to d ∈ @1, … , n − 1C and computes public key Pub as P = d . D • Verifier selects a randomly private key Pri where private key equals to d ∈ @1, … , n − 1C and computes public key Pub as P =d . D

Novel Blind Signcryption for E-Voting System
The requester/voter wants to anonymously communicate a message m to polling server/verifier over a noisy channel in an authenticated and confidential way.
The following steps are required to generate the blind signcrypted text.

RESULTS AND ANALYSIS
In this section of the paper, we present the proposed scheme analysis. This section has been further divided into two sub sections; Fist one discusses the security analysis of the e-voting model. The second one presents the cost analysis of the proposed scheme and compares it with the existing ones.

Security Analysis
This scheme is based upon the elliptic curve discrete logarithm problem and we claim that the proposed scheme is secure against various attacks. Here we compare several security attributes with the existing state of the art schemes to check and validate the proposed scheme security.

Definitions:
Elliptic Curve Discrete Logarithm Problem (ECDLP): Let us assume two points P and Q given on elliptic curve E V such that k is an integer value and compute Q = k. P which is equivalent to the computation of ECDLP.

Confidentiality:
Our scheme is secure against various attacks to ensure the confidentiality of message contents, if an attacker gets the secret key d , he/she cannot solve ECDLP which is a hard problem.

Case-1:
Let us assume that attacker computes k using the following equations (1) and (2), but to compute d is infeasible (i.e., equal to solve ECDP a hard problem) for an attacker.

Case-2:
Let us assume that the attacker computes k using equations (5) and (6)  For a valid signature attacker's needs β, d , and m to compute from equations 4 and 7 respectively that are also equivalent to solve ECDP a hard problem.

P = d . D 7
Un-Forgeability: Un-forgeability means nobody can forge values of signature c, r, s during communication over a noisy channel, neither attacker nor receiver of the message.
In our e-voting scheme, to generate a valid signature attacker's needs β, d and m to compute from equations 4 and (7) respectively that are equivalent to solve ECDP a hard problem.
Authentication: Authenticity ensures the received message/sender is legitimate or not. Our proposed evoting scheme provides authenticity at two levels; first provides signer/polling station authenticity and second to authenticate casted vote received to polling server.
Here we can discuss that polling server after receiving data verifies the signature using the public key of polling station/signer using the public key P associated with a signature key (private key d ). If verified it means signature generated by the legitimate signer else anybody changed it on the way or somewhere else which will not be acceptable by the verifier/polling server. Computing d from equation 7 is already discussed previously that is equivalent to solve ECDP a hard problem.
Public Verifiability: In case of dispute third party can verify message contents after the provision of signature parameters to judge without knowing any secrets about the message. The proposed scheme ensures public verifiability. In case of any dispute the polling server forward\ m, s̅ , to judge for issue settlement and verify the original signer.
(4) If b = P means sign generated by legitimate one with the public key P .

Theorem-2
If hold the following means correctness of the abovediscussed procedure proved. This scheme ensures public verifiability in case of any dispute the polling server forwards parameters m, s̅ , to judge for issue settlement. The judge verifies the original signer or content signed by a legitimate one or someone else.
Our proposed scheme provides third-party verification without disclosing any secret parameters. For dispute settlement, the recipient sends m, s̅ , to judge, to check either the signer signed the original message m or not.
Judge Verify m, s ̅ , Z, P Verifies sender public key P having a certificate Computes r = h m ∥ ℛ T Computes b = s̅ . D − r. If b = P means sign is generated by legitimate one with the public key P .

Un-traceability:
Un-traceability ensures that there will be no way for the message's receiver to trace the message's sender. The voter used the random number as a private key α, β for computing parameters c , r , ℛ , s , Z and send to the polling station and thus the verifier or polling station has no way to check the validity of the sender.
Unlinkability: Unlinkability means no way to link previous messages with a sender of the massage. For example, voter sends r = h m ∥ ℛ for a sign to a polling station and signer maintains the record list L r f , r . , … , r . Later on, the signer/polling station cannot link r generated from m because of such pair m , r generated by anybody else either polling server or polling station. All the security properties compared with existing schemes are reflected in Table 2.

Cost Analysis
Total operations are taken by an algorithm and extra bits appended with a message for security purposes using an insecure communication network referred to as the cost of that scheme. Cost depends on the processing time calculated on every node and appended extra bits with messages known as overhead bits discussed in the following two sub-sections.

Computational Cost
To calculate operational cost we mostly count the number of costly operations used in that scheme. These operations are exponentiations (M − Exp) and scalar multiplication (Mul) and remaining operations consider negligible. As per the security controller, Infineon's SLE66CUX640P [17] processing time unit for per Mul is 83 ms and for the unit, M − Exp is counted 220 ms. Here we measure propose e-voting scheme operational cost and compare with already existing schemes found in the literature. The proposed scheme algorithmic complexity reflected in Table 3 and total computational cost comparison with other schemes reflected in Fig. 4.

Communication Overhead
The section reflects the communication cost comparison. For this purpose, we calculate total appended extra bits attached to the messages. It depends on the selection of parameters sent by the sender node to the receivers. According to NIST recommendation.

CONCLUSION
We present in this paper a secure and comparatively efficient blind signcryption scheme based e-voting scheme using elliptic curve cryptosystem. This scheme offers some extra properties like forwarding secrecy, unlink-ability, and nonrepudiation with basic ones. We compared this scheme with existing schemes found in literature and proved that our proposed scheme has greater advantages over others based on operational and communicational cost. Furthermore, it is also best suited for a scarce environment like mobile commerce transactions or any country citizen's portal.