TREA

BLOCKCHAIN-BASED ANONYMOUS TRUSTED VOTING METHOD, APPARATUS AND RELATED DEVICE

Follow

Information

  • Patent Application
  • 20240273649
  • Publication Number
    20240273649
  • Date Filed
    September 02, 2022
    2 years ago
  • Date Published
    August 15, 2024
    2 months ago
Information
Abstract
A trusted anonymous voting method includes: performing a hash operation on original voting content to obtain a hash output including a commitment value cvi; blinding the commitment value cvi based on information of other voters to obtain commitment value tuples {tilde over (c)} and {tilde over (x)}; signing the commitment value tuple {tilde over (c)} by using an ESDSA to obtain a signature tuple {tilde over (s)}; and establishing a vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) based on the commitment value tuple {tilde over (c)}, the signature tuple {tilde over (s)} and a signature tuple {acute over (d)} of other voters, and uploading the vote tuple (ć, ś, {acute over (d)}) and the commitment value tuple {tilde over (x)} to the blockchain, where signature tuple {tilde over (d)} is generated in a case that other voters verify the signature tuple {tilde over (s)} and the signature tuple {tilde over (s)} passes the verification, and the commitment value tuple {tilde over (x)} is used to decrypt the vote tuple.
Description

The present application claims priority to Chinese Patent Application No. 202210422851.X, titled “BLOCKCHAIN-BASED ANONYMOUS TRUSTED VOTING METHOD, APPARATUS AND RELATED DEVICE”, filed on Apr. 21, 2022 with the China National Intellectual Property Administration, which is incorporated herein by reference in its entirety.


FIELD

The present disclosure relates to the technical field of blockchains, and in particular to a trusted anonymous voting method and apparatus based on a blockchain, and a related device.


BACKGROUND

The rapid development of a smart power grid system promotes the emergence of a modern power system known as “Internet of Energy” (IoE), which has drawn great interest from many countries. As an Internet-based solution for addressing energy issues, IoE has many key technologies and challenges to be addressed. One of the most common activities in the IoE is voting. For example, people may choose a proper energy broker through electronic voting. Although there are many electronic voting solutions, the IoE has a stricter requirement for the electronic voting solutions.


In addition to some common requirements such as correctness, eligibility, and coercion resistance in the electronic voting solutions, deployment of a voting service in the IoE is further required to meet requirements such as decentralization, anonymity, verifiability, and efficiency. Firstly, it is critical to handle voting without any kind of trusted third party (TTP) due to open and distributed features of the IoE. Secondly, it is critical to provide anonymity for voters enough because in a peer-to-peer marketplace of the IoE, a candidate may harm the voters in many unmonitored ways. Next, verifiability is provided because illegal activities are audited and punished in the IoE. Finally, basic services in the IoE are efficient and compatible with the system.


Although a series of effective protocols for anonymous electronic voting are provided in previous studies (for example, the electronic voting solution proposed by Helios and Backes et al.: [Ben Adida. Helios: Web-based open-audit voting. In USENIX security symposium, volume 17, 2018] and [Michael Backes, Martin Gagné, and Malte Skoruppa. Using mobile device communication to strengthen e-voting protocols. In Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society, pages 237-242, 2013]), a consistent view is to be provided by a web server implemented by an administrator or authority in the most solutions. As a result, a trusted third party is involved. However, with the trusted third party, the protocols are subjected to a single point of failure and are not available for a trustless environment in a new-style Internet.


Another issue is to provide verifiability along with anonymity, and the verifiability and anonymity seem to be two contradictory design goals. Some voting solutions (for example, an anonymous voting solution based on a blockchain proposed by Yang et al.: [Xuechao Yang, Xun Yi, Surya Nepal, Andrei Kelarev, and Fengling Han. Blockchain voting: Publicly verifiable online voting protocol without trusted tallying authorities. Future Generation Computer Systems, 112: 859-874, 2020]) have solved the issue through blockchain technology. However, lack of efficiency is the most defects in the technology.


SUMMARY

In view of this, a trusted anonymous voting method and apparatus based on a blockchain, and a related device are provided according to the present disclosure, to realize decentralized anonymous voting.


In order to achieve the above objectives, a trusted anonymous voting method based on a blockchain is provided according to a first aspect of the present disclosure. The method includes: performing a hash operation on original voting content to obtain a hash output, where the hash output includes a commitment value cvi; blinding the commitment value cvi based on information of other voters to obtain a commitment value tuple {tilde over (c)} and a commitment value tuple {tilde over (x)}; signing the commitment value tuple {tilde over (c)} by using an ESDSA to obtain a signature tuple {tilde over (s)}; and establishing a vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) based on the commitment value tuple {tilde over (c)}, the signature tuple {tilde over (s)} and a signature tuple {tilde over (d)} of other voters, and uploading the vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) and the commitment value tuple {tilde over (x)} to the blockchain, where the vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) serves as voting content in a voting stage, where the signature tuple {tilde over (d)} is generated in a case that other voters verify the signature tuple {tilde over (s)} and the signature tuple {tilde over (s)} passes the verification, and the commitment value tuple {tilde over (x)} is used to decrypt the vote tuple.


Preferably, the performing a hash operation on original voting content to obtain a commitment value cvi includes: performing the hash operation on the original voting content m and a string o to obtain the commitment value cvi, where the string o is randomly generated.


Preferably, the blinding the commitment value cvi based on information of other voters to obtain a commitment value tuple {tilde over (c)} and a commitment value tuple {tilde over (x)} includes: performing, for each of other voters, a point multiplication operation in an elliptic curve cryptography (ECC) on public key information pkj and custom-character of the voter to obtain a blinding factor tj; hashing the commitment value cvi based on the blinding factor tj to a new commitment value xj and a new commitment value cj; and collecting commitment values xj to obtain a commitment value tuple {tilde over (x)}, and signing each of commitment values cj by using a private key ski to obtain the commitment value tuple {tilde over (c)}.


Preferably, the signing the commitment value tuple e by using an ESDSA to obtain a signature tuple {tilde over (s)} includes: performing the hash operation on a tuple (IDi, addri, custom-character) to obtain the signature tuple {tilde over (s)}, where IDi and addri represent identification and address information of a target voter respectively, and custom-character represents a commitment value in the commitment value tuple {tilde over (c)} corresponding to a voter nv.


Preferably, the hash output further includes a commitment value ovi, and the method further includes: obtaining the signature tuple {tilde over (d)} and the commitment value tuple {tilde over (x)} from the blockchain, and calculating a signature tuple {tilde over (y)} of other voters based on the signature tuple {tilde over (d)}; verifying validity of ynv based on the commitment value cvi and the commitment value tuple {tilde over (x)} by using a preset algorithm VerifyS to obtain all signature elements ynv that pass the verification, where ynv represents a signature element in the signature tuple {tilde over (y)} corresponding to the voter nv; obtaining a commitment string xnv corresponding to each of the signature elements ynv that pass the verification, establishing a new signature tuple {tilde over (y)} based on all the signature elements ynv that pass the verification, and establishing a new commitment tuple {tilde over (x)} based on all commitment strings xnv; and uploading a vote tuple (cvi, ovi, {tilde over (x)}, {tilde over (y)}) to the blockchain with a random address, where the vote tuple (cvi, ovi, {tilde over (x)}, ý) serves as voting content in an opening voting stage.


Preferably, the trusted anonymous voting method based on a blockchain further includes: obtaining the vote tuple (cvi, ovi, {tilde over (x)}, {tilde over (y)}) from the blockchain, and verifying the signature tuple {tilde over (y)} by using a preset algorithm V; and verifying, in a case that more than a preset proportion of signature elements ŷ in the signature tuple {tilde over (y)} pass the verification, the original voting content based on the commitment tuples cvi and ovi by using the preset algorithm.


Preferably, the verifying the original voting content based on the commitment tuples cvi and ovi by using the preset algorithm includes: serializing the commitment tuple ovi to obtain a serialized string of commitment tuple ovi; performing the hash operation on the inputted original voting content m and the serialized string of commitment tuple ovi, to obtain a hash value ĉ; and determining whether ĉ is equal to cvi, and determining that the original voting content m passes the verification, in a case that ĉ is equal to cvi.


A trusted anonymous voting apparatus based on a blockchain is provided according to a second aspect of the present disclosure. The apparatus includes a commitment unit, a blinding unit, a signature unit, and a voting unit. The commitment unit is configured to perform a hash operation on original voting content to obtain a hash output, where the hash output includes a commitment value cvi. The blinding unit is configured to blind the commitment value cvi based on information of other voters to obtain a commitment value tuple {tilde over (c)} and a commitment value tuple {tilde over (x)}. The signature unit is configured to sign the commitment value tuple {tilde over (c)} by using an ESDSA to obtain a signature tuple {tilde over (s)}. The voting unit is configured to establish a vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) based on the commitment value tuple {tilde over (c)}, the signature tuple {tilde over (s)} and a signature tuple {tilde over (d)} of other voters, and upload the vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) and the commitment value tuple {tilde over (x)} to the blockchain, where the vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) serves as voting content in a voting stage. The signature tuple {tilde over (d)} is generated in a case that other voters verify the signature tuple {tilde over (s)} and the signature tuple {tilde over (s)} passes the verification, and the commitment value tuple {tilde over (x)} is used to decrypt the vote tuple.


A trusted anonymous voting device based on a blockchain is provided according to a third aspect of the present disclosure. The device includes a memory and a processor. The memory is configured to store a program. The processor is configured to execute the program to perform the trusted anonymous voting method based on a blockchain described above.


A storage medium is provided according to a fourth aspect of the present disclosure. The storage medium stores a computer program. The computer program, when being executed by a processor, performs the trusted anonymous voting method based on a blockchain described above.


It can be seen from the above technical solutions that in the present disclosure, a hash operation is performed on the original voting content to obtain the hash output. The hash output includes the commitment value cvi. The hash operation enables the original voting content to be hidden well. Then, the commitment value cvi is blinded based on the information of other voters, to obtain the commitment value tuples {tilde over (c)} and {tilde over (x)}, so that identification of the voter is hidden well through the blinding. Next, the commitment value tuple {tilde over (c)} is signed by using the ESDSA to obtain the signature tuple {tilde over (s)}. The commitment value tuple is signed by the voter himself, so that the voting content is authenticated by the target voter, thereby preventing the voting content from being forged by others. Finally, the vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) is established based on the commitment value tuple {tilde over (c)}, the signature tuple {tilde over (s)} and the signature tuple {tilde over (d)} of other voters, and the vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) and the commitment value tuple {tilde over (x)} are uploaded to the blockchain. The vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) serves as the voting content in the voting stage. The signature tuple {tilde over (d)} is generated in a case that other voters verify the signature tuple {tilde over (s)} and the signature tuple {tilde over (s)} passes the verification. Due to verification and signature by other voters, the target voter cannot tamper with the voting content. The commitment value tuple {tilde over (x)} is used to decrypt the vote tuple, facilitating subsequent opening of the voting content and tally. In the present disclosure, through the above processing, the voting content is hidden and anonymity and verifiability of the voting are achieved.





BRIEF DESCRIPTION OF THE DRAWINGS

In order to more clearly illustrate technical solutions in the embodiments of the present disclosure or in the conventional technology, drawings to be used in the description of the embodiments or the conventional technology are briefly introduced hereinafter. It is apparent that the drawings described below show merely the embodiments of the present disclosure, and other drawings may be obtained by those skilled in the art from the drawings without any creative work.



FIG. 1 is a schematic diagram showing overall design of a trusted anonymous voting method based on a blockchain according to an embodiment of the present disclosure;



FIG. 2 is a flowchart of a trusted anonymous voting method based on a blockchain according to an embodiment of the present disclosure;



FIG. 3 is a schematic diagram of a trusted anonymous voting apparatus based on a blockchain according to an embodiment of the present disclosure;



FIG. 4 is a schematic diagram of a trusted anonymous voting apparatus based on a blockchain according to another embodiment of the present disclosure;



FIG. 5 is a schematic diagram of a trusted anonymous voting apparatus based on a blockchain according to another embodiment of the present disclosure; and



FIG. 6 is a schematic diagram of a trusted anonymous voting device based on a blockchain according to an embodiment of the present disclosure.





DETAILED DESCRIPTION OF THE EMBODIMENTS

Technical solutions in the embodiments of the present disclosure are described clearly and completely below in conjunction with the drawings in the embodiments of the present disclosure. Apparently, the embodiments described below are only some embodiments of the present disclosure, rather than all the embodiments. Any other embodiments obtained by those skilled in the art based on the embodiments in the present disclosure without any creative effort fall within the protection scope of the present disclosure.


For ease of understanding, an overall design idea of a trusted anonymous voting method based on a blockchain according to the present disclosure is introduced first. A main idea of the technical solution is introduced as follows with reference to FIG. 1. In order to vote for a ballot, a user first performs three cryptographic operations, i.e., commitment (for credibility), blinding (for anonymity) and signature (for verifiability) on a voting message to obtain a trusted anonymous voting result of original voting content, then performs a blind signature (for verifiability) on the trusted anonymous voting result by using a blind signature algorithm, and finally obtains voting information (expressed by a three-tuple) of the ballot. Then, the user uploads the voting information of the ballot to the blockchain, where a result of the blind signature is directly uploaded to the blockchain. In an opening voting stage, the user opens a commitment of a voting message obtained by the commitment and blinding, and the opened commitment is processed and uploaded to the blockchain. Finally, voting content (expressed by a four-tuple) of voters for the ballot is recorded in the blockchain. The user may verify whether the voting is valid in the blockchain. In a case that the voting is valid, a tally is performed for counting the voting result.


The trusted anonymous voting method based on a blockchain according to an embodiment of the present disclosure is described in detail below. It can be understood that anyone in an Internet of Energy (IoE) system may launch voting through this solution. All voters who want to participate in the voting are required to provide their public keys and identification. Therefore, there is an initialization stage before the voting is launched. In the initialization stage, all public information of the voters is broadcasted to the blockchain through a preset smart contract. It is assumed that there are nv different voters v1, v2, . . . , vnv. Each of the voters vi generates two pairs of keys (skvi, pkvi) and (custom-character, custom-character) through elliptic curve cryptography (ECC). Assuming that addrvi represents a public address of the voter vi in the Ethereum network, IDvi represents identification of the voter, and public information of the voter vi is expressed as a tuple (IDvi, pkvi, custom-character, addrvi). Each of the voters may obtain the information from the blockchain and verify validity of the information. After the above initialization phase, referring to FIG. 2, the trusted anonymous voting method based on a blockchain according to the embodiment of the present disclosure may include the following steps S101 to S104.


In step S101, a hash operation is performed on original voting content to obtain a hash output.


An input with an arbitrary length (also referred to as a pre-image) may be transformed into a hash output with a fixed length by using a hash algorithm. In this step, the hash output includes a commitment value cvi. This transformation is contraction mapping. That is, a size of a hash output is normally significantly smaller than a size of an input. Since different inputs may be hashed to a same hash output, the unique input cannot be determined from the hash output. The original voting content m is hashed to the commitment value cvi through the hash operation, so that the voting content can be hidden well. Therefore, other voters cannot obtain the voting content until the vote is opened.


In step S102, the commitment value cvi is blinded based on information of other voters to obtain a commitment value tuple {tilde over (c)} and a commitment value tuple {tilde over (x)}.


The blinding may be performed by using a preset blind commitment algorithm. The information of other voters may be embedded in the commitment value cvi through the blinding, thereby hiding identity information of a target voter, so as to achieve anonymous voting.


In step S103, the commitment value tuple {tilde over (c)} is signed by using an ESDSA to obtain a signature tuple {tilde over (s)}.


The commitment value tuple {tilde over (c)} is signed by using the ESDSA based on a private key of the target voter, so that the voting content is authenticated by the target voter, thereby preventing the voting content from being forged by others.


In step S104, a vote tuple (ć, {tilde over (s)}, {tilde over (d)}) is established based on the commitment value tuple {tilde over (c)}, the signature tuple {tilde over (s)} and a signature tuple {tilde over (d)} of other voters, and the vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) and the commitment value tuple {tilde over (x)} are uploaded to the blockchain.


The signature tuple {tilde over (d)} is generated in a case that other voters verify the signature tuple {tilde over (s)} and the signature tuple {tilde over (s)} passes the verification. The commitment value tuple {tilde over (x)} is used to decrypt the vote tuple. The vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) serves as the voting content in a voting stage.


In the embodiment of the present disclosure, a hash operation is performed on the original voting content to obtain the hash output. The hash output includes the commitment value cvi. The hash operation enables the original voting content to be hidden well. Then, the commitment value cvi is blinded based on the information of other voters, to obtain the commitment value tuples {tilde over (c)} and {tilde over (x)}, so that identification of the voter is hidden well through the blinding. Next, the commitment value tuple {tilde over (c)} is signed by using the ESDSA to obtain the signature tuple {tilde over (s)}. The commitment value tuple is signed by the voter himself, so that the voting content is authenticated by the target voter, thereby preventing the voting content from being forged by others. Finally, the vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) is established based on the commitment value tuple {tilde over (c)}, the signature tuple {tilde over (s)} and the signature tuple {tilde over (d)} of other voters, and the vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) and the commitment value tuple {tilde over (x)} are uploaded to the blockchain. The vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) serves as the voting content in the voting stage. The signature tuple {tilde over (d)} is generated in a case that other voters verify the signature tuple {tilde over (s)} and the signature tuple {tilde over (s)} passes the verification. Due to verification and signature by other voters, the target voter cannot tamper with the voting content. The commitment value tuple {tilde over (x)} is used to decrypt the vote tuple, facilitating subsequent opening of the voting content and tally. In the present disclosure, through the above process, the voting content is hidden and anonymity and verifiability of the voting are achieved.


In some embodiments of the present disclosure, in the step S101, the hash operation is performed on the original voting content to obtain the commitment value cvi by: performing the hash operation on the original voting content m and a string o to obtain the commitment value cvi. The string o is randomly generated.


For example, the above hash operation may be implemented by using an algorithm C, i.e., (cvi, ovi)←C(mvi). Details of the algorithm C are as follows.












Algorithm C

















 Input (m)



Output (c, o)



1: o=RandomBytes(32);



2: c=SHA256 (m + serialize(o));



3: Return (c, o) ;










The algorithm C first generates a random string with 32 bytes as an open string o in the commitment. A commitment string c is a hash value generated from the original voting content m and o by using a collision-resistant hash algorithm SHA256, where a function serialize( ) in the algorithm C is used to serialize the string o.


In some embodiments of the present disclosure, in the step S102, the commitment value cvi is blinded based on the information of other voters to obtain the commitment value tuple {tilde over (c)} and the commitment value tuple {tilde over (x)} by the following steps S1 to S3.


In step S1, for each of other voters, a point multiplication operation in the elliptic curve cryptography (ECC) is performed on public key information pkj and custom-character of the voter to obtain a blinding factor tj.


In step S2, the commitment value cvi is hashed to a new commitment value xi and a new commitment value cj based on the blinding factor tj.


In step S3, commitment values xj are collected to obtain a commitment value tuple {tilde over (x)} and each of commitment values cj is signed by using a private key ski to obtain the commitment value tuple {tilde over (c)}.


For example, the blinding may be performed by using an algorithm BlindX to generate the blinded commitment value tuples {tilde over (c)}=(custom-character, custom-character, . . . , custom-character) and {tilde over (x)}=(custom-character, custom-character, . . . , custom-character) corresponding to different voters v1, v2, . . . , vnv other than the target voter, i.e., ({tilde over (x)}, {tilde over (c)})←BlindX(cvi, pknv, custom-character, ski) (it should be noted that in this specification, a small letter with a superscript ˜ represents a string vector including nv strings, and a small letter with a superscript {circumflex over ( )} represents a string). Details of the algorithm BlindX are as follows.












Algorithm BlindX

















Input (cvi, custom-character  , custom-character  , ski)



Output ({tilde over (x)}, {tilde over (c)}, γ, δ)










 1:
γ=RandomBytes(32);



 2:
δ=RandomBytes(32);



 3:
forj=0 to nvdo



 4:
 Aj = custom-character  + γ * G + pkj * δ;



 5:
 tj = getXpointFromPubkey(Aj)modn ;



 6:
 xj = SHA256(cvi+ tj) ;



 7:
 cj = xj − δ;



 8:
 {tilde over (c)}.push(cj) ;



 9:
 Hi = SHA256(IDi + addri + cj) ;



10:
 sj=ECDSA.Sign(Hi, ski);



11:
  {tilde over (s)}.push(sj) ;



12:
 endfor



13:
 setAnmVote( addrvi, a{tilde over (d)}dr, {tilde over (s)}, ĉ );



14:
 Return ({tilde over (x)}, {tilde over (c)}, γ, δ) ;










The algorithm BlindX first randomly generates two random strings γ and δ each including 32 bytes for performing a point multiplication operation in the elliptic curve cryptography (ECC) on inputted public key information (in a line indicated by 4). Then, an X-coordinate of a point on an elliptic curve is determined as a blinding factor (in a line indicated by 5), where a function getXpointFromPubkey is used to determine an X-coordinate of a point on the elliptic curve in the ECC. Next, the original commitment cvi is blinded to obtain new commitment values (in lines indicated by 6 and 7). In addition, the blinded commitment is signed for subsequent verification of authenticity. Specifically, a signature algorithm Sign in an ECDSA is called, and signing is performed by using the private key ski of the voter vi. Finally, the algorithm returns ({tilde over (x)}, {tilde over (c)}, γ, δ) as a blinding result.


In the algorithm BlindX, an algorithm setAnmVote in the smart contract in the blockchain is called, and is used to store address information of the voters, blinded string commitment information and signature information in the blockchain through a smart contract transaction. Firstly, a data structure is used to record information binding with the voter. For example, a structure in Table 1 may serve as the data structure (related to the voters) for recording that is stored in the blockchain. As shown in Table 1, address, PK, PKs and ID are basic public information, while the other three mapping data correspond to the vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) of the voter for the ballot, and a data type of the three mapping data is a mapping vector characterized in that an index of the vector is represented by a data type of address in the blockchain.









TABLE 1







Blockchain data structure of voters










Data type
Data description







address
voter



string
PK



string
PKs



string
ID



mapping(address string)
si



mapping(address string)
ci



mapping(address string)
dsigs










The algorithm setAnmVote is an operation of uploading to the blockchain, and has no output. For example, details of the algorithm setAnmVote are as follows.












Algorithm setAnmVote

















Input (iV, custom-character  , s, c)










 1:
if(msg.sender==iV)then



 2:
forj=0 to nvdo



 3:
iS= custom-character  [j]



 4:
isi=ŝ[j]



 5:
ici= ĉ[j]



 6:
if(voters[iV].si[iS])==0)then



 7:
voters[iV].si[iS]=isi; ;



 8:
voters[iV].ci[iS]=ici;



 9:
endif



10:
 endfor



11:
 endif










In an Ethereum blockchain, IV represents an address of the voter and iS represents an address of a potential signer, iSi and iCi represents data generated in the algorithm BlindX, voters represents an array corresponding to the data structure in Table 1, and msg.sender in a line indicated by 1 represents an address of a transaction sender who calls the algorithm in the smart contract in the blockchain. The requirement in the line indicated by 1 ensures that only the voter himself is allowed to set the data (that is valid when the smart contract is called). Finally, once the algorithm is executed successfully, the algorithm uploads iSi and iCi to the blockchain, and the data is recorded in the blockchain. Anyone including the voter himself is not allowed to reset the recorded data.


In some embodiments of the present disclosure, in the step S103, the commitment value tuple {tilde over (c)} is signed by using the ESDSA to obtain the signature tuple {tilde over (s)} by: performing the hash operation on a tuple (IDi, addri, custom-character) to obtain the signature tuple {tilde over (s)}.


IDi and addri represent identification and address information of the target voter respectively, and custom-character represents a commitment value in the commitment value tuple {tilde over (c)} corresponding to a voter nv.


Firstly, a hash value Hnv of the tuple (IDi, addri, custom-character) corresponding to voters v1, v2, . . . , vnv is calculated, where vnv≠vi, and vi represents the target voter. The target voter signs for other different voters by using the signature algorithm in the ESDSA, i.e., snv=ECDSA.Sign(ski, Hnv), to obtain the signature tuple {tilde over (s)}=(s1, s2, . . . , snv).


Subsequently, information of (IDi, addri, {tilde over (c)}, {tilde over (s)}) is recorded in the blockchain through the smart contract, by using the algorithm setAnmVote in the smart contract. In addition, it should be noted that {tilde over (x)} is kept by the voter vi in secret in this stage.


In some embodiments of the present disclosure, in the step S104, the signature tuple {tilde over (d)} of other voters may be calculated by using a preset algorithm BlindS.


First, each of other voters verifies validity of a signature by using a verification algorithm in the ECDSA. In order to verify the signature, the signature in the blockchain is queried by using an algorithm getAnmVote in the smart contract. In a case that it is verified that the signature is valid, the voter generates a blind signature dnv in a blind signature protocol by using the blind signature algorithm BlindS, i.e., dnv←BlindS(custom-character, sknv), and uploads the blind signature dnv to the blockchain by using an algorithm signAnmVote in the smart contract. Finally, {tilde over (d)}=(d1, d2, . . . , dnv) is determined as a blind signature tuple of the different voters v1, v2, . . . , vnv.


For example, details of the algorithm BlindS are as follows.












Algorithm BlindS

















Input (( custom-character  , sknv))



Output dnv










 1:
 (v, snv, ĉnv)=getAnmtVote( addri, addrnv );



 2:
if v ≠ addri then



 3:
Return 0



 4:
endif



 5:
H=SHA256( IDi + addri + ĉnv );



 6:
S=ECDSA.Verify( snv, H, pki);



 7:
ifS==Truethen



 8:
  dnv= custom-character  − ĉnv* sknv



 9:
else



10:
  Return 0



11:
  end if;



11:
  signAnmVote( addri , dnv);



12:
  Return dnv










Firstly, the signer queries the commitment data (v, snv, ĉnv) generated for him by using the algorithm getAnmVote in the smart contract. Anyone is allowed to query the commitment data based on a public account address in the blockchain. Then, the validity of the signature in the commitment data is verified by using the hash algorithm SHA256 and the verification algorithm in the ECDSA in cryptography (where a verification result S is generated in the two steps). In a case that it is verified that the signature is valid (S==True), the voter as the signer generates the blind signature dnv of the queried commitment ĉnv based on inputted private key parameters by using custom-character−ĉnv*sknv. Subsequently, the blind signature is uploaded to the blockchain by calling the algorithm signAnmVote in the smart contract for uploading to the blockchain. Similarly, a requirement in a line indicated by 2 ensures that only the signer himself is allowed to set corresponding data. Once the signature is recorded, anyone including the signer himself is not allowed to reset the signature. Finally, the algorithm BlindS returns the generated blind signature dnv.


Further, in the above algorithm BlindS, two algorithms getAnmVote and signAnmVote in the smart contract in the blockchain are called. The algorithm getAnmVote is an algorithm for query operation. For example, details of the algorithm getAnmVote are as follows.












Algorithm getAnmVote

















Input (iV, iS)



Output (V, isi, ici)



1: Return(voters[iV].voter,voters[iV].si[iS],voters[iV].ci[iS]);










The algorithm getAnmVote has two input parameters iV and iS, iV represents the address of the voter, and iS represents the address of the potential signer in the Ethereum blockchain. The algorithm getAnmVote outputs an address V, and a signature isi and a commitment ici of the voter recorded in a current block in the blockchain. After the algorithm starts, the algorithm directly returns a field of voter, a field of an iV position of si, and a field of an iV position of ci corresponding to a current address iV in the data structure of voters.


The algorithm signAnmVote is the operation of uploading to the blockchain, and has no output. The algorithm signAnmVote is used to upload the blind signature generated by the algorithm BlindS to the blockchain. For example, details of the algorithm signAnmVote are as follows.












Algorithm signAnmVote

















Input (iV, idsig)



1: if(voters[iV].voter==msg.sender and



voters[iV].dsigs[msg.sender]).length==0)then



2: voters[iV].dsigs[msg.sender]=idsig;



3: endif










The algorithm signAnmVote has two input parameters iV and idsig. In the blockchain, iV represents the address of the voter, and idsig represents a blind signature corresponding to the address. msg.sender in a line indicated by 1 represents an address (that is an address of the signer of the blind signature) of a transaction sender who calls the algorithm in the smart contract in the blockchain. The requirement in the line indicated by 1 ensures that only the signer himself is allowed to upload data to the blockchain.


A workflow of the voting stage is described above. At the end of this stage, ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) is the vote tuple of the target voter vi for the ballot mvi.


Next, an opening voting stage is described. In some embodiments of the present disclosure, the hash output mentioned in the above step S101 further includes a commitment value ovi, and the trusted anonymous voting method based on a blockchain may further include the following steps S105 to S108.


In step S105, the signature tuple {tilde over (d)} and the commitment value tuple {tilde over (x)} are obtained from the blockchain, and a signature tuple {tilde over (y)} of other voters is calculated based on the signature tuple {tilde over (d)}.


In step S106, validity of a signature element ynv is verified based on the commitment value cvi and the commitment value tuple {tilde over (x)} by using a preset algorithm VerifyS to obtain all signature elements ynv that pass the verification.


Specifically, (xnv, cvi, ynv) is given, and the target voter vi may verify the validity of the signature element ynv through an algorithm VerifyS(xnv, cvi, ynv, pknv). xnv represents a commitment value stored in the blockchain. ynv represents the signature element in the signature tuple {tilde over (y)} corresponding to the voter nv for the commitment value cvi. The target voter vi may calculate {tilde over (y)} according to ynv=dnv+γ. {tilde over (y)} is expressed as {tilde over (y)}=(y1, y2, . . . , ynv), and γ represents a random key.


In step S107, a commitment string xnv corresponding to each of the signature elements ynv that passes the verification is obtained, a new signature tuple {tilde over (y)} is established based on all the signature elements ynv that pass the verification, and a new commitment tuple {tilde over (x)} is established based on all commitment strings xnv.


In step S108, a vote tuple (cvi, ovi, {tilde over (x)}, {tilde over (y)}) is uploaded to the blockchain with a random address.


The vote tuple (cvi, ovi, {tilde over (x)}, {tilde over (y)}) may serve as voting content in the opening voting stage. It can be understood that the target voter v may select a random address in the blockchain to send the transaction, so that anyone cannot find out who sends the transaction.


For example, details of the algorithm VerifyS are as follows.












Algorithm VerifyS

















Input (xnv, cvi, ynv, pknv)



Output True or False



1: B = xnv* pknv* ynv* G



2: bx=getXpointFromPubkey(B) modn;



3: H=SHA256( cvi+bx);



4: if H == xnv then



5: ReturnTrue



6: else



7: ReturnFalse



8: end if










Firstly, a point B on the elliptic curve in the ECC is calculated. Subsequently, an X-coordinate of the point B on the elliptic curve is determined in the algorithm. Next, the algorithm performs a hash operation on the original commitment cvi and the X-coordinate of the point B by using the SHA256 to obtain a hash value. In a case that the hash value is the same as the inputted value xnv, the commitment is valid. Finally, the algorithm outputs True or False based on the determination.


Next, a verification/tally stage is described. In some embodiments of the present disclosure, the trusted anonymous voting method based on a blockchain may further include the following steps S109 and S110.


In step S109, the vote tuple (cvi, ovi, {tilde over (x)}, {tilde over (y)}) is obtained from the blockchain, and the signature tuple {tilde over (y)} is verified by using a preset algorithm V.


In step S110, in a case that more than a preset proportion of signature elements ŷ in the signature tuple {tilde over (y)} pass the verification, the original voting content is verified based on the commitment tuples cvi and ovi by using the preset algorithm.


In some embodiments of the present disclosure, in the step S110, the original voting content is verified based on the commitment tuples cvi and ovi by using the preset algorithm by the following steps S1 to S3.


In step S1, the commitment tuple ovi is serialized to obtain a serialized string of commitment tuple ovi.


In step S2, the hash operation is performed on the inputted original voting content m and the serialized string of commitment tuple ovi to obtain a hash value ĉ.


In step S3, it is determined whether ĉ is equal to cvi. In a case that ĉ is equal to cvi, it is determined that the original voting content m passes the verification.


For example, in the verification/tally stage, details of the algorithm V are as follows.












Algorithm V

















Input (m, c, o)



Output True or False



1: ĉ =SHA256(m+serialize(o));



2: if ĉ == c then



3: ReturnTrue;



4: else



5: ReturnFalse;



6: end if










Firstly, the hash operation is performed on the inputted original voting content m and o by using the hash algorithm SHA256 to obtain the hash value ĉ, where the function serialize( ) in the algorithm V is used to serialize the string o. Then, it is determined whether e is equal to the inputted c. In a case that ĉ is equal to the inputted c, it indicates that the voting passes the verification and True is outputted, otherwise False is outputted.


A trusted anonymous voting apparatus based on a blockchain according to an embodiment of the present disclosure is described below. The trusted anonymous voting apparatus based on a blockchain described below and the trusted anonymous voting method based on a blockchain described above may be referred to each other.


Referring to FIG. 3, the trusted anonymous voting apparatus based on a blockchain according to an embodiment of the present disclosure may include a commitment unit 21, a blinding unit 22, a signature unit 23, and a voting unit 24.


The commitment unit 21 is configured to perform a hash operation on original voting content to obtain a hash output. The hash output includes a commitment value cvi.


The blinding unit 22 is configured to blind the commitment value cvi based on information of other voters to obtain a commitment value tuple {tilde over (c)} and a commitment value tuple {tilde over (x)}.


The signature unit 23 is configured to sign the commitment value tuple {tilde over (c)} by using an ESDSA to obtain a signature tuple {tilde over (s)}.


The voting unit 24 is configured to establish a vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) based on the commitment value tuple {tilde over (c)}, the signature tuple {tilde over (s)} and a signature tuple {tilde over (d)} of other voters, and upload the vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) and the commitment value tuple {tilde over (x)} to the blockchain. The vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) serves as voting content in a voting stage.


The signature tuple {tilde over (d)} is generated in a case that other voters verify the signature tuple s and the signature tuple {tilde over (s)} passes the verification. The commitment value tuple {tilde over (x)} is used to decrypt the vote tuple.


In some embodiments of the present disclosure, the commitment unit 21 may perform the hash operation on the original voting content to obtain the commitment value cvi by: performing the hash operation on the original voting content m and a string o to obtain the commitment value cvi, where the string o is randomly generated.


In some embodiments of the present disclosure, the blinding unit 22 may blind the commitment value cvi based on the information of other voters to obtain the commitment value tuple {tilde over (c)} and the commitment value tuple {tilde over (x)} by: performing, for each of other voters, a point multiplication operation in an elliptic curve cryptography (ECC) on public key information pkj and custom-character of the voter to obtain a blinding factor tj; hashing the commitment value cvi based on the blinding factor tj to a new commitment value xi and a new commitment value cj; and collecting commitment values xj to obtain a commitment value tuple {tilde over (x)}, and signing each of commitment values cj by using a private key ski to obtain the commitment value tuple {tilde over (c)}.


In some embodiments of the present disclosure, the signing unit 23 may sign the commitment value tuple {tilde over (c)} by using the ESDSA to obtain the signature tuple {tilde over (s)} by: performing the hash operation on a tuple (IDi, addri, custom-character) to obtain the signature tuple {tilde over (s)}, where IDi and addri represent identification and address information of a target voter respectively, and custom-character represents a commitment value in the commitment value tuple corresponding to the voter nv.


In some embodiments of the present disclosure, the hash output mentioned in the commitment unit 21 further includes a commitment value ovi. Referring to FIG. 4, the trusted anonymous voting apparatus based on a blockchain may further include an opening voting unit 30.


The opening voting unit 30 is configured to: obtain the signature tuple {tilde over (d)} and the commitment value tuple {tilde over (x)} from the blockchain, and calculate a signature tuple {tilde over (y)} of other voters based on the signature tuple {tilde over (d)}; verify validity of ynv based on the commitment value cvi and the commitment value tuple {tilde over (x)} by using a preset algorithm VerifyS to obtain all signature elements ynv that pass the verification, where ynv represents a signature element in the signature tuple {tilde over (y)} corresponding to the voter nv; obtain a commitment string xnv corresponding to each of the signature elements ynv that pass the verification, establish a new signature tuple {tilde over (y)} based on all the signature elements ynv that pass the verification, and establish a new commitment tuple {tilde over (x)} based on all commitment strings xnv; and upload a vote tuple (cvi, ovi, {tilde over (x)}, {tilde over (y)}) to the blockchain with a random address, where the vote tuple (cvi, ovi, {tilde over (x)}, {tilde over (y)}) serves as voting content in the opening voting stage.


In some embodiments of the present disclosure, referring to FIG. 5, the trusted anonymous voting apparatus based on a blockchain may further include a verification tally unit 40.


The verification tally unit 40 is configured to: obtain the vote tuple (cvi, ovi, {tilde over (x)}, {tilde over (y)}) from the blockchain, and verify the signature tuple {tilde over (y)} by using a preset algorithm V; and verify, in a case that more than a preset proportion of signature elements ŷ in the signature tuple {tilde over (y)} pass the verification, the original voting content based on the commitment tuples cvi and ovi by using the preset algorithm.


In some embodiments of the present disclosure, the verification tally unit 40 may verify the original voting content based on the commitment tuples cvi and ovi by using the preset algorithm by: serializing the commitment tuple ovi to obtain a serialized string of commitment tuple ovi; performing the hash operation on the inputted original voting content m and the serialized string of commitment tuple ovi to obtain a hash value ĉ; and determining whether Ĉ is equal to cvi, and determining that the original voting content m passes the verification, in a case that ĉ is equal to cvi.


The trusted anonymous voting apparatus based on a blockchain according to the embodiments of the present disclosure is applicable to a trusted anonymous voting device based on a blockchain, such as a computer. In an embodiment, FIG. 6 is a block diagram showing a hardware structure of a trusted anonymous voting device based on a blockchain. Referring to FIG. 6, the hardware structure of the trusted anonymous voting device based on a blockchain may include at least one processor 31, at least one communication interface 32, at least one memory 33 and at least one communication bus 34.


In the embodiment of the present disclosure, the number of each of the processor 31, the communication interface 32, the memory 33, and the communication bus 34 is at least one. In addition, the processor 31, the communication interface 32, and the memory 33 communicate with each other through the communication bus 34.


The processor 31 may be a central processing unit (CPU), an application specific integrated circuit (ASIC), one or more integrated circuits configured to implement the embodiments of the present disclosure, or the like.


The memory 32 may include a high-speed RAM memory, and may further include a non-volatile memory and the like, such as at least one disk memory.


The memory 33 stores a program, and the processor 31 may call the program stored in the memory 33. The program is used to: perform a hash operation on original voting content to obtain a hash output, where the hash output includes a commitment value cvi; blind the commitment value cvi based on information of other voters to obtain a commitment value tuple {tilde over (c)} and a commitment value tuple {tilde over (x)}; sign the commitment value tuple {tilde over (c)} by using an ESDSA to obtain a signature tuple {tilde over (s)}; and establish a vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) based on the commitment value tuple {tilde over (c)}, the signature tuple {tilde over (s)} and a signature tuple {tilde over (d)} of other voters, and upload the vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) and the commitment value tuple {tilde over (x)} to the blockchain, where the vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) serves as voting content in a voting stage. The signature tuple {tilde over (d)} is generated in a case that other voters verify the signature tuple {tilde over (s)} and the signature tuple {tilde over (s)} passes the verification. The commitment value tuple {tilde over (x)} is used to decrypt the vote tuple.


In an embodiment, a refinement function and an expansion function of the program may refer to the above description.


A storage medium is further provided according to an embodiment of the present disclosure. The storage medium stores a program executable by the processor. The program is used to: perform a hash operation on original voting content to obtain a hash output, where the hash output includes a commitment value cvi; blind the commitment value cvi based on information of other voters to obtain a commitment value tuple {tilde over (c)} and a commitment value tuple {tilde over (x)}; sign the commitment value tuple {tilde over (c)} by using an ESDSA to obtain a signature tuple {tilde over (s)}; and establish a vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) based on the commitment value tuple {tilde over (c)}, the signature tuple {tilde over (s)} and a signature tuple {tilde over (d)} of other voters, and upload the vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) and the commitment value tuple {tilde over (x)} to the blockchain, where the vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) serves as voting content in a voting stage. The signature tuple {tilde over (d)} is generated in a case that other voters verify the signature tuple {tilde over (s)} and the signature tuple {tilde over (s)} passes the verification. The commitment value tuple {tilde over (x)} is used to decrypt the vote tuple.


In an embodiment, a refinement function and an expansion function of the program may refer to the above description.


In summary, in the present disclosure, a hash operation is performed on the original voting content to obtain the hash output. The hash output includes the commitment value cvi. The hash operation enables the original voting content to be hidden well. Then, the commitment value cvi is blinded based on the information of other voters, to obtain the commitment value tuples {tilde over (c)} and {tilde over (x)}, so that identification of the voter is hidden well through the blinding. Next, the commitment value tuple {tilde over (c)} is signed by using the ESDSA to obtain the signature tuple {tilde over (s)}. The commitment value tuple is signed by the voter himself, so that the voting content is authenticated by the target voter, thereby preventing the voting content from being forged by others. Finally, the vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) is established based on the commitment value tuple {tilde over (c)}, the signature tuple {tilde over (s)} and the signature tuple {tilde over (d)} of other voters, and the vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) and the commitment value tuple {tilde over (x)} are uploaded to the blockchain. The vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) serves as the voting content in the voting stage. The signature tuple {tilde over (d)} is generated in a case that other voters verify the signature tuple {tilde over (s)} and the signature tuple {tilde over (s)} passes the verification. Due to verification and signature by other voters, the target voter cannot tamper with the voting content. The commitment value tuple {tilde over (x)} is used to decrypt the vote tuple, facilitating subsequent opening of the voting content and tally. In the present disclosure, through the above processing, the voting content is hidden and anonymity and verifiability of the voting are achieved.


Further, compared with the conventional decentralized anonymous voting solution, the solution in the present disclosure has characteristics of the blockchain such as decentralization, traceability and tamper proof. In addition, compared with other distributed timestamp solution based on a blockchain, this solution has higher efficiency. The present disclosure effectively achieves seven security design goals, namely: fairness (ensuring that anyone is not allowed to obtain ballot results of others before submitting his/her ballot, which indicates that the choice of a voter is not influenced by those who vote ahead), decentralization (ensuring that any kind of trusted third party, such as an election administrator or an independent observer is eliminated from a voting protocol), eligibility (ensuring that a right of he/she is checked before a voter begins to vote; in addition, the eligibility ensures that each voter is allowed to vote only once), anonymity (ensuring that the privacy of the voters is protected to make sure that no one is allowed to know an owner of a ballot from the voting result at the end), compatibility (ensuring that the voting solution is as simple as possible, so that the voting solution can be integrated into an information system of the Internet of energy), verifiability (ensuring that all the stages of voting are audited by the voters, in addition, the validity of each vote is able to be verified by anyone), and coercion resistance (ensuring that the voting solution is coercion-resistant in order to avoid someone trying to coerce the voters to vote by following their instruction). In particular, the trusted anonymous voting solution according to the present disclosure is implemented based on the blockchain, compared with a large number of conventional trusted anonymous voting solutions implemented based on a platform such as a PoW consensus algorithm, the solution according to the present disclosure has a faster transaction processing speed.


Finally, it should be further noted that the relationship terms herein such as first, second and the like are only used to distinguish one entity or operation from another entity or operation, rather than necessitate or imply any actual relationship or order between these entities or operations. Moreover, the terms “comprise”, “include”, or any other variants thereof are intended to encompass a non-exclusive inclusion, such that the process, method, article, or device including a series of elements includes not only those elements but also those elements that are not explicitly listed, or the elements that are inherent to such process, method, article, or device. Unless explicitly limited, the statement “including a . . . ” does not exclude the case that other similar elements may exist in the process, the method, the article or the device other than enumerated elements.


The embodiments in this specification are described in a progressive way, each of which emphasizes the differences from others. The embodiments may be combined as needed, and the same or similar parts among the embodiments may be referred to each other.


The above descriptions of the disclosed embodiments enable those skilled in the art to implement or use the present disclosure. Various modifications to the embodiments are apparent to those skilled in the art, and general principles defined in the present disclosure may be implemented in other embodiments without departing from the spirit or scope of the present disclosure. Therefore, the present disclosure should not be limited to the embodiments described herein but should be defined by the widest scope that complies with the principle and novel features disclosed in this specification.

Claims
  • 1. A trusted anonymous voting method based on a blockchain, comprising: performing a hash operation on original voting content to obtain a hash output, wherein the hash output comprises a commitment value cvi;blinding the commitment value cvi based on information of other voters to obtain a commitment value tuple {tilde over (c)} and a commitment value tuple {tilde over (x)};signing the commitment value tuple {tilde over (c)} by using an ESDSA to obtain a signature tuple {tilde over (s)}; andestablishing a vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) based on the commitment value tuple {tilde over (c)}, the signature tuple {tilde over (s)} and a signature tuple {tilde over (d)} of other voters, and uploading the vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) and the commitment value tuple {tilde over (x)} to the blockchain, wherein the vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) serves as voting content in a voting stage,wherein the signature tuple {tilde over (d)} is generated in a case that other voters verify the signature tuple {tilde over (s)} and the signature tuple {tilde over (s)} passes the verification, and the commitment value tuple {acute over (x)} is used to decrypt the vote tuple.
  • 2. The method according to claim 1, wherein the performing a hash operation on original voting content to obtain a commitment value cvi comprises: performing the hash operation on the original voting content m and a string o to obtain the commitment value cvi, wherein the string o is randomly generated.
  • 3. The method according to claim 1, wherein the blinding the commitment value cvi based on information of other voters to obtain a commitment value tuple {tilde over (c)} and a commitment value tuple {tilde over (x)} comprises: performing, for each of other voters, a point multiplication operation in an elliptic curve cryptography (ECC) on public key information pkj and of the voter to obtain a blinding factor tj;hashing the commitment value cvi based on the blinding factor tj to a new commitment value xj and a new commitment value cj; andcollecting commitment values xj to obtain a commitment value tuple {tilde over (x)}, and signing each of commitment values cj by using a private key ski to obtain the commitment value tuple {tilde over (c)}.
  • 4. The method according to claim 1, wherein the signing the commitment value tuple {tilde over (c)} by using an ESDSA to obtain a signature tuple {tilde over (s)} comprises: performing the hash operation on a tuple (IDi, addri, ) to obtain the signature tuple {tilde over (s)}, wherein IDi and addri represent identification and address information of a target voter respectively, and represents a commitment value in the commitment value tuple {tilde over (c)} corresponding to a voter nv.
  • 5. The method according to claim 1, wherein the hash output further comprises a commitment value ovi, and the method further comprises: obtaining the signature tuple {tilde over (d)} and the commitment value tuple {tilde over (x)} from the blockchain, and calculating a signature tuple {tilde over (y)} of other voters based on the signature tuple {tilde over (d)};verifying validity of ynv based on the commitment value cvi and the commitment value tuple {tilde over (x)} by using a preset algorithm VerifyS to obtain all signature elements ynv that pass the verification, wherein ynv represents a signature element in the signature tuple {tilde over (y)} corresponding to the voter nv;obtaining a commitment string xnv corresponding to each of the signature elements ynv that pass the verification, establishing a new signature tuple {tilde over (y)} based on all the signature elements ynv that pass the verification, and establishing a new commitment tuple {tilde over (x)} based on all commitment strings xnv; anduploading a vote tuple (cvi, ovi, {tilde over (x)}, {tilde over (y)}) to the blockchain with a random address, wherein the vote tuple (cvi, ovi, {tilde over (x)}, {tilde over (y)}) serves as voting content in an opening voting stage.
  • 6. The method according to claim 5, further comprising: obtaining the vote tuple (cvi, ovi, {tilde over (x)}, {tilde over (y)}) from the blockchain, and verifying the signature tuple {tilde over (y)} by using a preset algorithm V; andverifying, in a case that more than a preset proportion of signature elements ŷ in the signature tuple {tilde over (y)} pass the verification, the original voting content based on the commitment tuples cvi and ovi by using the preset algorithm.
  • 7. The method according to claim 6, wherein the verifying the original voting content based on the commitment tuples cvi and ovi by using the preset algorithm comprises: serializing the commitment tuple ovi to obtain a serialized string of commitment tuple ovi;performing the hash operation on the inputted original voting content m and the serialized string of commitment tuple ovi, to obtain a hash value ĉ; anddetermining whether ĉ is equal to cvi, and determining that the original voting content m passes the verification in a case that ĉ is equal to cvi.
  • 8. A trusted anonymous voting apparatus based on a blockchain, comprising: a commitment unit, configured to perform a hash operation on original voting content to obtain a hash output, wherein the hash output comprises a commitment value cvi;a blinding unit, configured to blind the commitment value cvi based on information of other voters to obtain a commitment value tuple {tilde over (c)} and a commitment value tuple {tilde over (x)};a signature unit, configured to sign the commitment value tuple {tilde over (c)} by using an ESDSA to obtain a signature tuple {tilde over (s)}; anda voting unit, configured to establish a vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) based on the commitment value tuple {tilde over (c)}, the signature tuple {tilde over (s)} and a signature tuple {tilde over (d)} of other voters, and upload the vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) and the commitment value tuple {tilde over (x)} to the blockchain, wherein the vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) serves as voting content in a voting stage,wherein the signature tuple {tilde over (d)} is generated in a case that other voters verify the signature tuple {tilde over (s)} and the signature tuple {tilde over (s)} passes the verification, and the commitment value tuple {tilde over (x)} is used to decrypt the vote tuple.
  • 9. A trusted anonymous voting device based on a blockchain, comprising: a memory, configured to store a program; anda processor, configured to execute the program to perform a trusted anonymous voting method, wherein the method comprises:performing a hash operation on original voting content to obtain a hash output, wherein the hash output comprises a commitment value cvi;blinding the commitment value cvi based on information of other voters to obtain a commitment value tuple {tilde over (c)} and a commitment value tuple {tilde over (x)};signing the commitment value tuple {tilde over (c)} by using an ESDSA to obtain a signature tuple {tilde over (s)}; andestablishing a vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) based on the commitment value tuple {tilde over (c)}, the signature tuple {tilde over (s)} and a signature tuple {tilde over (d)} of other voters, and uploading the vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) and the commitment value tuple {tilde over (x)} to the blockchain, wherein the vote tuple ({tilde over (c)}, {tilde over (s)}, {tilde over (d)}) serves as voting content in a voting stage,wherein the signature tuple {tilde over (d)} is generated in a case that other voters verify the signature tuple {tilde over (s)} and the signature tuple {tilde over (s)} passes the verification, and the commitment value tuple {tilde over (x)} is used to decrypt the vote tuple.
  • 10. A storage medium, storing a computer program, wherein the computer program, when being executed by a processor, performs the trusted anonymous voting method based on a blockchain according to claim 1.
Priority Claims (1)
Number Date Country Kind
202210422851.X Apr 2022 CN national
PCT Information
Filing Document Filing Date Country Kind
PCT/CN2022/116770 9/2/2022 WO