CN-121982809-A - Block chain-based traceable self-counting voting Condorcet voting method

Abstract

The invention discloses a block chain-based traceable self-counting ballot Condorcet voting method, which comprises an initialization flow, a citizen registration flow, a sorting ballot creation and encryption flow, a ballot validity proof generation flow, a ballot submission and on-chain verification flow and a homomorphic aggregation and time lock ballot counting flow. The invention constructs a set of block chain-based decentralization Condorcet voting framework, can realize vote submission, vote structure verification and automatic vote counting under the condition of no trusted third party, and remarkably improves the credibility and transparency of the voting system.

Inventors

• LIU CHENXU
• LIU ZIXUAN
• LEI HONG

Assignees

• 海南大学

Dates

Publication Date

20260505

Application Date

20251217

Claims (10)

1. 1. A block chain-based traceable self-counting ballot Condorcet voting method is characterized by comprising an initialization flow, a citizen registration flow, a sorting ballot creation and encryption flow, a ballot validity proof generation flow, a ballot submission and on-chain verification flow and a homomorphic aggregation and time lock ballot flow; The initialization process comprises the steps that an election organization party generates system public parameters, sets a candidate list and event identification event, deploys intelligent contracts, and writes the system public parameters into a blockchain; The method comprises the steps of selecting a citizen to generate a public-private key pair, proving the validity of the public key to an election organization party through non-interactive zero knowledge proof, and writing the verified public key into a citizen registration list RL in a blockchain; Sorting, creating and encrypting votes, namely constructing an n multiplied by n pairing comparison matrix according to candidate preference by a selector Encrypting matrix elements by adopting homomorphic time puzzle questions to generate an encryption comparison matrix, wherein n is the number of candidates; Constructing a non-interactive zero knowledge proof set containing diagonal legal proofs, boolean legal proofs, antisymmetric constraint proofs and line and replacement constraint proofs, and generating the selected vote legal proofs; The method comprises the steps of constructing a traceable ring signature by a selector based on a register list RL of the selector, submitting an encryption matrix, a legality proof and a signature to a blockchain, verifying the legality of the proof and the signature by an intelligent contract, and storing the legal vote; and after the voting is ended, the intelligent contract executes homomorphic aggregation on all legal encryption matrixes element by element, and the winner calculates Condorcet a voting winner by delaying decryption of time lock parameters to obtain a global paired comparison matrix.
2. 2. The method of claim 1 wherein the system common parameters comprise bilinear cluster pairs Generating element Generating element A strong RSA modulus N, a time parameter t, a tracking key pair (EPK, ESK), a candidate set C, and an event identification event, wherein, In the form of a bilinear cluster pair, For a bilinear mapping, , 。
3. 3. The method of claim 2, wherein the intelligent contracts include a registration management contract for maintaining a voter registration list RL, a vote validation contract for responsible for validating non-interactive zero knowledge proof and traceable ring signatures, and a vote counting contract for executing homomorphic aggregation and vote-related logic.
4. 4. A method according to claim 3, wherein the ordering vote creation and encryption process includes the steps of constructing Condorcet a pair-wise comparison matrix, pair-wise comparison matrix structure constraint interpretation, homomorphic time-locked puzzle ciphertext generation; step of constructing Condorcet pair-wise comparison matrix First, determining the preference sequence of the candidates, identifying the candidates by using a permutation vector, and constructing based on the permutation vector Is a pair of comparison matrices of (a) If the candidate is In preference ordering of the selection of people Then On the contrary ; I and j are candidate numbers and k is a selector number for matrix elements.
5. 5. The method of claim 4, wherein the matrix elements are encrypted using a homomorphic time-locked puzzle to generate an encrypted comparison matrix, specifically for each candidate Selecting people The following steps are performed: step 1 random number selection Selecting people Random selection of random numbers The method is used for randomizing the ciphertext, and the existence of random numbers ensures that encryption results of different selectors on the same comparison value are not related to each other; Step 2 HTLP puzzle component construction Recording device Is that Is used for generating the generation element of (a), For any one of And (3) constructing: is the first part of the ciphertext that contains the encryption key; encapsulating homomorphic ciphertext portions, which carry homomorphic encrypted plaintext information, into a second portion of ciphertext; When (when) Time, order 、 At this time there is ; Multiplication group being modulo N A subgroup of elements of Jacobi notation 1; Step 3, combined puzzle structure For the following The encryption result of the element is expressed in a form of a binary group: Selecting people The above construction is performed on all elements in the matrix to form a complete encryption comparison matrix: 。
6. 6. the method of claim 5, wherein each proof in the non-interactive zero knowledge proof set is specifically: diagonal validity proof that for any candidate with number i, the pair comparison matrix main diagonal elements satisfy ; Boolean legality proves that for any i not equal to j, the pair comparison matrix elements satisfy Where 1 represents that the candidate numbered i is better than the candidate numbered j in the selection preference, and 0 represents that it is not better; Antisymmetric constraints prove that any candidate pair (i, j) must satisfy ; The row and permutation constraint proves that the row sums of the rows of the matrix are compared in pairs Must form a candidate set I.e. all rows and each other are different.
7. 7. The method of claim 6, wherein the vote submitting and in-chain verifying process specifically comprises the steps of: Constructing a traceable ring signature by using all public keys in a selection registration list RL on a blockchain; The step of submitting on the ballot chain, the ballot sends the trade to the voting validation contract; The step of verifying the ballot on the chain, which is to carry out non-interactive zero knowledge proof and traceable ring signature verification on the ballot by the intelligent contract, and detect the signature repetition condition and event mark; Legal vote storing step, intelligent contract will Related metadata records are stored on the blockchain.
8. 8. The method of claim 7, wherein the homomorphic aggregation and time-lock ticketing process comprises the steps of element-wise homomorphic aggregation, time-lock delayed decryption, condorcet winner decision making, Element-wise homomorphism aggregation assuming that the vote validation contract has stored an encrypted comparison matrix from all legal voters Wherein the first ciphertext portion of each matrix element is denoted as The second ciphertext portion is denoted as The counting contract performs the following homomorphic aggregation operation on each pair of candidates (i, j): according to the addition homomorphism, the above corresponds to the plaintext summation: I.e. Representing all pairs of people " Whether or not to be better than "In this comparison relationship Winning total ticket number, m is total number of the selected people; The step of time lock delayed decryption is that the player reads the corresponding time lock parameter (N, t) and the aggregation puzzle from the chain Corresponding HTLP instance For each one Completion of time lock calculation and recovery of aggregate comparison value ; Condorcet winner decision step when all After being decrypted, a global pair comparison matrix is formed: matrix Elements of (a) It is shown that among the set of all the selection people, If there is a candidate with the number w according to Condorcet rule The method meets the following conditions: Then As a winner of Condorcet in its entirety, For all people " Whether or not to be better than "In this comparison relationship The total number of votes to win, For all people " Whether or not to be better than "In this comparison relationship Total number of votes winning.
9. 9. The method of any one of claims 1-8, wherein the smart contract further comprises a tracking contract for triggering a tracking calculation upon detection of repeated votes; the method further comprises a repeated voting tracking process, namely recovering the public key of repeated voting citizens through a traceable ring signature analysis mechanism when repeated signatures in the same event domain are detected, and realizing repeated voting tracking.
10. 10. The method of claim 9, wherein repeating the voting tracking procedure includes repeating the steps of signature detection, tracking resolution, and tracking results; The step of repeated signature detection is that when the voting verification contract finds that two or more signatures from the same private key exist under the same event identification, the signature pairs are marked as objects to be tracked, and the tracking logic of the tracking contract is triggered; tracking analysis, namely calling a TRS.Trace interface by tracking contracts, and calculating two suspected signatures from the same voter and the message thereof by using a signature tracking algorithm to recover the public key of the repeated voter; And tracking the result, namely mapping the public key of the repeated voting citizen to the actual citizen identity according to the citizen registration list RL.

Description

Block chain-based traceable self-counting voting Condorcet voting method Technical Field The invention relates to the technical field of electronic voting and information security, in particular to a block chain-based traceable self-counting ballot Condorcet voting method. Background With the development of internet technology, distributed systems and digital governance, electronic voting is becoming an important way for various organizations, communities and online platforms to make decisions. The electronic voting system not only requires the realization of a convenient voting process, but also ensures the privacy, correctness, verifiability and manipulation resistance of the votes. Among a plurality of voting rules, condorcet sorting voting can reflect the overall preference of the voter and has stronger social selection characteristics, and is considered as a decision mode with higher fairness and stable election result. However, existing electronic implementations for Condorcet votes still present a number of challenges. Conventional electronic voting systems generally rely on a centralized ballot server or trusted third party authority to manage votes, statistics, or perform ballot authentication. The centralized mode brings obvious trust risks that on one hand, a centralized server can be attacked, down or maliciously manipulated, and on the other hand, the credibility of a third party mechanism is difficult to ensure completely, and once intentional tampering, internal leakage or forced cooperation manipulation behaviors occur, the safety and fairness of the voting system are directly affected. Therefore, the realization of correctness and privacy protection of the voting system on the premise of no trusted third party has become an important direction of electronic voting research. At the same time, electronic voting systems need to meet stringent privacy protection requirements. The selection's preferences belong to highly sensitive information and in Condorcet order votes, the selection needs to submit a list of preferences for all candidates, the amount of information being much higher than for simple endorsement/anti-endorsement votes or scoring votes. Once a vote is revealed or an analyst is associated with a particular identity, the privacy of the selection may be severely violated, possibly even leading to threat, duress or population pressure problems. Therefore, how to effectively hide the sorting structure of the voters while guaranteeing the validity of the votes is a key technical difficulty in the process of digitizing the votes Condorcet. In the absence of trusted party ticketing, self-ticketing (Self-Tallying) becomes a research hotspot. The self-counting mechanism requires that all votes are issued to a public ledger or a shared storage area in a specific encryption mode, and any person can independently verify and calculate a final result after meeting certain conditions. The self-counting mechanism does not depend on a third party mechanism, but also faces new challenges of ensuring that ciphertext submitted by voters meets Condorcet sorting format requirements, verifying the validity of the votes without revealing the plaintext of the votes, avoiding that malicious voters destroy the counting process by using illegal ciphertext, and ensuring that the votes can be correctly decrypted or opened and successfully completed in the voting revealing stage. In addition, the electronic voting system must also solve the double voting (Double Voting) problem. In traditional centralized voting, the server can avoid repeated voting of the same identity by maintaining a voting record, whereas in a decentralised system, identity authentication and repeatability detection become more complex. Particularly, when the anonymity of the selection is protected, balance needs to be achieved between the two, namely the true identity of the selection cannot be exposed, and each selection must be ensured to vote only once. In the prior art, ring Signature (Ring Signature) provides a voting mode with stronger anonymity, but is difficult to effectively track double votes, while traceable Ring Signature (Traceable Ring Signature) can detect repeated submission while keeping anonymity, but still needs to be combined with voting rules to design a constraint mechanism suitable for Condorcet ordering structure. On the other hand, the traditional electronic voting system mainly relies on interactive zero-knowledge proof in the aspect of voting content inspection, but the interactive protocol needs multiple rounds of communication and is not suitable for a large-scale network environment. To reduce communication overhead and enhance system deployability, non-interactive zero-Knowledge proof (NIZK) is a key technology for implementing vote validity verification. However, condorcet sorting votes is complex in structure, and it is difficult to efficiently verify whether the sorting format is correct using only conven