Elliptic Curve Cryptography (and Blockchain) for Voting Anonymously
In the United States, voters are registered online or by mail through the Department of Motor Vehicles, using government-issued documents such as a driver’s license. On election day, voters go to the poling station geographically nearest to their residence, where their identities are verified by poll workers (through means such as a driver’s license, birth certificate, social security card, or utility bill). The voter fills out a paper ballot, which is then delivered to a satellite location or regulatory office, where ballots are counted by hand or with an automatic scanner. The tallies are then sent to the secretary of state’s office, which publicizes the result.
There are several major flaws in this system with regard to security, anonymity, verification, and efficiency. Many of these issues could be solved or ameliorated through online voting. Cryptography and blockchain technology could be used to make voting much more secure, accurate, and accessible to all.
Here I will briefly explain how elliptic curve cryptography (ECC) can be used to authenticate, authorize, and verify voters. This will increase security in both registering to vote and in voting itself.
Two ECC key-pairs could be used to register voters to vote in an election. The first, used as purely identification, can be used for the second, an online voter ID. To obtain the first ID, a voter would present a government issued ID to create two things: An electronic ID and a unique blind token. These belong to the voter, and can only be used to create one voting ID. These are sent to the official representative who then signs the token and returns it to the voter. The voter creates a voter ID and unblinds the token, and sends them back to the official representative. If this token has not been used before, this voter ID is then validated with the unblinded signed token, which cannot be traced back to who originally had it signed. No one, not even the official representative, is able to know who the voter ID belongs to. However, through this process the voter ID is verified to be original and belonging to a citizen eligible to vote in this election.
This blind signature process is an encryption process that is commonly used with RSA encryption. RSA encryption is asymmetric and is used for two parties to exchange encrypted messages without a key. To explain further, see this attached video:
While RSA is effective, ECC is much more efficient. A 256 bit encryption of similarly security would take RSA 3072 bits. This is about a 1:6 ratio. A 384 bit encryption by ECC would take RSA 7680 bits, which is about a 1:12 ratio. Compared to RSA, ECC is more efficient, and the more security required, the more efficiency increases. 384 bit ECC is actually the level the government uses for top secret data.
To give a better idea of how ECC works, I have attached this video: