• 沒有找到結果。

以智能合約實現分散式電子投票與投標系統 - 政大學術集成

N/A
N/A
Info
下載
Protected

Academic year: 2021

Share "以智能合約實現分散式電子投票與投標系統 - 政大學術集成"

Copied!
89
0
0

加載中.... (立即查看全文)

立即下載 ( 89 頁 )

全文

(1)國立政治大學資訊科學系 Department of Computer Science National Chengchi University. 碩士論文. Master’s Thesis. 立. 政 治 大. ‧ 國. 學. 利用智能合約實現分散式電子投票與電子投標系統. ‧. Nat. n. al. er. io. sit. based on Smart Contract. y. Distributed E-Voting and E-Bidding Systems. Ch. engchi. i n U. v. 指導教授:左瑞麟 博士 研究生:蕭人和 撰. 中華民國一零六年九月 September 2017.

(2) 誌謝. 首先要誠摯的感謝指導教授左瑞麟老師兩年來的照顧,不論是在學業上的指 導,或者在研究上的方向都給予我很大的空間可以發揮所學。當研究上遇到撞牆 期時,老師依然會在百忙之餘,抽空並且不厭其煩的與我討論可能的研究方向, 使我的研究能夠順利、圓滿的完成。 同時也要感謝口試委員陳恭教授、黃仁俊教授、李榮三教授以及許建隆教授 對我的研究提出寶貴的建議,並且深入的與我討論當前相關研究的近況,使得我 的論文能夠更加完整。. 立. 政 治 大. ‧ 國. 學. 時光芢冉,在政大的研究生涯也即將畫下句點,由衷感謝實驗室的學長凱彬、 明慶、仁傑、承毅以及逸修分別在我碩一、碩二期間幫助我解決研究及生活上的. ‧. 問題。此外,還有同窗琨泰、學弟子源及學妹們的幫忙與鼓勵,有了你們讓我這. y. Nat. er. io. sit. 兩年來過得多采多姿。. 最後感謝我的家人在我攻讀碩士的兩年期間,無條件的支持與鼓勵,讓我能. n. al. i n C 夠無後顧之憂地完成學業並且順利取得碩士學位。 hengchi U. v. 蕭人和 謹誌 政治大學資科系資訊安全實驗室 2017 年 9 月. II.

(3) 摘要 區塊鏈有著不可否認性、可追溯性以及共識性等特點,所有的交易內容都會 完整的被記錄在區塊鏈上,基於上述幾項特性,我們利用區塊鏈來記錄公開資訊, 將私密資料經由分散式秘密共享後再加密存放於智能合約中。其中,智能合約是 一個能將交易狀態和交易狀態內嵌於區塊鏈上的應用,透過智能合約作為媒介, 我們能夠將加密後的私密資料完整的存放於區塊鏈上,最後經由區塊鏈網路上的 節點驗證後,達到資料正確性驗證的目的。 本研究分析現有的電子投票以及電子投標等應用的系統架構後,發現兩者皆. 政 治 大 存在著可信賴的第三方進行開票及開標的角色,且驗證流程繁瑣,無法提供一個 立. ‧ 國. 學. 便利性的投票與投標流程。此外,上述兩種應用皆須滿足機密性、不可否認性、 匿名性以及可驗證性等安全性質,若能結合區塊鏈與智能合約於上述應用中,將. ‧. 可提升資料的可驗證性以及降低成本的負擔,對參與應用的人而言也能達到公開. er. io. sit. y. Nat. 透明的需求。. 因此,本文提出一個分散式架構下的電子投票與投標機制,結合區塊鏈以及. al. n. v i n Ch 智能合約的優點與技術,讓所有參與投票的選民、投標的廠商共同參與驗證與計 engchi U 算,並加強參與者的匿名性、資料傳輸的隱私性、開票與開標階段資料的可信賴 性以及可驗證性。 關鍵字: Blockchain, Secret-sharing, E-voting, Paillier encryption, Homomorphic, Smart Contract, Distributed. III.

(4) Abstract With the rise of blockchain technology, the core concept of decentralization has gradually drawn attention. In this context, the main objective of this study is to realize more convenient and secure electronic applications with the use of blockchain technology. This research is aimed to design a distributed e-voting and e-bidding system. The core idea is to combine the blockchain technology with secret sharing scheme and. 政 治 大. homomorphic encryption in order to realize the distributed e-voting and e-bidding. 立. application without a trusted third party. The system allows voters to participate in. ‧ 國. 學. opening phase. It provides a public and transparent process while protecting the. ‧. anonymity of voter’s and vendor’s identity, the privacy of data transmission and. Nat. sit. y. verifiability of data during the opening phase.. n. al. er. io. Keywords: Blockchain, Secret-sharing, E-bidding, E-voting, Paillier encryption,. Ch. Homomorphic, Smart Contract, Distributed. engchi. IV. i n U. v.

(5) Table of contents. CHAPTER 1. INTRODUCTION ................................................................................................... 1 1.1. MOTIVATION OF RESEARCH ........................................................................................................ 5. 1.2 PURPOSE OF RESEARCH ........................................................................................................................ 5 1.3 CHAPTER ARCHITECTURE .................................................................................................................... 8 CHAPTER 2. INTRODUCTION TO E-VOTING AND E-BIDDING SYSTEMS ............ 9 2.1 ELECTRONIC-VOTING ........................................................................................................................ 11 2.2 INTERNET-VOTING. 治 政 .............................................................................................................................. 12 大 立. 2.3 THE PROCESS OF ELECTRONIC-VOTING....................................................................................... 13. ‧ 國. 學. 2.4 THE PROCESS OF ELECTRONIC-BIDDING ..................................................................................... 15. ‧. CHAPTER 3. RELATED WORKS..............................................................................................19. sit. y. Nat. 3.1 BITCOIN .................................................................................................................................................. 19. n. al. er. io. 3.2 BLOCKCHAIN ........................................................................................................................................ 19. i n U. v. 3.3 ETHEREUM ............................................................................................................................................. 20. Ch. engchi. 3.4 SMART CONTRACT ............................................................................................................................... 21 3.5 PAILLIER PUBLIC KEY CRYPTOSYSTEM ......................................................................................... 22 3.5.1 Key generation phase .......................................................................................................................22 3.5.2 Encryption phase................................................................................................................................23 3.5.3 Decryption phase ...............................................................................................................................23 3.5.4 Additive homomorphic encryption ..............................................................................................24 3.6 RSA DIGITAL SIGNATURE .................................................................................................................. 24 3.7 SHAMIR’S SECRET-SHARING SCHEME ............................................................................................ 25 3.8 OBLIVIOUS TRANSFER PROTOCOL .................................................................................................. 26 V.

(6) 3.9 CURRENT E-VOTING SYSTEM ........................................................................................................... 27 3.10 CHEN’S OBLIVIOUS SIGNATURE BASED E-VOTING SYSTEM ................................................. 27 3.10.1 System architecture .........................................................................................................................28 3.10.2 Initial phase .......................................................................................................................................29 3.10.3 Registration phase ..........................................................................................................................29 3.10.4 Circling phase ...................................................................................................................................30 3.10.5 Polling phase.....................................................................................................................................30 3.10.6 Opening phase ..................................................................................................................................30 3.11 CURRENT GOVERNMENT PROCUREMENT SYSTEM .................................................................. 31. 治 政 3.11.2 Tender inviting phase ..................................................................................................................... 32 大 3.11.3 Tender obtaining立 phase .................................................................................................................32. 3.11.1 Initial phase........................................................................................................................................31. ‧ 國. 學. 3.11.4 Tender submitting phase ...............................................................................................................33 3.11.5 Tender opening phase ....................................................................................................................33. ‧. 3.11.6 Tender deciding phase ...................................................................................................................34 3.11.7 Contract management phase.......................................................................................................34. y. Nat. io. sit. CHAPTER 4. PROPOSED E-VOTING SYSTEM ..................................................................35. er. 4.1 SYSTEM ARCHITECTURE .................................................................................................................... 35. al. n. v i n 36 4.2 SYSTEM DEFINITION ........................................................................................................................... Ch engchi U 4.3 PROCESSES AND STEPS ....................................................................................................................... 38 4.3.1 Initial phase ..........................................................................................................................................38 4.3.2 Registration phase .............................................................................................................................40 4.3.3 Polling phase .......................................................................................................................................41 4.3.4 Opening phase.....................................................................................................................................44 4.3.5 Checking phase ...................................................................................................................................45 4.4 EXPERIMENTAL ENVIRONMENT....................................................................................................... 45 4.5 SYSTEM PARAMETERS ........................................................................................................................ 45 4.6 OPERATING PROCEDURES.................................................................................................................. 45 VI.

(7) 4.7 EXPERIMENTAL RESULTS ................................................................................................................... 46 CHAPTER 5. PROPOSED E-BIDDING SYSTEM.................................................................52 5.1 SYSTEM ARCHITECTURE .................................................................................................................... 52 5.2 SYSTEM DEFINITION ........................................................................................................................... 53 5.3 PROCESSES AND STEPS ....................................................................................................................... 55 5.3.1 Initial phase ..........................................................................................................................................55 5.3.2 Tender Inviting phase .......................................................................................................................56 5.3.3 Tender obtaining phase ...................................................................................................................57 5.3.4 Tender submitting phase .................................................................................................................58. 政 治 大. 5.3.5 Tender opening phase ......................................................................................................................59. 立. 5.3.6 Tender deciding phase .....................................................................................................................60. ‧ 國. 學. 5.3.7 Contract management phase .........................................................................................................60 5.4 EXPERIMENTAL ENVIRONMENT....................................................................................................... 60. ‧. 5.5 SYSTEM PARAMETERS ........................................................................................................................ 61. y. Nat. io. sit. 5.6 OPERATING PROCEDURES.................................................................................................................. 61. er. 5.7 EXPERIMENTAL RESULTS ................................................................................................................... 62. al. n. v i n C h .......................................................................................67 CHAPTER 6. SECURITY ANALYSIS engchi U. 6.1 SECURITY ANALYSIS OF BLOCKCHAIN TECHNOLOGY .............................................................. 67 6.2 SECURITY ANALYSIS OF OBLIVIOUS TRANSFER .......................................................................... 68 6.3 SECURITY ANALYSIS OF E-VOTING SYSTEM................................................................................. 69 6.4 SECURITY ANALYSIS OF E-BIDDING SYSTEM ............................................................................... 73. CHAPTER 7. CONCLUSIONS ....................................................................................................75 REFERENCES .................................................................................................................................76. VII.

(8) List of Figures FIGURE 3- 1 RSA DIGITAL SIGNATURE ..................................................................................................................... 25 FIGURE 3- 2 SECRET-SHARING SCHEME ................................................................................................................ 26 FIGURE 3- 3 CHEN’S SYSTEM ARCHITECTURE..................................................................................................... 28 FIGURE 3- 4 REGISTRATION PHASE .......................................................................................................................... 29 FIGURE 3- 5 CIRCLING PHASE ...................................................................................................................................... 30 FIGURE 3- 6 POLLING PHASE ....................................................................................................................................... 30 FIGURE 3- 7 OPENING PHASE ...................................................................................................................................... 31. FIGURE 4- 1 OUR E-VOTING SYSTEM ARCHITECTURE ..................................................................................... 35. 政 治 大. FIGURE 4- 2 INITIAL PHASE .......................................................................................................................................... 40. 立. FIGURE 4- 3 RECEIVING BALLOT SIGNATURE 1-OUT-OF-N OT ................................................................... 42 FIGURE 4- 4 POLLING PHASE ....................................................................................................................................... 43. ‧ 國. 學. FIGURE 4- 5 SMART CONTRACT FOR VOTING ...................................................................................................... 48 FIGURE 4- 6 SYSTEM INTERFACE ............................................................................................................................... 49. ‧. FIGURE 4- 7 PID GENERATION .................................................................................................................................... 49. y. Nat. FIGURE 4- 8 CERTIFICATE GENERATION................................................................................................................ 49. io. sit. FIGURE 4- 9 BALLOT SIGNATURE GENERATION ................................................................................................. 50. n. al. er. FIGURE 4- 10 NUMBER OF VOTERS ........................................................................................................................... 50. i n U. v. FIGURE 4- 11 LIST OF VOTERS..................................................................................................................................... 50. Ch. engchi. FIGURE 4- 12 BALLOT INFORMATION ..................................................................................................................... 51 FIGURE 4- 13 OPENING THE BALLOT....................................................................................................................... 51. FIGURE 5- 1 OUR E-BIDDING SYSTEM ARCHITECTURE .................................................................................. 52 FIGURE 5- 2 SYSTEM INTERFACE ............................................................................................................................... 63 FIGURE 5- 3 INITIAL PHASE .......................................................................................................................................... 63 FIGURE 5- 4 TENDER DOCUMENTATION INFO .................................................................................................... 63 FIGURE 5- 5 PID GENERATION .................................................................................................................................... 64 FIGURE 5- 6 GCERT GENERATION .............................................................................................................................. 64 FIGURE 5- 7 BCERT GENERATION .............................................................................................................................. 65 FIGURE 5- 8 BIDDING DOCUMENTATION ............................................................................................................... 65 FIGURE 5- 9 NUMBER OF VENDORS.......................................................................................................................... 65 VIII.

(9) FIGURE 5- 10 LIST OF VENDORS ................................................................................................................................. 66 FIGURE 5- 11 OPENING THE BIDS.............................................................................................................................. 66. 立. 政 治 大. ‧. ‧ 國. 學. n. er. io. sit. y. Nat. al. Ch. engchi. IX. i n U. v.

(10) List of Tables TABLE 3- 1 CHEN’S SYSTEM DESCRIPTION ........................................................................................................... 29. TABLE 4- 1 OUR SYSTEM DESCRIPTION .................................................................................................................. 38 TABLE 4- 2 PERFORMANCE COMPARISON............................................................................................................. 47 TABLE 4- 3 SCENARIO ANALYSIS ................................................................................................................................ 47. TABLE 5- 1 OUR SYSTEM DESCRIPTION.................................................................................................................. 55. TABLE 6- 1 SECURITY PROPERTIES COMPARISON ............................................................................................ 73. 立. 政 治 大. ‧. ‧ 國. 學. n. er. io. sit. y. Nat. al. Ch. engchi. X. i n U. v.

(11) Chapter 1. Introduction With the raise of the internet, people are connecting more with the virtual network rather than by face to face. With the popularizing of mobile device and renewal of technology development, the development of internet also went from wire network to wireless network. Besides, wireless network proposed an important transmission method to many. 政 治 大. application services. Nowadays, almost everyone owns a mobile device, no matter. 立. young or old, man or woman. Moreover, mobile phone opened up the revolution of. ‧ 國. 學. the new era of mobile communication.. ‧. The second generation of mobile system used GSM system which only supports. sit. y. Nat. voice communication and SMS transmission. As for GPRS, the only system that can. n. al. er. io. connect to the wireless internet, supports the transmission and exchange of packages.. i n U. v. The connecting speed was extremely slow. Therefore, the public still use wired internet the most.. Ch. engchi. To the time of third generation, social media such as Facebook, Twitter, and We-bo springs up like mushrooms. The demand of connecting to internet increased greatly. No matter what happened, people will always want to upload a post, a picture, or a video to social media to show their friends and family. However, the package transmission of photos and videos are much greater than text messages. Also, they need wider bandwidth and more time while processing. The third generation uses.

(12) UMTS system. It provides a faster and more efficient internet connecting speed to satisfy people’s basic internet connection requirements. Apart from enabling 3G internet users to enjoy a more convenient service, it can still provide basic internet service to 2G internet users. The internet is gradually becoming part of men’s life. Apart from voice communication transmission, people always turn to the internet to find an answer whenever they face any kind of problem or question at the first time. Therefore, the. 政 治 大. dependency to the internet are gradually raising. Also, under the condition of. 立. tremendous user increase and the change of usage habit, the internet connection speed. ‧ 國. 學. and efficiency can no longer satisfy the users.. ‧. However, the fourth generation proposes a revolutionary technology-Long Term. sit. y. Nat. Evolution (LTE). In the time of third generation, watching a 1080p high quality video. io. n. al. er. on YouTube or a short video on Facebook could be spotty, and cause an unpleasant. i n U. v. user experience. Nevertheless, 4G-LTE can not only solve the demand of media. Ch. engchi. streams, but the most important thing is that it is a revolutionary innovation to transportation transmission. When a traffic problem happens, we will be able to handle the emergency situation immediately by sending the surrounding information to the corresponding department through 4G-LTE. Also, apart from providing 4G users a faster and more convenient mobile service, it still can offer network service to 2G and 3G users through their original spectrum. The development of internet is improving every single day. We can see the revolution of internet connecting speed when we step from 2G to 3G; and the 2.

(13) difference between 3G and 4G is the improvement of the media stream. People make different revolutions while facing different needs at different times. Let’s take the downloading speeds of a video with 1G capacity as the comparison standard. If we use 2G internet, with the speed of 0.15Mbps, we will need around 15 hours to download the whole video. If we use 3G internet, we will need around 10 minutes. However, if we use 4G internet, which has the speed of 150 Mbps, the fastest network connecting speed so far, we only need 54 seconds to download a high quality video. 政 治 大. through 4G-LTE.. 立. Compare 15 hours with 54 seconds, the download speed improves tremendously. ‧ 國. 學. with a 900 times difference in between. For modern people who pay a lot attention on. ‧. efficiency, the transmission speed of 2G and 3G internet are no longer acceptable.. sit. y. Nat. And with time goes on, the concept and infrastructure of 5G are also under discussion.. io. n. al. er. In the foreseeable future, the 5G will eventually replace 4G-LTE and become the mainstream of network innovation.. Ch. engchi. i n U. v. Up to now, the majority of the user can reap the benefit of the emergence of 4G-LTE, which can form a peer-to-peer social network to link person to person by using convenient networking. Having much enough the user means that the scale of the market large enough, people are also accustomed to using the internet to deal with the life of large and small affairs, but the issue of information security should not be forgotten. With the rise of blockchain technology, the core concept of decentralization has gradually drawn attention. In this context, the main objective of this research is to 3.

(14) realize more convenient and secure applications through the use of blockchain technology. As a result of the prosperity of democracy, more and more decision-making and local leaders will be generated by way of voting, while the emergence of electronic voting and bidding can not only improve the inconvenient of traditional one but also meet the requirement of traditional voting and bidding. With the development of technology, the electronic voting and bidding has become an irresistible trend.. 政 治 大. The advantages of electronic voting in addition to allowing voters to facilitate. 立. voting, as well as to provide a safer and faster transfer process of vote. More. ‧ 國. 學. importantly, when the vote of candidate close to or encounter controversial events, it. ‧. can provide an effective and rapid verification of the voting process. For the overall. sit. y. Nat. election processes, it is very effective and convenient.. io. n. al. er. On the other hand, electronic bidding should consider more than traditional one. i n U. v. because of transmitting the bids via the internet may encounter many problems such. Ch. engchi. as security of data transmission and server stability. Based on the above potential problems, this study proposed an improved solution to protect the privacy of the vendors as well as to enhance the fairness and trustworthiness of the overall bidding processes. Electronic bidding is the most widely used in the current government procurement case of a service which can enhance the convenience of vendors, when encountered controversial events, it can not only lower the cost which includes both human and material but also provide more convenient way than traditional bidding. 4.

(15) 1.1 Motivation of research Currently, the service industry, such as the financial and banking industry, transmits private information through a trusted third party. However, they are facing with many problems and complicated procedures. Since the blockchain technology and smart contract have the characteristics of decentralization, the researchers analyzed the architecture of the existing e-voting systems [7][8][9] and found the integration of blockchain and smart contract [2] into the application, which could. 政 治 大. enhance data verifiability and lower the cost while maintaining the openness and. 立. transparency of the application.. ‧ 國. 學. 1.2 Purpose of research. ‧. This research analyzed the architecture of existing electronic voting and bidding. sit. y. Nat. systems, figured out that both two systems exist a trusted third party to complete the. io. n. al. er. opening phase and need to meet the security requirements such as confidentially, non-deniable and anonymity.. Ch. engchi. i n U. v. However, the blockchain and smart contract have characteristics of decentralization, which can improve the above shortcoming. In our opinion, if we replace the third party by smart contracts, which based on the blockchain, then we can reach the goal of low-cost and enhance the data verifiability. For election, the basic requirements contain the anonymity of voters, confidentiality of ballot and verifiability of ballot. Among them, anonymity and confidentiality can be completed via public key crypto system with secret-sharing scheme while the properties of publicity, transparency and non-repudiation of smart 5.

(16) contract is used to realize the verifiability of the ballot. The voters on the blockchain network can obtain the ballot information from the smart contract then compute and verify the election result without the trusted third party at billing phase. The basic security requirements for the procurement of existing public authorities include verifying the identity of the vendor, keeping the confidentiality of the bidding documentation and the verifiability of the bidding documentation. Among. 政 治 大. them, anonymity and confidentiality can be completed via public key crypto system. 立. is used to realize the verifiability of bidding documentation.. 學. ‧ 國. while the properties of publicity, transparency and non-repudiation of smart contract. ‧. The vendors on the blockchain network can obtain the bidding documentations. sit. y. Nat. in cipher type from the smart contracts then compute and verify the bidding result. io. n. al. er. without the trusted third party at opening phase.. i n U. v. With the emergence of blockchain technology and smart contracts, it enable the. Ch. engchi. current electronic voting or bidding works without a trusted third party. Any voters who participate in election or vendors, who participate in bidding can obtain the ballot information or bidding documentation from the smart contract then compute the result at the opening phase by themselves, respectively. In this way, it not only strengthening the overall electronic processes of trustworthiness, but also reduce the waste of human and material resources as well as enhance the efficiency of the administration. This research combined the blockchain technology with privacy-protection 6.

(17) cryptography in order to realize the distributed e-voting and e-bidding applications without a trusted third party. The system provides a openness and transparent process while protecting the anonymity of users, the privacy of data transmission and verifiability of data during the opening phase.. 立. 政 治 大. ‧. ‧ 國. 學. n. er. io. sit. y. Nat. al. Ch. engchi. 7. i n U. v.

(18) 1.3 Chapter architecture This research is divided into seven chapters. The first chapter introduces the motivation and purpose. The second chapter will briefly introduce the development of electronic voting system and bidding system, the third chapter is the related works and background knowledge, chapter fourth to sixth will introduce our proposed electronic voting and bidding systems and the results of the implementation and make a security analysis, the seventh chapter is our conclusions and future works.. 立. 政 治 大. ‧. ‧ 國. 學. n. er. io. sit. y. Nat. al. Ch. engchi. 8. i n U. v.

(19) Chapter 2. Introduction to e-voting and e-bidding systems The twenty-first century is a democratic generation while the essence of democracy is majority rule[31], which is an indispensable element for democracy-based countries. Furthermore, through the election to determine the majority of candidate and all of the voters must obey the result. However, the voting process of the elections must be fair, justice and open, and no one can coerce others or. 政 治 大 According to provisions of article 63 of Civil Servants Election And Recall Act 立. obtain votes by unlawful means.. ‧ 國. 學. of Taiwan, if the result of the final election shows that when the gap between the highest candidate and the second highest candidate is less than three thousandths, the. ‧. candidate will be able to apply the request of re-computing the ballots to the. y. Nat. er. io. sit. Legislative Yuan within seven days after the election. The Central Election. al. Commission will obey the law to execute the relevant processes.. n. v i n C h the preparatoryUwork before the election For the traditional election, since engchi. includes the publication of the electoral bulletin board, publication of the legal voters of the voting notification, the various ballot papers, etc., must invest a lot of manpower and material costs. To improve the problem above, most of the research head to electronic voting which enhance high efficiency and lower the cost in recent years. The existing electronic voting system is divided into two modes, namely electronic voting and internet voting. The following two sections will briefly 9.

(20) described in sections 2.1 and 2.2, and sections 2.3 and 2.4 describe the problems faced by electronic voting and the process of electronic voting, respectively. The current government procurement has gradually tended to electronic. With the emergence of electronic bidding, it allows the tender authority to upload their tender documentation to tender website system [20] of public construction Commission(PCC) of Executive Yuan, vendors then can read or download the tender documentation from the system after paying the tender documentation fee.. 政 治 大. As long as the vendors interested in case of tender documentation and want to. 立. join also, he can upload his bidding documentation after paying the bid bond. The. ‧ 國. 學. documentation then will store in the tender website system of PCC until the opening. ‧. date is coming.. sit. y. Nat. When it comes to the opening date, the tender authority will determine and. io. n. al. er. notify the winner after checking its certificate of bid bond, certificate of corporate and. i n U. v. bidding price. After that, the tender authority will refund the bid bond to vendors. Ch. engchi. except the winner by checking its certificate of bid bond.. The electronic bidding is a convenience service of our country in recent years, it aimed to provide a fair environment of bidding to the vendors as well as constructing a openness and transparent procedures of procurement in order to protect the public benefits. However, the current biddings[5][28] still adopt the trusted third party namely tender authority to open and verify the bids, the vendors who join the bidding can only trust the tender authority will not cheating. This research aimed to solve the 10.

(21) problem above by using the smart contract, which can let the vendors verify the result at the opening phase to enhance the efficiency and user confidence. We will introduce the current government procurement system in section 2.5.. 2.1 Electronic-Voting The concept of Electronic-Voting is much similar with traditional voting. Voters need to go to the specified polling station in person to operate the electronic voting machine (EVM). The EVM is equipped with touch screen, which allows voters to. 治 政 accomplish polling more easily. The EVM is similar to大 traditional ballot box: until the 立 ‧ 國. 學. end of the polling process, all of the ballots that voters voted should be stored in the EVM, which will be counted after the polling stage. In addition, the machine will. ‧. execute the verification process when a dispute occurs, and need to start the ballot. y. Nat. io. sit. verification process.. er. Compare to traditional voting, this method cuts down the election cost and. al. n. v i n enhances the administrative efficiency. still inconvenient to voters since C h However, it is U engchi they still need to go to the polling booths in person. The external environment or other reasons could influence this fact: if the weather condition on the polling day is poor, it may reduce voters’ willingness of going out to vote, and eventually affect the polling result. Due to this reason, researchers from all over the world are all working on improving the convenience of the polling process. With the popularity of electronic devices, tablet and mobile phone are now an indispensable element of our lives. If we could vote through our mobile devices, we will be able to greatly enhance the 11.

(22) efficiency and quality of the whole election processes.. 2.2 Internet-Voting Internet-Voting allows voters to accomplish voting fluently without the limitation of locations and devices. People can vote by simply connecting the internet through a terminal equipment to go on a specific website, or to open a voting application. Even though internet-Voting has improved the shortcomings of the inconvenience, the security should be taken as a great issue since it needs to transfer. 治 政 大voting websites and election information through the internet. In addition, the 立 ‧ 國. 學. applications all need to consider every kind of conditions, which could be attacked while being designed. For example, when hackers are attacking the server, which is. ‧. used to store the ballots, trying to change the result of the election. The corresponding. y. Nat. n. al. er. io. a reliable Intern. sit. department will need to know how to react and how to defend, so that it could provide. et-Voting system.. Ch. engchi. i n U. v. The following contents are the six security characteristics that should be considered in Internet-Voting: (1) Eligibility: Only voters with legal voting qualification can vote, so that we can assure the fairness of the whole voting process. (2) Non-repeatability: Every voter can only vote once. Repeated voting and such suspicious voting or server malicious paralyzing actions are prohibited, to insure the fairness of the whole voting process. 12.

(23) (3) Rationality: No internal or external attackers or voters can get the chance to temper other’s voting information. This can guarantee the rationality of the whole election process. (4) Completeness: Each voter can verify if his or her ballot has been correctly counted during the opening phase. (5) Fairness: No internal or external attackers or voters can get idea of the election trend or result before the opening phase. This can ensure the fairness. 政 治 大. of the whole voting process.. 立. (6) Anonymity: No internal or external attackers or voters can find out that. ‧ 國. 學. which ballot information actually correspond to which voter. This can protect. ‧. the confidentiality and anonymity of the voters’ identities.. io. sit. y. Nat. 2.3 The Process of Electronic-Voting. n. al. er. The process of Electronic-Voting can be divided into the following three stages: (1) Registration phase:. Ch. engchi. i n U. v. Before the elections starts, voter’s voting qualification must be verified offline in this stage. After that, the voter who has already been verified will get a unique set of virtual identity identification code (PID), and use this PID to obtain a unique voting certification (Cert) from the registration server. Voter should use this certification to complete applying ballot signature and personal key pair on the polling day, and conduct the normal voting process. Since Internet-Voting allows voter to use his or her mobile device or terminal 13.

(24) equipment to execute voting, voters do not need to go to the polling booths in person. The difference between these two voting method is that Internet-Voting enables voter to verify his identity offline before the polling day while traditional voting method asks voter to go to the polling booths with her personal ID on the polling day, and the staff will check his identification and give out the ballot. (2) Polling phase:. 政 治 大. On the polling day, voter needs to use his or her unique ballet certificate,. 立. which is obtained during the registration phase, to confirm his voting. ‧ 國. 學. qualification through secure transmission channel by the verification server.. ‧. The voter who is verified by the server can obtain the ballet signature with. sit. y. Nat. his ballot certification and voter’s personal key pair (𝑝𝑘𝑣 𝑖 , 𝑠𝑘𝑣 𝑖 ).. io. n. al. er. After the voter obtaining the ballot certificate, he or she will be able to vote. i n U. v. either on voting websites or relevant applications. As for the ballot. Ch. engchi. information, it will be written in and stored in the smart contract by the voting website or relevant server. Voter can check current ballot information at anytime before the opening stage, to make sure that the ballot is correctly stored into the ballot box. This can enhance the reliability of election. (3) Opening phase: When the polling phase is closed, the voter can check the ballot information of all voters who have completed polling on the voting website, which is stored in the smart contract. In addition, he may check the correctness of the 14.

(25) ballot certificate and information of each ballot, and compare with the result that is announced by the record center. If there is a conflict or inconsistency, voter can directly ask for ballot verification, to maintain the fairness of the election.. 2.4 The Process of Electronic-Bidding Electronic-Bidding must follow the standard of Article of Government Procurement Act [17][18][19]. Its process is separated into the following six phases:. 政 治 大. (1) Tender inviting phase:. 立. ‧ 國. 學. Government procurement authorizes fair Electronic-Bidding center (refer to as tender website) to announce the tender items and content, to conduct an. ‧. open tender processes.. y. Nat. io. sit. There are three types of tender processes: open tender process, selective. n. al. er. tender process, and limited tender process. This research will take the mode. Ch. of open tender as the research environment.. engchi. i n U. v. (2) Tender obtaining phase: There will be several tender cases from different tender entity posted on the tender website. Companies or manufacturers that are interested in the tender cases and are willing to participate in the tender should pay a service fee (refer to as tender documentation fee) to relevant department. After obtaining the tender receiving instrument, the vendors may download the tender documentation of the tender case from the website. 15.

(26) According to the provision of the Article 34, Government Procurement Act: In conducting a procurement [18], an entity shall not disclose, before opening of tenders, the government estimate, the names and number of the suppliers which have obtained the tender documentation or submitted a tender and any other relevant information which may result in competition restraint or unfair competition. (3) Tender submitting phase:. 政 治 大. After the vendors complete the receiving of tender and get the tender inviting. 立. documentation, they should finish writing the submission documentation and. ‧ 國. 學. pay the bidding bond (should not exceed 10% of the marked price) according. ‧. to the submission provisions written on the inviting documentation. The. sit. y. Nat. correctness of the bid amount paid by the supplier will be checked by an. io. n. al. er. external bank system. If it is correct, then the vendors will get a certification. i n U. v. proved that the bid bond has been paid. On the contrary, if the amount is. Ch. engchi. incorrect, then the vendors will be notified that the payment amount is incorrect, and the submission is failed. The bid bond certificate is the determining factor whether the vendors, which are failed to win the bid, may get the bid bond paid previously back after the tender deciding stage. Therefore, this certification is extremely important, and should not be released at will. (4) Tender opening phase: According to the provision of the Article 34, Government Procurement Act 16.

(27) [18]: The government estimate shall be kept confidential until award of contract even after opening of tender. The government estimate shall be disclosed after award of contract except for special circumstances. The entity may, however, based on actual needs, disclose the government estimate in the tender documentation. Unless otherwise required for official use or provided for in the relevant laws and regulations, the tenders submitted by vendors shall be kept confidential. 政 治 大. by the entity.. 立. In the opening phase, tender authorities should conduct an anonymous tender. ‧ 國. 學. opening in a public condition. However, if the proposed bidding price. ‧. provided by the vendors do not meet the upset price set by the tender. sit. y. Nat. authorities, then the bargaining stage will start. Vendors may then change the. io. n. al. er. proposed price to conduct the second-round bidding. According to the. i n U. v. provision of Article 50, Government Procurement Act: If the tender. Ch. engchi. authorities have already conducted tender opening on the opening day, but the qualification of the vendors do not meet the requirements or the proposed price still do not meet the upset price, then the vendors may not enter to the tender deciding stage, and will be considered as nullified tender. (5) Tender deciding phase: In this stage, the tender authorities will compare and analyze every proposed price provided by the legal vendors who participate in the bidding. The department needs to determine whether the proposed price is rational and 17.

(28) lower than the government estimation. If all the proposed prices provided by the vendors are all higher than the estimation, the tender authorities must determine one of the most favorable vendors, and announce it as the winner. (6) Contract management phase: In the deciding phase, the tender authorities will determine a winning vendor, and send the winning notification to him. The winning vendor must accept this result absolutely. If the supplier wanted to go back on their works after. 政 治 大. winning the bid, the tender authorities will directly confiscate the bid bond paid previously.. 立. ‧ 國. 學. The bid bond paid by the winning supplier will directly transfer to. ‧. performance bond. The winning supplier will also get the performance bond. sit. y. Nat. certification. Other suppliers that do not win the bidding may apply for the. io. al. n. authorities.. er. return of the bid bond by giving out the bid bond certification to the tender. Ch. engchi. 18. i n U. v.

(29) Chapter 3. Related works. 3.1 Bitcoin Bitcoin[1][6] is a peer-to-peer crypto currency adopted the decentralized concept of blockchain which can provide a trade environment to people who untrusted each other without a trust third party. The way of issuing the Bitcoin is via the miners who provide computing power. 政 治 大. and try to compute a difficult number called "nonce" to mine the block. If the miners. 立. can compute the value of "nonce" successfully means that he has mined the block.. ‧ 國. 學. After that, the block mined by miners will become one of the block of main. ‧. chain after verifying by other miners on the Bitcoin network thus can also win the. sit. y. Nat. block reward and transaction fee of the block.. n. al. er. io. However, the value of Bitcoin is determined by the capital market, and different. Ch. i n U. v. to others currency is the Bitcoin is limited. The block reward of Bitcoin will reduce by about half every four year.. engchi. To the year 2140, when the twenty-one million Bitcoins were issued, there would be no more new Bitcoin. But the Bitcoin network will not collapse even if there is no block reward anymore, the transaction fee is still very impressive and the miners are still willing to earn the transaction fee by mining.. 3.2 Blockchain Blockchain is a continuous ledger that connected by multiple blocks, each block 19.

(30) contains hundreds to thousands transactions. These transactions verified by miners on the blockchain network then packaged to the tail of main chain is called mining. Mining is a consensus algorithm which used to let miners verify the transactions and package them to the tail of main chain, can record the order of generation time of each block in detail and reach a consensus between miners via the algorithm to prevent attackers from tampering the block. Namely, no one can tampering certain part of the block to cheat or cancell their. 政 治 大. transaction. Once a block is generated, the content of block can not be tampered. 立. easily because each block contains the hash value of previous block. If block was. ‧ 國. 學. tampered, the following blocks will also be affected which requires a lot of computing. ‧. power to reach the goal. On the other words, anyone who try to reach the double. sit. y. Nat. spending will failed.. io. n. al. er. Because blockchain maintains a public and transparent ledger, any participant on. i n U. v. the blockchain network can query or verify the content of transactions so that has a non-repudiation property.. Ch. engchi. 3.3 Ethereum The platform of Ethereum improved the existing Bitcoin architecture and solved the problem of lack of flexibility. The main contribution of Ethereum is called smart contract which can let participants operate applications on the private chain. In addition, only participants via authorization can participate in reaching a consensus on the private chain or alliance chain. 20.

(31) Moreover, if you want to develop applications on Ethereum, you can use the programming language such as python, go or C++.. 3.4 Smart contract Ethereum is a platform which improved the Bitcoin architecture while the main application is called smart contract [15]. Because the smart contract keeps the core concept of blockchain so that we can regard it as a proxy of processing transactions and procedures.. 治 政 大 language such as Smart contract is programmed by high-level programming 立 ‧ 國. 學. Solidity or Serpent. Through the corresponding response and processing of the outside message from pre-written program logic, it can reduce the process of. ‧. insurance claims [9] and salary payment, reduce the operating time and improve. y. Nat. io. sit. efficiency. Smart contract uses blockchain as core technique, any information on. er. smart contract is public and transparent. Therefore, it’s not appropriate to put too. al. n. v i n much external logic and confidential C h information. If it’sUnecessary to put confidential engchi information in smart contract, it’s recommended that confidential information is. encrypted outside the contract and then placed in the contract. The Ethereum will also generate the address of the contract, and the person who knows the contract address will be able to communicate and deliver the message to the contracts. However, transactions handled by smart contract are not limited to the transfer of money, any action on smart contract is considered as a transaction, even if it’s just putting in information or searching information. In terms of election, a trustworthy 21.

(32) electronic voting process must provide a public environment that can withstand participation in verifying the ballots for voters. Based on the verifiability and non-repudiation of blockchain and smart contract, the study will use smart contract to replace the existing bulletin board to record the process of election, and provide voters to check the voting progress and information at the time of registration, billing and ticketing.. 3.5 Paillier public key cryptosystem. 治 政 Paillier proposed a public key cryptosystem[8][27]大 called Paillier in 1999, it has 立 ‧ 國. 學. an important property called additive homomorphic encryption[13][14] which means the result of two of cipher text via certain computation after decrypting is equal to. ‧. summation of two of plain text. This property can not only be widely used in. y. Nat. io. sit. applications which need to compute the summation such as electronic voting and. er. electronic bidding but also meet the requirement of data confidentially.. al. n. v i n Paillier's public key cryptosystem phases as follows: C h includes three U engchi. 3.5.1 Key generation phase 1. Pick large enough primes p and q . 𝑔𝑐𝑑(𝑝𝑞, (𝑝 − 1)(𝑞 − 1)) = 1. 2. Compute 𝑁 and 𝜆 . 𝑁 =𝑝∗𝑞. . 𝜆 = 𝑙𝑐𝑚(𝑝 − 1, 𝑞 − 1). 3. Pick a random number 𝑔 ∈ 𝑍𝑁∗ 2 4. Define function L . 𝐿(𝑢) =. 𝑢−1 𝑁. 22.

(33) 5. Compute 𝜇 . 𝜇 = (𝐿(𝑔 𝜆 )𝑚𝑜𝑑 𝑁 2 ). −1. (𝑚𝑜𝑑 𝑁). 6. Generate public key (𝑁, 𝑔) and private key (𝜆, 𝜇). 3.5.2 Encryption phase Alice encrypts message 𝑚 by using Bob’s public key (𝑁, 𝑔) . Pick a random number 𝑟 ∈ 𝑍𝑁∗. . Encrypt message: 𝐸𝑝𝑘 (𝑚) = 𝑔𝑚 ∗ 𝑟 𝑁 = 𝑐. 政 治 大. 3.5.3 Decryption phase. 立. ‧ 國. . 學. Bob decrypts ciphertext 𝑐 by using his private key (𝜆, 𝜇) 𝐿(𝑐 𝜆 𝑚𝑜𝑑 𝑁 2 ) ∗ 𝜇 (𝑚𝑜𝑑 𝑁). ‧. −1. = (𝐿(𝑔𝑚 𝑟 𝑛 )𝜆 𝑚𝑜𝑑 𝑛2 ) ∗ (𝐿(𝑔 𝜆 𝑚𝑜𝑑 𝑛2 )). (𝑚𝑜𝑑 𝑁). y. Nat. (𝑔𝑚 𝑟 𝑛 )𝜆 − 1 𝑔𝜆 − 1. al. sit. n. =. (𝑚𝑜𝑑 𝑁). er. io. (𝑔𝑚 𝑟 𝑛 )𝜆 − 1 𝑛 = ∗ 𝜆 𝑛 𝑔 −1. Ch. i n U. v. (𝑚𝑜𝑑 𝑁). engchi. g 𝜆 ∈ 𝑍𝑁∗ 2 , 𝑔 = 1 + 𝑁, 𝑔 𝜆 = 1 + 𝑘𝑁 ,1 ≤ 𝑘 ≤ 𝑁 − 1 . . 𝑔𝑚𝜆 − 1 = (1 + 𝑘𝑁)𝑚 (𝑚𝑜𝑑 𝑁 2 ) − 1. (𝑚𝑜𝑑 𝑁). = 1 + 𝑚𝑘𝑁 − 1. (𝑚𝑜𝑑 𝑁). = 𝑚𝑘𝑁. (𝑚𝑜𝑑 𝑁). 𝑔𝜆 − 1 = (1 + 𝑘𝑁)(𝑚𝑜𝑑 𝑁 2 ) − 1. (𝑚𝑜𝑑 𝑁). = 1 + 𝑘𝑁 − 1. (𝑚𝑜𝑑 𝑁) 23.

(34) (𝑚𝑜𝑑 𝑁). = 𝑘𝑁 . The above two formulas are introduced into the original formula (𝑔𝑚 𝑟 𝑛 )𝜆 − 1 𝑔𝜆 − 1. (𝑚𝑜𝑑 𝑁). 𝑚𝑘𝑁 𝑘𝑁. (𝑚𝑜𝑑 𝑁). =. (𝑚𝑜𝑑 𝑁). = 𝑚. 政 治 大. 3.5.4 Additive homomorphic encryption. 立. The additive homomorphic encryption means the result of two of cipher text via. ‧ 國. 學. certain computation after decrypting is equal to summation of two of plain text.. ‧. Suppose we encrypt two plaintexts 𝑚1 and 𝑚2 by using the same public key 𝑝𝑘. n. al. y er. io. 𝐸𝑝𝑘 (𝑚1 ) = 𝑔𝑚1 ∗ 𝑟1𝑁 = 𝑐1. sit. Nat. then get two ciphertexts 𝑐1 and 𝑐2 , respectively.. 𝐸𝑝𝑘 (𝑚2 ) = 𝑔𝑚2 ∗ 𝑟2𝑁 = 𝑐2. Ch. engchi. i n U. v. After that, operate 𝑐1 multiplied by 𝑐2 and get 𝐶. Decrypting 𝐶 by using corresponding private key 𝑠𝑘 then get result which equal to 𝑚1 plus 𝑚2 in plain type. 𝑐1 ♁𝑐2 = 𝐸𝑝𝑘 (𝑚1 )♁𝐸𝑝𝑘 (𝑚2 ) = 𝐸(𝑚1 + 𝑚2 ) = 𝐶. 3.6 RSA digital signature The digital signature is widely used to prove that the documentation is indeed signed by someone, which has the property of non-repudiation. Figure 3-1 shows the sender and receiver are Alice and Bob, respectively. First, 24.

(35) Alice put the message m into a one-way hash function and generate the abstract of message ℎ(𝑚). Then, Alice signs on message by using her private key 𝑑𝐴 and sends both original message 𝑚 as well as signature ℎ(𝑚)𝑑𝐴 to Bob. After receiving these information, Bob can compute the abstract of message ℎ′(𝑚) and then verify the correctness of signature by using Alice public key 𝑒𝐴 . If correct, Bob will trust the signature is indeed signed by Alice.. 立. 政 治 大. ‧ 國. 學 Figure 3- 1 RSA digital signature. ‧ sit. y. Nat. 3.7 Shamir’s secret-sharing scheme. n. al. er. io. Shamir proposed the earliest concept of (𝑘, 𝑛) secret sharing[10][16] in 1979,. i n U. v. which divide secret 𝑆 into n pieces. If someone who want to recover the secret 𝑆, he. Ch. engchi. should work with at least k people to reach it. Based on this concept, figure 3-2 shows that the secret 𝑆 is held by n people who can only have 1 fragment(represent as 𝑆1 to 𝑆𝑛 ). If there are 𝑘 or more of the participants work together, the secret then can be recoverd. Otherwise, it will not succeed.. 25.

(36) Figure 3- 2 Secret-sharing scheme. 3.8 Oblivious transfer protocol. 治 政 大 [9] in 1981 that contains Rabin proposed the earliest oblivious transfer protocol 立 ‧ 國. 學. the sender S and receiver R, respectively. The protocol shows that the sender can send n messages to receiver, who can only get specific one but know nothing about the. ‧. other messages.. y. Nat. io. sit. In recent years, the study of oblivious transfer protocol is divided into three types. er. which includes 1-out-of-2, 1-out-of-n [11] [21] [24] [25] and t-out-of-n [3]. This. al. n. v i n paper focus on 1-out-of-n oblivious contains a sender S and C htransfer protocol which engchi U. receiver R. Assume that sender have n messages 𝑚1 , 𝑚2 , … , 𝑚𝑛 , 𝑖 = 1,2, … , 𝑛 and receiver want to get specific one 𝑚𝑐 via the protocol which guarantee the correctness of content, privacy of sender and privacy of receiver. . Correctness:The receiver can get the specific message 𝑚𝑐 after executing the protocol.. . Privacy of sender:The receiver can only get specific message 𝑚𝑐 and know nothing about the other messages to protect the privacy of sender. 26.

(37) . Privacy of receiver:The sender cannot know which message the receiver gets.. 3.9 Current e-voting system For the current electronic voting system [4][7], the ballots are counted by the third party’s record center at opening phase. It does not provide a decentralized counting process, ballots use only one side of the public key for encryption in the process of storing. It leads to the possibility of a leak in the candidate's vote before the voting process has ended, and cannot satisfy the fairness and reasonableness of the election.. 立. 政 治 大. ‧ 國. 學. In 2013, Chen and other scholars proposed an electronic voting system [25] with oblivious signature protocol which is mainly implemented by the RSA digital. ‧. signature mechanism with the 1-out-of-n oblivious signature protocol. Although the. Nat. io. sit. y. system can let voters participate in verifying the ballots at opening phase, it’s still. er. possible for voting initiator with private key to know the trend of the ballots before. al. n. v i n the election has ended because the C hballots are encryptedUby public key of the voting engchi initiator before stored in record center. Therefore, the study is aimed at improving the program of Chen and other scholars, and proposed a distributed electronic voting system.. 3.10 Chen’s oblivious signature based e-voting system In 2013, Chen and other scholars proposed an electronic voting system with oblivious signature protocol [25], which is divided into the following four phases: (1) Registration phase: Voters provide their own identification code to voting 27.

(38) creator for vote vouchers, the voting initiator will announce the voter code of voters who pass the identity verification on the traditional bulletin board for inquiries, and send vote vouchers to voters. (2) Circling phase: Voters get signature of ballot and vote via 1-out-of-n oblivious signature. (3) Polling phase: At the time of voting, the local side will encrypt the ballot and the signature of ballot, and then send it to the record center with the. 政 治 大. certificate, until the end of vote to open the ballots.. 立. (4) Opening phase: At the end of voting, the creator will send decryption key to. ‧ 國. 學. record center. Then, record center can decrypt the ballots and signature of. ‧. ballot encrypted during the voting phase, and conduct recording process.. y. Nat. er. io. al. sit. 3.10.1 System architecture. v. n. Chen’s proposed his electronic voting system based on oblivious signature. Ch. engchi. i n U. protocol. Figure 3-3 shows that the architecture of his system.. Figure 3- 3 Chen’s system architecture. Table 3-1 shows the roles of the system. 28.

(39) Table 3- 1 Chen’s system description. 3.10.2 Initial phase. 政 治 大. This phase will define the parameters and hash function used in Chen’s system.. 立. Process of key generation as follows:. ‧ 國. 學. 1. Pick two large enough primes 𝑝 and 𝑞. ‧. 2. Compute 𝑁 = 𝑝 ∗ 𝑞. n. al. er. io. 4. Determine 𝑒 which satisfies 𝐺𝐶𝐷(𝑒, 𝜑(𝑁)) = 1. sit. y. Nat. 3. Compute 𝜑(𝑁) = 𝜑(𝑝)𝜑(𝑞) = (𝑝 − 1)(𝑞 − 1). i n U. 5. Compute 𝑑 which satisfies 𝑒𝑑 ≡ 1 𝑚𝑜𝑑 𝜑(𝑁). Ch. engchi. v. 3.10.3 Registration phase. The voters provide their social security number to generate their certificate of voting. Figure 3-4 shows the creator in his system will issue the certificate of voting to legal voters and then publish the pin code of legal voters onto the bulletin board.. Figure 3- 4 Registration phase 29.

(40) 3.10.4 Circling phase. The voters can obtain their signature of ballot to vote via 1-out-of-n oblivious signature protocol shown in figure 3-5.. 立. 政 治 大. Figure 3- 5 Circling phase. ‧ 國. 學. 3.10.5 Polling phase. ‧. When it comes to the voting phase, the system will encrypt the ballot and ballot. y. Nat. n. al. er. io. figure 3-6.. sit. signature then send it along with certificate to voting center to store, which shown in. Ch. engchi. i n U. v. Figure 3- 6 Polling phase. 3.10.6 Opening phase. Figure 3-7 shows when the opening phase begins, the creator will send the decryption key to voting center so that it can decrypt all the ballots to complete the counting process. 30.

(41) Figure 3- 7 Opening phase. 3.11 Current government procurement system The current government procurement [20] is entrusted by institution to tender website system of Public Construction Commission (PCC) of Executive Yuan for tender, and. 政 治 大 tendering authorities. GCA立 is entrusted by National Development Council to. adopt the certificate of corporate issued by GCA and institution certificate of. ‧ 國. 學. Chunghwa telecom for operation. It uses a 2048-bit RSA key which can implement digital signatures and the use of encryption and decryption to protect the security of. ‧. messages. The bidding process can be divided into seven phases: tender inviting,. sit. y. Nat. io. n. al. er. tender obtaining, bidding, opening, decision of bidding and contract management. 3.11.1 Initial phase. Ch. engchi. i n U. v. This phase will define the parameters and hash function used in tender system of PCC. Process of key generation as follows: 1. Pick two large enough primes 𝑝 and 𝑞 2. Compute 𝑁 = 𝑝 ∗ 𝑞 3. Compute 𝜑(𝑁) = 𝜑(𝑝)𝜑(𝑞) = (𝑝 − 1)(𝑞 − 1) 4. Determine 𝑒 which satisfies 𝐺𝐶𝐷(𝑒, 𝜑(𝑁)) = 1 5. Compute 𝑑 which satisfies 𝑒𝑑 ≡ 1 𝑚𝑜𝑑 𝜑(𝑁) 31.

(42) In accordance with the above process, the system then generates the signing key pair of the trusted third party called Government Certification Authority (GCA), the signing key pair of the banking system and the encryption and decryption key pairs of vendors who participates in the bidding.. 3.11.2 Tender inviting phase. At this time, tender authorities and vendors who want to participate in tendering. 政 治 大. will deliver the documentations, which can prove their identity to GCA. GCA will. 立. issue the institution certificate and certificate of corporate after verifying their. ‧ 國. 學. identity.. ‧. At this phase, GCA can verify the identity of tender authorities and vendors.. sit. y. Nat. After the identity has been verified, GCA will issue the institution certificate and. io. n. al. er. certificate of corporate to tender authorities and vendors.. i n U. v. When tender authorities finished the invitation for bidding documentation and. Ch. engchi. want to upload it to tender website system, the system will ask for the institution certificate issued by GCA to verifying the identity. After the verification, tender authorities can announce the invitation for bidding documentation on tender website system for vendors to read.. 3.11.3 Tender obtaining phase. On tender website system, vendors can look through the bidding projects announced by tender authorities. If vendors are interested in the project, they can pay 32.

(43) the tender obtaining fee on the system and then, download and read the complete invitation for bidding. The invitation for bidding is confidential, only the vendor who has paid the tender obtaining fee has the right to read. The vendors who want to participate in bidding need to finish the bidding documentation in accordance with the specifications and norms in the invitation for bidding. The bidding documentation should have identity code of vendor, certificate of corporate, certificate of bid bond and bidding price, etc.. 治 政 大 3.11.4 Tender submitting phase 立 ‧ 國. 學. The vendors who want to participate in bidding need to finish the bidding. ‧. documentation in accordance with the invitation for bidding, and use their own. sit. y. Nat. private key to make a digital signature on the bidding documentation, which means. io. n. al. er. this documentation is certainly uploaded by the vendor. The use of digital signature. i n U. v. helps bid opener to check the correctness of the documentation. Therefore, every. Ch. engchi. bidding documentation uploaded to tender website system by vendors has the digital signature of the vendors.. 3.11.5 Tender opening phase. Tender authorities need to open bid on the date set in the invitation for bidding. At this phase, they download all bidding documentations of vendors from tender website system. After opening the bids, inspecting the certificate of bid bond and comparing the price proposed by vendors and tender authorities’ reserve price, 33.

(44) determine one successful bidder. At this phase, tender authorities will use the public keys of vendors to verifying the bidding documentations, after verification, they will use the public key of the bank who gave vendors the certificate of bid bond to verify the certificate of bid bond, and use GCA’s public key to verify the certificate of corporate proposed by vendors. If the above three tests are passed, it means the identity of the vendor is completely legal, and the price proposed by the vendor will be compared at this phase.. 3.11.6 Tender deciding phase. 立. 政 治 大. ‧ 國. 學. At this phase, tender authorities need to determine who will be the successful. ‧. bidder. If all prices proposed by vendors are far higher than reserve price, the tender. sit. y. Nat. authorities can take second bid. If they still cannot decide who win the bid, the bid has. io. n. al. er. failed. After deciding who won the bid, they will send electronic notice to successful. i n U. v. bidder to notice vendors that they have won the bid. The vendors must fully accept. Ch. engchi. the result of this electronic notice, if they decide not to pay the bid at this time, the tender authorities will confiscate the bid bond in accordance with the relevant provisions of the procurement law.. 3.11.7 Contract management phase. At this phase, the vendors who did not win the bid should put the certificate of bid bond issued by banks to tender authorities. After a few working days, the tender authorities will return the bid bond in accordance with laws to the vendors who did 34.

(45) not win the bid. The bid bond of successful bidder will turn into performance bond, the successful bidder just need to make up the difference.. Chapter 4. Proposed e-voting system The research combines the smart contract and privacy-protection cryptography to achieve distributed electronic voting system that will enable voters to participate in billing phase and to enhance election efficiency. Since the information on the blockchain is completely transparent and public, the. 治 政 大before the billing phase ballot information of the voter must be fully confidential 立 ‧ 國. 學. begins.. We will introduce the voting system architecture in Section 4.1, the roles of the. ‧. voting system Section 4.2 and the process and procedure of voting in Section 4.3.. y. Nat. n. er. io. al. sit. 4.1 System architecture. Ch. engchi. i n U. v. Figure 4- 1 Our e-voting system architecture. Figure 4-1 is our system architecture, which can clearly show the role of the system contains: (1)voter denoted as V (2) registration server denoted as RS (3) semi-honest 35.

(46) authentication server denoted as AS (4) voting website denoted as VWeb (5) record center denoted as RC (6) distributed data server denoted as DDS (7) smart contract denoted as SC. All of the information passed in the system will be stored in the SC to provide query and verification service, we will introduce the seven roles and voting process in the next section.. 4.2 System definition. 政 治 大. The following describes the seven roles within the system:. 立. 1. Voter(𝑽𝒊 ) :𝑉𝑖 is a voter with voting qualification, after the identity. ‧ 國. 學. verification via RS to obtain voting certificate 𝐶𝑒𝑟𝑡(𝑉𝑖 ),then voter can query. ‧. his/her 𝑃𝐼𝐷𝑖 from smart contract. With the voting certificate, voter can ask. sit. y. Nat. to 𝐴𝑆 for ballot signature in the voting phase. After voting, voter can check. io. n. al. er. the ballot information which published onto 𝑆𝐶 to confirm his/her vote is. i n U. v. correctly counted. If the voting participants find that the ballot has not been. Ch. engchi. properly counted for any reason, voters should respond to the election committee immediately, confirm whether the certificate is abnormal or not, and determine whether voters should vote again. 2. Registration Server(RS):Responsible for verifying the voter's identity, generating and sending the voting certificate 𝐶𝑒𝑟𝑡(𝑉𝑖 ) and personal key pair (𝑝𝑘𝑉𝑖 , 𝑠𝑘𝑉𝑖 ) to legal voter. 3. Authentication Server(AS):Responsible for verifying the voter's identity, generating and sending the ballot signature to legal voter via 1-out-of-n 36.

(47) oblivious transfer. 4. Voting Website(VWeb):The voting website for the system is part of the electoral organization. When the voters complete the vote, the voting website will check if the voter duplicate of vote or not. After checking, encrypt the ballot by using 𝑝𝑘𝑉𝑖 first, followed by a secret sharing scheme then send the coordinated of ballot to DDS. 5. Record Center(RC):When voters vote, VWeb will send both voting. 政 治 大. certificate and ballot signature of the voter to RC, RC then confirmed. 立. whether to duplicate the vote. If the voter passes the confirmation, the RC. ‧ 國. 學. will deposit its voting certificate and inform VWeb that the voter's ballot. ‧. information can be delivered to the DDS. At the end of vote, RC will publish. y. sit. io. n. al. er. service.. Nat. voter’s 𝑃𝐼𝐷𝑖 onto 𝑆𝐶 in order to provide voter a query and confirm. i n U. v. 6. Distributed Data Servers(DDS):After receiving the coordinates, use the. Ch. engchi. RC’s public key 𝑝𝑘𝑅𝐶 to encrypt the coordinates then publish onto 𝑆𝐶 in order to provide voter a query and confirm service. 7. Smart Contract(SC):The smart contract replaces the functionality of the traditional bulletin board, where it is dynamic and enable voters to verify ballot information and to count votes at the billing stage to enhance the credibility of the election and the confidence of the voters.. 37.

(48) Table 4- 1 Our system description. 4.3 Processes and steps. 政 治 大. This section will give a further explanation of the process of electronic voting,. 立. there are 𝑛1 voters, 𝑛2 candidates and 5 distributed data server in our system. In. ‧ 國. 學. addition, all transmission processes are via https. The voting process is divided into. ‧. five stages:(1) initial phase(2)registration phase(3)voting phase(4)opening. sit. n. al. er. io. 4.3.1 Initial phase. y. Nat. phase(5)verifying phase。. Ch. engchi. i n U. v. Before the protocol, 𝑅𝑆 and 𝐴𝑆 have to generate their RSA-based public/private key pair (𝑒 ′ , 𝑁1 ), (𝑑 ′ , 𝑁1 ) and (𝑒, 𝑁2 ), (𝑑, 𝑁2 ), respectively, where (𝑑, 𝑁2 ), (𝑑 ′ , 𝑁1 ) are the signing key and (𝑒, 𝑁2 ), (𝑒 ′ , 𝑁1 ) are the public key used for signature verification. 𝑅𝐶 have to generate its paillier-based[8] encryption and decryption key pair (𝑝𝑘𝑅𝐶 , 𝑠𝑘𝑅𝐶 ). In this article, ℎ denotes the hash function (eg., SHA-256 or SHA-3). (A) The process of generating the 𝑅𝑆’s signature key is as follows: 1. Pick two large enough primes 𝑝1 and 𝑞1 38.

(49) 2. Compute 𝑁1 = 𝑝1 ∗ 𝑞1 3. Compute 𝜑(𝑁1 ) = 𝜑(𝑝1 )𝜑(𝑞1 ) = (𝑝1 − 1)(𝑞1 − 1) 4. Choose 𝑒 ′ which satisfied 𝐺𝐶𝐷(𝑒 ′ , 𝜑(𝑁1 )) = 1 5. Determine 𝑑′ which satisfied e′ 𝑑 ′ ≡ 1 𝑚𝑜𝑑 𝜑(𝑁1 ) (B) The process of generating the 𝐴𝑆’s signature key is as follows: 1. Pick two large enough primes 𝑝2 and 𝑞2 2. Compute 𝑁2 = 𝑝2 ∗ 𝑞2. 政 治 大. 3. Compute 𝜑(𝑁2 ) = 𝜑(𝑝2 )𝜑(𝑞2 ) = (𝑝2 − 1)(𝑞2 − 1). 立. 4. Choose 𝑒 which satisfied 𝐺𝐶𝐷(𝑒, 𝜑(𝑁2 )) = 1. ‧ 國. 學. 5. Determine 𝑑 which satisfied e𝑑 ≡ 1 𝑚𝑜𝑑 𝜑(𝑁2 ). ‧. (C) The process of generating the 𝑅𝐶’s key pair is as follows:. sit. y. Nat. 1. Pick two large enough primes 𝑝3 and 𝑞3 which satisfied. io. al. er. 𝑔𝑐𝑑(𝑝3 𝑞3 , (𝑝3 − 1)(𝑞3 − 1)) = 1. n. 2. Compute 𝑁3 = 𝑝3 ∗ 𝑞3. Ch. engchi. 3. Compute 𝜆 = 𝑙𝑐𝑚(𝑝3 − 1, 𝑞3 − 1). i n U. 4. Pick a random number 𝑔 ∈ 𝑍𝑁∗ 2 3. 5. Define a function 𝐿(𝑢) =. 𝑢−1 𝑁3. 6. Compute 𝜇 = (𝐿(𝑔 𝜆 )𝑚𝑜𝑑 𝑁3 2 ). 39. −1. (𝑚𝑜𝑑 𝑁3 ). v.

(50) Figure 4- 2 Initial phase. 4.3.2 Registration phase. 政 治 大. In this stage, 𝑅𝑆 will confirm the identity of voters and send the voting. 立. certificate 𝐶𝑒𝑟𝑡(𝑉𝑖 ),1 ≤ 𝑖 ≤ 𝑛1 to voters. Procedures are done off-line.. ‧ 國. 學. (A) User code generation, It proceeds by each 𝑉𝑖 as follows:. ‧. 1. Pick a random number 𝑡 ∈ 𝑍𝑁∗. sit. y. Nat. 2. Generate its unique user code 𝑃𝐼𝐷𝑖 = ℎ(𝑆𝑆𝑁𝑉𝑖 ||𝑡) where 𝑆𝑆𝑁𝑉𝑖 is social. n. al. er. io. security number. 3. Send 𝑃𝐼𝐷𝑖 to 𝑅𝑆 for verification.. Ch. engchi. i n U. v. (B) Verification of 𝑉𝑖 ’s identity, 1 ≤ 𝑖 ≤ 𝑛1 , 𝑅𝑆 proceeds as follows: 1. Check the correctness of 𝑃𝐼𝐷𝑖 . 2. Accept it and issues voting certificate 𝐶𝑒𝑟𝑡(𝑉𝑖 ) = {𝑃𝐼𝐷𝑖 , 𝑆𝑖𝑔𝑑′ (𝑃𝐼𝐷𝑖 )} to 𝑉𝑖 if 𝑃𝐼𝐷𝑖 is correct. The certificate is actually the signature of 𝑃𝐼𝐷𝑖 signed by 𝑅𝑆. 3. Issue the key pair (𝑝𝑘𝑉𝑖 , 𝑠𝑘𝑉𝑖 ) which belongs to voter. 4. Publish the 𝑃𝐼𝐷𝑖 of eligible voters onto the bulletin board. Here the 40.

參考文獻

立即下載 ( PDF - 89 頁 - 3.26 MB )

Outline

C URRENT GOVERNMENT PROCUREMENT SYSTEM Tender Inviting phase S ECURITY ANALYSIS OF E - VOTING SYSTEM

相關文件

• The relationships between chemical reactions and energy changes that involve heat. This portion of thermodynamics is called thermochemistry

• When a system undergoes any chemical or physical change, the accompanying change in internal energy, ΔE, is the sum of the heat added to or liberated from the system, q, and the

A GUIDE TO WRITING AND REFERENCING FOR LITERATURE IN ENGLISH PAPER 3 PORTFOLIO/ SCHOOL-BASED ASSESSMENT

 When citing a foreword/introduction/preface/afterword, begin the citation with the name of the person who wrote it, then the word “Foreword” (or whatever it is), without

IN THE ENGLISH LANGUAGE CURRICULUM

• helps teachers collect learning evidence to provide timely feedback & refine teaching strategies.. AaL • engages students in reflecting on & monitoring their progress

In the text?

Robinson Crusoe is an Englishman from the 1) t_______ of York in the seventeenth century, the youngest son of a merchant of German origin. This trip is financially successful,

PRACTICES IN THE

fostering independent application of reading strategies Strategy 7: Provide opportunities for students to track, reflect on, and share their learning progress (destination). •

Practices in the English

Strategy 3: Offer descriptive feedback during the learning process (enabling strategy). Where the

PART 1: DRAMA IN THE CLASSROOOM

How does drama help to develop English language skills.. In Forms 2-6, students develop their self-expression by participating in a wide range of activities

CODE OF AID FOR AIDED SCHOOLS

(ii) “The dismissal of any teacher who is employed in the school – (a) to occupy a teacher post in the establishment of staff provided for in the code of aid for primary