Model of The Scheme

There are three parties in our e-voting scheme:

1. Voters: who register their voting keys and cast their ballots,
2. Authority: who authorizes the eligible voters by blindly signing their tallying keys, which will be used to verify the signatures on ballots, and
3. Tallier: who collects the ballots, verifies the authenticity of ballots and publishes the result of election.

There are three phases in our scheme:

1. Registration phase: In this phase, voters register for the elections and an authority authorizes eligible voters. More precisely, every voter generates a pair of keys (public key and private key), has the authority sign a blind signature on the public key (tallying key) and keeps the private key (voting key) for signing ballots in the elections hereafter. Of course, before signing a tallying key, the authority needs to verify the authenticity and eligibility of each voter. The details are specified by registration protocol, refer to 3.1.
2. Tallying key submission phase: In this phase, each voter who has a validated tallying key (blindly signed by the authority in registration phase) sends the tallier his or her tallying key, by untraceable mail . The tallier verifies the authenticity of the submitted tallying key with the public key of the authority, and finally, publishes all the eligible submitted tallying keys. This procedure is specified by tallying key submission protocol, refer to 3.2.
3. Voting and Tallying phase: In this phase, voters sign their ballots with their voting keys, attached the signatures to their ballots and send them to the tallier by untraceable mail . The tallier verifies the validity of the ballots with the published tallying keys and publish all the eligible ballots. Every voter can check whether his or her ballot is counted into the tabulation. Also, everyone can verify the correctness of the result with the ballots, signatures and tallying keys published in the tabulation.

   In order for a voter to correct his/her miscounted vote without revealing his/her ballot, this phase should be separated to two sub-phases: in the first sub-phase, the voters send to the tallier their encrypted ballots (encrypted by symmetrical key) attached by the signatures signed with their voting keys. The tallier verifies the authenticity of the encrypted ballots with the tallying keys published at the end of tallying key submission phase, then publishes all the encrypted ballots and signatures for the voters to check whether their encrypted ballots have been counted. If someone finds his or her ballot has not been counted into the tabulation (miscounted), he or she can report the miscounting by supplying his or her encrypted ballot and signature. So the miscounting can be corrected. If there is no miscounted ballot reported, the procedure goes on the second sub-phase, voters send the tallier the keys, which were used to encrypt their ballots in the first sub-phrase, as well as the signatures on it signed with their voting keys. The tallier decrypts the encrypted ballots and publishes ballots, keys used for encryption of the ballots and the signatures signed both on encrypted ballots and encrypting keys. (Please refer to 3.3, voting and tallying protocol for detail). With the published data, the result of the election can be verified universally.