Efficient Ballot casting in Ranked based voting system

using Homomorphic Encryption

Bhumika Patel1, Purvi Tandel1, Slesha Sanghvi1

1 Department of Computer Engineering”,

CGPIT, Uka Tarsadiya University”,

Bardoli, India.

patelbhumika1007@gmail.com, purvi.tandel@utu.ac.in, slesha.sanghvi@utu.ac.in

Abstract. Elections conducted on paper consumes a lot of resources. Online voting system is

very faster, cheaper and more suitable. Recent in online voting system improve the security

guarantees for elections, because of confidentiality of voters and their integrity and validity. For

security purpose, three election models are used for online voting: the mix-net model, the blind

signature model, and the homomorphic encryption model. However only homomorphic

encryption gives direct tallying without decrypting every votes. In this paper, we are focusing on

ballot casting and tallying for ranked based voting system using Paillier homomorphic and

Elgamal homomorphic encryption schemes and at the end we will compare results of both

encryption schemes.

Keywords: Ballot casting, E-voting system, Homomorphic, Paillier, Elgamal, Ranked.

1 Introduction

In every, democratic country in the process of voting is a very crucial task where people

choose a new government for the next years and make it better in all the ways.

Electronic voting systems, compared to traditional paper based elections, promise that

election results will be calculated quickly with less chance of human error and will

reduce cost. But, there are many issues with the electronic vote casting like system

errors, security error and so on. In online voting system, one of the major issue is

security votes as it is as given by voters. It may be possible either by insider or outsider

privacy of vote can be breach.

Cryptography technique is the best idea to overcome these issues because only

cryptography technique is allowed to encrypt the voter’s information and send to the

server side. For security purpose, three voting election models are used: Mix-net model”,

Blind signature model and Homomorphic encryption model.

Mix-net model [1]:

In mix-net based voting schemes, multiple mix servers are used to remove

connections to the voter. They shuffle and re-encrypt the ballots. The mix

servers can be used to anonymize the ballots, because these servers remove

the connection of the voter’s signature and her/his vote and re-encrypt the

ballots. The main disadvantages of these models is that cryptographic

operations need many resources, which are not deniable.

Blind signature model [2]:

A blind signature is same as digital signature in that one person can get another

person to sign a message without information revealing. It is the most famous

mailto:patelbhumika1007@gmail.com

mailto:purvi.tandel@utu.ac.in

mailto:slesha.sanghvi@utu.ac.in

technique in online voting system. It provide confidentiality of voters. The

signature is used to authenticate the voter without revealing the information of

ballot. The disadvantages of these model is polynomial in all suitable

parameters, is inefficient.

Homomorphic encryption model [3]:

Homomorphic encryption differs from typical encryption methods in that it

allows computation to be performed directly on encrypted data without

decrypting individual data. The result of such computation gets in encrypted

form, and after performing all computation final result can revealed by the

owner secret key.

In any encryption and decryption method, there are no one can know who won the

election without decrypting every votes.

In given three model only homomorphic encryption model can directly tally votes

without decrypting individuals vote. Also the vote casting and storing can be secured

using homomorphic encryption scheme because, when used other encryption scheme”,

every time decryption is needed.

Homomorphic encryption is used to encrypting and calculating all votes without

decrypting. Benaloh [4] first introducing voting schemes, which is based on

homomorphic encryption. Homomorphic encryption is a one type of encryption in that

some operation to be performed on the cipher text without decrypting the cipher text.

The result of the operations is gives as an encrypted result, which when decrypted is

the same as if some operation was performed on the plain text [5]. For the given

advantages of homomorphic cryptosystem, we used homomorphic encryption scheme

for online voting system.

Online voting system consists of the following stages: initialization stage”,

registration stage, ballot casting stage and tally and result revealing stage. Figure 1

indicates phases of online voting system.

1.1 Initialization Stage

Beginning of an election, each authority generates a key pair (public key and secret

key). The common public key is generated using all public key of authority, and that

public key is posted on the public bulletin board in order to encrypt each ballot.

Figure 1: Phases of Online Voting System

1.2 Registration Stage

In these stages, each voter must be register with their present valid ID before election.

All voter generate a key in registration phase.

1.3 Ballot Casting Stage and Tallying

In these stages, registered voters will cast their votes, after the announcement of voting

stage is started. Each vote of voters will be encrypted and will be stored in server side.

Next, tallying stage is to count the ballots and get the final result for each candidate.

Each tally authority should apply the algorithm of this stage.

1.4 Revealing Stage

It is last stage of online voting system. In that, results are display.

After studying the phases in online voting system, ballot casting is very crucial task

in any democratic country. Because if proper encryption scheme is not implemented”,

then attacker can change the vote information. So, ballots are encrypted using proper

encryption schemes is necessary.

Moreover, for that, some security requirements in any online voting system. These

requirements include: Eligibility, Uniqueness, Privacy, Accuracy, Efficiency [4].

Eligibility: Only authorized voters are allowed to cast their vote.

Uniqueness: Only single time voting is performed.

Privacy: Anyone else can access voter’s ballot information

Accuracy: Only valid ballots is counted.

Efficiency: Efficiently perform counting of vote.

By considering, above security requirement we implemented ballot casting and tallying

stage of online voting system, using Paillier cryptosystem and Elgamal cryptosystem

for ranked based voting system, and then we compared both the algorithms to get better

efficiency for ballot casting and tallying stage.

In ranked based ballot, casting each voter can assign different numbers of points to

candidates, and the winner is the candidate who receives the highest total number of

points. Voter also assign the same rank to all candidate or different rank to all candidate

based on voter’s personal preference. Voters are assign any number of points to any

candidate. The only limitation is that the total number of assigned points is equal to the

total available points. Available point can be defined based on number of candidates.

2 Preliminaries on cryptography

2.1 Homomorphic Encryption

Homomorphic encryptions allow complex operations performed on encrypted data

without decrypting individual data using homomorphism property.

There are two homomorphic properties, which is used for complex computation without

revealing information.

Additive Homomorphic Encryption [6]

An additively homomorphic scheme is one in that, it will perform

multiplication on cipher text which is equivalent to results of sum of the

plaintexts. That is”,

Encrypt(m1) × Encrypt (m2) = Encrypt (m1 + m2) . (1)

where the decryption of both sides the sum of the plaintexts produced.

Multiplicative Homomorphic Encryption [6]

A multiplicatively homomorphic scheme is one in that, it will perform

multiplication on cipher text which is equivalent to results in the product of

the plaintexts. That is”,

Encrypt(m1) × Encrypt (m2) = Encrypt (m1 × m2) . (2)

where the decryption of both sides the product of the plaintexts produced.

Types of Homomorphic Encryptions:

Homomorphic cryptosystem can be classified into two categories, as given in figure 2.

Figure 2: Types of Homomorphic Encryption

Partially Homomorphic Cryptosystems: – A cryptosystem is considered as a

partially homomorphic if it either additive or multiplicative homomorphism”,

but not both at a time [7].

Fully Homomorphic Cryptosystem: – A cryptosystem is considered as a fully

homomorphic if it supports arbitrary number of operation on cipher texts [7].

There are many algorithm on partially homomorphic cryptosystems that allow specific

operations to be performed (namely addition and multiplication), whereas in case and

fully homomorphic cryptosystem, it takes more processing time and implementation

complexity is there. Due to such drawbacks, fully homomorphic cryptosystem is not

very practical. For electronic voting, homomorphic encryption provides a tool to obtain

the tally given the encrypted votes without decrypting the individual votes. Therefore”,

online voting system only choose the partial homomorphic encryption for ballot

casting.

The different cryptographic algorithm can be implemented for ballot casting and

tallying like a Paillier and Elgamal cryptosystem. Paillier algorithm has addition

property of homomorphic encryption and Elgamal have both property of homomorphic

encryption (Addition and Multiplication). For tallying of ballots, only addition property

used because of that additive Elgamal cryptosystem is taken for encryption and

decryption. In additive Elgamal taken same encryption decryption, process like simple

Elgamal but simply some difference in encryption and decryption process.

Paillier algorithm and Elgamal algorithm that support homomorphic properties.

There are two keys (Public key and Private key) needed for Paillier and Elgamal to

perform encryption, decryption. Given section, describe the procedure of both

algorithm.

There are Elgamal and Paillier methods of homomorphic encryption, which is used

in ballot casting and tallying without decrypting.

2.2 Elgamal Cryptosystem

Elgamal have satisfied both properties of homomorphic cryptosystem, but additive

property is used to tallying the votes [8].

A. Key generation

In Elgamal key generation phase generates a public key and private key, we need to

choose finite cyclic group G with large prime number p and generator, which is

primitive root of p. Choose random number x, which is private key of authority and

calculate public key using”,

h = gx mod p . (3)

After following these step we can generate public key (p, g, h) and private key(x).

B. Encryption process

In encryption process, the data is converted into not readable or encrypted format which

means it is not gets original message to everyone without private key.

For Elgamal cryptosystem message m that need to be encrypted must be an integer. In

First step random number(y) is generated, using that random number for same plain

text message different cipher text are generated. In Elgamal cryptosystem two-cipher

text generated for one plain text. After generating random number, compute cipher text

using given equation.

c1 = g

y mod p, and c2 = (g

m ∗ hy) mod p . (4)

C. Decryption process

At decryption side, private key is used for find out the original message. In Elgamal”,

decryption process is computed using given equation, and finally message m can be

computed using discrete logarithm problem.

c2

c1

= gm . (5)

D. Homomorphism Property

Elgamal Homomorphic property in which addition is perform without decrypting every

votes.

E(m1) ∗ E(m2) = (g

y1 , gm1 ∗ hy1 ) ∗ (gy2 , gm2 ∗ hy2 )

= (gy1+y2 , gm1+m2 ∗ hy1+y2)

= E(m1 + m2) .

(6)

E(m1)

m2 = (gy1 , gm1 ∗ hy1 )m2

= (gy1.m2, gm1.m2 * hy1.m2)

= E(m1 ∗ m2) .

(7)

2.3 Paillier Cryptosystem

Paillier algorithm have satisfied additive property of homomorphic cryptosystem.

Additive property is useful in ballot casting when we can tallying ballots without

decrypting. Paillier is semantically secure [9].

A. Key Generation

In Paillier key generation first of all choose large prime numbers p and q such that

gcd (pq, (p − 1 ∗ q − 1) = 1, then calculate n = p ∗ q and compute d =

λ (n) and g = n + 1. Generate public key (n) and private key (p, q, n)

B. Encryption Process

In Paillier cryptosystem, also different cipher text is generated for same plain text. In

that first generated random number and then compute cipher text

c = gm ∗ xn mod n2 . (8)

where m is actual message and x is random number.

C. Decryption Process

In Paillier, we can obtain message m using following computation”,

m =

L(c

λ(n) mod n2)

L(g

λ(n) mod n2)

mod n . (9)

D. Homomorphism Property

Pallier homomorphic property in which multiplication is performed on cipher text

without decrypt plain text, when decrypt that cipher text result is given sum of plain

text.

E(m1) ∗ E(m2) = (g

m1 ∗ x1

n ) * (gm2 ∗ x2

n )

= gm1+m2(x1 ∗ x2)

n

= E(m1 + m2) .

(10)

E(m1)

m2 = (gm1 ∗ xn )m2

= ( gm1.m2 * xn.m2)

= E(m1 ∗ m2) .

(11)

3 Implementation

Our proposed work will be focus on ranked based ballot casting, with the help of

Elgamal encryption as well as Paillier encryption. Implementation is based on different

parameters like number of voters, number of candidates and key size. After performing

both ballot casting methods compare those results and prove which is best to ballot

casting in which circumstance.

In ranked based voting system, voters allows ranking to all candidates. Each voter

can assign either different numbers of points or same number of points to candidates”,

and the candidate who receives the largest total number of points is the winner. Voters

are allowed to assign any points to candidate. The restriction is that the total number of

assigned points is equal to the total available points. Available point is defined before

the election is started and which is decided on the base of number of candidates. For

example, if number of candidate are 2, 3, 4, 5, 6… The available point is 4, 6, 12, 15″,

24…

In our example, five voters is given, that gives ranked for three different candidates

based on personal preference. There are three candidates so available point decided his

6. After giving, all ranked to candidates that ranked will be converted into binary

format. Each element of that ranked will be encrypted using Elgamal as well as Paillier

cryptosystem.

Table 1: Ranked based Voting

## C1 C2 C3

### Voter1 2 2 2

### Voter2 6 0 0

### Voter3 3 2 1

### Voter4 1 4 1

### Voter5 1 2 3

In table1, five voter’s gives ranked to different candidates. It gives same ranked to

all candidates or different ranked to all candidates, then it ranked will be converted into

binary format. Table 2 shows that all ranked will be converted into binary format.

Table 2: Ranked converted into binary format

## C1 C2 C3

### Voter1 010 010 010

### Voter2 110 000 000

### Voter3 011 010 001

### Voter4 001 100 001

### Voter5 001 010 011

After converting in binary format each element of voter has ranked will be encrypted

using Paillier encryption as well as Elgamal encryption. Table 3 gives encrypted ranked

of voters.

Table 3: Encrypted ballots

## C1 C2 C3

Voter1 E(0) E(1) E(0) E(0) E(1) E(0) E(0) E(1) E(0)

Voter2 E(1) E(1) E(0) E(0) E(0) E(0) E(0) E(0) E(0)

Voter3 E(0) E(1) E(1) E(0) E(1) E(0) E(0) E(0) E(1)

Voter4 E(0) E(0) E(1) E(1) E(0) E(0) E(0) E(0) E(1)

Voter5 E(0) E(0) E(1) E(0) E(1) E(0) E(0) E(1) E(1)

After encrypting individual elements of votes, that vote will be sent to the server side.

Server will receive votes and perform exponential function using property of Elgamal

as well as Paillier cryptosystem on encrypted data”,

Table 4: Convert into decimal format

## C1 C2 C3

Voter1 E(0)4×E(1)2×E(0)1 =

E(0×4 + 1×2 + 0×1)

E(0)4×E(1)2×E(0)1 =

E(0×4 + 1×2 + 0×1)

E(0)4×E(1)2×E(0)1 =

E(0×4 + 1×2 + 0×1)

Voter2 E(1)4×E(1)2×E(0)1 =

E(1×4 + 1×2 + 0×1)

E(0)4×E(0)2×E(0)1 =

E(0×4 + 0×2 + 0×1)

E(0)4×E(0)2×E(0)1 =

E(0×4 + 0×2 + 0×1)

Voter3 E(0)4×E(1)2×E(1)1 =

E(0×4 + 1×2 + 1×1)

E(0)4×E(1)2×E(0)1 =

E(0×4 + 1×2 + 0×1)

E(0)4×E(0)2×E(1)1 =

E(0×4 + 0×2 + 1×1)

Voter4 E(0)4×E(0)2×E(1)1 =

E(0×4 + 0×2 + 1×1)

E(1)4×E(0)2×E(0)1 =

E(1×4 + 0×2 + 0×1)

E(0)4×E(0)2×E(1)1 =

E(0×4 + 0×2 + 1×1)

Voter5 E(0)4×E(0)2×E(1)1 =

E(0×4 + 0×2 + 1×1)

E(0)4×E(1)2×E(0)1 =

E(0×4 + 1×2 + 0×1)

E(0)4×E(1)2×E(1)1 =

E(0×4 + 1×2 + 1×1)

Tallying will be performed on each column of ballots, because each column indicates

ranked of each candidate. All encrypted ballots is converted into encrypted decimal

ballots using exponential function with the help of homomorphism property. Table 4

shows that decimal encrypted ballots.

After converting decimal encrypted ballots, votes will be counted one by one on each

column using Elgamal homomorphism property and Paillier homomorphism property.

Table 5 shows that tallying on ballots using homomorphic property of both algorithm

without decrypting individual ballots.

Table5: tallying ballots

## C1 C2 C3

Voter1 E(2) E(2) E(2)

Voter2 E(6) E(0) E(0)

×

E(8) E(2) E(2)

Voter3 E(3) E(2) E(1)

×

E(11) E(4) E(3)

Voter4 E(1) E(4) E(1)

×

E(12) E(8) E(4)

Voter5 E(1) E(2) E(3)

×

Final

tallying

E(13) E(10) E(7)

If all ballots are counted then last encrypted ballots, answer was decrypted. Finally”,

all the ballots will decrypted using decryption process of both algorithms.

4 Result and Analysis

Implementation work is based on Elgamal cryptosystem as well as Paillier

cryptosystem. All experiment was performed using a 256-bit key (p and q are 256-bit)

in both Elgamal and Paillier algorithm.

All implementation was performed on a laptop with the following specifications

requirement: Intel® Core™ i5-4440 CPU @ 3.10GHz 3.10 GHz Processor with a 64-

Bit operating system and 12GB and implementation is performed on python 2.7.11

version of python language. pycrypto module which is used in python 2.7 to 3.3, they

provide secure hash functions and various encryption algorithms.

Figure 3 indicates total encrypted time of ballot using Elgamal cryptosystem and

Paillier cryptosystem of number of voters.

Implementation results show that Elgamal cryptosystem takes less time or equal time

compare to Paillier cryptosystem up to 500 voters, but voters are increasing Paillier

cryptosystem is gives less time for encrypting ballots. Paillier cryptosystem gives

accurate result compare to Elgamal if number of voters is increased.

For Elgamal we are not getting result for 5000 voter but Paillier quickly getting results

for 5000 voter, which is approximately 244.70 seconds.

Figure 3: Ballot encryption time using Elgamal and Paillier

Figure 4: Total time using Elgamal and Paillier cryptosystem

Figure 4 shows that total counting and decryption time at server side using Elgamal

and Paillier cryptosystem. In that for small number of voter Elgamal gives same time

or less time compare to Paillier cryptosystem, but when number of voter are increase

Elgamal takes larger time than Paillier cryptosystem.

Implementation results proved that both algorithm produce exactly same result in

manually tallying process and after decrypting tallying on cipher text.

0.51 2.04 4.07

29.17

138.28

0.54 2.46 4.82

25.39

51.13

20

40

60

80

## 100

## 120

## 140

## 160

## 10 50 100 500 1000

To

ta

l T

im

e(

se

co

n

d

s)

### Number of Voters

Estimate time of encryption of ballot using Elgamal and Paillier

cryptosystem

Elgamal

Paillier

1.13 2.67 4.79

29.78

138.92

2.4 3.03 5.28

25.94

51.78

20

40

60

80

## 100

## 120

## 140

## 160

## 10 50 100 500 1000

To

ta

l T

im

e(

Se

co

n

d

s)

### Number of Voters

Total Estimate time for Elgamal and Paillier cryptosystem

Elgamal

Paillier

5 Conclusion and Future work

In this paper, the use of Elgamal and Paillier cryptosystem in ballot casting and tallying

can utilize homomorphic properties of algorithm to calculate votes. Both algorithms

produce different cipher text for same plain text using random number. The Elgamal

cryptosystem takes much larger time than Paillier cryptosystem in ranked based ballot

casting when number of voters get increase.

In the future, we will provided more security and verification on ballot casting phase.

We intend to improve all security requirements and provide verification on each stage.

Verification will be without revealing voter’s information in each phase.

### References

1. Meter, Christian. “Design of Distributed Voting Systems.” arXiv preprint

arXiv:1702.02566 (2017).

2. Wang, King-Hang, Subrota K. Mondal, Ki Chan, and Xiaoheng Xie. “A review of

contemporary e-voting: Requirements, technology, systems and usability.” Data Science

and Pattern Recognition 1, no. 1 (2017): 31-47.

3. Zhang, Lifang, Yan Zheng, and Raimo Kantoa. “A review of homomorphic encryption and

its applications.” In Proceedings of the 9th EAI International Conference on Mobile

Multimedia Communications, pp. 97-106. ICST (Institute for Computer Sciences, Social-

Informatics and Telecommunications Engineering), 2016.

4. Jabbar, Ihsan, and Saad Najim Alsaad. “Design and Implementation of Secure Remote e-

Voting System Using Homomorphic Encryption.” IJ Network Security 19, no. 5 (2017):

694-703.

5. Geurden, Martijn. “A New Future for Military Security Using Fully Homomorphic

Encryption.” (2018).

6. Morris, Liam. “Analysis of partially and fully homomorphic encryption.” Rochester Institute

of Technology (2013): 1-5.

7. Azougaghe, Ali, Mustapha Hedabou, and Mostafa Belkasmi. “An electronic voting system

based on homomorphic encryption and prime numbers.” In Information Assurance and

Security (IAS), 2015 11th International Conference on, pp. 140-145. IEEE, 2015.

8. Sharma, Tannishk. “E-Voting using Homomorphic Encryption Scheme.” International

Journal of Computer Applications (0975–8887) Volume (2016)

9. Yang, Xuechao, Xun Yi, Surya Nepal, Andrei Kelarev, and Fengling Han. “A Secure

Verifiable Ranked Choice Online Voting System Based on Homomorphic

Encryption.” IEEE Access 6 (2018): 20506-20519.

## Be First to Comment