Proba: privacy-preserving, robust and accessible blockchain-powered helios

Kocaman, Sermin
Helios is the first web-based and open-audit voting system. The open-audit feature allows anyone to track the voting process, thus providing easy verifiability in all stages of the elections. Despite many advantages, Helios has a few weaknesses due to its reliance on a centralized server, such as modifying data through unauthorized access or making the server inaccessible. A subsequent work called blockchain-powered Helios is proposed to overcome these weaknesses. This system replaced the centralized server with decentralized servers using the blockchain and a decentralized storage protocol. Although this novelty eliminates Helios' centralized weaknesses, it creates some new problems, thereby causing security weaknesses. These are the misbehavior in the wallet authorization procedure, the linkability in the wallet authorization procedure, and the high cost of transactions. In this thesis, an improved version of the blockchain-powered Helios system, named Proba, is presented. The system is redesigned to provide privacy, robustness, and accessibility in the election. Proba utilizes a novel threshold issuance-anonymous credentials that break the link between the voters and their wallets. Also, the threshold version mitigates the misbehavior of election authorities in wallet authorization. Additionally, Proba leverages a consortium blockchain that provides cost-effective election solutions. In terms of security, the system's formal security concerning specific election requirements is demonstrated through game-based reduction proofs. The performance analysis of Proba shows that the usage of threshold-issuance anonymous credentials does not have a critical cost for the election phase; on the contrary, it mitigates the smart contract storage cost. As an additional work on the design of Proba, this thesis proposes enhanced wallet key protection protocols for general blockchain-based I-voting systems. Within the blockchain, transactions must be signed using the wallet secret (signing) key. Thus, the voter's right to send transactions on the blockchain will depend on the security of this single key. In most of these systems, voters can register one wallet address, but in the case of a stolen key, voters are unable to send their votes as a transaction to the blockchain. Although offering voters the opportunity to register their new address is considered a solution in such cases, this creates an avenue for the attacker by forcing them to unregister their existing address. Hence, to prevent such circumstances, rather than permitting the enrollment of new addresses, it is necessary to use enhanced cryptographic measures that can be implemented to protect the existing wallet secret key. The logical precaution is to split the secret key into the different devices of the voter, but in this case, efficient threshold signing protocols must be developed. In this thesis, efficient threshold signing protocols are proposed, specifically focusing on a two-party elliptic curve digital signature algorithm (ECDSA), and a flexible hierarchical threshold signature scheme (FlexHi). In the former, voters split their wallet secret keys across two distinct devices, such as a laptop and a tablet, and then employ two keys to execute a signature on a transaction with our proposed two-party ECDSA protocol. This protocol provides the most optimal offline phase for a two-party ECDSA protocol with such an efficient online phase. In the latter, voters split their wallet secret keys among their various devices, granting different levels of permission to each. During the verification stage of most applications, the transmission of a code to the user's smartphone indicates that the smartphone is deemed a highly significant device, belonging only to the individual. Considering this, voters have the choice to divide their secret keys between their smartphones and other devices. In this scenario, the use of the smartphone, which holds the highest position in the hierarchy, is obligatory during the signing phase. However, secret keys shared with other devices can be used according to the specified threshold value in the system. Current hierarchical threshold schemes incorporate certain ordering criteria and constraints at each level of the hierarchy, which restrict their adaptability. Nevertheless, the proposed FlexHi scheme presents a novel architecture that liberates itself from these limitations and provides flexibility.
Citation Formats
S. Kocaman, “Proba: privacy-preserving, robust and accessible blockchain-powered helios,” Ph.D. - Doctoral Program, Middle East Technical University, 2024.