資訊管理學報
黃建勛,蕭舜文;
頁: 133-159
日期: 2022/04
摘要: 利用網路取代實體投票的倡議已經被提出,同時也有數個國家與地區(如愛沙尼亞與挪威)嘗試實現網路投票,但由於資安與隱私的疑慮,導致網路投票至今仍沒有大規模地採用。而區塊鏈技術的公開、不可否認、可追溯性等特性,正適合用於網路投票。本研究分析過去網路投票案例與導入區塊鏈之網路投票文獻,認為當下的區塊鏈投票機制,面臨安全性、匿名性與便利性的取捨難題。目前區塊鏈投票機制主要有三大問題,第一是多數文獻提出的投票機制都屬於權力中心化的架構,一旦中心化架構遭受攻擊則投票流程或結果將會出現問題。第二,多數投票機制也只在流程末端與區塊鏈互動,即便區塊鏈的資料難以竄改,但仍無法保證數位(區塊鏈資料)與實體(投票行為)之間的完整性與一致性,進而造成損害選民的匿名性、代替投票與選票竄改等問題。第三,因為區塊鏈透明與公開的特性,若直接把選務資料與投票內容上鏈則違反投票匿名的準則。本研究參考各文獻的投票機制後,提出一個使用生物辨識與區塊鏈技術的網路投票機制。針對問題一,本研究將投票五個階段之工作交給不同角色來執行與監督。在分權結構之下,任意一方受到全然的控制都無法完全改變投票的結果,進而降低受攻擊之風險。針對問題二,本研究的區塊鏈架構包含選民註冊、選民驗證與投票、選票挖礦與加密、選票解鎖與驗證及選票結果統計與追溯,為更完善的區塊鏈設計。問題三為解決選票隱私的問題,本研究基於生物特徵資訊的雜湊值設計選票,讓選票既可追蹤驗證也可保護隱私。本研究也討論與列舉可能之受攻擊風險,並確保本架構能有效避免遭受攻擊。
關鍵字: 區塊鏈 ; 投票 ; 生物辨識 ; 去中心化 ; 隱私;
Abstract: In the modern era of advanced Internet technology, the initiative to use the Internet to vote has been proposed. At the same time, several countries and regions (such as Estonia and Norway) have tried to implement online voting. However, due to many information security and privacy concerns, online voting has not been massively adopted. Blockchain technology has the characteristics of openness, immutable, traceability, these features are just suitable for supporting electronic voting. This research analyzes the past online voting cases and the online voting proposal studies introduced with blockchain. The current voting mechanism establishing a credible third party or system faces difficulty choosing between security, anonymity, and convenience. The popular blockchain voting mechanisms have three major problems. First, most of the voting structures proposed in the literature belong to a centralized power administration. Once the centralized administration is attacked, the voting process and results will be inaccurate. Second, most of the voting mechanisms only interact with the blockchain at the end of the voting process. Even if the blockchain guarantees that the data on the chain is difficult to tamper with, it still cannot guarantee the virtual (blockchain data) and reality (voting behavior) integrity and consistency, causing problems of damaging voter's anonymity, voter impersonation, and ballot tampering. Third, Because of the openness and transparency of blockchain, uploading the election information and ballot on blockchain violate the anonymity of voting. After referring to the voting mechanism of various studies, this research proposes an online voting framework using biometrics and blockchain technology. For the first problem, the five voting stages are assigned to different roles for execution and supervision. Under decentralization administration, any party cannot alter the election results, thereby reducing the attack risk. For the second problem, this research proposes a more comprehensive blockchain voting framework that includes Voter Register, Voter Verify & Vote, Ballot Mining & Encryption, Ballot Decryption & Verify, and Ballot Counting & Tracing. For the third problem to solve ballot privacy, this research introduces biometric technology and hashing ballot to solve voting privacy and vote tracing. This research also discusses the attack risk and ensures that the proposed framework could avoid being attacked.
Keywords: Blockchain ; I-Voting ; Bio Recognition ; Decentralization ; Privacy;
瀏覽次數: 17550 下載次數: 1013
引用 導入Endnote
頁: 133-159
日期: 2022/04
摘要: 利用網路取代實體投票的倡議已經被提出,同時也有數個國家與地區(如愛沙尼亞與挪威)嘗試實現網路投票,但由於資安與隱私的疑慮,導致網路投票至今仍沒有大規模地採用。而區塊鏈技術的公開、不可否認、可追溯性等特性,正適合用於網路投票。本研究分析過去網路投票案例與導入區塊鏈之網路投票文獻,認為當下的區塊鏈投票機制,面臨安全性、匿名性與便利性的取捨難題。目前區塊鏈投票機制主要有三大問題,第一是多數文獻提出的投票機制都屬於權力中心化的架構,一旦中心化架構遭受攻擊則投票流程或結果將會出現問題。第二,多數投票機制也只在流程末端與區塊鏈互動,即便區塊鏈的資料難以竄改,但仍無法保證數位(區塊鏈資料)與實體(投票行為)之間的完整性與一致性,進而造成損害選民的匿名性、代替投票與選票竄改等問題。第三,因為區塊鏈透明與公開的特性,若直接把選務資料與投票內容上鏈則違反投票匿名的準則。本研究參考各文獻的投票機制後,提出一個使用生物辨識與區塊鏈技術的網路投票機制。針對問題一,本研究將投票五個階段之工作交給不同角色來執行與監督。在分權結構之下,任意一方受到全然的控制都無法完全改變投票的結果,進而降低受攻擊之風險。針對問題二,本研究的區塊鏈架構包含選民註冊、選民驗證與投票、選票挖礦與加密、選票解鎖與驗證及選票結果統計與追溯,為更完善的區塊鏈設計。問題三為解決選票隱私的問題,本研究基於生物特徵資訊的雜湊值設計選票,讓選票既可追蹤驗證也可保護隱私。本研究也討論與列舉可能之受攻擊風險,並確保本架構能有效避免遭受攻擊。
關鍵字: 區塊鏈 ; 投票 ; 生物辨識 ; 去中心化 ; 隱私;
A Decentralized Voting Framework with Blockchain Technology, Voting Process Security and Voter Privacy
Abstract: In the modern era of advanced Internet technology, the initiative to use the Internet to vote has been proposed. At the same time, several countries and regions (such as Estonia and Norway) have tried to implement online voting. However, due to many information security and privacy concerns, online voting has not been massively adopted. Blockchain technology has the characteristics of openness, immutable, traceability, these features are just suitable for supporting electronic voting. This research analyzes the past online voting cases and the online voting proposal studies introduced with blockchain. The current voting mechanism establishing a credible third party or system faces difficulty choosing between security, anonymity, and convenience. The popular blockchain voting mechanisms have three major problems. First, most of the voting structures proposed in the literature belong to a centralized power administration. Once the centralized administration is attacked, the voting process and results will be inaccurate. Second, most of the voting mechanisms only interact with the blockchain at the end of the voting process. Even if the blockchain guarantees that the data on the chain is difficult to tamper with, it still cannot guarantee the virtual (blockchain data) and reality (voting behavior) integrity and consistency, causing problems of damaging voter's anonymity, voter impersonation, and ballot tampering. Third, Because of the openness and transparency of blockchain, uploading the election information and ballot on blockchain violate the anonymity of voting. After referring to the voting mechanism of various studies, this research proposes an online voting framework using biometrics and blockchain technology. For the first problem, the five voting stages are assigned to different roles for execution and supervision. Under decentralization administration, any party cannot alter the election results, thereby reducing the attack risk. For the second problem, this research proposes a more comprehensive blockchain voting framework that includes Voter Register, Voter Verify & Vote, Ballot Mining & Encryption, Ballot Decryption & Verify, and Ballot Counting & Tracing. For the third problem to solve ballot privacy, this research introduces biometric technology and hashing ballot to solve voting privacy and vote tracing. This research also discusses the attack risk and ensures that the proposed framework could avoid being attacked.
Keywords: Blockchain ; I-Voting ; Bio Recognition ; Decentralization ; Privacy;
瀏覽次數: 17550 下載次數: 1013
引用 導入Endnote