2009 Reports : Cryptology ePrint Archive Forum

Discussion forum for Cryptology ePrint Archive reports posted in 2009.
Please put the report number in the subject.

Two Problems with "Double Voter Perceptible Blind Signature Based Electronic Voting Protocol"

Posted by: **m.kiraz** (IP Logged)

Date: 19 March 2010 12:00

Dear Yaser

I have two problems to be answered! I will try to be more precise in this email.

About the first problem (page 11):

There is a sentence on page 11: "In our scheme the certification of the voters also contains g_^IDv mod nCA in which IDv is the identier of the voter which is chosen by CA in Z_q."

In the second step of the first phase (page 11, obtaining a voting ticket) AS checks the validity of I by using the Cert_V. With the sentence above you can only check that the validity of I=[g_0^(ID_v)]^(d_CA) whether it is signed by CA by simply using the public key of CA (since it is signed). For example, I can take your signed value (imitating like mine) and send it to AS. In this way, AS will not stop the protocol. Also, from the sentence above you can see that the certification contains X= g_1^(ID_v) mod n_CA. The most important thing here is to prove that the identifier inside I and X are equal to each other (namely equal to ID_v). In other words, there must be a zero knowledge proof which shows the equality of identifiers inside I and X. As far as I know this is not related to certification.

About the second problem (page 12):

Please see the first step of the second phase (page12, voting and collecting tickets): how can the voter compute r_0 without knowledge of ID_v in equation (20) (on page 12)? In other words, if only CA knows ID_v then how can the voter computer the equation 20??

I hope the explanations here are clear enough. Waiting for a reply!

Best regards,

Mehmet

I have two problems to be answered! I will try to be more precise in this email.

About the first problem (page 11):

There is a sentence on page 11: "In our scheme the certification of the voters also contains g_^IDv mod nCA in which IDv is the identier of the voter which is chosen by CA in Z_q."

In the second step of the first phase (page 11, obtaining a voting ticket) AS checks the validity of I by using the Cert_V. With the sentence above you can only check that the validity of I=[g_0^(ID_v)]^(d_CA) whether it is signed by CA by simply using the public key of CA (since it is signed). For example, I can take your signed value (imitating like mine) and send it to AS. In this way, AS will not stop the protocol. Also, from the sentence above you can see that the certification contains X= g_1^(ID_v) mod n_CA. The most important thing here is to prove that the identifier inside I and X are equal to each other (namely equal to ID_v). In other words, there must be a zero knowledge proof which shows the equality of identifiers inside I and X. As far as I know this is not related to certification.

About the second problem (page 12):

Please see the first step of the second phase (page12, voting and collecting tickets): how can the voter compute r_0 without knowledge of ID_v in equation (20) (on page 12)? In other words, if only CA knows ID_v then how can the voter computer the equation 20??

I hope the explanations here are clear enough. Waiting for a reply!

Best regards,

Mehmet

Please log in for posting a message. Only registered users may post in this forum.