Toward a Compliant Token-Based e-Voting System with SSI-Granted

Eligibility

Dario Castellano

1,2 a

, Roberto De Prisco

1 b

and Pompeo Faruolo

University of Salerno, Computer Science Department, Salerno, Italy

eTuitus, Fisciano (SA), Italy

www.etuitus.it

Keywords:

e-Voting, Self-sovereign Identities, Algorand, Dizme.

Abstract:

In this paper we present a preliminary design for an e-voting system based on self-sovereign identities and built

on the Algorand blockchain. The design keeps into consideration the basic properties of an e-voting system

and also the EU recommendations. We use the Dizme framework for the management of the identities of the

voters, which allows to keep secret the identity while certifying the right to vote, and we store the encrypted

votes on the Algorand blockchain. Votes are decrypted only in the tally phase.

1 INTRODUCTION

Computers and the Internet have revolutionized ser-

vices, through the possibility of offering them on-

line. One of such services is (online) voting. Ex-

tensive research conducted since the early 2000s has

focused on establishing secure electronic voting stan-

dards and methodologies (Caltech and MIT, 2001;

Rivest, 2000), although security concerns persist (Ru-

bin, 2001). The use of ﬂawed Direct-recording elec-

tronic voting machines in the US underscored the

importance of open-source systems and community

auditing for enhanced security (Kohno et al., 2004).

While full remote Internet voting has yet to be widely

embraced for large-scale elections, the European Par-

liament appointed a committee to investigate mea-

sures and standards (Council of Europe, 2021b), rec-

ommending them to member states. Italy, for in-

stance, has explored the implementation of an elec-

tronic voting system in compliance with the constitu-

tion, conducting tests that enabled overseas citizens to

participate (Cortellessa, 2020).

The emergence of blockchain technology has

sparked considerable interest in e-voting due to its

inherent security features (Kshetri and Voas, 2018;

Demuro, 2018). Real-world cases in Moscow, South

Korea, Estonia, and Sierra Leone have demonstrated

the feasibility of blockchain-based voting for polls

https://orcid.org/0009-0001-3756-9204

https://orcid.org/0000-0003-0559-6897

and surveys (Kshetri and Voas, 2018; Soldavini,

2018). Blockchain-enabled e-voting (BEVs) offers

several advantages, including participant anonymity,

immutable vote storage, and decentralized participa-

tion, which can potentially reduce errors and vulner-

abilities associated with traditional electronic voting

machines. Various models and approaches have been

proposed, such as permissioned blockchains and the

use of decentralized layers into existing systems (Lee

et al., 2016; Hjalmarsson et al., 2018; Perez and

Ceesay, 2018).

Our proposed solution starts from European rec-

ommendations and leverages the self-sovereign iden-

tity approach using the Dizme identity network

combined with the secure and permanent storage ca-

pabilities of the Algorand blockchain

. By utilizing

these technologies, we aim at empower an e-voting

solution that ensures the integrity and transparency of

the voting process while preserving voter privacy and

security.

2 BACKGROUND

In this section we ﬁrst review the basic requirements

of an e-voting system and then we describe brieﬂy

The Dizme Identity Framework documentation is

available at https://www.dizme.io/

Algorand documentation is available at https://

algorand.com

752

Castellano, D., De Prisco, R. and Faruolo, P.

Toward a Compliant Token-Based e-Voting System with SSI-Granted Eligibility.

DOI: 10.5220/0012121100003555

In Proceedings of the 20th International Conference on Security and Cryptography (SECRYPT 2023), pages 752-757

ISBN: 978-989-758-666-8; ISSN: 2184-7711

 2023 by SCITEPRESS – Science and Technology Publications, Lda. Under CC license (CC BY-NC-ND 4.0)

the Dizme framework and the Algorand blockchain.

E-voting research ﬁeld is rich of contributions that in-

spired common requirements and criteria in the de-

sign of the proposed voting system, e.g. (Anane et al.,

2007; Bungale and Sridhar, 2013; Gibson et al., 2016;

Rubin, 2001; Wang et al., 2017).

2.1 Basic Requirements and EU

Recommendations

Voting systems have fundamental requirements that

include:

• Non-reusability to prevent multiple votes from a

single voter.

• Non-duplicability to avoid duplicate votes within

the system.

• Immutability to ensure that cast votes cannot be

altered.

• Non-traceability to maintain voter preferences

conﬁdential.

• Eligibility to authorize individuals to cast votes

based on personal information.

In addition to these requirements, auditability and ver-

iﬁability are crucial for the integrity of the system:

• Auditability involves practices to detect and pre-

vent fraud in an election, which is mandatory for

e-voting systems (Jamroga et al., 2019; Rubin

et al., 2020).

• Veriﬁability enables actors to control the sys-

tem’s inputs and outputs, ensuring correct op-

eration (Rivest and Stark, 2017). Veriﬁability

encompasses the votes being Cast-as-intended,

Recorded-as-cast, and Tallied-as-recorded (Be-

naloh, 2006; Benaloh et al., 2015).

The European Commission’s recommendations pro-

vide a comprehensive set of requirements for e-voting

systems (Council of Europe, 2021b), aiming at ad-

dressing various aspects:

• Universal suffrage emphasizes user-friendly inter-

faces and system accessibility to avoid a digital

divide.

• Equal suffrage focuses on equal access to the sys-

tem and equitable representation of information

for all voters.

• Free suffrage promotes transparency, clear feed-

back to voters, integrity of ballots, and veriﬁabil-

ity.

• Secret suffrage covers the protection of pri-

vate data, secure management of eligibility in-

formation, receipt freeness, single submission,

anonymity, and prevention of result counting dur-

ing ongoing elections.

Various e-voting systems, such as Helios (Adida,

2008), have sought to merge auditability and veriﬁ-

ability through risk-limiting audits and providing vot-

ers with detailed information at each step. Addi-

tionally, cryptographic tools like mix-nets, homomor-

phic encryption, and blind signatures have been used

in digital or hybrid processes to fulﬁll the require-

ments (He and Su, 1998).

2.2 Algorand Overview

Algorand is a high-performance blockchain network

known for its fast, secure, and decentralized trans-

actions (Algorand, 2023). It utilizes a proof-of-

stake consensus mechanism, ensuring scalability and

achieving transaction ﬁnality within seconds (Chen

and Micali, 2016; Chen et al., 2018). Key features

of Algorand include:

• Scalability: Algorand supports high throughput,

with the capacity for up to 1,000 transactions per

second (TPS), making it suitable for enterprise

applications requiring fast transaction times and

high volume.

• Security: Algorand employs a unique crypto-

graphic protocol that ensures transaction valida-

tion without relying on a centralized authority,

guaranteeing the security and integrity of trans-

actions.

• Decentralization: Algorand’s consensus mecha-

nism based on proof-of-stake promotes decentral-

ization, making the network resistant to censor-

ship and control by any centralized authority.

• Smart Contracts: Algorand supports smart con-

tracts using TEAL, a user-friendly programming

language. Smart contracts can be stateless or

stateful, providing ﬂexibility for transaction val-

idation or complete distributed applications.

• Atomic Transfers: Algorand enables atomic

transfers, ensuring that multiple transactions are

executed as a whole or not at all, eliminating the

risk of partial execution.

Algorand ﬁnds applications in various use cases,

including ﬁnancial applications requiring fast transac-

tions and high throughput, decentralized applications

(dApps) beneﬁting from strong security and decen-

tralization, and tokenization, where smart contracts

enable the creation of digital assets like tokens or non-

fungible tokens (NFTs) (Algorand, 2023).

Toward a Compliant Token-Based e-Voting System with SSI-Granted Eligibility

753

2.3 Self-Sovereign Identity (SSI) and

Dizme Framework

Self-Sovereign Identity (SSI) systems transfer con-

trol of identity from a centralized authority to a self-

governed system, where users have full control over

their identities. This model eliminates the need for

a central authority and returns identity and related

claims to the user. Distributed ledgers and blockchain

technologies have paved the way for such models.

Various SSI implementations exist, including Sovrin,

uPort, Civic, and The Key. In this work, we refer-

ence the Sovrin Hyperledger as the SSI implementa-

tion. The Sovrin Foundation, an international non-

proﬁt organization, governs the Sovrin hyperledger,

which serves as the world’s ﬁrst self-sovereign iden-

tity network

. Dizme, a framework, utilizes Sovrin to

manage identity credentials. Within this framework,

entities known as ”issuers” can issue identity creden-

tials, and users, in this case, the voters, can store these

identities in private wallets and present them to the

system for voting purposes.

2.3.1 Dizme Usage

We employ Dizme for vote credential issuing and val-

idation, where the credential represents the attestation

that the user is eligible to vote based on identiﬁcation

criteria. Voters can prove that they possess required

identity attributes, such as citizenship or age above

18, using a zero-knowledge proof on the credential

containing those attributes. Once veriﬁed, the voter

receives a credential offer containing an anonymous

voting credential.

To establish eligibility, the voting credential is

combined with a self-attested attribute representing

the voter’s Algorand address, forming a proof. Any

veriﬁer in the Dizme framework can verify that the

credential is a voting credential and provide the voter

with an Algorand asset on the provided address. This

ensures eligibility without disclosing any voter per-

sonal data and prevents any link between voter iden-

tity and Algorand address.

Figure 1 illustrates a diagram of the actors in-

volved in the Dizme framework.

3 PROPOSED FRAMEWORK

This section presents the design of a compliant e-

voting system based on the technical recommenda-

tions of the European Commission. It serves as a

Details about Sovrin can be found at https://sovrin.org/

Figure 1: Dizme actors.

proof of concept for further investigation. Next, we

deﬁne the actors involved in the system’s construction

and describe their interactions.

3.1 Actors and Assumptions

The e-voting process involves several actors, each

with speciﬁc roles, and certain assumptions are made

in the proposed protocol.

Actors:

• Organizer: Conﬁgures election parameters, man-

ages cryptographic keypairs, and oversees the en-

tire election process.

• Voter: Interacts with the system to express their

preference. They have self-sovereign identity and

Algorand blockchain wallets. The voter obtains

a valid identity credential, presents it to the Iden-

tity Veriﬁer for an election token, and casts their

vote by spending the token through a blockchain

transaction.

• Identity Issuer: Veriﬁes the voter’s identity at-

tributes and issues an election-speciﬁc credential

certifying their eligibility.

• Identity Veriﬁer: Validates the voter’s election

credential and token to conﬁrm their eligibility

without revealing additional identity information.

Assumptions:

• Token-based Voting: Voting eligibility is deter-

mined by owning an unrestricted Algorand Asset,

which may evolve in the future.

• Dizme Wallet and SSI: Voters are assumed to

have a Dizme wallet for managing credentials

and are familiar with self-sovereign identity (SSI)

concepts.

• Protection of Sensitive Information: Zero-

knowledge proofs are used in SSI interactions to

verify possession of information without reveal-

ing the actual information, ensuring privacy.

SECRYPT 2023 - 20th International Conference on Security and Cryptography

754

3.2 Voting Protocol

The proposed solution allows voters to participate

in the election process using their personal devices,

making it suitable for medium-scale elections or cor-

porate settings where coercion is not a signiﬁcant con-

cern. The protocol consists of the following phases:

1. Initialization: The Organizer conﬁgures the elec-

tion parameters, deploys the election token on

the Algorand blockchain, and sets up the election

smart contract. Voters interact with the Identity

Issuer to obtain a valid election credential. See

Figure 2.

2. Registration: Voters interact with the Identity Ver-

iﬁer to obtain a voting token. The Veriﬁer veri-

ﬁes the voter’s election credential and registers an

asset transfer transaction on the blockchain. See

Figure 3.

3. Voting: During the designated voting period, el-

igible voters interact with the smart contract to

encrypt their preference and submit it along with

an asset transfer transaction containing the voting

token. The encrypted preference is stored in the

address-related space provided by Algorand. See

Figure 4.

4. Tally: After the voting period ends, the Orga-

nizer publicly releases the election private key

through the smart contract. The tally phase in-

volves retrieving the encrypted preferences, de-

crypting them, and computing the ﬁnal result,

which can be made publicly available. See Fig-

ure 5.

Figure 2: Initialization phase.

3.2.1 Contract Overview

This section provides an overview of the available in-

teractions with the contract and their behavior.

Opt-in: This Algorand smart contract call allows

Figure 3: Registration phase.

Figure 4: Voting phase.

an address to require storage space for encrypted bal-

lots. It can only be used during the registration phase.

Create: This application call creates the contract

and sets its global state. Arguments include the Elec-

tion Token Id, Election Public Key, Registration Start

Date, Registration End Date, Voting Start Date, and

Voting End Date.

Vote: This application call requires two transac-

tions as arguments: an asset transfer from the voter

to the contract and a transaction containing the en-

crypted ballot. It validates the timing of the vote and

checks the transaction group. If successful, it stores

the encrypted ballot in the on-chain storage for the

voter’s address.

UpdateKey: This call updates the global state by

setting the election private key. It can only be made

by the Organizer after the voting period has ended.

In addition to the smart contract calls, the following

Algorand application calls are used:

GetGlobalState: This call provides access to the

blockchain’s global storage for the contract.

GetLocalState: This call retrieves the encrypted

ballot stored in the contract’s local storage for a given

voter’s address.

Toward a Compliant Token-Based e-Voting System with SSI-Granted Eligibility

755

Figure 5: Tallying phase.

4 ANALYSIS

4.1 Basic Requirements

To ensure the correctness of the election and secu-

rity for any application, the following requirements

are considered:

Veriﬁability: The use of blockchain technology

ensures that all operations are recorded permanently

and are accessible. Voters can verify their vote sub-

mission and the overall vote tally. The three require-

ments of veriﬁability (Cast-as-intended, Recorded-as-

cast, and Tallied-as-recorded) are met through estab-

lished cryptographic procedures and transparency of

the blockchain.

Eligibility: Veriﬁed credentials are used to deter-

mine eligibility. Voting tokens are conditional on pos-

sessing speciﬁc attributes, and the smart contract ver-

iﬁes their use.

Auditability: The voting process is auditable dur-

ing and after the vote due to the recording of interac-

tions with the contract on the blockchain.

Non-reusability: Tokens can only be acquired dur-

ing the registration phase, and the system allows the

spending of only one token per user to prevent multi-

ple voting.

Non-duplicability and immutability: The

blockchain layer prevents duplicability and en-

sures immutability of the contract and of the vote.

Non-traceability: The usage of a self-sovereign

identity (SSI) framework ensures that the voter’s iden-

tity credential cannot be linked to the blockchain ad-

dress used to call the contract.

4.2 EU Recommendations

The recommendations from the European Commis-

sion have been considered in the design:

Universal suffrage: The fee mechanism of

blockchain usage is supported, and the protocol can

be implemented in a public booth to ensure accessi-

bility and address the digital divide.

Equal suffrage: The use of SSI with smart contract

transparency enables equal suffrage in the system.

Free suffrage: The immutability, data integrity,

and transparency of the blockchain ensure free suf-

frage.

Secret suffrage: Privacy is achieved by keeping

the voter’s identity separate and using anonymous ad-

dresses. Vote counting is not possible during the vot-

ing phase due to encryption, with decryption occur-

ring only after the voting period ends.

5 IMPLEMENTATION

We are developing a proof of concept implementation

to test the feasibility of our proposed solution. The

implementation utilizes the Algorand Python library

and simulates the actors and their interactions. We

use an Algorand testnet node provided by PureStake

and generate different Algorand accounts funded with

ALGOs for testing.

The current implementation focuses on simulating

the identity process, where the voter account is pro-

vided with a token and sends an atomic transactions

group to the contract. The implementation consists of

Python scripts for both the server and the client (ac-

tors). We initially use a central server for data access

and logging, but we are working on a serverless solu-

tion where the client code interacts directly with the

Algorand blockchain.

We are also exploring different settings for the e-

voting system. In addition to the proof of concept, we

are developing a mobile solution using Dart and Flut-

ter, a cross-platform technology, to enable a full re-

mote e-voting experience. We incorporate technolo-

gies such as Wallet Connect

for connecting the app

with an Algorand account and face or touch recogni-

tion for secure access to the application.

6 CONCLUSIONS AND FUTURE

WORK

Implementation and User Experience: The devel-

opment of a complete working implementation is

planned, including considerations for user interface

Documentation about Wallet Connect can be found at

https://docs.walletconnect.com/2.0/

SECRYPT 2023 - 20th International Conference on Security and Cryptography

756

and user experience. It is important to address the ac-

cessibility of the system and provide clear interfaces

with informative feedback to ensure user understand-

ing and engagement (Council of Europe, 2021b).

Certiﬁcation Processes: Further exploration of cer-

tiﬁcation processes for e-voting systems is needed.

Current EU recommendations allow member states to

deﬁne their own certiﬁcation procedures, so the sys-

tem should be designed with the goal of meeting cer-

tiﬁcation requirements and addressing relevant tech-

nological aspects (Council of Europe, 2021a).

Cross-Chain Technologies: Investigating the use of

cross-chain technologies, such as light-clients or ad-

hoc chains

, can contribute to a more versatile and

generic protocol. Considerations can also be made

for managing fees associated with the system’s oper-

ations (Yang, 2020).

By addressing these aspects, the proposed design

can evolve into a more comprehensive and certiﬁed

e-voting system.

ACKNOWLEDGEMENTS

This work was partially supported by project SER-

ICS (PE00000014) under the NRRP MUR program

funded by the EU-NGEU.

REFERENCES

Adida, B. (2008). Helios: Web-based open-audit voting. In

USENIX security symposium, volume 17, pages 335–

348.

Algorand (2023). Algorand - https://algorand.com.

Anane, R., Freeland, R., and Theodoropoulos, G. (2007). E-

voting requirements and implementation. In The 9th

IEEE International Conference on E-Commerce Tech-

nology and The 4th IEEE International Conference on

Enterprise Computing, E-Commerce and E-Services

(CEC-EEE 2007), pages 382–392. IEEE.

Benaloh, J. (2006). Simple Veriﬁable Elections. EVT, 6:10.

Benaloh, J., Rivest, R., Ryan, P. Y. A., Stark, P., Teague,

V., and Vora, P. (2015). End-to-end veriﬁability.

arXiv:1504.03778 [cs].

Bungale, P. P. and Sridhar, S. (2013). Requirements for

an Electronic Voting System. Unplublished Thesis,

Department of Computer Science, The Johns Hopkins

University, page 2.

Caltech and MIT (2001). Voting - What Is, What Could Be.

Technical report.

Chen, J. and Micali, S. (2016). Algorand. arXiv preprint

arXiv:1607.01341.

Algorand Co-Chains properties are described at https:

//www.algorand.com/resources/blog/algorand-co-chains

Chen, J. J., Gorbunov, S., Micali, S., and Vlachos, G.

(2018). ALGORAND AGREEMENT: Super Fast and

Partition Resilient Byzantine Agreement. IACR Cryp-

tol. ePrint Arch., 2018:377.

Cortellessa, C. M. (2020). Il voto elettronico tra stan-

dard europei e principi costituzionali. Prime riﬂes-

sioni sulle difﬁcolt

a di implementazione dell’e-voting

nell’ordinamento costituzionale italiano.

Council of Europe (2021a). Certiﬁcation of e-voting sys-

tems. Technical report, Council of Europe.

Council of Europe (2021b). List of reference standards of

the Council of Europe in the ﬁeld of elections - Portal

- publi.coe.int.

Demuro, J. (2018). Here are the 10 sectors that blockchain

will disrupt forever.

Gibson, J. P., Krimmer, R., Teague, V., and Pomares, J.

(2016). A review of e-voting: the past, present and fu-

ture. Annals of Telecommunications, 71(7):279–286.

Publisher: Springer.

He, O. and Su, Z. (1998). A new practical secure e-voting

scheme. na.

Hjalmarsson, F. P., Hreioarsson, G. K., Hamdaqa, M., and

Hjalmtysson, G. (2018). Blockchain-Based E-Voting

System. 2018 IEEE 11th International Conference on

Cloud Computing (CLOUD), pages 983–986.

Jamroga, W., Roenne, P. B., Ryan, P. Y. A., and Stark, P. B.

(2019). Risk-Limiting Tallies. arXiv:1908.04947 [cs,

stat].

Kohno, T., Stubbleﬁeld, A., Rubin, A. D., and Wallach,

D. S. (2004). Analysis of an electronic voting system.

In IEEE Symposium on Security and Privacy, 2004.

Proceedings. 2004, pages 27–40. IEEE.

Kshetri, N. and Voas, J. (2018). Blockchain-enabled e-

voting. IEEE Software, 35(4):95–99. Publisher:

IEEE.

Lee, K., James, J., Ejeta, T., and Kim, H. (2016). Electronic

voting service using block-chain. Journal of Digital

Forensics, Security and Law, 11(2).

Perez, A. J. and Ceesay, E. N. (2018). Improving End-to-

End Veriﬁable Voting Systems with Blockchain Tech-

nologies. In 2018 IEEE International Conference on

Internet of Things (iThings) and IEEE Green Comput-

ing and Communications (GreenCom) and IEEE Cy-

ber, Physical and Social Computing (CPSCom) and

IEEE Smart Data (SmartData), pages 1108–1115.

Rivest, R. L. (2000). Electronic Voting.

Rivest, R. L. and Stark, P. B. (2017). When Is an Election

Veriﬁable? IEEE Security & Privacy, 15(3):48–50.

Rubin, A. (2001). Security Considerations for Remote Elec-

tronic Voting over the Internet.

Rubin, A., Halderman, J. A., Adida, B., and Teague, V.

(2020). The 2020 Election: Remote Voting, Disin-

formation, and Audit. USENIX Association.

Soldavini, P. (2018). In Sierra Leone le prime elezioni al

mondo garantite da blockchain.

Wang, K.-H., Mondal, S. K., Chan, K., and Xie, X. (2017).

A review of contemporary e-voting: Requirements,

technology, systems and usability. Data Science and

Pattern Recognition, 1(1):31–47.

Yang, J. (2020). Blockchain Light Client.

Toward a Compliant Token-Based e-Voting System with SSI-Granted Eligibility

757