A secure, verifiable, and coercion-resistant electronic voting platform.
The National Electronic Election Voting System is a platform engineered to provide secure, verifiable, and coercion-resistant electronic voting. The system addresses fundamental challenges in e-voting, including voter privacy, ballot secrecy, and protection against vote-buying and coercion. It is built on a distributed microservices architecture and employs advanced cryptographic techniques to ensure that individual votes remain anonymous while allowing for a universally verifiable final tally.
-
Voter Anonymity: Uses RSA Blind Signatures to completely decouple voter identity from their cast ballot.
-
Coercion-Resistance: Implements a "fake credentials" mechanism. Voters can cast decoy votes under duress using fake passwords; these votes are indistinguishable during the process but are discarded during tallying.
-
Homomorphic Tallying: Utilizes the Paillier Cryptosystem to aggregate encrypted ballots. The final result is decrypted only once, ensuring individual vote contents are never exposed.
-
End-to-End Verifiability: Supports individual verifiability (voters can confirm their vote was tallied) and universal verifiability (observers can audit the final encrypted tally).
-
Receipt-Freeness: The system provides proof of receipt without providing a "receipt" that allows a voter to prove how they voted to a third party.
The system follows a services pattern with strict separation of concerns to enforce privacy.
- Registration and Identity Authority (RIA):
- Acts as the "Registrar."
- Manages voter registration, verifies NICs (National Identity Cards), and handles device binding.
- Issues blind signatures for voting tokens
- Token Registry (TR):
- Issues one-time, random, anonymous tokens to voters.
- Ensures tokens are generated anonymously and decoupled from user identity.
- Voting Service (VS):
- Acts as the "Election Trustee" and "Ballot Box."
- Manages election lifecycles (candidates, timing) and accepts encrypted ballots.
- Performs the final homomorphic tallying process.
- Database: PostgreSQL Master-Slave Cluster (AWS RDS) for high availability.
- Gateway: Nginx Reverse Proxy for request routing and SSL termination.
- Deployment: Dockerized services managed by PM2, deployed on AWS EC2.
This project bridges academic theory with practical implementation using the following protocols:
- Used for Additively Homomorphic Encryption.
- Property:
[ E(v_1) \times E(v_2) = E(v_1 + v_2) ] - Votes are multiplied in batches to calculate the total count without decrypting individual ballots.
- Based on Chaum’s blind signature scheme.
- Process:
- The voter blinds a token.
- The RIA signs the blinded token (authorizing it).
- The voter unblinds the signed token to obtain a valid signature on the original token.
- The RIA maintains two key pairs:
- One for Genuine votes.
- One for Fake votes.
- The Voting Service verifies signatures against both keys,
but only counts ballots signed with the Genuine key.
- Languages: Java 17 (RIA), Java 21 (Voting Service).
- Framework: Spring Boot (Gradle build).
- Database: PostgreSQL (AWS RDS Master-Slave Cluster).
- Infrastructure: AWS EC2, Nginx (Reverse Proxy/SSL), PM2 (Process Management).
- Other: OpenSSL for key generation
- CI/CD: GitHub Actions.
POST /api/v1/account: Create a pending account.POST /api/v1/account/auth: Initiate login challenge.POST /api/v1/vote/sign: Request a blind signature.POST /api/v1/account/auth/fake: Generate fake credentials.
GET /api/v1/public/elections: List active elections.PUT /api/v1/public/election/{id}/vote: Cast an encrypted vote.POST /api/v1/admin/election/{id}/tallying: Trigger tallying process (Admin).
This project consists of three applications. Below are key UI previews of each system.
The project is configured for deployment on AWS using GitHub Actions.
- Java 17 and Java 21 installed.
- A PostgreSQL database instance.
- Nginx configured as a reverse proxy.
- Build:
./gradlew bootJar.
- Use
ecosystem.config.jsto define environment variables and service paths for PM2. - Configure Nginx to route:
api.ria.evs.lk→ port 9998api.vs.evs.lk→ port 8080
# Services are managed via PM2
pm2 start ecosystem.config.js- 210077D - CHANDRAWANSHA J.P.S.A
- 210161F - FERNANDO K.J.R.K.
- 210383L - MEDDEPOLA M.A.C.T
- 210400N - MUTHUWANA M.A.N.R
Based on the academic e-voting scheme proposed by Aziz (2019).