A Simple Voting Protocol on Quantum Blockchain

This paper proposes a simple voting protocol based on Quantum Blockchain. Despite its simplicity, our protocol satisfies the most important properties of secure voting protocols: is anonymous, binding, non-reusable, verifiable, eligible, fair and self-tallying. The protocol could also be implemented using presently available technology.


Introduction
Many voting protocols based on classical cryptography have been developed and successfully applied since Chaum et al [7].However, the security of classical cryptography is based on the unproven complexity of some computing tasks, such as factoring large numbers.The research in quantum computation shows that quantum computers are able to factor large numbers in a short time, which means that classical cryptography is already insecure.To react to the threat of quantum computers, a number of quantum voting protocols have been developed in the last decade [9,27,14,10,15,11,26,28,2,24].
To be reliable and useful in practice, voting protocols should satisfy some desirable properties such as: 2. Binding.Nobody can change a ballot after its submission.3. Non-reusability.Every voter can vote only once.4. Verifiability.Every voter can verify whether his or her ballot has been counted properly.5. Eligibility.Only eligible voters can vote.6. Fairness.Nobody can obtain a partial ballot tally before the stage of tally.7. Self-tallying.Everyone who is interested in the voting result can tally ballots by himself or herself.
To the best of our knowledge, among all the existing quantum voting protocols, only Wang et al. [28] satisfy all the above requirements.However, their protocol is difficult to be implemented with the current technology.In this paper, our aim is to develop a voting protocol which satisfies all the above properties, in addition to be implementable by the current technology.
An important feature of our protocol is that it utilizes quantum-enhanced logic-based blockchain developed in [21].It turns out that blockchain can significantly simplify the design of protocols of electronic voting.A quantum bit commitment protocol is also needed to ensure some desirable properties of voting.We choose a cheat-sensitive quantum bit commitment protocol from [20] for this purpose because it is efficient and implementable by the current technology.
We review some background knowledge on quantum blockchain and quantum bit commitment in Section 2.Then, in Section 3, we proposed our voting protocol.We conclude this paper in Section 4.

Quantum blockchain
A blockchain is a distributed, transparent and append-only database which enables achieving consensus in a large decentralized network of agents who do not trust each other.It is distributed in the sense that every miner (an agent in charge of updating the database) has an identical copy of the database.One of the most prominent applications of blockchain technology is for cryptocurrencies, such as Bitcoin [18].Another important application is the implementation of self-executable smart contracts [22].
In the quantum blockchain system presented in [21], which we are going to use for our voting protocol, it is assumed that each pair of nodes (agents) is connected by an authenticated quantum channel and a not necessary authenticated classical channel.Each pair can establish a sequence of secret keys by using quantum key distribution [3].Those keys will later be used for message authentication.
Updates (new transactions/new messages) of a blockchain are initiated by those nodes who wish to append some new data to the blockchain.The classical data of an update is sent via classical channels to all miners, while the quantum data of the update is sent via quantum channels.Each miner checks the consistency of the update with respect to their local copy of the database and forms an opinion regarding the update's admissibility.Then all the miners apply the quantum honest-success Byzantine agreement protocol introduced in [21] to the update, arriving at a consensus regarding the correct version of the update and whether the update is admissible.Finally, the update is added to the copies of the database of every node if at least half of the miners agree that the update is admissible.

Quantum bit commitment
Bit commitment, used in a wide range of cryptographic protocols (e.g.zeroknowledge proof, multiparty secure computation, and oblivious transfer), typically consists of two phases, namely: commitment and opening.In the commitment phase, Alice the sender chooses a bit a (a = 0 or 1) which she wishes to commit to the receiver Bob.Then Alice presents Bob some evidence about the bit.The committed bit cannot be known by Bob prior to the opening phase.Later, in the opening phase, Alice discloses some information needed for reconstructing a. Bob then reconstructs a bit a ′ using Alice's evidence and announcement.A correct bit commitment protocol will ensure that a ′ = a.A bit commitment protocol is concealing if Bob cannot know the bit Alice committed before the opening phase and it is binding if Alice cannot change the bit she committed after the commitment phase.
The first quantum bit commitment (QBC) protocol was proposed in 1984 by Bennett and Brassard [3].A QBC protocol is unconditionally secure if any cheating can be detected with a probability arbitrarily close to 1. Here, Alice's cheating means that Alice changes the committed bit after the commitment phase, while Bob's cheating means that Bob learns the committed bit before the opening phase.A number of QBC protocols are designed to achieve unconditional security, such as those of [4,5].However, according to the Mayers-Lo-Chau (MLC) no-go theorem [17,16], unconditionally secure QBC in principle can never be achieved.
Although unconditional secure QBC is impossible, several QBC protocols satisfy some other notions of security, such as cheat-sensitive quantum bit commitment (CSQBC) protocols [8,6,19,13,30] and relativistic QBC protocols [12,1].In CSQBC protocols, the probability of detecting cheating is merely required to be non-zero.With this less stringent security requirement, many QBC protocols which are not unconditional secure are regarded as secure in the cheat-sensitive sense and they are also resilient to the attack of quantum computers.
In Sun and Wang [20] a CSQBC is proposed which is more secure and efficient than all other existing CSQBC protocols.According to Tatar et al [23], this protocol is also piratically resilient to the entanglement attack, which damages the unconditional security of many QBC protocols [17,16].Moreover, this protocol is implementable by the current technology.Although it is discovered that all CSQBC protocols are flawed if there is no mechanism of punishment, this flaw is fixed by running CSQBC on quantum blockchain, as it is shown in [21].

Voting on quantum blockchain
In the simplest setting of voting, n voters vote on an issue.Every voter V i has a private binary value v i ∈ {0, 1}, where v i = 0 means disagree and v i = 1 means agree.The following is our protocol for simple voting, of which the structure is similar to (and simpler than) the voting protocol on the Bitcoin blockchain [29,25].It consists of two phases: the ballot commitment phase and the tally phase.
(a) For each i ∈ {1, . . ., n}, voter V i generates the i-th row of an n × n matrix of integers r i,1 , . . .r i,n , whose sum j r i,j and 0 are congruent modulo n + 1.That is, j r i,j ≡ 0 (mod n + 1).(b) For each i and j, voter V i sends r i,j to V j via quantum secure communication [3,31].(c) Now for each i, voter V i knows the i-th column r 1,i , . . ., r n,i .Then he computes his masked ballot v i ≡ v i + j r j,i (mod n + 1).V i commits v i to every miner of the blockchain by the CSQBC protocol of Sun and Wang [20].2. Tally by decommitment.
(a) For each i, V i reveal v i to every miner of the blockchain by opening his commitment.(b) All the miners run the quantum honest-success Byzantine agreement protocol [21] to achieve a consensus of on the masked ballot v 1 , . . ., v n .(c) The result of voting is obtained by calculating i v i , which equals to i v i because i v i ≡ i (v i + j r j,i ) ≡ i v i + i,j r j,i ≡ i (v i + j r i,j ) ≡ i v i (mod n + 1).

Security analysis
Our voting protocol satisfies the following security requirements: This is ensured by the authentication procedure of the blockchain: only authenticated voters can successfully communicate to the miners.6. Fairness.This is ensured by the concealing property of quantum bit commitment.7. Self-tallying.This is because the blockchain is a transparent database.All data on the blockchain is accessible to every interested user.

Conclusion and future work
This paper proposes a simple voting protocol based on quantum blockchain.Besides being simple, our voting protocol is anonymous, binding, non-reusable, verifiable, eligible, fair and self-tallying.Our voting protocol is also realizable by the current technology.
We have demonstrated that quantum blockchain can significantly simplify the task of electronic voting.In the future, we are interested in applying quantum blockchain to other fields such as auction and mechanism design.We believe quantum blockchain will also simplify these tasks.