1. Introduction
The 2030 Agenda for Sustainable Development and its Sustainable Development Goals set a series of key development goals for developed and developing countries to eliminate poverty, protect the planet and ensure the prosperity of all people. One of the priorities agreed by Member States is social protection, which has been repeatedly mentioned in the agenda as the main means of reducing poverty and eliminating inequality. The short-term goal of social protection is to help people meet basic needs, provide basic income levels for people living in poverty or prevent people from falling into poverty due to disease or drought. Long-term goals include increasing opportunities for inclusive growth, human capital development and social stability. Social protection appears in many targets in the Sustainable Development Goals (SDG), including Goals 1, 3, 5, 8 and 10 [
1]. One of the types of social protection is social assistance, which is designed to help the most vulnerable individuals, families and communities to meet the social floor and improve living standards. The actions of social assistance may include welfare and social services to highly vulnerable groups, non-contributory transfers in cash, vouchers, or in-kind to individuals or households in need and temporary subsidies in times of crisis [
2]. Therefore, social welfare is closely related to the social dimension of sustainability [
3].
Issuing vouchers is one of the ways in which a government or non-profit organization can implement a social welfare program [
4,
5], as near-cash transfer has some benefits, such as increased income, consumption, expenditure and asset accumulations, and improved health outcomes [
6]. A voucher is a kind of ticket which can be used instead of money to pay for something [
7]. The person who receives the voucher can go to a certified store to purchase services or goods. The certified stores then ask the government or non-profit organizations for money with the voucher received. Government or non-profit organizations may use cash vouchers to reach consumption incentives or public welfare. In Zambia, poverty is a challenge that this country has always faced. Since agriculture is the main economic body, the Zambian government launched the Farmer Input Support Program (FISP) to subsidize farmers’ crop losses due to natural disasters. The government issued a physical pre-paid voucher card to the farmer, and the farmer can use the card to redeem agricultural input supply. Zambia expects farmers who have been subsidized for two years to leave the plan, but the government has no way to track who has reached the subsidy deadline, thus the cost of FISP has exploded. Later, Zambia decided to build an electronic voucher system to try to solve some problems [
8,
9]. However, the Zambian government still faced some problems, which we will discuss later in the next section.
Since a voucher is equivalent to proof of cash value and is not redeemable for cash, the anti-counterfeiting of vouchers is a very important issue. Because vouchers have a welfare purpose, only eligible individuals can receive and use vouchers. Therefore, preventing the transfer of vouchers is also a very important issue. Moreover, the relevant parties involved in the e-voucher system are more diverse than those involved in the general admission system, so mutual trust between groups is a key factor in the success of the e-voucher system. Recently, an emerging technology, called blockchain, has brought many new opportunities to the industry. Blockchain technology achieves trust among parties and fault tolerance through cryptography and decentralized architecture. The blockchain has evolved over several stages since its introduction. Virtual currency is the earliest application of blockchain technology. Gradually, it has been found that the special features of blockchain technology mean that it can be employed in many innovative applications in various industries. Nowadays, various products and services using blockchain technology have been proposed, including those in finance, agriculture, food and transportation. Some scholars have also begun to explore the application opportunities of blockchain technology in sustainable development [
10]. So far, very few studies related to e-ticket systems have used blockchain technology [
11,
12]. Moreover, studies using blockchain technology have not proposed a system architecture for vouchers. A provable identity is necessary for accessing social benefits like vouchers, pensions or cash transfers. One of the remarkable properties of blockchain technologies is their ability to provide a provable identity [
13]. Therefore, the purpose of our paper is to design a blockchain-based system for vouchers. By introducing blockchain technology, the proposed system can address the above issues related to vouchers.
The remainder of this paper is organized as follows: In
Section 2, social protection instruments, legacy technology of ticketing systems, and prerequisite knowledge are reviewed; in
Section 3, the general framework of the e-voucher system is described in detail;
Section 4 presents a security analysis of the proposed e-voucher system;
Section 5 provides a case study and implementation of the framework; and finally, conclusions are provided in
Section 6.
4. Security Analysis
In
Section 2.2, we proposed several security requirements for the e-voucher system. In this section, we will analyze how the system meets these security requirements.
Proposition 1. The proposed e-voucher system preserves the authenticity of the e-voucher.
There are two roles that are required to verify the authenticity of the e-voucher issuer, i.e., the non-profit organization o. One is the beneficiary b, and the other is the dealer d. Each e-voucher sent to b or d is accompanied by the digital signature of o, DSo. Both b and d can read the public key of o, ecc_pko, from the blockchain, to verify the e-voucher and DSo. Moreover, only o has the right to write its ECC public key into the blockchain. Therefore, we can ensure that the proposed system has the property of verifying the authenticity of the issuer of the e-voucher.
Proposition 2. Modification of the e-voucher can be discovered.
As we mentioned above, both b and d receive the e-voucher Vi with DSo. To verify Vi and DSo, b and d re-hash the Vi and decrypt DSo with the public key of o, ecc_pko, retrieved from the blockchain. If the content of the e-voucher is modified, the re-hashing result and the decrypting result must be different because SHA-256 is believed to have a very high collision resistance. This means that the probability of two different messages being calculated to output the same digest is extremely low. Therefore, forgery or alteration of the e-voucher can be discovered immediately.
Proposition 3. The proposed e-voucher system prevents anyone from reproducing the e-voucher.
Because of the nature of the consortium blockchain, only the non-profit organization has the right to write issued e-vouchers into the blockchain. Moreover, the issuance and redemption of the e-voucher will also be recorded in the blockchain. Whether any e-voucher has been issued or redeemed can be verified through the records of the blockchain. Moreover, the voucher Vi and digital signatures DSo sent to the beneficiary b will be encrypted with the b’s RSA public key rsa_pkb. Even if other people intercept the transmitted message, they cannot recover Vi and DSo without the matched RSA private key rsa_skb. Therefore, it is meaningless and not profitable to reproduce the e-voucher.
Proposition 4. The non-profit organization cannot deny the emission of the e-voucher, and the beneficiary cannot deny the usage of the e-voucher.
When issuing the e-voucher, the non-profit organization o signs the e-voucher with its private key ecc_sko. The public key ecc_pko that matches ecc_sko is recorded in the blockchain. If DSo is verified using ecc_pko, the non-profit organization o cannot repudiate the issuance of the e-voucher because ecc_pko and ecc_sko match. Moreover, once ecc_pko is written into the blockchain, o cannot deny the authenticity of ecc_pko due to the undeniable nature of the blockchain.
Proposition 5. The beneficiary cannot redeem the same e-voucher repeatedly.
Because our system uses the consortium blockchain architecture, only trusted members can join the alliance, and only the dealer has the right to write the blockchain with e-voucher usage records. Once the dealer verifies that the e-voucher is correct and delivers the goods to the beneficiary, the usage of the e-voucher will be recorded in the blockchain. If an e-voucher exhibits repeated consumption, the dealer can immediately detect this from the blockchain record.
Proposition 6. The authorization of the holder can be verified.
A qualified beneficiary b needs to provide the ECC public key ecc_pkb to the non-profit organization o to write it into the blockchain. Once ecc_pkb is written into the blockchain, ecc_pkb and ecc_skb are bound together, so that b cannot re-generate another pair of ECC private keys to sign the e-voucher; otherwise, b will not be able to use the e-voucher. It is reasonable to say that ecc_skb must be kept privately. Therefore, as long as the digital signature can be verified with ecc_pkb, the identity of the holder can be confirmed.
Proposition 7. The beneficiary cannot transfer the e-voucher to others.
Before using the e-voucher, the beneficiary b needs to sign the e-voucher with ecc_skb. As we have mentioned above, ecc_pkb and ecc_skb are bound together, and reasonably, ecc_skb must be kept privately. Even if the e-voucher is transferred to another person, this e-voucher is not useful to others because others do not have the private key ecc_skb paired with the public key ecc_pkb. Consequently, it is impossible for others to generate the correct digital signature. Therefore, the e-voucher is not transferable.
6. Conclusions
This research proposes an e-voucher system using the architecture of the consortium blockchain. A voucher in this study refers to a kind of ticket that can be used to pay for goods or services, and the issuance of the voucher has social welfare purposes. The so-called social welfare purpose means that the voucher is mainly used to subsidize specific groups, such as low-income households or unemployed workers. Therefore, the voucher is not only an asset, but its use and flow must be able to be monitored; otherwise, it may not be possible to subsidize those who really need it. The characteristic of the consortium blockchain is that it can monitor and track the use and flow of valuable assets. Anyone who wants to use a voucher must be audited to join the alliance.
In addition, this research uses Hyperledger Fabric, which has the characteristics of identity management, a high performance, privacy protection, etc., and enables the complete and secure transfer of assets between organizations. In other words, Hyperledger Fabric is very suitable for business transaction scenarios with permission control and involving multiple roles. The voucher issuance and redemption of this study involves members of different parties, including the non-profit organization, the beneficiaries, and the dealers. At the same time, different permissions must be set for different members. Through security analysis, we have shown that the proposed system can confirm the identity of the issuer, ensure the authenticity of the e-voucher, and achieve non-anonymity and non-transferability. Because the proposed system automates the issuance and redemption of vouchers and can achieve security, this system does not only enable mutual trust without a third party, but also improves the efficiency of the entire process. Finally, this study shows that the system has a good performance through a large amount of experimental data.
6.1. Theoretical Implications
As e-tickets are valuable assets, there must be a trustworthy mechanism supporting the transaction of e-tickets. The traditional e-ticket system introduces a trusted third party (TTP) to verify the transactions to achieve mutual trust among the parties involved in the transactions [
17,
19,
20]. A trusted third party may be an independent agency or a trading platform. Any transaction, such as the issuance or redemption of a ticket, must be sent to the TTP for verification. It can be seen that a TTP is a centralized agent. Once this single, centralized TTP collapses, it represents the collapse of the trust mechanism of the e-ticket system. TTP has been criticized, in fact, for being a security hole [
29]. Unlike traditional electronic tickets, this research introduces blockchain technology as the trust mechanism of the system. The blockchain network itself is a decentralized trust mechanism. Any transaction that needs to be written into the decentralized ledger must obtain the consensus and endorsement of nodes over the blockchain network. Instead of relying on the central institution, this study can avoid the system risk caused by the collapse of the central agent.
The implementation of social welfare policies must ensure that beneficiaries truly benefit from social welfare. Therefore, e-voucher systems with social welfare purposes need to provide an identity authentication mechanism. In the e-voucher system under the Farmer Input Supply Program (FISP), the Zambian government delivers the beneficiary a physical card, called a Voucher Scratch Card (VSC), which is linked to the beneficiary’s national registration card (NRC) number. The beneficiaries enter the VSC number and NRC number using their mobile phone to redeem the goods. The e-cards are issued by the Zambia National Farmers Union (ZNFU), and the beneficiaries are approved by the Farmer Organization. However, the approved beneficiary list is not directly sent to ZNFU, but passed to ZNFU through three units, which are the Camp Agricultural Committee (CAC), District Agricultural Coordinator (DACO) and Ministry of Agriculture (MoA); the e-card is not directly issued to the beneficiary, but sent to the beneficiary through DACO. This process delays the delivery of the approved beneficiary list, which in turn leads to the delayed submission and activation of e-cards [
9]. The beneficiaries must show the physical VSCs to verify their identity, and a delay in getting the card means that they cannot get the subsidy on time. This research uses digital signatures and asymmetric cryptography as the identity authentication mechanism. The private key is stored privately on the beneficiary’s phone, and the public key paired with it is recorded in the blockchain. This study does not include the delivery of physical cards and generates a QR code with an e-voucher and digital signature on the beneficiary’s mobile phone. The beneficiary only needs to show the QR code to the dealer, and the e-voucher and identity are verified promptly since all data are digitized. As a result, the entire process can be simplified without layer-by-layer transfer. Even if the process is simplified, this research still maintains the security and trust mechanism because the blockchain is introduced.
6.2. Managerial Implications
Considering fairness, the implementation of social welfare often needs to add some additional conditions or restrictions. Zambia’s FISP originally set the beneficiary’s benefit period to be two years so that FISP could take care of more beneficiaries without adding a large financial burden. However, the government has failed to remove any beneficiaries from the plan. Consequently, the number of beneficiaries is growing rapidly, and the costs of FIST are becoming higher and higher, which impacts other agricultural budgets. Nevertheless, even since the implementation of the e-voucher system, the government has not established and enforced graduation conditions [
9]. From the example of Zambia’s FISP, if restrictions cannot be properly set and enforced, it will have a serious impact on the fairness and costs of social welfare. This study can help non-profit organizations to enforce the restrictions of social welfare. All the restrictions can be programed as a secured stored procedure, called a smart contract, and the smart contract enables the blockchain to enforce these restrictions in an automated way and without third parties. It is of great significance not to rely on the implementation of social benefits by third parties. If there must be a TTP trusted by all participants, the TTP essentially becomes an arbiter to decide who may or may not follow the protocol [
29]. As a result, social welfare resources may be deliberately manipulated, which makes the restrictions meaningless. Because this study introduces the blockchain without relying on TTP, the implementation of restrictions can be prevented from being manipulated. In addition, human resources can be saved due to the automated execution of restriction.
It is important for the organizations to comply with government regulations. According to Taiwan’s Regulations Governing the Standards for Information System and Security Management of Electronic Payment Institutions, RSA 2048 bits and ECC 256 bits are suggested for ensuring confidentiality, integrity and authentication, and SHA256 and ECC 256 bits are suggested for digital signature to ensure non-repudiation [
30]. In this study, the e-voucher and digital signature of the non-profit organization are encrypted using RSA 2048 bits, and the digital signatures of the non-profit organization and the beneficiary are generated using SHA256 and ECC 256 bits. Therefore, the system processes and architectures proposed in this study are feasible and compliant with regulations.
6.3. Socio-Political Implications
In September 2015, the UN Sustainable Development Summit released the 2030 Agenda for Sustainable Development and proposed 17 Sustainable Development Goals (SDG). Goal 1 is to eradicate poverty for all people everywhere and promote equality. Goal 10 is to reduce inequality within and among countries, and one of the targets of Goal 10 is to adopt universal policies and pay attention to the needs of disadvantaged and marginalized populations [
31]. The government can implement social welfare policies via issuing vouchers to help those disadvantaged and marginalized populations. However, the government must attract more dealers to participate in the redemption of vouchers to facilitate the implementation of this policy. The proposed system enables the government and dealers to trust each other, so dealers may be more willing to cooperate with the government. As a result, the policy can benefit more people in need. In addition, beneficiaries may be reluctant to apply to the government agency in person because they fear discrimination from others. Vouchers can be applied for online to avoid the psychological burden and possible discrimination of applicants who apply to social welfare agencies in person. The proposed system allows beneficiaries to complete voucher applications online, which can reduce their psychological burden.
6.4. Limitations
This study does not consider cash flow between the non-profit organization and the dealers. The clearance of vouchers is handled separately by the non-profit organization and dealers. In fact, the complete process should include the participation of financial institutions. The non-profit organization places funds in financial institutions, and the funds can immediately be remitted to the dealer once the e-voucher is redeemed. In future works, the process and system should be further re-designed to consider the role of the financial institution. In addition, this study lacks a reward mechanism for dealers. Although this study can ensure that the dealers do not suffer from financial losses due to illegal tickets or illegal users, it only prevents dealers from excluding cooperation with the government. Strong economic incentives are key to drawing dealers into actively participating in the cooperation. Therefore, future research could design tokens as a mechanism for rewarding each redemption provided by dealers.