Designing a Robust Quantum Signature Protocol Based on Quantum Key Distribution for E-Voting Applications

Abstract

The rapid advancement of internet technology has raised attention to the importance of electronic voting in maintaining democracy and fairness in elections. E-voting refers to the use of electronic technology to facilitate the casting and counting of votes in elections. The need for designated verification arises from concerns about voter privacy, auditability, and the prevention of manipulation. Traditional e-voting systems use cryptographic techniques for security but lack verifiable proof of integrity. Integrating e-voting with a quantum designated verifier could address these challenges by leveraging the principles of quantum mechanics to enhance security and trustworthiness. In light of this, we propose a quantum e-voting scheme that uses a designated verifier signature. To ensure the confidentiality and authenticity of the voting process, the scheme uses quantum features like the no-cloning theorem and quantum key distribution. The proposed scheme has security properties like source hiding, non-transferability, and message anonymity. The proposed scheme is resistant to many quantum attacks, such as eavesdropping and impersonation. Due to designated verification, the scheme minimizes the risk of tempering. This paper provides a detailed description of the proposed scheme and analyzes its security properties. Therefore, the proposed scheme is efficient, practical, and secure.

1. Introduction

Voting has always been crucial in democratic processes, and in the context of internet development, the voting system is evolving to meet the demands of modern society. In the traditional voting system, voters cast their paper ballots in person at the polling station. However, driven by the need for efficiency, accessibility, accuracy, and the dynamic requirements of elections, this paper-based voting method has been replaced with an electronic voting system. E-voting is an electronic system for collaborative decision-making or voting, with the potential to make casting votes easier and more inclusive [1]. It handles voter registration, vote input and casting, encryption, transmission, storage, counting, and result tabulation. E-voting systems not only minimize the time spent voting and counting but also reduce human errors in the voting process. The entities involved in electronic voting include election authorities, voters, and the tally clerk [2]. Election authorities are responsible for initiating voting activities, including determining the list of candidates, legitimate voters, and other relevant parameters. The role of voters is to cast a legal vote on voting content initiated by election authorities and to generate a valid signature on their ballots. Meanwhile, the tally clerks verify and count each vote and then announce the result [3].

While e-voting has advantages in terms of security, convenience, and accuracy compared with manual voting, there are still areas that require improvement in electronic voting systems. The primary concerns of these systems are regarding the confidentiality and verifiability of ballots, scalability, and vulnerabilities against cyber-attacks, including hacking, manipulation, and unauthorized access, potentially compromising the accuracy of election results [4]. Additionally, substantial privacy concerns regarding potential identity theft, vote purchasing, and coercion can damage voter anonymity. These inherent challenges underscore the urgent need for more secure, private, scalable, and transparent alternatives to electronic voting.

Cryptographic protocols such as encryption, signature, and authentication are the underlying components that provide security against several security threats in the e-voting system [5]. Numerous signature and authentication protocols are in the literature. Furthermore, currently deployed systems such as the Estonian one, Helios, and the Swiss voting system employ cryptographic protocols whose security depends on computationally hard problems such as factoring large numbers or resolving discrete logarithm problems. However, with the development of quantum computers, the security of these cryptographic approaches is challenging because of their ability to efficiently solve these problems [6]. Hence, the significant processing power of quantum computers poses a potential threat to conventional cryptography, making widely used algorithms susceptible to Shor’s algorithm [7]. Therefore, it makes the classical e-voting system vulnerable to quantum attacks. It is imperative to find solutions that not only resolve the inherent challenges of classical e-voting but also resolve quantum challenges.

A novel approach called “quantum e-voting” uses quantum mechanics and offers potential solutions that enhance the robustness and security of electronic voting systems. Quantum voting approaches depend on the principles of quantum mechanics, such as the no-cloning theorem, quantum entanglement, and the Heisenberg Uncertainty Principle [8]. Quantum electronic voting uses quantum phenomena in encryption and secure transmission protocols to encode and protect voting data, ensuring voter privacy and making it extremely difficult for third parties to access or manipulate voter information [9]. Furthermore, because of quantum computing’s inherent parallelism and computational power, it can handle a significantly larger number of voters. Quantum e-voting, which uses quantum cryptographic techniques, can provide security and verifiability. Quantum cryptography has become a significant area in secure communication, drawing on the fundamental principles of quantum mechanics. Quantum cryptography-based authentication and signature protocols have emerged, attracting the attention of researchers and academia. A quantum-designated verifier signature (QDVS) is a digital signature that is applicable in various applications, including electronic voting systems [10]. In the context of e-voting, a designated verifier is an entity that can verify the integrity of a quantum signature without being able to transfer the conviction to any third party [11]. Voters can ensure verifiability and confidentiality by employing this to prove the authenticity of their votes without revealing their exact content. QDVS employs the principles of quantum mechanics, such as quantum entanglement and superposition, which also provide security against quantum attacks [12]. Therefore, this integration of quantum cryptography and quantum e-voting is able to resolve the intrinsic challenges and quantum threats of the classical voting system.

1.1. Motivation and Research Contribution

The rise of quantum computers has resulted in security concerns in classical DVS systems. This prompted us to develop a quantum-designated verifier scheme based on identity that offers improved security and efficiency. Our aim is to overcome significant challenges by exploring the domain of quantum security. Moreover, this motivation emphasizes the significance of participating in the development of novel cryptographic methods that use quantum principles. As a result, we have proposed a scheme for electronic voting that uses quantum-designated verifier signatures. The main contributions of our work are as follows:

• Firstly, an identity-based quantum designated verifier signature scheme for e-voting is proposed. This framework incorporates important security properties and is a unique approach.
• Secondly, a comprehensive security analysis is conducted to ensure the robustness of the proposed quantum signature framework. The framework demonstrates resilience against various cryptographic attacks.
• Thirdly, our scheme is implemented using the programming language Python and the tool Scyther, which effectively combines execution and simulation. We carefully evaluate the costs and advantages of our protocol and find that it is well suited for secure communication.

In summary, our study introduces a secure e-voting scheme and a resilient quantum signature framework and demonstrates the effectiveness of our protocol in real-world scenarios.

1.2. Related Work

Several studies have proposed different approaches for designing robust quantum signature protocols for e-voting applications. In 2006, Hillery et al. [13] introduced the concept of the traveling ballot and distributed ballot schemes for quantum voting. Ensuring privacy in communication, especially in contexts such as fair voting, is crucial. This study examines the use of quantum resources to enhance privacy levels and presents novel quantum protocols. The discussion also considers the potential for secure voting schemes, emphasizing the progress in quantum communication for protecting sensitive interactions.

In 2007, Vaccaro et al. proposed a quantum protocol for voting and surveying [14]. In their scheme, quantum protocols offer anonymity and efficient tallying through entangled states, providing significant reduction computational complexity compared with classical schemes. Horoshko et al. [15] proposed a quantum anonymous voting with an anonymity check. Their proposed work offers robust protection against both curious tallymen and dishonest voters. It allows voters to verify anonymity through entangled states, and any attempted cheating by the tallyman is detectable, ensuring the integrity of the voting process.

In 2017, Zhang et al. [1] proposed a quantum signature protocol based on entanglement swapping. The scheme applies the physical attributes of quantum mechanics to enable voting, counting, and immediate supervision. The quantum voting scheme leverages the quantum proxy blind signature and Charlie’s oversight to ensure fairness and prevent manipulation by Bob. In their protocol, the designated verifier can verify the signature without knowing the signed message by exploiting the entanglement between the signer and the verifier.

In 2021, Li et al. [16] proposed a quantum voting protocol using unitary operations and encrypted ballots based on single-particle states that offers a secure and tamper-resistant approach for selecting multiple winners. The implemented grouping strategies effectively mitigate the impact of candidate and voter numbers on quantum state preparation, reinforcing the protocol’s resilience against various malicious attacks.

In 2021, Zheng et al. [17] proposed a practical quantum designated verifier signature scheme for e-voting applications. They also claimed that existing quantum designated verifier signature (QDVS) schemes pose challenges in implementation. This study introduced a practical QDVS scheme tailored for E-voting applications. The proposed scheme uses quantum key distribution (QKD) without entanglement, offering straightforward deployment over existing networks while satisfying the main security requirements. It also demonstrates the demonstrating resilience against common cyber-attacks. The majority of voting protocols rely on quantum entanglement, which is challenging because of decoherence effects. Eliminating the requirement of entanglement is a significant advancement toward practical quantum voting protocols. A Quantum Electronic voting scheme is proposed in this paper, which is based on a quantum-designated verifier. The proposed scheme is an ID-based scheme that uses quantum key distribution for the distribution of keys. One time pad (OTP) [18] is also used in our proposed scheme, which ensures security by using each key only once, preventing information leakage and enhancing the privacy and authenticity of the quantum signature. The key used for signature generation is never reused, making it resistant to cryptographic attacks.

1.3. Paper Structure

This paper is structured as follows: Section 2 discusses the system model of the proposed scheme. Section 3 discusses the proposed e-voting scheme. Section 4 examines the security analysis of the proposed scheme. Section 5 evaluates the performance of the proposed scheme. Finally, the paper is concluded in Section 6.

2. Quantum E-Voting System

There are three participants involved in our scheme: voters—individuals casting their votes electronically; election authority—responsible for managing keys and overseeing the election; and tally clerk—who verifies the authenticity of the votes. Each participant is connected to the election authority. Several specific properties of the quantum e-voting system are described below Figure 1.

• The election authority has many quantum resources and computational capabilities, whereas participants in the same domain have limited resources.
• Through the election authority, participants exchange distributed and correlated key strings by executing the quantum portion of quantum key distribution (QKD).
• A designated participant acts as the voter and tally clerk to start electronic voting. The election authority sends the voting content as a judgment question to the other participants.
• Other participants create pre-signatures for a one-bit answer. Bit 1 (Yes) indicates approval, while bit 0 (No) indicates disapproval, serving as their ballots.
• Participants send their pre-signatures to the election authority and ask for actual signatures to be sent to the ballot collector.
• The ballot collector gathers all signatures and counts the number of ballots issued, concluding the voting process.

3. Preliminaries

In this particular section, we describe the fundamental concepts that are of assistance in the domain of quantum computing. In addition, we discuss the fundamental principles of quantum mechanics that are employed in our proposed framework.

3.1. No-Cloning Theorem

The no-cloning theorem was first formulated in 1982 by Wootters, Zurek, and Dieks [19]. It states that it is impossible to create an identical copy (or clone) of an arbitrary unknown quantum state. This theorem is important for quantum information and computing. In classical information theory, the act of duplicating information is typically possible, but this is not the case in the quantum realm. The no-cloning theorem posits that the replication of an arbitrary unknown quantum state with complete precision is not feasible. This limitation is related to quantum superposition and entanglement. It implies that measuring or copying a quantum state disturbs it and perfect copies of quantum information cannot be made. This limitation affects cryptographic protocols, quantum information processing, and quantum communication systems’ unique features and security.

3.2. Heisenberg Uncertainty Principle

The Heisenberg Uncertainty Principle was introduced in 1927 by German physicist Werner Heisenberg [20]. It explains that some physical properties cannot be measured with complete accuracy. More precise knowledge of one property leads to less precise knowledge of another.

Mathematically, the Heisenberg Uncertainty Principle is commonly expressed as:

$$\Delta x.\Delta p\ge h/2$$

(1)

where:

• $\Delta x$ is the uncertainty in position.
• $\Delta p$ is the uncertainty in momentum.
• h is the reduced Planck constant, approximately equal to $1.054571\times {10}^{-34} \mathrm{Js}$.

The Heisenberg Uncertainty Principle sets constraints on how well certain pairs of properties can be known at the same time. This is a fundamental aspect of quantum systems, not due to experimental constraints. The more precisely one measures position, the less precisely momentum can be determined. The principle has profound implications for understanding particle behavior at the quantum level and has far-reaching consequences in quantum fields. It challenges the classical intuition and assumes a central position in the establishment of quantum mechanics.

3.3. Quantum Key Distribution (QKD)

Quantum key distribution (QKD) is a cryptographic method that allows two parties, often called Alice and Bob, to create a shared secret key over an unsecured channel (Figure 2). This key is utilized for encrypting and decrypting messages, guaranteeing secure communication between the two parties. QKD protocols are built to withstand different eavesdropping attempts by leveraging principles from quantum mechanics like the uncertainty principle and the no-cloning theorem [21].

4. The Proposed Quantum E-Voting Scheme

4.1. Initialization Phase

There are three partners involved in our scheme: the voter, election authority (EA), and tally clerk. Let $I{D}_{Ai}$ be the IDs of the voters having a string of length d, where $d=\lceil {log}_{2}N\rceil$ which defines the number of potential participants N. Define $T_i:{\{0,1\}}^n⟶{\{0,1\}}^n$; $i=1,2,3,\dots$, and ${T_i}^{-1}$ is the inverse permutation of $T_i$. Let $I{D}_q$ be the broadcast question of length u. Let $I{D}_A=(x_1,x_2,\dots ,x_n)$ be the identity of the voter and $I{D}_B=(y_1,y_2,\dots ,y_n)$ be the identity of the tally clerk having a string of length n. We also use the Hadamard operator (

Table 1. Notation table.

Symbol	Description
H	Hadamard Operator
I	Identity operator
⊕	XOR operator
$T_i$	Permutation function
${T_i}^{-1}$	Inverse permutation function
l	Decoy Particle
d	Logarithmic function
K	Cryptographic one-way function
$\beta$	Private Key
N	No. of Voters
$I{D}_{Ai}$	Voter’s Identities
$I{D}_q$	Broadcasting Question

)

$$H=(|0\rangle \langle 0|+|1\rangle \langle 0|+|0\rangle \langle 1|-|1\rangle \langle 1|)\sqrt{2}$$

and on the other hand, we define $H^0=I$, where I is the unit operator.

4.2. Key Generation Phase

• The EA established a bulletin board and revealed specific identification numbers $N,I{D}_{A_i}$ and $I{D}_q$ for participants.
• A voter $A_i$ submits a registration application to EA, who confirms the voter’s identity and eligibility to vote.
• EA privately selects a hash function $K:{\{0,1\}}^{\ast }⟶{\{0,1\}}^n$ with equal distribution before generating the key. K is the master key of the EA, and it generates private keys for voters and tally clerks using its own master key:

  $$\begin{array}{cc}\hfill {\beta }_A& =K\left(I{D}_A\right),\hfill \end{array}$$

  (2)

  $$\begin{array}{cc}\hfill {\beta }_B& =K\left(I{D}_B\right).\hfill \end{array}$$

  (3)

  where $I{D}_A=(x_1,x_2,\dots ,x_n)$ and $I{D}_B=(y_1,y_2,\dots ,y_n)$ are the identities of the voter and clerk.
• According to the quantum key distribution protocol, EA distributes the pads e and d with voter:

  $$\begin{array}{cc}\hfill e^{\prime }& =e\oplus {\beta }_A\hfill \end{array}$$

  (4)

  $$\begin{array}{cc}\hfill d^{\prime }& =d\oplus {\beta }_B\hfill \end{array}$$

  (5)

  where ${\beta }_A={\beta }_1^A,{\beta }_n^A,\dots ,{\beta }_n^A$ and ${\beta }_B={\beta }_1^B,{\beta }_1^B,\dots ,{\beta }_n^B$ are the private keys of the voter and tally clerk.
• EA makes public $e^{\prime }$ and $d^{\prime }$. Then, using secret pads, the voter and tally clerk calculate their private keys:

  $$\begin{array}{cc}\hfill {\beta }_A& =e^{\prime }\oplus e\hfill \end{array}$$

  (6)

  $$\begin{array}{cc}\hfill {\beta }_B& =d^{\prime }\oplus d\hfill \end{array}$$

  (7)

4.3. Voting Phase

• In this step, the voter and tally clerk make use of quantum key distribution (QKD) to establish a shared secret string $s=(s_1,s_2,s_3,...,s_n)$ of n bits. Let $m=(m_1,m_2,\dots ,m_n)\in {\{0,1\}}^m$ be the vote to be signed. This string will serve as an OTP in the future. EA picks n-bit strings at random $p=(p_1,p_2,p_3,\dots ,p_n)$, $q=(q_1,q_2,q_3,\dots ,q_n)$ and $r=(r_1,r_2,r_3,\dots ,r_n)$ and defines:

  $$\begin{array}{cc}\hfill q_i& =p_i\oplus {{\beta }_i}^B\hfill \end{array}$$

  (8)

  $$\begin{array}{cc}\hfill r_i& =p_i\oplus {{\beta }_i}^A\hfill \end{array}$$

  (9)

  for each $|q_i\rangle$ and $|r_i\rangle$.
• Next, EA performs $H^{{{\beta }_i}^A}$ and $H^{{{\beta }_i}^B}$ on $|q_i\rangle$ and $|r_i\rangle$ to obtain the sequences:

  $$\begin{array}{cc}\hfill |{\alpha }_i\rangle & =H^{{{\beta }_i}^A}|q_i\rangle \hfill \end{array}$$

  (10)

  $$\begin{array}{cc}\hfill |{\gamma }_i\rangle & =H^{{{\beta }_i}^B}|r_i\rangle \hfill \end{array}$$

  (11)
• Let $|\alpha \rangle ={\otimes }_{i=1}^N|{\alpha }_i\rangle$ and $|\gamma \rangle ={\otimes }_{i=1}^N|{\gamma }_i\rangle$. After that, EA generates l decoy particles ($l\gg n$) chosen from the set $\{|0\rangle ,|1\rangle ,|+\rangle ,|-\rangle \}$ for checking eavesdropping. EA obtains $|{\alpha }_i^{\prime }\rangle$ by inserting l into $|{\alpha }_i\rangle$ and obtains $|{\gamma }_i^{\prime }\rangle$ by inserting l into $|{\gamma }_i\rangle$. Then, we send $|{\alpha }_i^{\prime }\rangle$ to the voter and $|{\gamma }_i^{\prime }\rangle$ to the tally clerk, respectively.
• In the quantum sequences $|{\alpha }_i^{\prime }\rangle$ and $|{\gamma }_i^{\prime }\rangle$, the positions and states of decoy particles are revealed. The EA confirms the receipt of particles. Decoy particles are measured and compared to their initial state. The protocol continues if there are no errors; otherwise, it is resumed or restarted.
• The voter and tally clerk are able to recover the quantum sequences $|{\alpha }_i\rangle$ from $|{\alpha }_i^{\prime }\rangle$ and $|{\gamma }_i\rangle$ from $|{\gamma }_i^{\prime }\rangle$ after testing eavesdropping. For every $|q_i\rangle$, the voter performs the operation $H^{{{\beta }_i}^A}$ on $|{\alpha }_i\rangle$ and obtains $|q_i\rangle$:

  $$|q_i\rangle =H^{{{\beta }_i}^A}|{\alpha }_i\rangle$$

  (12)
  The voter measures each $|q_i\rangle$ with the basis $\{|0\rangle ,|1\rangle \}$. If the measurement outcome is |0〉, then the voter sets $q_i=0$; otherwise, the voter sets $q_i=1$ and obtains $q=(q_1,q_2,\dots ,q_n)$.
• According to $\{m,I{D}_A,I{D}_B,q,s\}$, and the voter’s private key ${\beta }_A$, the voter computes $\varphi =({\varphi }_1,{\varphi }_2,\dots ,{\varphi }_n)$ and $\psi =({\psi }_1,{\psi }_2,\dots ,{\psi }_n)$, where

  $$\begin{array}{cc}\hfill {\varphi }_i& ={{\beta }_i}^A\oplus q_i\oplus s_i\hfill \end{array}$$

  (13)

  $$\begin{array}{cc}\hfill {\psi }_i& =m_i\oplus x_i\oplus y_i\hfill \end{array}$$

  (14)
• For each $|{\psi }_i\rangle$, the voter performs the operation for each $|{\psi }_i\rangle$, on $H_i^{\beta }$ on $|{\psi }_i\rangle$ and obtains

  $$|v_i\rangle =H_i^{\beta }|{\psi }_i\rangle \mathrm{for}i=1,2,3,\dots .$$

  (15)
• Let $|v\rangle ={\otimes }_{i=1}^N|v_i\rangle$ after that. To check the eavesdropping attack, the voter generates decoy particles l ($l\gg n$) at random from the set $\{|0\rangle ,|1\rangle ,|+\rangle ,|-\rangle \}$. The voter inserts these particles into |v〉 and obtains $|v^{\prime }\rangle$. The voter sends $\{m,I{D}_A,I{D}_B,|v^{\prime }\rangle \}$ to the tally clerk. The tally clerk measures each decoy particle and compares the results. If there is an error, the protocol is restarted; otherwise, the next step is executed.
• After ensuring there is no eavesdropping, the tally clerk recovers the quantum sequence |v〉 from $|v^{\prime }\rangle$ and keeps $\{m,I{D}_A,I{D}_B,|v\rangle \}$ as the quantum vote.

4.4. Counting Phase

The tally clerk confirms the given vote $\{m,I{D}_A,I{D}_B,|v\rangle \}$ from the voter. The tally clerk confirms it by performing the following steps:

• According to the tally clerk’s private key, for that received from EA in step 5, ${\beta }_B$, the tally clerk performs operation $H^{{\beta }_i^B}$ on $|{\gamma }_i\rangle$ and obtains:

  $$|r_i\rangle =H^{{\beta }_i^B}|{\gamma }_i\rangle$$

  (16)
  Next, the tally clerk measures $|$ using the basis $|0\rangle ,|1\rangle \}$, and if |0〉 is the measurement result, they set $r_i=0$. In the other case, they set $r_i=1$. The tally clerk then obtains $r=(r_1,r_2,\dots ,r_n)$.
• According to r, ${\beta }_B$, and the secret pad s, the tally clerk calculates:

  $${\varphi }_i^{\prime }=r_i\oplus {\beta }_i^B\oplus s_i\mathrm{for}(i=1,2,\dots ,n)$$

  (17)
• Let ${\varphi }^{\prime }=({\varphi }_1^{\prime },{\varphi }_2^{\prime },\cdots ,{\varphi }_n^{\prime })$. Then, for each $|v_i\rangle$, the tally clerk executes the operation $H^{{\varphi }_i^{\prime }}$ on $|v_i\rangle$ and finds:

  $${\psi }_i^{\prime }=H^{{\varphi }_i^{\prime }}|v_i\rangle$$

  (18)

  The tally clerk conducts measurements on each $|{\psi }_i^{\prime }\rangle$ using the basis $\{|0\rangle ,|1\rangle \}$ and assigns ${\psi }_i^{\prime }=0$ if the measurement yields |0〉. Alternatively, if the measurement outcome is |1〉, they assign ${\psi }_i^{\prime }=1$. Consequently, they obtain ${\psi }^{\prime }=({\psi }_1^{\prime },{\psi }_2^{\prime },\dots ,{\psi }_n^{\prime })$.
• According to m, $I{D}_A$, $I{D}_B$, w, and Equation (14), the tally clerk calculates $\psi =({\psi }_1,{\psi }_2,\dots ,{\psi }_n)$.
• Finally, the tally clerk verifies $\psi ={\psi }^{\prime }$. If $\psi ={\psi }^{\prime }$, the tally clerk accepts $\{m,I{D}_A,I{D}_B,|v\rangle \}$ as the valid vote of the voter; otherwise, the tally clerk rejects the vote.
• After N participants $A_i$ for $i=1,2,...,N$ have finished voting, the tally clerk publishes the final voting results and the corresponding $I{D}_{Ai}$ on the bulletin board for further checking the availability. Finally, Bob counts all the voting results and announces the winning judgment option on the bulletin board.

Figure 3 shows the flow diagram of the proposed algorithm.

5. Security Analysis

In security and analysis phase, we examine the proposed scheme’s security features such as non-repudiation, designated verification, non-transferability and so on.

• Designated verification property
  The proposed QDVS scheme for electronic voting ensures the fulfillment of the designated verification attribute. The tally clerk’s secret key ${\beta }_B$ and secret pad s play a crucial role during the counting stage, with only the tally clerk being privy to the knowledge of the secret pad s and private key ${\beta }_B$. Although EA can calculate ${\beta }_B$, they know nothing about the secret pad s so EA cannot compute ${\varphi }^{\prime }$ in the counting phase step 2. So even the EA cannot verify the QDVS. Therefore, our scheme possesses the property of designated verification.
• Hiding source
  The proposed QDVS scheme satisfies the feature of the hiding source. In our scheme, both the signer and the designated verifier can generate the same QDVS. Given a signature, no one can judge who the original signer is in between the voter and tally clerk. Even if both confidential keys ${\beta }_A$ and ${\beta }_B$ are revealed, an attacker will still not be able to determine the true identity of the original voter, whether it is the voter or the designated verifier tally clerk. This characteristic guarantees that both the voter and designated verifier can generate identical QDVS. No external entity, including EA, can decide who the signer is since

  $$|v_i\rangle =H^{{\beta }_i^A\oplus {\beta }_i^B\oplus p_i\oplus s_i}|m\oplus x_i\oplus y_i\rangle$$

  (19)
• Unconditional security
  Our proposed scheme ensures security through the incorporation of two approaches: the integration of the BB84 protocol to securely establish cryptographic keys between the eligible voters and the election authority by using quantum key distribution, in conjunction with the use of the one-time pad (OTP) for encryption. The security of OTPs lies in the fact that each key is used only once and is never reused. In QDVS, this means that for each voting session, new quantum-generated keys are used to encrypt the votes, which ensures that if an attacker intercept the ciphertext, they cannot derive any meaningful information without the one time pad. The unconditional security of both of these features has been established through empirical demonstrations. Therefore, our proposed QDVS scheme is unconditionally secure.
• Message privacy
  The execution of a one-way hashing function $K:{\{0,1\}}^{\ast }⟶{\{0,1\}}^n$ for the purpose of generating secret keys enhances the level of security. The utilization of XOR operations in both the fourth and fifth steps of Section 4.2 serves to safeguard the quantum keys ${\beta }_A$ and ${\beta }_B$ during the process of distribution. The involvement of public permutation functions $T_i$ adds complexity to the scheme.
• Non-transferability property
  According to Section 4.3, we know that the voter and tally clerk can create an identical QDVS for the vote. The signature created by the voter is indistinguishable from the signature generated by the tally clerk. Hence, the designated verifier cannot prove to any third party that the signature is generated by the voter or by himself. Therefore, the QDVS is non-transferable.
• Security of secret keys and sensitive parameters
  Firstly, an attacker cannot compute the private keys ${\beta }_A$ and ${\beta }_B$ of the voter and tally clerk from the public identities $I{D}_A$ and $I{D}_B$. These secret keys are shared securely by using the quantum key distribution protocol.
  Note that

  $$\begin{array}{cc}\hfill {\beta }_A& =K\left(I{D}_A\right)\hfill \\ \hfill {\beta }_B& =K\left(I{D}_B\right)\hfill \end{array}$$

  where K is the master key of EA. If one-way function K is chosen as a random one-way permutation oracle, the number of set element is $2n!$. The attacker has a low chance of guessing the master key K with probability $1/2n!$. The attacker cannot derive ${\beta }_A$ and ${\beta }_B$ without knowledge of the master key K.
  Secondly, an outside attacker cannot decrypt the private keys from the OTP cipher text $e^{\prime }=e\oplus {\beta }_A$ and $d^{\prime }=d\oplus {\beta }_B$. The OTPs e and d are only known to the voter and tally clerk.
• Non- repeatability:
  Each voter can only vote once and cannot vote again because it holds the property of the no-cloning theorem [19]. The election authority distributes random voter’s IDs to prevent forgery and easily detect repeated voting.
• Untraceability:
  The trace EA should be used to accurately determine the true identify of the target voter who was engaging in malicious communication. Exclusive access to the genuine identities of voters should be limited to the electoral authority alone. The employment of OTP pad with voter IDs and random quantum strings by EA ensures that the original identity cannot be traced by unauthorized individuals, effectively preventing many identity assaults.

5.1. Security Features

The proposed scheme is compared to existing protocols to evaluate its security features. The parameters of comparison include the third participant, the need for quantum one-way function, the need for quantum state swapping test, the need for quantum key distribution protocol, and the probabilistic verification result. The comparison in Table 2 shows that the proposed protocol has several advantages over pre-existing protocols.

5.2. SCYTHER Tool

The paper presents the formal security verification and simulation of the framework using the Scyther simulation tool [22], which is an effective tool for assessing and identifying potential threats and weaknesses in network security protocols. By utilizing the Scyther tool, we demonstrate the resilience of the method against various forms of cryptographic attacks.

Scyther utilizes a security protocol definition as an input to specify security properties, referred to as claim events and outputs, in the overview report and graph for each specific sort of cryptographic attack. The framework is defined in the “security protocol description language (SPDL)”. Furthermore, the protocol definition establishes the particular order in which the voter, election authority, and tally clerk are involved. Figure 4 presents the outcome of the security verification of the proposed protocol using the Scyther tool. The findings suggest that none of the assertions made in the proposed protocol were subjected to any cryptographic attacks.

Table 2. Comparisons of security features.

Scheme	The Third Participant	Entanglement	Swapping Test	QKD Algorithm	Verification Result
[11]	Trusted	✓	✓	✓	probabilistic
[23]	Trusted	✓	×	×	Accurate
[24]	Trusted	×	×	×	Accurate
[25]	Trusted	×	×	✓	probabilistic
[26]	-	✓	✓	×	probabilistic
[27]	Trusted	×	✓	×	Accurate
Proposed	Semi-Trusted	×	×	✓	Accurate

✓: a characteristic is satisfied in a scheme; ×: a characteristic is not satisfied in a scheme.

Table 2. Comparisons of security features.

Scheme	The Third Participant	Entanglement	Swapping Test	QKD Algorithm	Verification Result
[11]	Trusted	✓	✓	✓	probabilistic
[23]	Trusted	✓	×	×	Accurate
[24]	Trusted	×	×	×	Accurate
[25]	Trusted	×	×	✓	probabilistic
[26]	-	✓	✓	×	probabilistic
[27]	Trusted	×	✓	×	Accurate
Proposed	Semi-Trusted	×	×	✓	Accurate

✓: a characteristic is satisfied in a scheme; ×: a characteristic is not satisfied in a scheme.

6. Performance Analysis

The efficacy of the proposed protocol is subsequently assessed by employing a Python simulation of the signature scheme. In simulations, we utilize quantum bits instead of classical bits. The proposed scheme takes advantage of the quantum security provided by the no-cloning theorem and the uncertainty principle. We utilize the “Qiskit” and “pylatexenc” libraries for conducting quantum simulations.

6.1. Experimental Environment

The simulation environment under consideration has the following factors:

• Hardware environment: We conduct experiments on a machine using 11th Gen Intel^® Core™ i7-1165G7 laptop @ 2.80 GHz processor.
• Software environment: We utilize Python 3.8.11 for coding, employing GMP, and compiling with optimization options. We also employ the “Qiskit” and “pylatexenc” packages to carry out quantum simulations with suitable parameters. The “AerSimulator” backend functions by emulating the operation of an actual device. Performing a quantum circuit with measurements will result in the return of a “count dictionary” that contains the final values of any classical registers in the circuit. The circuit may contain a specialized instruction set, documented in a separate notebook, which includes gates, measurements, resets, conditionals, and other components.

6.2. Experiment Analysis

Due to the limitations of quantum devices, we select single-photon measurements as compared to joint measurements. The circuit diagram for the experiment, implemented on the IBM-Perth quantum computer, is depicted in Figure 5.

Using the $|{\varphi }_{ij}\rangle$ (where $i,j\in \{0,1\})$ state as the beginning state, Alice selects the $|\varphi {\rangle }_{00}$, Bob selects the $|\varphi {\rangle }_{11}$, and the theoretical outcomes are shown in Figure 6.

The experimental results obtained from running the IBM-Perth quantum computer 1000 times are shown in Figure 7.

The experiment demonstrates a 93.33% accuracy rate, attributing any discrepancies to errors in the quantum device. Furthermore, the experimental outcomes align with the theoretical predictions, affirming that our protocol enables a just exchange of quantum information.

7. Conclusions

The proposed quantum e-voting scheme with designated verification is a secure and efficient method for electronic voting, which uses principles of quantum mechanics like quantum key distribution (QKD), the no-cloning theorem, and OTPs. In the initialization phase, three entities are used: voter Alice, election authority, and tally clerk Bob. The voting phase uses QKD to establish a shared secret string and this ensures secure key exchange. Eavesdropping is addressed through decoy particles and verification processes. The counting phase involves the tally clerk confirming the quantum vote’s signature and ensuring its integrity. The proposed scheme has security features, including designated verification, non-transferability, unconditional security, message privacy, impossibility of forgery, and non-repeatability. The proposed scheme demonstrates robustness against security threats, making it a promising solution for electronic voting systems.