Next Article in Journal
Numerical Analysis for Ground Subsidence Caused by Extraction Holes of Removed Piles
Previous Article in Journal
Numerical Analysis of Ground Settlement Patterns Resulting from Tunnel Excavation in Composite Strata
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Applied Sciences
Volume 12
Issue 11
10.3390/app12115477
Review Report
applsci-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

Assuring Anonymity and Privacy in Electronic Voting with Distributed Technologies Based on Blockchain

Appl. Sci. 2022, 12(11), 5477; https://doi.org/10.3390/app12115477
by Vehbi Neziri, Isak Shabani *, Ramadan Dervishi and Blerim Rexha
Reviewer 1: Anonymous
Reviewer 2:
Abdullah Alghamdi
Appl. Sci. 2022, 12(11), 5477; https://doi.org/10.3390/app12115477
Submission received: 21 April 2022 / Revised: 27 May 2022 / Accepted: 27 May 2022 / Published: 28 May 2022
(This article belongs to the Topic Recent Trends in Blockchain and Its Applications)

Round 1

Reviewer 1 Report

The paper "Assuring anonymity and privacy in electronic voting with dis-
tributed technologies based on Blockchain" presents an interesting topic and has improved from the first review.

However, there are still issues to be addressed before being ready for publication. 

In the introduction, the statement starting in 68 needs a reference. The same goes for the subsequent statement ending in line 72.  
The threats mentioned on line 75 (and reference to [7]) should be at least listed to put the context without reviewing the mentioned paper. 

The authors should make the blockchain description, starting at line 96, a separate section or subsection. Otherwise, the introduction of the paper is too long and not clear.
For the same reason, I suggest following the traditional introduction structure. A good approach is to make a separate paragraph to describe the paper's aim (line 86) and then add a final paragraph to the paper structure.  

The related work section needs refinement. Since the paper addresses blockchain for voting, I suggest removing (or shortening) several phrases. For instance, from line 150 until  174, no relevant information could be considered related work.  
Furthermore, the authors should summarize the section with some small discussion, highlighting the open research problems (what is the gap in the SoA) and what they are tackling. The summary table they present is from another paper. Even if this table helps, it does not summarize the author's literature review. 

Authors should rename section 3 to something like "proposed method/architecture to assure anonymity and privacy in e-voting using blockchain technology". 
The first phrases (from 246 until 251) in the same section read like a general introduction. Authors could introduce their proposal just by starting in line 254. 
Figure 2 (proposed scheme) needs more details regarding the steps, as 2,3,5,6, 8, and 9 are unclear where they come from or where they go. 
In step 1 (line 280). What other things does blockchain do? Since it is their method, they should describe all details and not generalize with "among other things". 
Similarly, as Figure 2 provides details for steps 1 to 9, the authors should provide another scheme (or add steps to Figure 2) that represents the flow/steps described in the paragraph starting from line 313. 

The small evaluation (starting from line 329) could be separated as a subsection 3.1 (evaluation) where a bit more details are provided. For instance, what blockchain platforms are used for evaluating the size? Ethereum? Hyperledger? Are both private? Private and public?. Also, what is the recommended number of nodes? How could this be calculated? The number is a value that is later used to estimate the energy. Similarly, how can the node_power_consumption be estimated? Just like authors provide a reference for the size,  they should provide a reference for the energy cost.  
I suggest the authors merge the discussion section as a subsection of their proposal (3.2 discussions). 
In this section, authors should specify the acronymous used (BSCJ, OVN, DATE), which are not described anywhere in the paper. Furthermore, they should also discuss the significance of the disk need and the energy cost they evaluated before. 

Finally, the format of the references (only showing the authors' initials) is quite confusing. Authors should follow a format, like APA, where at least the last name is shown. 

Author Response

Dear Reviewer,

We would like to thank you very mach for the useful comments to improve the our paper with manuscript ID: applsci-1715314, entitled “Assuring anonymity and privacy in electronic voting with distributed technologies based on blockchain” and for your valuable comments and suggestions, which we have carefully analyzed and addressed accordingly in the revised version after reviews of our manuscript.

 

Responses for Reviewer 1

We made all corrections and tried to improve all the addressed points on this revision manuscript (after reviews) as follows:

Point 1: In the introduction, the statement starting in 68 needs a reference. The same goes for the subsequent statement ending in line 72.

Response 1:

New references, numbers [9], [10], and [11], have been added to both statements.

 

Point 2: The threats mentioned on line 75 (and reference to [7]) should be at least listed to put the context without reviewing the mentioned paper?

Response 2:

This section lists some of the risks and threats described in references [12] ([7] in the previous edition).

Point 3: The authors should make the blockchain description, starting at line 96, a separate section or subsection. Otherwise, the introduction of the paper is too long and not clear.

For the same reason, I suggest following the traditional introduction structure. A good approach is to make a separate paragraph to describe the paper's aim (line 86) and then add a final paragraph to the paper structure?

Response 3:

The blockchain descriptions were divided into separate sections. The aim of this paper is divided into a new paragraph, followed by the final paragraph.

 

Point 4: The related work section needs refinement. Since the paper addresses blockchain for voting, I suggest removing (or shortening) several phrases. For instance, from line 150 until  174, no relevant information could be considered related work. 

Furthermore, the authors should summarize the section with some small discussion, highlighting the open research problems (what is the gap in the SoA) and what they are tackling. The summary table they present is from another paper. Even if this table helps, it does not summarize the author's literature review.

Response 4:

  • Lines 150-167 have been relocated to the Introduction section, and additional 4-5 lines have been shifted and rewritten to the same part.
  • A few brief sections have been added to address the open problems and gaps in the current research, which will be addressed in future studies.
  • The table has been removed, and only comparisons of meeting security requirements have been described.

 

Point 5: Authors should rename section 3 to something like "proposed method/architecture to assure anonymity and privacy in e-voting using blockchain technology".

The first phrases (from 246 until 251) in the same section read like a general introduction. Authors could introduce their proposal just by starting in line 254.

Response 5:

  • The section is renamed “Proposed approach to assure anonymity and privacy in e-voting using blockchain technology
  • Lines 246-251 have been moved to the Introduction section.

 

Point 6: Figure 2 (proposed scheme) needs more details regarding the steps, as 2,3,5,6, 8, and 9 are unclear where they come from or where they go?

Response 6:

We added additional details to steps 2,3,5,6, 8, and 9 to further clarify them.

 

Point 7: In step 1 (line 280). What other things does blockchain do? Since it is their method, they should describe all details and not generalize with "among other things"?

Response 7:

The paragraph has been updated to reflect that, in addition to generating and managing keys, it must also verify whether voters have the right to vote or have voted at all.

 

Point 8: Similarly, as Figure 2 provides details for steps 1 to 9, the authors should provide another scheme (or add steps to Figure 2) that represents the flow/steps described in the paragraph starting from line 313?

Response 8:

The process of transferring the vote dataset and announcing the results is illustrated in a new scheme (Figure 7).

 

Point 9: The small evaluation (starting from line 329) could be separated as a subsection 3.1 (evaluation) where a bit more details are provided. For instance, what blockchain platforms are used for evaluating the size? Ethereum? Hyperledger? Are both private? Private and public?. Also, what is the recommended number of nodes? How could this be calculated? The number is a value that is later used to estimate the energy. Similarly, how can the node_power_consumption be estimated? Just like authors provide a reference for the size,  they should provide a reference for the energy cost?

Response 9:

  • The evaluation of size and consumption is divided into Subsection 4.1 and explanations are given on the manner and importance of the disk, calculating power consumption, and a similar method of calculation.

 

  • Two primary platforms, Ethereum and Hyperledger, were used to calculate the size and energy consumption in a general case. The number of nodes can vary based on the election type and actors involved, such as ministries, municipalities, civil society, universities, and other relevant institutions, and can range from a few tens to several hundred.

 

Point 10: I suggest the authors merge the discussion section as a subsection of their proposal (3.2 discussions).

In this section, authors should specify the acronymous used (BSCJ, OVN, DATE), which are not described anywhere in the paper. Furthermore, they should also discuss the significance of the disk need and the energy cost they evaluated before.

Response 10:

  • The discussions section has been merged as a subsection in the proposal section.
  • The "Related works" section explains the acronyms used earlier in the discussions section. In addition to the acronyms, the requirements for these schemes are described in this section.

“According to [12] and the comparison of  BSJC, Anti-Quantum, OVN, DATE, BES, and BEA, no scheme offers solutions for any security requirements, such as anonymity, security, integrity, variability by voter, scalability, privacy, and auditing. The BSJC scheme (Basit Shahzad & Jon Crowcroft’s) does not meet the requirements of accuracy, scalability, and variability by voters, while the counting method is from third party [42].  Anti-quantum, like the BSJC scheme, does not meet the requirements for accuracy, scalability, or voter variability, but the counting mechanism is self-tally [40].  Although the Open Vote Network (OVN) [38] does not meet the auditing, accuracy, scalability, or integrity requirements, the counting mechanism is self-tally. The other scheme, DATE, does not meet the auditing, accuracy, or integrity requirements, but it does meet voter scalability and variability [39]. BES, unlike BEA, meets accuracy, integrity, and scalability, but not anonymity and voter variability [43], which BEA does [44]”.

 

  • The importance of disk and energy is highlighted in the Discussion section by describing the energy calculation and providing similar computations

 

“Power consumption should be considered regardless of whether of the two most popular platforms is used, whether the Ethereum platform as a public network or the Hyperledger platform as a limited access or allowed blockchain network. The amount of energy consumed by the blockchain is determined by the block's difficulty and number of hashes generated per second (called the hash rate) [53]. The total energy consumption is also determined by the total number of nodes, which can range from a few tens to several hundreds depending on the type of election and actors involved, such as ministries, municipalities, civil society, universities, and other important institutions. The assumption of the overall cost of all systems (energy consumption only for transaction mining) was calculated as follows:

energy_cost_per_day = (no_of_nodes * node_power_consumption) * prices_per_kWh * 24h

A similar calculation approach was given in [54], which defines the average energy for storing a data unit for one year. However, because electronic voting only takes a few days or weeks, disk size and energy usage may be less relevant.”

 

Point 11: Finally, the format of the references (only showing the authors' initials) is quite confusing. Authors should follow a format, like APA, where at least the last name is shown?

Response 11:

The names of the authors in the References section have been adjusted and the last name has already been shown.

Author Response File: Author Response.docx

Reviewer 2 Report

The goal of this  paper is to "Assuring anonymity and privacy in electronic voting with distributed technologies based on Blockchain" using two mechanisms. 


The topic is interesting,  and the paper is well organized with proper length. The bibliography is sufficient and well given. Specifically, the technical terms are explained in detail and the topic of the paper is clear and understandable.

The review of the state-of-the-art is sufficient. It includes sufficient number of references to other relevant studies that have been previously proposed for the discovery of relations.

The presented methodology and the results are clearly communicated, with the necessary background for the readers included in the paper.

my major concern is that the paper has no proof-of-concept, or simulation. There for the proposed scheme is not being tested, and there is no result that is being showed. 

I would recommend the author do a proof-of concept, and add a result section, and analyze these results.

Author Response

Dear Reviewer,

We would like to thank you very mach for the useful comments to improve the our paper with manuscript ID: applsci-1715314, entitled “Assuring anonymity and privacy in electronic voting with distributed technologies based on blockchain” and for your valuable comments and suggestions, which we have carefully analyzed and addressed accordingly in the revised version after reviews of our manuscript.

Responses for Reviewer 2

We made all corrections and tried to improve all the addressed points on this revision manuscript (after reviews) as follows:

Point 1: The topic is interesting,  and the paper is well organized with proper length. The bibliography is sufficient and well given. Specifically, the technical terms are explained in detail and the topic of the paper is clear and understandable.

Response 1:

We agree with the recommendations and suggestions made. All of these suggestions and comments have been incorporated into the article.

Point 2:  The review of the state-of-the-art is sufficient. It includes sufficient number of references to other relevant studies that have been previously proposed for the discovery of relations.

Response 2:

We agree with this comments and suggestions.

 

Point 3: The presented methodology and the results are clearly communicated, with the necessary background for the readers included in the paper..

Response 3:

We agree with this comments and suggestions.

Point 4: My major concern is that the paper has no proof-of-concept, or simulation. There for the proposed scheme is not being tested, and there is no result that is being showed. I would recommend the author do a proof-of concept, and add a result section, and analyze these results.

Response 4:

The proposed solution consists of two physically independent blockchains, with one storing voter records (DKB) and the other storing votes but not voter data (EVB). The voter data are separated from the vote in step 6 of the scheme. This separation is analogous to placing a ballot envelope within an envelope containing voter data. If the inner envelope (vote) is removed from the outer envelope, no one can determine the vote in which envelope. This is guaranteed by cryptographic functions. Also adding the nonce and hash of the voter private key enable the voter to be able to verify if his vote has been counted and counted correctly.

Author Response File: Author Response.docx

Round 2

Reviewer 2 Report

Thanks to the authors for clarification and improvement. 

Author Response

Dear reviewer,

Thank you very much for positive evaluation of our paper with Manuscript ID: applsci-1715314, entitled “Assuring anonymity and privacy in electronic voting with distributed technologies based on blockchain”.

Based on your suggestion, in Section 4, we made all corrections and tried to improve, addressing the clarity of results. First correction is added at row #312-#314: “This relationship, as presented in Figure 3, hash and encrypted vote with nonce, assures the voter that their vote has been counted and furthermore their vote is counted correctly”. And second correction is added at row #357-#359: “The dataset, in this sense represents a ballot, a list of votes without voter information, thus assuring voter anonymity and privacy”.

Furthermore, in Section 4, we have also added e correction at row #429-#430: “In addition, this approach makes it possible to verify if the vote has been counted and counted correctly”.

Sincerely,

Assoc. Prof. Dr. Isak Shabani

Corresponding author

Author Response File: Author Response.docx

This manuscript is a resubmission of an earlier submission. The following is a list of the peer review reports and author responses from that submission.


Round 1

Reviewer 1 Report

This is the second time I review the same paper and still contains major issues.

 

Again, general English language revision is recommended.

Although some definitions have been added and formal writing has been
improved, I still lack scientific references and definitions, for example 
those related to privacy and anonymity in abstract.

In introduction, the problem assessed and how it is solved are still unclear,
although authors have made efforts to include our previous recommendations to
this point.

Vague references and sentences still in work. For example,
"The requirements of each voting system are 95 numerous and wide-ranging, but in general, each electronic voting system must meet the 
security requirements, which are mandatory and indisputable.
(In next sentence the authors try to identify security requirements, with
no particular order).

"Blockchain" section is merely informational, so it should be included into
a general "background" section or equivalent.

Although the authors have improved the "Assuring anonymity and privacy"
section. However, it stills presents informal definitions and sentences.
A deeper explanation for the proposed solution is exposed, as well as a clear
correctness validation for this solution. The references to storage size are
less relevant than the validity of the solution.
In addition, readability must be still improved.

"Conclusions" section must be expanded and, specially, I miss a "Discussion"
section where the presented results are compared with previous works.

Reviewer 2 Report

The paper "Assuring anonymity and privacy in electronic voting with dis-
tributed technologies based on Blockchain" analyzes voting using blockchain technology and proposes a new method combining two different Blockchain to achieve privacy and anonymity. 
The topic is interesting, but the paper has two major weaknesses: 
First, it does not provide an analytical overview of current literature. Even it does provide relatively updated references; the paper does not provide a clear analysis of the gap that the authors are targeting. For instance, Z-Cash is quite an innovative privacy-preserving blockchain implementation. Still, it has just a small phrase in the introduction. Furthermore, there is no reference to zero-knowledge-proof, one of the more recent approaches for privacy preservation on a blockchain-based system. 
Secondly, and most importantly, the conclusions and, thus, the benefits of the proposed solution are not supported by the rest of the document. On the one hand, there is no proof-of-concept implementation to provide an empirical reference for the author's claims. On the other hand, there is no formal analysis on several key parameters for the author's contributions (i.e., assuring anonymity and privacy). Furthermore, the system is not clearly explained, as the provided diagram does not provide sufficient details to clarify or highlight its benefits. Thus, the paper is still early and needs more work before it can be accepted in the journal. 

I'll recommend that the authors explain their system clearly, with a detailed diagram, and how the two blockchains interact. The diagram should also be described with an algorithm for both major stages: voting and counting.   Then, to highlight their benefits, the authors should provide a proof-of-concept, with experimental results, or a formal description analysis, with an analytical analysis that demonstrates how anonymity and privacy are assured. 
Furthermore, since these two parameters are quite related to security, a formal security analysis should be included to assure those two parameters further.

Reviewer 3 Report

Vehbi Neziri, Isak Shabani, Ramadan Dervishi and Blerim Rexha proposed a solution of two separate blockchains in order to preserve anonymity and privacy in electronic voting, named Distributed Key Blockchain (DKB) and Encrypted Votes Blockchain (EVB).

In lines 239-240 it is mentioned that DKB must verify in advance whether the voter has the right to vote and has not voted before. It is not mentioned how DKB is able to achieve and it is not clear if this is a requirement in order for the solution to work or if this is managed by the solution. If it is managed by the solution, an explanation is needed of how it is managed and which are the parameters used to determine it.

In lines 240 – 248 the authors explain how votes are managed. Specifically in lines 245-247, they mention that the digital voter’s signature is separated from the ballot and is stored in the DBK and then the encrypted vote is stored in the EVB. Α figure showing the process and architecture of the system would help understand the value of the proposed solution.

In lines 250-253 it is mentioned that EVB cannot associate the vote with the voter but even DKB can never associate the signature (voter) with the vote, thus meeting the two main preconditions of voting (anonymity and privacy). Since the voter encrypts the ballot their public key as mentioned in line 242 and in the DBK the encrypted votes are decrypted (in my guess through the use of the private keys) which is mentioned in line 263, why is the DBK unable to associate the signature with the vote. I think this area needs more explanation.

Back to TopTop