Keywords

1 Introduction

In a participatory democratic society, a robust election mechanism satisfying major security requirements is the sine qua non for an electorate to express a collaborative view and judgment. Especially, in the context of India, the largest democracy in the world having constituency as its core electoral unit, exercising the power of the people in a transparent and trustworthy way is very important but incredibly challenging. A slew of cataclysmic security incidents have been witnessed on numerous occasions, exposing the flaws in traditional electronic voting procedures such as malpractices inclusive of voter suppression, booth capture and scientific fiddling in remote rural areas, especially. Fortunately, a majority of these have been and maybe circumvented by technical advancements and innovation. One such breakthrough, electronic voting (e-voting) conducted by an autonomous body, became a pivotal approach in a multitude of elections throughout the world [1]. Across India, Electronic Voting Machines (EVMs) replaced paper ballots in the late 1990s to streamline the electoral procedure. Here, employing a digital vote instead of a typical paper printed ballot renders the voting and tallying processes more economical, convenient, efficient and accurate. Still, multiple sorts of hazards are in existence. For instance, close to 5 million (50 lakhs = 0.5 crore) voters went missing from electoral rolls on the voting day during the 2018 assembly elections in the neighbouring states of Telangana and Andhra Pradesh (AP) [2]. This was ascribed to the technical software glitches, internal migration of the registered voters because of the AP bifurcation, etc. In addition, India has a substantial volume of duplicate young voters enrolled within the databases of multiple constituencies. They internally relocate primarily for job and education, and do not make the effort to re-register and transfer their voter IDs to the present constituency. Indeed, we must remedy these unaddressed challenges.

Due to the prevailing COVID-19 pandemic, gone should be the days that mandate the people’s physical presence at the polling booths for casting their votes via the EVM. In actuality, this entails re-architecting of the whole offline procedure in online mode with negligible humanity in social interaction. This necessitates incorporating disruptive cutting-edge technologies. One such revolutionary technology, blockchain having had exceptional success in cryptocurrency is gaining wide popularity [3]. It seeks consent from the participants on a series of successive transaction blocks via smart contract function invocation and asset trade (exchanges) [4]. The smart contract constitutes a primary technology of blockchain-based online voting system. [5] implemented smart contract to verify the validity of encrypted votes during most voting stages. A multitude of such schemes are designed to eliminate ballot tampering frauds by exploiting exclusive properties of the aforementioned technologies. [6]. Another well-known technology, biometrics, might be coupled with many potential applications as a sophisticated authentication mechanism. It refers to the assessment and statistical analysis of people’s distinctive cognitive and physiological traits that define who they are. It has an inherent edge over its classic counterpart that relies on a secret key which is something what an individual possesses. One of the critical problems is to ensure the security and integrity of the biometric template stored and maintained at the back end for which disguising biometric data through cost-effective asymmetric key cryptography can be one of the solutions. Approaches in [7, 8] were based on homomorphic encryption, which can perform computations in the encrypted domain, but they are sluggish in nature. The solution to this problem was suggested in [9] through parallel matching algorithm for block-stripped decomposition. Most of the biometrics-related approaches rely only on something a person is but problems related to the accuracy, heavy encryption, and decryption related computations are often observed. This is why secret sharing techniques related to visual cryptography with the requirement of very little computation power can be used to secure the template [10]. However, the black and white pixel contributions to obtain the secret binary image can be sensed by the participants [11]. Therefore, adding extra image processing-related security layers to VCS is essential for enhancing robustness.

Digital watermarking emerges as one such technique which surreptitiously inserts an additional data into a signal in the spatial/frequency domain and permits its on-demand recovery [12], making it a solution for avoiding counterfeiting and digital rights management. This is one of the practical solutions to deflect the adversary’s attention [13]. As a result, certain schemes have adopted it to add an extra degree of security to biometric systems [14]. A subset of these efforts comprise systems immune towards deliberate manipulations [15], fingerprint watermarking techniques advocated for enhancing the e-voting system security [16, 17], a multimodal biometric watermarking algorithm propounded for robust authentication [18], and so on. A few works have utilized the discrete wavelet transform (DWT) in conjunction with the discrete cosine transform (DCT) methodology [19]. The primary objective is to make the watermarked image damage-resistant by achieving robustness towards geometrical (cropping) and signal (image compression, noise, sharpening, and blurring) attacks. An adversary may carry these out up to the point when the signal is degraded and loses economic value which the presented scheme tries to counter by using QR codes as a carrier image.

Homomorphic cryptography enables privacy-preserving computations on the data in the encrypted realm. Hence, the aggregate tally results can be retrieved without decrypting the individual ciphertexts [20]. ElGamal encryption is one of the prominent techniques endowed with multiplicative homomorphic nature. It can be adjusted and tweaked to enable additivity (exponential) just like Paillier but this requires the discrete logarithm to be calculable and efficiently searchable in a lookup table. For this, the message to be encrypted must be within a predefined range, which is indeed the case with our e-voting scheme. Consider the following scenario: 10 million (1 crore) eligible constituency voters submit their 1-bit score data for various parties. So, in the worst-case, the final collector at the topmost geographic level must be able to decrypt the aggregate data of the size of at the most 24 bits for one party (\({\le }{10}^7*2^1 \approx 2^{24}<<2^{30})\). Moreover, various schemes have reported Paillier encryption to have a relatively greater time complexity associated with it [21]. This makes modified ElGamal a considerably better alternative for our use case. Another prevalent cryptographic strategy called (kn)-Shamir secret sharing scheme splits secret information into n several shares, only k (threshold) of which can restore the original secret data. Liu and Zhao [22] used the votes of different candidates as Lagrange polynomial coefficients and employed the homomorphic operation for the final tally results verification. Li et al. [23] shared the private key across various authority units to discern the vote without the key recovery. Furthermore, the encrypted evaluation scores broadcasted for the candidates on the ballot within a predefined bound maintain confidentiality but facilitate the transmission of arbitrary plaintexts. This mandates their legality verification via attachment of the partial/zero-knowledge verifier arguments regarding the score plaintext by the voter premised on a commitment protocol.

Lastly, adherence to the foundational and restrictive yes/no voting paradigm is another downside for a protocol involving the selection of a single party candidate from a constituency. In this architecture, voters are obligated to reject the candidates representing political parties except for the one for whom the crucial vote is cast. So, the favouritism differential for rejected candidates given a level playing field does not get reflected. Consider the worst-case scenario in which 101 voters in a constituency vote for parties A and B. Assume that 50 voters firmly favour Party A over B and the remaining 51 somewhat reject A over B. As per the rigid voting paradigm, scores for A=50 and B=51 make B an unworthy marginal victor and claimant of the constituency, which indeed does not portray mainstream consensus accurately. In a much more comprehensive score rating-based electoral system, voters award the scores to the candidates. These are totalled altogether, and the ones with the highest aggregate get elected [23, 24]. For instance, if voters were to assign scores in range [0–3] (S-Strong, W-Weak, A-Accept, R-Reject: 0-SR,1-WR,2-WA,3-SA), scores for A = 50 * 3 + 51 * 1 = 201 and B = 50 * 0 + 51 * 2 = 102 make party A a deserving constituency winner claiming a convincing and significant majority in terms of scores rather than a number of people voting for it. This is a considerably finer-grained and informative depiction of popular sentiment. Also, a sporadic event of the same scores being obtained for multiple parties can be tackled via a suitable tie-breaking policy. Taking the aforementioned example into account, it is easy to observe that NOTA (None of the above) in yes/no voting is equivalent to allocating identical scores to all candidates rather than all 0s or abstention only unless a protocol devised by ECO enforces re-election in the case of NOTA victory where all the candidates are rejected.

1.1 Related Works

It is both challenging and essential to preserve the privacy and verifiability of the casted votes. Often, these recorded ballots are prone to be frequently altered and even multiple-casting by the very same registered voter without a robust verification mechanism. For this, blind trusted signature-based scheme [25] and various cryptography methodologies [26], with the first one being Mix-Nets [27] were conceived and deployed. Aziz et al. [28] implemented fully homomorphic encryption-based e-voting on the cloud platform while [29] employed several servers. Hirt and Sako [30] achieved tamperproof voting through verifiability of the encryption by voters. For tallying, a few of them leverage the tamper-resistant nature and rely on centralized authority to decrypt the encrypted ballots and ascertain the election outcome. Unfortunately, due to the confidential authority’s secret key, other entities cannot verify the result correctness, for which a few schemes dealt with various tallying methods. However, the first self-tallying system was unable to counter the hackers’ ballot destruction attacks [31].

Integration of a robust biometric authentication mechanism also is crucial. Certain efforts targeted securing the e-voting system with the embedding of a biometric feature watermark [16, 17]. QR codes have also been a popular choice as they are empowered to withstand signal distortions. They feature error correction through reconstruction, high decoding reliability, and large data capacity. Therefore, they have been used by a multitude of watermarking related schemes. Wu et al. [32] encoded data as a QR code and embedded it into an image while minimizing its degradation. Seenivasagam and Velumani [33] suggested QR code-based zero watermarking strategy. The approach in [34] used the combination of DCT and chaotic theory, and that in [35] was predicated on the insertion of a QR code into the DWT sub-band of a document file for its protection. Tkachenko et al. [36] presented a two-level QR code having both public and private storage levels for document authentication. Barmawi and Yulianto [37] employed QR code as a carrier for embedding the biometric feature as a watermark. Chow et al. [38] suggested a technique of distributing shares by embedding them into cover QR codes for secret exchange. Some schemes aimed to improve the contrast of visual cryptography scheme (VCS), whilst others ruled out pixel expansion for tamperproof online question papers [39]. Wang et al. [40] proposed a deterministic (n,n) and probabilistic (2,n) scheme for the grayscale and binary images, respectively. However, any image tampering should be detectable by integrating a hashing mechanism.

There is a persistent pursuit to build a distributed e-voting system that guarantees untenability, privacy, and auditability. This is because various e-voting systems structured in a centralized architecture are susceptible to DDoS attack, and confront the single point failure risk also. The centralized framework, voting security, and excessive algorithm complexity associated with old standard cryptosystems must be remedied through rapidly emerging technologies acting as a lynchpin for progression in the discipline [41]. Li et al. [42] assisted decision-making in decentralized Internet of Things (IoT) system. Bitcoin protocol-based e-voting schemes include the use of third-party qualification audit mechanism [43], appending of ballot information to the transacted bitcoin content [25], a mechanism to incentivize zero-knowledge proof (ZKP) on the voting commitment [44], etc. Other classes of e-voting schemes predicated on Ethereum require the economy cost of Gas for the vote transaction [45]. In [46], the privacy of the vote is preserved via homomorphic encryption, and all votes are tallied by a smart contract. Furthermore, a few additive Elgamal-based works had established and provided Pederson protocol-based zero-knowledge proof which can be made non-interactive via Fiat-Shamir heuristic. However, none of the schemes supports the flexible score voting paradigm with a tie-breaking strategy.

1.2 Objectives and Contributions

The main objective of this research is to design a secure and effective e-voting mechanism that can be practically used for any considerable democratic governance. The significant contributions and novel features of our proposed scheme are presented as follows:

(1) Location-independent Secure Casting: There is a need to curb the menace of multiple enrollments of the same individual in distinct constituencies by cleansing roles equipped with duplicate entries. Suppose a voter belongs to Union Territory (UT) A, temporarily resides in state B and subsequently relocates to city C in state D. The concerns pertaining to the constituency from where he/she should cast his/her vote should be rectified. Thus, we have enhanced the flexibility by using a single master share regardless of the constituency location. Also, the valid voter ID card encodes the hash of only one constituency ID at a time with a simple and convenient re-registration procedure. Hence, the constituency blockchain framework aims to disinfect the representative democracy by combating disenfranchisement and cluttered voter database conflicts. The online and secure location independent visual cryptography guided method is one of the key features of our proposed scheme that enables comprehensive casting and counting of votes for both voters and ECO.

(2) Impersonation-proof Voting: We apply the concepts of biometric watermarking and visual cryptography to overcome the impersonation of genuine voters by the party cadres casting fraudulent scores in their favour. To generate a watermarked voter identity image share, our scheme adopts discrete wavelet transform (DWT) with an emphasis on Haar wavelet and employs a deterministic XOR boolean operation based (2,2)-Visual Cryptography Scheme (VCS) for grayscale images having no pixel expansion. Secure eligibility verification is accomplished via the integrity check of this partially encrypted voter ID card serving as proof of the owner’s present constituency, age, citizenship as well as domicile. After voting, the corresponding user ID entry in the database gets deactivated, rendering the card to be of one-time use nature.

(3) Watermarking Robustness: The binary image of two biometric features, fingerprint and handwritten signature, are embedded in the two-level DWT sub-bands of the QR code describing partly hashed details of the cardholder concatenated with gibberish CA-specific content. This not only creates a mutually interconnected and secure association between the personal details in plaintext and the owner-specific images, but camouflages both forms of data at once also. However, all three images, notably the QR code and the two watermarks need to resist distortions. A damaged QR code carrier after the watermark extraction may be reconstructed following an appropriate QR recovery approach. This is the main justification for using QR code featuring Reed-Solomon error corrective technology as a durable carrier.

(4) Verifiability and Source Authentication: The confidentiality of the constituency data block is ensured by additive ElGamal homomorphic encryption. It is necessary to ensure robustness towards false data injection (FDI) and other online attacks for any privacy enhanced data aggregation technology such as e-voting. Our solution accomplishes this by employing hash-based signature and secret multiplicand share distribution to ensure integrity, non-repudiation and source authentication for the ciphertext prior to homomorphic aggregation. The key share distribution not only enables verifiability but also rules out the need of key generation. Also, the voter can check whether his/her vote was taken into account during the score aggregate computation in an efficient way. This mandates making security assumptions more stringent disabling collusion with the secret distributing authority.

(5) Intra and Inter Constituency Aggregation: The scheme introduces conceptions of intra- and inter-constituency aggregation premised on the score and pluralistic voting paradigms, respectively. For the intra case, the approach is based on this versatile mechanism by allowing voters to convey their preferences of variable strength for all candidates which is analogous to the reviewer’s judgement for a manuscript submitted for publication in the form of strong/weak accept/reject. Hence, scores in the range [0,3] are assigned in binary form accompanied by its suitable NIPKRP. Final score conversion to decimal post aggregation is enabled in the encrypted domain. Solely, range constraint is enforced, with an appropriate tie-breaking strategy stepping in if atleast two decrypted totals are reported to be equal at any juncture. Absence of sum constraints on casted score ciphertexts is because of the nature of the tie-breaker along with the variability in the number of parties vying from all seats. However, for the inter case, CA is expected to send its encrypted binary vector to the ECO with its suitable range as well as sum proof arguments.

The remainder of the paper is structured as follows. We provide mathematical concepts applied in Sect. 2. In Sect. 3, we present our proposed system methodology. This is followed by an examination of its security and performance in Sects. 4 and 5, respectively. Finally, we conclude in Sect. 6.

2 Mathematical Background

2.1 Discrete Wavelet Transform (DWT)

Altering coefficients in the frequency domain allows the distribution of the embedded signal and working in the compressed domain. When the DWT method is used for a 2-D picture, it is divided into four frequency sub-bands labelled as LL, LH, HL and HH (L:low, H:high). Here, low frequency components store visual illumination data while the higher frequency counterparts store the edge data. 1-D and 2-D DWT coefficients are pictorially shown in Fig. 1.

Fig. 1
figure 1

1-D and 2-D DWT coefficients

Full size image

2.2 Blockchain Technology

It was initially suggested in 2008 by enigmatic ‘Satoshi Nakamoto’ for bitcoin [48] and has been extensively utilised in finance, IoT, healthcare and so on without necessitating the involvement of a trusted central authority [4]. It is a decentralized distributed ledger database maintained by network-wide nodes comprising of a chain of different immutable hash data blocks with the first being genesis block in chronological order. Its core technologies include the following:

(1) Merkle Hash tree: All current block transactions determine their root value. The leaf node is the hash of the data block. The non-leaf value is the hash of the concatenation of hashes of its children.

(2) SHA-256: It is a frequently used secure hash algorithm (SHA) for ensuring block data integrity through a 256-bit hash.

(3) Timestamp: It encodes all transaction records to guarantee their traceability and verifiability. It serves as proof-of-existence of the block data.

2.3 ElGamal Homomorphic Cryptosystem

The security of this non-deterministic (multiplicative) partial homomorphic cryptosystem [49] which is able to produce several ciphertexts for a single plaintext relies on the discrete logarithm problem hardness on a cyclic group. However, this must be computable to make it additive in nature by treating the message to be encrypted as \(g^m\) instead of m. This additive makeshift involves the following:

(1) Key Generation: Given a cyclic group \({\displaystyle G\,}\) of order \({\displaystyle q\,}\) with generator \({\displaystyle g}\), choose an integer \({\displaystyle x}\) (private key) randomly from \({\displaystyle Z_q^*=\{1,\ldots ,q-1\}}.\) and the public key is \({\displaystyle h:=g^{x}}.\) The public parameter, \(PP = {\displaystyle (G,q,g,h)}\).

(2) Encryption: For a message \({\displaystyle m}\), choose an integer \({\displaystyle y}\) randomly from \(Z_q^*\). The ciphertext \({\displaystyle (c_{1},c_{2})}=(g^{y},g^{m}\cdot h^{y})\).

(3) Decryption: As, \({\displaystyle c_{1}=g^{y}},\) compute \(w={\displaystyle c_{1}^{x}=g^{xy}=h^{y}}\) and \(g^m=c_{2}\cdot w^{-1}\) and finally, the discrete logarithm or the message m.

(4) Homomorphic properties: It efficiently preserves the data privacy and enables component-wise multiplication operations on the two ciphertexts, \(c_1\) and \(c_2\) to yield the decrypted resultant as the addition of their underlying plaintexts with randomness \(r_1+r_2\) (i.e., \(\forall \,m_1, m_2 \in M, E(m_1) \cdot E(m_2) = c_{1}*c_{2}=(g^{y_1},g^{m_1}\cdot h^{y_1})*(g^{y_2},g^{m_2}\cdot h^{y_2})\rightarrow \,(g^{y_1+y_2},g^{m_1+m_2}\cdot h^{y_1+y_2})\, =E(m_1 + m_2)\)). Another useful property with random constant \(r'_1=r_1 m_2\), \(E(m_1 *m_2)= (g^{r'_1}, g^{m_1 m_2} h^{r'_1})=\)

\((g^{r_1 m_2}, g^{m_1 m_2} h^{r_1 m_2}) =(g^{r_1}, g^{m_1} h^{r_1})^{m_2}=E(m_1)^{m_2}\).

2.4 Cardinal Voting

Here, each participant constructs a plaintext score vector having elements in a specified finite range for the given set of party candidates [50]. The range rule allows for this kind of adaptability. In its particular scenario, approval voting only accepts binary score, i.e., 0 or 1 only. Even more rigid case, plurality and veto are centred on selection of single favourite and least preferred candidate by forcing exactly one of the binary vector entries to be 1 and 0, respectively, while the remainder of entries will be its complement. Another rule, borda empowers voters to have their own candidates ranking.

2.5 Range Proof of Knowledge

For the encryption of a message m, \(c=(g^{y},g^{m}\cdot h^{y})\), this lets a prover P knowing m convince a verifier V that the ciphertext is an encryption of a value in a specified range, for e.g., [0, w] without indicating which is the true one. It is equivalent to membership proof for the set \(S=\{0,1,\ldots ,w\}\). In a special case where \(w=1\), V can confirm whether the ciphertext is either Enc(0) or Enc(1) only, but cannot compute with certainty, the exact plaintext bit value. Its one type, partial knowledge range proof (KRP) is accompanied by an additional information. On the other hand, zero KRP does not necessitate such conveyance and involves the following:

(1) Chaum-Pederson protocol: It is a zero-knowledge protocol defined as For \(u = g^a,\,v = g^b,\) and \(w = g^{ab}\), P generates a random d, computes and sends \((v' = g^d, w' = g^{ad})\) to V who generates and sends a random c to P. P calculates and sends \(e = d + b c\) to V who checks whether \(g^e = v'v^c\) and \(u^e = w'w^c.\)

(2) Fiat-Shamir heuristic: It instantiates the non-interactive (NI) ZKP via digital signature \(H(g,v',w')\) transmission [51].

3 Scheme Methodology

Our proposed secure e-voting system consists of two phases. First phase authenticates an eligible voter entity on the basis of the owner share it possesses. This is followed by the voting phase where only authorized voters from the considered constituency are allowed to cast their encrypted scores for the candidates. The timing of the phases can be well understood through a sequence diagram shown in Fig. 2.

Fig. 2
figure 2

Sequence diagram

Full size image
Fig. 3
figure 3

System operational flow and image share-based authentication

Full size image

The participating entities are Election Commission officer (ECO), a set of constituency authorities (CAs) and verification authorities (VAs), party candidates, voters and the blockchain platform. ECO appoints CA and VA as the mining nodes in each constituency for aggregation and verification of the encrypted vote legitimacy, respectively. Operational flow of our proposed cryptosystem is presented in Fig. 3. We describe the operations associated with each phase in related subsections.

3.1 Voter Authentication

The security of our scheme depends on (i) what a user has, i.e., watermarked share generated through visual cryptography; (ii) what a user is, i.e., personal details encoded in a QR code embedded with biometric images. These are compared with user’s present physical attributes. For this, ECO creates a grayscale master share MS which is a 2-D matrix containing random pixel values \(\in [0,255]\) accessible to all VAs. The detailed authentication process is shown pictorially in Fig. 3. We describe its details as follows:

(1) Voter Registration and ID creation: VA performs the first step pertaining to the design of the user biometric ID card for an eligible voter after document verification.

(1.1) For this, a QR code is created which encodes the voter’s partially hashed personal details along with some text. This gibberish content encoding hash of the current constituency ID which is \(H(Constituency\,\,ID||H(User\,\,ID))\) also rules out duplicate voting from a different constituency. Hash of voter ID stored in a database prevents the same happening from the same constituency. VA also assigns a pseudonym to the voter and establishes a mapping between real and fake IDs. Votes are associated with this pseudonym rather than real user ID.

Fig. 4
figure 4

Biometric ID components

Full size image

(1.2) QR code encoding details, fingerprint and signature images of the user are shown in Fig. 4. The latter two are together embedded in the second level HL and LH DWT sub-bands of the first level QR code LL band using a simple 2-D DWT function shown in Algorithm 1a.

(1.3) The resulting watermarked image is shown in for 2-D algorithm in Figs. 5 and 6. The owner share (OS) image is computed through XOR-based (2,2) visual cryptography using Algorithm 1b. The master share (MS) along with newly created owner share (OS) are shown in Fig. 5.

Note: The algorithms used previously are lossless. Thus, the PSNR value remains unaffected when the original and combined image are compared unless an attack is launched by the adversary. The voter keeps the OS in his/her possession.

(2) Details Verification: Voter must upload his/her (OS) for verification which will be performed by the trusted VA for the concerned constituency.

(2.1) This share is superimposed on the single Master Share (MS) stored at the back end via recovery part of Algorithm 1a. The cost of superimposition is negligible as it involves XOR of all the image pixels.

(2.2) It is checked whether the resulting watermarked superimposition can be scanned through a QR code scanner. For an authorized user, a valid scannable QR code is expected as an output which despite being watermarked can be easily scanned provided the intensity of geometric/signal attacks launched by the adversary are assumed to be under a certain bound.

(2.3) The partially hashed details obtained after decoding the QR code confirm the citizenship and verify the eligibility and constituency of the voter. The presence of active user ID hash in the database along with constituency ID hash are cross-checked for the prevention of duplicate voting. If this is successfully achieved, then we move further else voter must exit the process.

Fig. 5
figure 5

Watermarked image (L) and its two shares

Full size image
Fig. 6
figure 6

2-D DWT QR code watermarking

Full size image

(3) Biometric Similarity Check: The authentication process described above with the user’s share works good with the assumption that it is not stolen. However, if the valid OS is stolen then our scheme uses the biometrics of the user to establish distinguishability.

(3.1) The embedded biometric images in the QR code along with the details encoded together come into picture for their comparison with user’s physical attributes and details. The extracted and the user’s live fingerprint and signature images can be compared with using a set of suitable biometric algorithms.

(3.2) Finally, if the equality value as a result of this comparison comes out to be greater than a pre-decided threshold value and the details are successfully validated, then it indicates that the two constraints related to being in possession of a valid share and physical attributes are satisfied ascertaining the fact that the user is indeed an authorized voter qualifying for the next phase.

figure a

3.2 Authorized Cardinal E-Voting

The election system is shown pictorially in Fig. 7. ECO appoints CA and VA as the mining nodes in each constituency for aggregation and verification of the encrypted vote legitimacy, respectively. This is used by the legitimate voters for block building through an aggregation tree construction shown pictorially in Fig. 7. \(CA_{i+1}\) generates the constituency \((i + 1)\)th aggregate data block and appends it to the blockchain after the ith block. ECO obtains all the constituency binary encrypted vectors data via the blockchain. At maximum, there are p candidates from p different political parties contesting from any of the t constituencies in the considered geographical area. For constituency j having all p parties contesting, the candidate array \(C_j=(c_{j,1},\ldots ,c_{j,p})\) has all the p (fixed) non-null values and and voter array \(V_j=(v_1,\ldots ,v_{|V_j|})\) has variable \(|V_j|\) eligible voters. Suppose for a constituency z, the xth party is not contesting, so, \(C_z\) will have its xth entry (\(c_{z,x}\)) as NULL. So, authority array (CA), candidate matrix (\(CM_{t*p}\)) and voter adjacency list (\(VAL_{\sum _{i=0}^{t-1} |V_i|}\)) of sizes t, \(t*p\) and \(\sum _{i=0}^{t-1} |V_i|\), respectively, are the resultant data structures which along with all the public parameters are recorded on the blockchain. The following subsections present the methodology:

Fig. 7
figure 7

System and blockchain design

Full size image

(1) System Setup: ECO generates the system parameters with input as a security parameter \(1^{\kappa }\). It selects a group \((\mathbb {G},q,g)\) and SHA-256 hash function \(H:\{0,1\}^{*}\rightarrow \mathbb {Z}_{q}^{*}\), chooses its private key \({\displaystyle x_{ECO}}\) randomly from \({\displaystyle Z_q^*}\) and computes the public key \({\displaystyle h_{ECO}:=g^{x_{ECO}}}\). It pre-defines a fixed parameter \(R=3\) such that the score given to a candidate \(\in [0,3]\) in each ballot, so, \(GP=\{G,q,g,h_{ECO},R,H\}\). It also publishes all the required entity arrays, \(CM_j\) and \(VAL_j\) for \(j^{th}\) constituency.

(2) Key Distribution: ECO distributes \(x_i \in Z_q^*\) amongst CAs such that \(\sum _{i=0}^{t-1} x_i=x_{ECO}\). CAs compute their respective public key \(h_i=g^{x_i} \in G\). They can verify their share validity by checking whether \(h_{ECO}= \prod _{i=0}^{t-1} h_i\). For a constituency f, \(VA_f\) distributes the secret multiplicands \(e_i \in G\) amongst the voters \(VAL_{f,i}=\{{v}_{i}\}_{0\le i\le |VAL_{f,i}|-1}\) such that \(\prod _{i=0}^{|VAL_{f,i}|-1} e_i=1\).

(3) Vote: Considering constituency f, each voter \( \{{v}_{i}\}_{i\in [|VAL_f|]}\) having secret key \(x_{i}\) assigns 2-bit score \(b_{i,j,1}||b_{i,j,0}\) to each candidate \(\{CM_{f,j}\}_{j\in [p]}\) contesting from f after encryption, such that \(2*b_{i,j,1}+b_{i,j,0}\le R=3\). For this, \(v_i\) chooses \(y\in Z_q^*\) at random and computes \(Enc(b_{i,j,x})=c_{1\,(i,j,x)}||c'_{2\,(i,j,x)}=g^{y}||e_i*c_{2\,(i,j,x)}=g^{y}||e_i*g^{b_{i,j,x}}\cdot {h_{CA_f}}^{y}\) using the public key of \(CA_f\) and \(e_i\) provided by \(VA_f\). So, a \(p*2\) score matrix \(PT_i\) containing 2p ElGamal bit ciphertexts is created. Here, \(PT_{i\, (j,x)}=\{\{Enc(b_{i,j,x}) \}_{CM_{f,j}\ne Null}\), \(\{1||1\}_{C_{f,j}= Null}\}_{x\in \,\{0,1\},\,j\in [p]}\) is the \(x^{th}\) column of \(PT_i\) at timestamp \(TS_i\). Now, \(VA_f\) validates the source, integrity and legality of \(PT_i\).

(3.1) \(\mathbf {Partial\,KRP\,(PKRP)\,for\,ciphertext\,legality\, check}\): \(VA_f\) verifies the ciphertext validity proof which requires partial knowledge from the voter’s end. Also, non-interactive nature for PKRP (NIPKRP) is ensured through a suitable hash function.

\(\mathbf {NIPKRP\_Prove }\): To provide PKRP, the voter \(v_i\) generates random numbers \(w, \,z_1,\,z_0,\, p \in Z_q\) and computes \(P_0=g^w,\, P_1=g^{w\cdot x_i},\,\) \(Q= {g^{m_1 \cdot z_1}\cdot y^{p}}/{c_{1\,(i,j,x)}^{z_1}},\, z_2=H(c_0||c_1||Q||P_0||P_1||z_0||z_1), \) \(l_0=r\cdot z_0+w\), sends \(Z_{i(j,x)}=\{P_0, P_1, Q, z_0, z_1, z_2, l_0, p\}.\)

\(\mathbf {NIPKRP\_Verify }\): \(VA_f\) verifies \(z_2==H(c_0||c_1||Q||P_0||P_1||z_0||z_1),\) \(g^{l_0}=P_0\cdot {c_0}^{z_0}, y^{l_0}=P_1/{e_i}^{z_0}\cdot (c_1/g^{m_0})^{z_0}, y^{p}=Q\cdot (c_1/g^{m_1})^{z_1}. \) The underlying plaintext for the ciphertext \(b_{i, j,x}\) is 1 or 0 if all equality check tests return true. If any check returns false, then the voter is reported to VA for tracing the real identity.

Note: Here, under the assumption of absence of a protocol associated with NOTA victory exercising right to reject, voters are requested to deduct the minimum value from all the points they assign to the candidates before encryption, as, it keeps the aggregate score relatively low having no impact on the final comparison based results (though, minor effect may be observed in case of MSB based tie-breaker (5.1) where LSB is given lower priority). For e.g., a score array assigned in a four party constituency is [1,2,3, 3] = [10,01,11,11] having six bits as 1 out of which 3 are MSBs, so, voter should subtract the minimum value (1) to ensure that there is atleast one 0 in the resulting array [1,0,2,2] =[01,00,10,10] containing three bits as 1 out of which 2 are MSBs reducing the overall magnitude, hence, the linear table lookup time complexity (Fig. 8).

Fig. 8
figure 8

Intra and inter constituency level score aggregation

Full size image

(4) Constituency level aggregation: For a voter i from the constituency f, \(2*p\) ciphertext pairs from \(PT_{i}\) are segregated to extract 2 parts (\(c_{1\,(i,j,x)}\) and \(c'_{2\,(i,j,x)}\)). \(CA_f\) adds the stacked \(|VAL_j|\) matrices to get the resultant \(p*2\) aggregate matrix \(SC_{f}\) such that \(SC_{f (j,x)}=\prod _{i=0}^{|VAL_j|-1} PT_{i (j,x)}\) Then, it performs binary to decimal conversion by aggregating the two columns of \(SC_{f}\) followed by decryption to get p sized vector \(Res_f\) such that \(Res_{f (j)}=Dec(SC_{f (j,0)}*(SC_{f (j,1)})^2 )=Dec(SC_{f (j,0)})+Dec(2*SC_{f (j,1)})\). Candidate for the party w has won the seat f if \(Res_{f (w)}==max(Res_f)\). If, \(\exists \, i,\,j \in [0,|Res_f|-1]: Res_{f(i)}=Res_{f(j)}=max(Res_f)\) or \(\ge 2\) parties have obtained the same maximum score in the constituency f, then the Algorithm 4.2 is invoked taking array \(T_f\) storing indices of all tied parties as input. Else, continue from Algorithm 4.3 onwards.

(4.1) \(\mathbf {Vote\_Count\_Verify }\):Voter can verify whether his/her vote is taken in consideration while calculating aggregate. For example, for the constituency \(i+1\) having \(|VAL|_{i+1}=4\) voters presented in Fig. 7, the aggregate is \(SC_{{i+1}(j,x)}=\prod _{z=0}^{z=3} e_z\cdot c_{2(z,j,x)}\). By performing division by or multiplying after taking inverse of \(\lceil log_2\,|VAL|_{i+1}\rceil =2\) expressions in its uncle and sibling nodes towards its right, voter 0 can compute \(SC_{{i+1}(j,x)}/(\prod _{z=2}^{3} e_z\cdot c_{2(z,j,x)})/(e_1\cdot c_{2(1,j,x)})\) and check whether it is equal to \(e_0\cdot c_{2(0,j,x)}\). Inequality indicates wrong aggregate calculation and data of atleast one voter is incorrectly taken into account. Equality assures correct calculation and voter can re-encrypt the published \(Res_{i+1}\) in plaintext form using \(h_{CA_{i+1}}\) and perform another equality check \(Enc(Res_{i+1})=SC_{{i+1} (j,0)}*(SC_{{i+1} (j,1)})^2\) for final assurance.

(4.2) \(\mathbf {Tie{-}breaker\_1 }\): As two or more parties are tied on same score, \(2^{nd}\) column (\(SC_{f (:,1)})\) containing most significant bit (MSB) ciphertexts will be taken into account. \(CA_f\) creates an array of size \(|T_f|\). \(MSB_{f(j)}=Dec(SC_{f (j,1)} )\) for \(j\in [T_f]\). Candidate for the party \(T_{f(j)}=w\) has won the seat f if \(MSB_{f (w)}==max(MSB_f)\) which indicates that it has got more scores of 2s/3s indicating more (strong+weak) accepts.

\(\textbf{Note}\): It is quite similar to boundary count rule in cricket.

\(\textbf{Statement}\): Using other logic, party obtaining \(min(MSB_f)\) aggregate score can also be considered as most likely, it either has higher \(\#_{strong\,\,accepts}\) or less \(\#_{strong\,\,rejects}\).

\(\mathbf {Analysis\,and\,proof}\): For a party i, \(Score_i=\sum 0s+\sum 1s+\sum 2s+\sum 3s=\sum 1s+\sum 2s+\sum 3s= a_i*1+b_i*2+c_i*3=constant\). Number of strong rejects for party i, \(\#_{0s}=|VAL_f|-(a_i+b_i+c_i)\). Suppose, party Q gets \(max(MSB_f)=b_Q+c_Q\) or receives most 2s/3s (strong + weak accept) and probably, less no of 0s/1s (\(a_Q\)) (strong + weak reject). On the similar grounds, party W getting \(min(MSB_f)=b_W+c_W\) score was perhaps, able to compensate for the loss by virtue of having the fewest number of 2s/3s just with 1s/0s from a wider voting bank (\(a_W\)). Given \(a_Q+b_Q*2+c_Q*3= a_W+b_W*2+c_W*3\) and \(b_Q+c_Q>b_W+c_W\), so, \((b_Q+c_Q)*2> (b_W+c_W)*2\Rightarrow \) \(a_Q+b_Q*2+c_Q*3 -(b_Q+c_Q)*2 < a_W+b_W*2+c_W*3-(b_W+c_W)*2\Rightarrow \) \(a_Q+c_Q < a_W+c_W\), \(a_Q < a_W\) if \(c_Q \ge c_W\). As, 0s contribute nothing to the total, W may be able to get most number of non-zero scores (i.e., 1, 2 and 3) which means least number of strong rejects (score=0) with very high probability. As, \(-1=2*\frac{db}{da}+3*\frac{dc}{da}\) (Any change in b or c has great effect on a) \(a_Q-a_W>(b_W+c_W)-(b_Q+c_Q)\Rightarrow a_Q+b_Q+c_Q> a_W+b_W+c_W\). Otherwise, if \(c_W > c_Q\), W has received more strong accepts.

(4.3) \(\textbf{Plurality}\): With the voting paradigm now followed being plurality, \(CA_f\) creates another p sized vector \(Const_f\) containing ciphertexts which are encrypted using public key of \(ECO\,=\,h_{ECO}\) such that \(Dec(Const_{f(w)})=1\) and \(Dec(Const_{f(k)})=0\) for \(k\in [p],k\ne w\). \(CA_f\) creates a block for this created encrypted vector. Here, \(CA_f\) invokes algorithm 3.1 for range proof with \(VA_f\) acting as a verifier. However, this only proves that a binary vector is encrypted. We also need to ensure that only one value is 1 and rest are 0s. For this, we just need to prove that sum of all the entries in the entire vector in 1 for which zero-knowledge sum proof (ZKSP) \(log_g(c_1)==log_{h_{ECO}}(c_2/g)\) is also provided. Hence, this does not force ECO to verify the legality by decryption using its secret key as \(VA_f\) does it in the encrypted domain.

(5) Final aggregation (Pluralistic): ECO reads the blockchain and aggregates all the constituency ballots to compute the p sized vector of aggregated and encrypted pairs Ans where \(Ans_j = \prod _{i=0}^{t-1} Const_{i,j}\) \(=Enc(m_j)=\{c_{j,1},c_{j,2}\}_{j\in [p]}\). CAs collaborate to compute the common public key \(PK=\prod _{i=0}^{t-1} {h_i}=g^{\sum _{i=0}^{t-1} x_i}\). Decryption can be either performed by ECO directly using \(x_{ECO}\) or through collaboration amongst all the t CAs. An array Fin is created where \(Fin_j=m_{j}\). This process is repeated for all p political parties to completely populate the Fin array. The party u has won the election if \(Fin_{u}==max(Fin)\), i.e., \(u =\) index of maximum value in Fin. It claims majority by itself or forming a coalition government with its allies.

(5.1) \(\mathbf {Tie{-}breaker\_2}\): As at least 2 parties are tied on same seat count, total scores \(Result=\prod _{f=0}^{t-1}\{Res_f\}_{Fin[f]=1}\) are taken into account to break the tie. The party w wins the election if \(Result_w==max(Result)\). It is easy to observe that this tie-breaker favours the parties having national presence over their regional counterparts participating from limited number of constituencies.

The self-explanatory mini numerical example in Fig. 8 describes workflow of algorithms 3, 4 and 5, diagrammatically. In this example, regional party \(P_3\) participating from only two constituencies defeats national level parties \(P_2\) and \(P_4\) in a fiercely contested tie-breaker.

4 Security Analysis

This section explains the arguments for a multitude of security requirements being satisfied for the two phases as follows:

A. Image processing-based voter authentication

(A.1) Visual Cryptography Algorithm: The security of the used visual cryptography algorithm is analysed in order to check whether one of the two shares is revealing any information about the other.

Proof: Out of the two shares, the owner and the master shares, one is completely randomized and the second one is dependent on it and the resulting image through an XOR operation. Obviously, the adversary has no knowledge about the resulting watermarked image leaving him/her no choice other than trying close to \(256^{n^2}\) possible shares through brute-force approach. Here, n is both the length and breadth of the square grayscale image share having possible values for all of its \(n^2\) pixels ranging in [0,255].

(A.2) Owner Share integrity: The biometric images are embedded inside a QR code via 2-level discrete wavelet transform (DWT). The resultant watermarked image and randomized master share (MS) are used to create a legitimate owner share (OS) before its distribution. It is essential to address the scenario when the OS/MS gets compromised.

Proof: Only a valid owner share can generate a valid scannable watermarked image which can be read in order to ascertain the identity of the share owner. Its image hash is stored in a database which can be used to perform a validity check in order to detect any kind of minute tampering. If an adversary steals the MS, he/she will still not be able to create a valid owner share because of the gibberish confidential content encoded in the QR code by the CA. Even if that happens, the hash equality check will fail for his/her invalid OS will not match with any database entry.

(A.3) Eligibility check and prevention of multiple voting: Only eligible users should be able to cast their votes but this should not happen twice from same or different constituencies.

Proof: The partially hashed details encoded in the carrier QR code resulting from the superimposition of MS and the voter’s OS acts as proof of citizenship, eligibility, age and more importantly, constituency. There OS hash present in the enrollment database further confirms this argument. The same OS cannot be reused because of its deactivation and invalidation of its hash in the database ruling out any duplicate voting.

(A.4) Prevention of fake votes through user impersonation: The adversary impersonates an eligible voter by compromising his/her valid OS before the victim votes.

Proof: In this scenario, the biometric images embedded in the superimposed image will not be similar to the attacker’s corresponding physical attributes. Hence, the authentication fails in the first phase itself. Also, the normally expensive process of 1 to n verification through n comparisons replaced by an efficient single superimposition, watermark extraction and scannability check. So, the proposed scheme assures data non-repudiation by relying on the combined strength of what the user has (valid OS) and is (biometrics).

B. Homomorphic encryption and blockchain-based voting

(B.1) Confidentiality and Completeness: The vote privacy preservation along with its accurate aggregation are enabled jointly by additive ElGamal encryption.

Proof: Due to the additive homomorphic nature of the encryption, the final tally must be the correct sum of all valid ballots ensuring their privacy in parallel. Any external adversary A cannot learn about the vote score from the additive ElGamal ciphertext \(c_{f,i}={(g^{r_{f,i}}, g^{m_{f,i}}\cdot y_{CA_f}^{r_{f,i}}})\) which is semantically secure and indistinguishable under chosen-plaintext attack (IND-CPA). As per as per Decisional Diffie-Hellman (DDH) assumption, this reveals nothing about the plaintext \(m_{f,i}\) which can be recovered only by a valid decryption key \(x_{CA_f}\) as \(y_{CA_f}\) was used for encryption. Only intra-constituency aggregate rather than individual scores is decrypted after gathering all voter score cyphers from a constituency. For inter-constituency scenario, the ballot is encrypted with the public key of ECO (\(y_{ECO}=g^{x_{ECO}}\)) who shared its secret key \(x_{ECO}\) amongst the t CAs. This ensures not less than t CAs can collude to decrypt the final aggregate which ECO can decrypt, directly.

(B.2) Ciphertext privacy and legality: It must be ensured that only valid vote ciphertexts should be aggregated while preserving their privacy.

Proof: The vote ciphertext validity check on an individual basis is enabled via a suitable NIPKRP. This partial knowledge set membership proof (PKRP) along with zero-knowledge sum proof (ZKSP) help VAs in discarding all illegal ciphertext vector sent by CA and voters of their respective constituencies in the encrypted domain. Also, vote ciphertext privacy against the fellow constituency voters, ECO and CAs needs to be ensured. This is achieved via distribution of secret multiplicands by VA which prohibit CA and other entities from knowing about the ciphertext or the underlying plaintext even if they possess or leak the secret key used for decryption. Also, VA holding all parameters cannot decrypt the ciphertexts placed in the root nodes of the aggregation subtrees as its public key is not used while encrypting the data and it is oblivious of the corresponding CA secret key. In this manner, receipt-freeness and non-coercion are ensured to a considerable extent.

(B.3) Data integrity, non-repudiation and FDI robustness: Any data forgery or injection of false data is detectable. Also, the voter cannot deny the ownership of the ciphertext it signs and sends.

Proof: The eligible voters \(VAL_{f}\) from constituency f and \(CA_{f}\) hash their bit ciphertext \(b_{f(j,x)}\) with timestamp \(TS_{f,i}\). Any online data modification by the internal or external adversary can be detected by \(VA_f\) through comparison of anti-collision vote hashes ensuring data integrity. The \(VA_f\) is assumed not to conspire with \(VAL_f\) to report fraudulent data and false batch verification status. Also, data non-repudiation is ensured through the distributed multiplicand shares which help VA to authenticate the source of the ciphertexts on one-to-one basis. After intra-constituency level aggregation, all transaction records in the constituency blockchain are made tamperproof through timestamps and hash of the aggregation tree root. Therefore, inter-constituency aggregation is resistant to FDI as well as replay attacks. Hence, a robust and decentralized voting scheme preventing common online attacks is realized.

(B.4) Fairness and Verifiability: The voters and CAs can verify the election result fairness from the submitted ballots. Intermediate results should be completely unknown to any entity.

Proof: The append-only property of the blockchain platform supports verifiability as the posted data can never be forged. The tamperproof records ensure dispute-freeness by enabling verification of the voting result correctness as per the protocol, publicly. All ballots are kept secret during the entire course of the voting process and controlled by several administrators making partial result learning and illegal addition of extra ballot impossible. All CAs passing valid PKRP can collaborate to verify the final election results through a secret sharing mechanism and are able to compute the final tally using the discrete logarithm method. Hence, verifiability along with fairness together ensure the soundness of the proposed cryptosystem. Moreover, a voter can easily verify whether his/her vote has been taken into account for the final result computation by invoking Algorithm 4.1 on his/her constituency aggregation tree.

5 Performance Analysis

In this section, the robustness of the watermarking algorithm used in the biometric authentication phase is tested. This is followed by the theoretical and practical analysis of the algorithms mentioned under the voting phase.

5.1 Theoretical Analysis

Let the parameters, p and w denote the total number of candidates and voters, respectively. The execution times for multiplication and exponential in group \(\mathbb {G}\) are denoted as \(t_{m}\) and \(t_{e}\), respectively. The same for hash calculation is \(t_{h}\). \(|\mathbb {Z}_{p}|\) and \(|\mathbb {G}|\) represent the element sizes for \(\mathbb {Z}_{p}\) and \(\mathbb {G}\), respectively. Let, \(A=<t_{e},t_{m},t_{h}>\) and \(B=<|\mathbb {G}|,|\mathbb {Z}_{p}|>\). The cost vector (CV) is given in Table 1 so that both computation and communication costs can be computed through dot products \(CV\cdot A\) and \(CV\cdot B\), respectively.

Table 1 Theoretical performance
Full size table

5.2 Experimental Analysis

We have implemented and tested the efficiency of our proposed scheme in the Charm crypto platform which is an extensible Python language-based framework for rapid prototyping advanced cryptosystems [52]. We employ a symmetric curve with a 512-bit base ‘SS512’. Group (G) used is a 512-bit multiplicative cyclic prime order group. We conducted the experiments on a system having Intel\({\textcircled {R}}\) Core(TM) i3-5005U CPU @ 2.00 GHz x64-based processor, 4.00 GB RAM and OS: Ubuntu 20:04:2 LTS WSL. The experiments are performed by varying the number of constituencies, maximum candidates or voters per constituency keeping other parameters fixed. Figure 9 presents the computation overheads of different algorithms after taking average of values obtained through 50 different trials, graphically. For a constituency, the number of candidates is fixed at four while varying the number of voters whereas the number of voters is fixed at 20 while varying the number of candidates. Also, the number of constituencies is varied keeping the maximum number of voters and candidates fixed at 100 and 5, respectively. It can be easily observed from the three graphs that the time complexities associated with voting, and the constituency aggregation tree creation vary linearly with the number of voters and candidates. Conversion time from binary to decimal vector in an encrypted domain depends only on the number of candidates. It is intuitive as its computation occurs when the vote are aggregated already ruling out any dependency on the number of voters. It is also indicated that the number of operations required in ensuring whether the vote was taken into account for aggregation vary on a logarithmic scale with respect to the number of voters. Lastly, time complexity for inter-constituency aggregation varies linearly with respect to the number of candidates as well as the constituencies keeping other parameters fixed.

5.3 Usability Analysis

The proposed scheme intends to execute the overall vote ciphertext aggregation procedure in a hierarchical manner. As the number of users increases, it becomes extremely important to keep the processing overhead associated with the operations under a certain bound. The homomorphic encryption is employed to decrease the total number of decryption operations required to obtain the plaintext sum. A few of the phase operations are performed for an entire batch at once in order to optimize the verification procedure. Other techniques also can be integrated in order to make the system scalable which is still an open problem in the concerned research domain. In order to fix a myriad of issues associated with biometric template storage, our proposed biometric authentication mechanism uses the combination of visual cryptography and two-level discrete wavelet transform to rule out the need to perform the comparison between user’s live captured fingerprint, and millions of biometric templates. This makes our system usable for a large-scale application scenario. Nonetheless, deploying the entire system in online mode still may encounter a lot of non-technical challenges. Firstly, the setup related technical jargon, even if simplified through system abstraction, may not be comprehensible to a sizeable portion of the population. Moreover, it cannot be expected for millions inclusive of rural voters to have easy access to the proposed Internet-based technology. Possibly, these limitations mandate a hybrid approach in which such voters can cast their votes through online mode by physically being present at a nearby polling booth. The booth may appoint guides and provide all the prerequisite technical setup and facilities for making the entire procedure simplistic and hassle-free.

Fig. 9
figure 9

Performance of various algorithms

Full size image

6 Future Work and Conclusion

In summary, the advocated novel blockchain-based election framework oriented towards biometric authentication mechanism integrates image processing methodologies, smart contract, digital signature, verifiable secret sharing and partial homomorphic encryption to achieve data unforgeability and non-repudiation for a privacy-preserving, verifiable and cardinal e-voting. Our scheme uses an appropriate tie-breaking policy which is more effective than lottery-based selection. The proposed novel e-voting scheme is premised on the combined strength of blockchain and other techniques. It is designed to fulfil different key security requirements of voting process under any large-scale governance. To achieve source authentication, we advocate a simple and yet, efficient (2,2)-visual cryptography and QR watermarking-based secured biometric template data creation mechanism. This is important as a little security flaw in such scheme designs might result in massive election fraud. Our scheme employs the score-based voting paradigm with a tie-breaker protocol where vote is stored as an array of the score ciphertexts for all the constituency parties with NIPKRP proving the range legality of the values. The privacy, integrity, verifiability, and computability of the score while being encrypted are ensured through the combination of secret distribution, homomorphic cryptosystem, and aggregation tree construction. Hence, decentralized and secure vote casting, and valid score aggregation are realized with a strong perimeter against FDI and other attacks highly improbable under mentioned security assumptions. This scheme certainly lays the foundation for a much more robust election mechanism featuring an efficient algorithm design. This design may feature an amalgamation of the capability to tackle unknown, and unaddressed e-voting challenges, QR code reconstruction and minutiae-based extraction enabling fingerprint recognition along with comparison. This is left as one of the major future works.