使用可記憶密碼的電子投票機制

Abstract

一般的電子投票機制，合法的投票者都持有一私密值，用此私密值來投票，才能投出能通過驗證的合法選票。由於私密值是很複雜難記的，所以大多存在特定的可攜式裝置中，例如：磁片、光碟片、或是智慧卡等，然而，將私密值儲存在可攜式裝置中，卻必須承擔遺失的風險，只要可攜式裝置遺失或是儲存在裡面的私密值被攻擊者知道，則攻擊者可代替合法的投票者投出有效的選票。 有鑑於上述問題的存在，本篇論文將電子投票機制加上可記憶密碼，由投票者記憶長度短的密碼，在投票時除了必須擁有私密值外，還需要知道可記憶密碼，才能成功的完全投票，確保攻擊者即使偷到私密值，在缺乏該投票者密碼的情況下，仍然沒辦法仿冒投票者投出合法的選票。

In general electronic voting scheme, every qualified voter owns one secret value. Every voter must use this secret value to generate ballot that can be verified successfully. Since the length of secret value is long and the content of secret value is hard to memory, we often put our own secret value in some kind of portable device, such as magnetic disc, compact disk, and smart card. However, we must afford the risk of losing the device. If the device is stolen or the secret value is revealed , attacker can forge ballot which can be verified successfully. To solve this problem, we combine electronic voting scheme and memorable password scheme. Even though attacker gets the secret value of some voter, he can’t generate legal ballot without relatively password.