WO2025039447A1

WO2025039447A1 - Electronic voting method and apparatus, and storage medium and electronic device

Info

Publication number: WO2025039447A1
Application number: PCT/CN2023/141472
Authority: WO
Inventors: 刘竹森; 陈梦丽; 刘哲; 曹珍富; 黄振华
Original assignee: Zhejiang Lab
Current assignee: Zhejiang Lab
Priority date: 2023-08-23
Filing date: 2023-12-25
Publication date: 2025-02-27
Anticipated expiration: 2026-02-23
Also published as: CN117218758A

Abstract

Provided in the present disclosure are an electronic voting method and apparatus, and a storage medium and an electronic device. The method comprises: on the basis of masked voting results published by voting parties and received initial tag values, counting masked voting results on the basis of a pre-built vote counting tree, and determining a masked counting result, and first results and intermediate tag values which are outputted by operation nodes; on the basis of a homomorphic commitment function and the intermediate tag values, generating tag commitment values, and publishing the tag commitment values, such that the voting parties publicly verify the masked counting result; and when the verification of the masked counting result is successful, decrypting the masked counting result on the basis of mask bit shares published by the voting parties, determining a final voting result, and publishing the final voting result. By means of verifying a masked counting result, the accuracy of the process of counting voting results is ensured, and when the verification of the masked counting result is successful, the masked counting result is decrypted by using mask bit shares, thereby ensuring the accuracy of a final voting result.

Description

Electronic voting method, device, storage medium and electronic equipment

Technical Field

本公开涉及计算机技术领域，尤其涉及一种电子投票的方法、装置、存储介质及电子设备。The present disclosure relates to the field of computer technology, and in particular to an electronic voting method, device, storage medium and electronic device.

Background Art

随着科技的不断发展，电子投票应用的越来越广泛。目前，在投票过程中，投票方可以根据投票选项，确定选择的选项作为投票结果，并发送给计票方，计票方根据每一个投票方的投票结果，确定最终投票结果。比如在选举过程中，投票选项可以为同意或者不同意，故投票方根据投票选项确定出的投票结果可以为同意与不同意中的一个，计票方根据各投票方的投票结果确定出的最终的投票结果可以为同意的数量与不同意的数量。With the continuous development of science and technology, electronic voting is becoming more and more widely used. At present, during the voting process, the voter can determine the selected option as the voting result based on the voting options and send it to the counting party. The counting party determines the final voting result based on the voting results of each voter. For example, during the election process, the voting options can be agree or disagree, so the voting result determined by the voter based on the voting options can be one of agree and disagree, and the final voting result determined by the counting party based on the voting results of each voter can be the number of agrees and the number of disagrees.

另外，为了保护投票方的隐私以及保证投票方能够按照真实意愿进行投票，必须保证每一个投票方的投票结果的隐私性，也就是除投票方自身之外的其他投票方以及计票方不可获知该投票方的投票结果。并且，还要保证最终投票结果符合各投票方的意愿，也就是要保证计票方确定出的最终投票结果的准确性。因此，如何进行电子投票是一个重要的问题。In addition, in order to protect the privacy of the voters and ensure that they can vote according to their true intentions, the privacy of each voter's voting results must be guaranteed, that is, other voters and vote counting parties other than the voter cannot know the voting results of the voter. In addition, it is also necessary to ensure that the final voting results are in line with the wishes of each voter, that is, to ensure the accuracy of the final voting results determined by the vote counting party. Therefore, how to conduct electronic voting is an important issue.

基于此，本公开提供一种电子投票的方法。Based on this, the present disclosure provides a method for electronic voting.

发明内容Summary of the invention

本公开提供一种电子投票的方法、装置、存储介质及电子设备。The present disclosure provides an electronic voting method, device, storage medium and electronic device.

本公开采用下述技术方案：The present disclosure adopts the following technical solutions:

本公开提供了一种电子投票的方法，所述方法应用于计票方，所述方法包括：The present disclosure provides an electronic voting method, which is applied to a vote counting party, and comprises:

确定各投票方公布的掩码投票结果，以及接收所述各投票方发送的所述掩码投票结果对应的初始标签值，其中，所述掩码投票结果为所述投票方根据掩码比特份额对投票结果进行处理后的结果，所述掩码比特份额为所述投票方基于安全多方计算预处理函数生成的；Determine the masked voting results published by each voting party, and receive the initial label value corresponding to the masked voting results sent by each voting party, wherein the masked voting results are the results of the voting party processing the voting results according to the masked bit shares, and the masked bit shares are generated by the voting party based on the secure multi-party computing preprocessing function;

根据各掩码投票结果以及各初始标签值，基于预先构建的计票树，对所述各掩码投票结果进行统计，确定所述计票树输出的掩码统计结果，以及确定所述计票树包括的多个运算节点中的各运算节点输出的第一结果以及中间标签值；其According to each masked voting result and each initial label value, based on a pre-constructed counting tree, the masked voting results are counted, the masked statistical result output by the counting tree is determined, and the first result and the intermediate label value output by each computing node in the plurality of computing nodes included in the counting tree are determined;

基于同态承诺函数以及各中间标签值，生成标签承诺值，并公布所述标签承诺值以及各第一结果，使所述各投票方根据所述计票方公布的所述标签承诺值以及所述各第一结果，公开验证所述掩码统计结果；Based on the homomorphic commitment function and each intermediate label value, a label commitment value is generated, and the label commitment value and each first result are announced, so that each voting party publicly verifies the masked statistical result according to the label commitment value and each first result announced by the vote counting party;

在所述掩码统计结果验证通过时，确定所述各投票方公布的与所述掩码统计结果对应的掩码比特份额；When the mask statistical result is verified, determining the mask bit shares corresponding to the mask statistical result published by each voting party;

根据各掩码比特份额对所述掩码统计结果进行解密，确定并公布最终投票结果。The masked statistical results are decrypted according to the bit shares of each mask, and the final voting results are determined and announced.

可选地，所述运算节点包括若干与运算单元；Optionally, the computing node includes a plurality of AND computing units;

公布所述标签承诺值以及各第一结果，具体包括：The tag commitment value and each first result are published, specifically including:

针对每一个与运算单元，确定输入该与运算单元的掩码投票结果，以及基于所述安全多方计算预处理函数，确定输入该与运算单元的可验证掩码比特份额和该与运算单元输出的可验证掩码比特份额；For each AND operation unit, determine the mask voting result of the input AND operation unit, and determine the verifiable mask bit share of the input AND operation unit and the AND operation unit based on the secure multi-party computing preprocessing function. The share of verifiably masked bits of the meta-output;

根据确定出的输入和输出的可验证掩码比特份额、以及掩码投票结果，确定该与运算单元的可验证检验比特；Determine the verifiable check bit of the AND operation unit according to the determined verifiable mask bit shares of the input and output and the mask voting result;

根据所述可验证检验比特，确定该与运算单元的消息验证码，并基于所述同态承诺函数，确定所述消息验证码的验证码承诺值；Determine a message authentication code of the AND operation unit according to the verifiable check bit, and determine a verification code commitment value of the message authentication code based on the homomorphic commitment function;

确定各验证码承诺值的和为验证码聚合承诺值，并公布所述验证码聚合承诺值、所述标签承诺值以及所述各第一结果。The sum of the verification code commitment values is determined to be the verification code aggregate commitment value, and the verification code aggregate commitment value, the label commitment value and the first results are published.

可选地，根据各掩码比特份额对所述掩码统计结果进行解密，确定最终投票结果，具体包括：Optionally, decrypting the mask statistical result according to each mask bit share to determine the final voting result specifically includes:

确定所述各投票方公布的与掩码比特份额对应的掩码承诺值；Determining the mask commitment value corresponding to the mask bit share announced by each voting party;

根据各掩码承诺值，对所述各掩码比特份额进行公开验证；Publicly verifying each mask bit share according to each mask commitment value;

在所述各掩码比特份额验证通过时，根据所述各掩码比特份额对所述掩码统计结果进行解密，确定所述最终投票结果。When the verification of each mask bit share is passed, the mask statistical result is decrypted according to each mask bit share to determine the final voting result.

可选地，所述掩码承诺值包括原始承诺值以及其他承诺值；Optionally, the masked commitment value includes an original commitment value and other commitment values;

确定所述各投票方公布的与掩码比特份额对应的掩码承诺值，具体包括：Determining the mask commitment value corresponding to the mask bit share announced by each voting party specifically includes:

针对每一个投票方，确定该投票方公布的掩码比特份额对应的原始承诺值以及其他承诺值，其中，所述原始承诺值为该投票方基于该投票方对应的掩码比特份额确定的承诺值，所述其他承诺值为该投票方基于其他投票方公布的掩码比特份额确定的承诺值；For each voting party, determine the original commitment value and other commitment values corresponding to the mask bit share announced by the voting party, wherein the original commitment value is the commitment value determined by the voting party based on the mask bit share corresponding to the voting party, and the other commitment values are the commitment values determined by the voting party based on the mask bit shares announced by other voting parties;

根据各掩码承诺值，对所述各掩码比特份额进行公开验证，具体包括：According to each mask commitment value, each mask bit share is publicly verified, specifically including:

确定各原始承诺值的和为第一值，以及确定各其他承诺值的和为第二值；Determining a sum of the original commitment values as a first value, and determining a sum of the other commitment values as a second value;

当所述第一值与所述第二值一致时，确定所述各掩码比特份额验证通过。When the first value is consistent with the second value, it is determined that the verification of each mask bit share is passed.

本公开还提供了一种电子投票的方法，所述方法应用于投票方，所述方法包括：The present disclosure also provides an electronic voting method, which is applied to a voting party and includes:

根据投票选项，确定投票结果，并根据计票方预先构建的计票树的拓扑结构，采用安全多方计算预处理函数，生成掩码比特份额；Determine the voting result according to the voting options, and generate the mask bit share using the secure multi-party computing pre-processing function based on the topology of the counting tree pre-built by the counting party;

根据所述掩码比特份额，对所述投票结果进行处理，确定掩码投票结果，并公布，以及生成所述掩码投票结果对应的初始标签值，将所述初始标签值发送给所述计票方，使所述计票方根据各投票方公布的掩码投票结果以及接收到的初始标签值，基于所述计票树，对各掩码投票结果进行统计，确定所述计票树输出的掩码统计结果，以及确定所述计票树包括的多个运算节点中的各运算节点输出的第一结果以及中间标签值，并基于同态承诺函数以及各中间标签值，确定标签承诺值，并公布所述标签承诺值以及各第一结果；The voting results are processed according to the mask bit shares to determine the masked voting results and publish them, and an initial label value corresponding to the masked voting results is generated and sent to the vote counting party, so that the vote counting party counts the masked voting results based on the vote counting tree according to the masked voting results published by each voting party and the received initial label value, determines the masked statistical results output by the vote counting tree, and determines the first result and intermediate label value output by each operation node among the multiple operation nodes included in the vote counting tree, and determines the label commitment value based on the homomorphic commitment function and the intermediate label values, and publishes the label commitment value and each first result;

确定所述计票方公布的标签承诺值以及各第一结果；Determine the label commitment value and each first result published by the vote counting party;

根据所述各第一结果，确定所述计票树中各运算节点输出的标签值，并根据同态承诺函数，确定各标签值的验证承诺值，并公布所述验证承诺值；Determine the label value output by each computing node in the vote counting tree according to each of the first results, determine the verification commitment value of each label value according to the homomorphic commitment function, and publish the verification commitment value;

根据所述标签承诺值以及所述验证承诺值，对所述掩码统计结果进行公开验证；Publicly verifying the mask statistical result according to the label commitment value and the verification commitment value;

在所述掩码统计结果验证通过时，确定所述掩码统计结果对应的掩码比特份额，并公布，使所述计票方根据所述各投票方公布的掩码比特份额对所述掩码统计结果进行解密，确定并公布最终投票结果。When the masked statistical result is verified, the masked bit share corresponding to the masked statistical result is determined and announced, so that the vote counting party decrypts the masked statistical result according to the masked bit shares announced by each voting party, determines and announces the final voting result.

可选地，根据所述标签承诺值以及所述验证承诺值，对所述掩码统计结果进行公开验证，具体包括：Optionally, the mask statistics result is made public according to the label commitment value and the verification commitment value. Verification, including:

确定其他投票方公布的验证承诺值为其他验证承诺值；Determine the verification commitment values announced by other voting parties as other verification commitment values;

对所述其他验证承诺值以及所述验证承诺值进行聚合；Aggregating the other verification commitment values and the verification commitment value;

根据聚合后的承诺值以及所述标签承诺值，对所述掩码统计结果进行公开验证。The mask statistics result is publicly verified according to the aggregated commitment value and the label commitment value.

根据聚合后的承诺值以及所述标签承诺值，对所述掩码统计结果进行公开验证，具体包括：According to the aggregated commitment value and the label commitment value, the mask statistics result is publicly verified, specifically including:

当所述聚合后的承诺值与所述标签承诺值一致时，确定所述其他投票方公布的掩码投票结果；When the aggregated commitment value is consistent with the label commitment value, determining the masked voting results announced by the other voting parties;

针对每一个与运算单元，根据各掩码投票结果以及所述各第一结果，确定输入该与运算单元的掩码投票结果，以及确定输入该与运算单元的可验证掩码比特份额和该与运算单元输出的可验证掩码比特份额；For each AND operation unit, determine the mask voting result input to the AND operation unit according to each mask voting result and each first result, and determine the verifiable mask bit share input to the AND operation unit and the verifiable mask bit share output by the AND operation unit;

根据确定出的输入和输出的可验证掩码比特份额以及所述掩码投票结果，确定该与运算单元的可验证检验比特；Determine the verifiable check bit of the AND operation unit according to the determined verifiable mask bit shares of the input and output and the mask voting result;

确定各验证码承诺值的和为验证聚合承诺值，并公布所述验证聚合承诺值；Determine the sum of the verification code commitment values as the verification aggregate commitment value, and publish the verification aggregate commitment value;

确定所述计票方公布的验证码聚合承诺值，并根据所述验证码聚合承诺值以及所述验证聚合承诺值，对所述掩码统计结果进行公开验证。Determine the verification code aggregate commitment value announced by the vote counting party, and publicly verify the mask statistical result based on the verification code aggregate commitment value and the verification aggregate commitment value.

可选地，确定所述掩码统计结果对应的掩码比特份额，并公布，具体包括：Optionally, determining a mask bit share corresponding to the mask statistical result and announcing it specifically includes:

确定所述掩码统计结果对应的掩码比特份额；Determining a mask bit share corresponding to the mask statistical result;

基于所述同态承诺函数，确定所述掩码比特份额对应的掩码承诺值，并公布，使所述计票方根据所述各投票方公布的与掩码比特份额对应的掩码承诺值，对所述各掩码比特份额进行公开验证。Based on the homomorphic commitment function, the mask commitment value corresponding to the mask bit share is determined and announced, so that the vote counting party can publicly verify the mask bit shares according to the mask commitment value corresponding to the mask bit share announced by each voting party.

基于所述同态承诺函数，确定所述掩码比特份额对应的掩码承诺值，并公布，具体包括：Based on the homomorphic commitment function, determining a mask commitment value corresponding to the mask bit share and announcing it, specifically including:

基于所述同态承诺函数，确定所述掩码比特份额对应的承诺值为原始承诺值；Based on the homomorphic commitment function, determining that the commitment value corresponding to the masked bit share is an original commitment value;

确定其他投票方公布的与所述掩码统计结果对应的掩码比特份额，并根据所述其他投票方公布的掩码比特份额，基于所述同态承诺函数，确定其他承诺值，并公布所述掩码比特份额、所述原始承诺值以及所述其他承诺值。Determine the mask bit shares corresponding to the mask statistical results published by other voting parties, and determine other commitment values based on the mask bit shares published by other voting parties and the homomorphic commitment function, and publish the mask bit shares, the original commitment value and the other commitment values.

本公开提供了一种电子投票的装置，所述装置应用于计票方，所述装置包括：The present disclosure provides an electronic voting device, which is applied to a vote counting party, and includes:

第一确定模块，用于确定各投票方公布的掩码投票结果，以及接收所述各投票方发送的所述掩码投票结果对应的初始标签值，其中，所述掩码投票结果为所述投票方根据掩码比特份额对投票结果进行处理后的结果，所述掩码比特份额为所述投票方基于安全多方计算预处理函数生成的；A first determination module is used to determine the masked voting results announced by each voting party, and receive the initial label value corresponding to the masked voting results sent by each voting party, wherein the masked voting results are the results after the voting party processes the voting results according to the masked bit shares, and the masked bit shares are generated by the voting party based on the secure multi-party computing preprocessing function;

计票模块，用于根据各掩码投票结果以及各初始标签值，基于预先构建的计票树，对所述各掩码投票结果进行统计，确定所述计票树输出的掩码统计结果，以及确定所述计票树包括的多个运算节点中的各运算节点输出的第一结果以及中间标签值； A vote counting module is used to count the masked voting results and the initial label values based on a pre-constructed vote counting tree, determine the masked statistical results output by the vote counting tree, and determine the first result and the intermediate label value output by each operation node among the multiple operation nodes included in the vote counting tree;

公布模块，用于基于同态承诺函数以及各中间标签值，生成标签承诺值，并公布所述标签承诺值以及各第一结果，使所述各投票方根据所述计票方公布的所述标签承诺值以及所述各第一结果，公开验证所述掩码统计结果；A publishing module, used to generate a label commitment value based on the homomorphic commitment function and each intermediate label value, and publish the label commitment value and each first result, so that each voting party publicly verifies the mask statistical result according to the label commitment value and each first result published by the vote counting party;

第二确定模块，用于在所述掩码统计结果验证通过时，确定所述各投票方公布的与所述掩码统计结果对应的掩码比特份额；A second determination module is used to determine the mask bit shares corresponding to the mask statistical result published by each voting party when the mask statistical result is verified;

解密模块，用于根据各掩码比特份额对所述掩码统计结果进行解密，确定并公布最终投票结果。The decryption module is used to decrypt the mask statistical results according to the bit shares of each mask, and determine and publish the final voting results.

本公开还提供了一种电子投票的装置，所述装置应用于投票方，所述装置包括：The present disclosure also provides an electronic voting device, which is applied to a voting party and includes:

生成模块，用于根据投票选项，确定投票结果，并根据计票方预先构建的计票树的拓扑结构，采用安全多方计算预处理函数，生成掩码比特份额；A generation module is used to determine the voting result according to the voting options, and generate the mask bit share according to the topological structure of the counting tree pre-built by the counting party by using a secure multi-party computing pre-processing function;

发送模块，用于根据所述掩码比特份额，对所述投票结果进行处理，确定掩码投票结果，并公布，以及生成所述掩码投票结果对应的标签值，将所述标签值发送给所述计票方，使所述计票方根据各投票方公布的掩码投票结果以及接收到的标签值，基于所述计票树，对各掩码投票结果进行统计，确定所述计票树输出的掩码统计结果，以及确定所述计票树包括的多个运算节点中的各运算节点输出的第一结果以及中间标签值，并基于同态承诺函数以及各中间标签值，确定标签承诺值，并公布所述标签承诺值以及各第一结果；A sending module, used to process the voting results according to the mask bit share, determine the masked voting results, and publish them, and generate a label value corresponding to the masked voting results, and send the label value to the vote counting party, so that the vote counting party counts the masked voting results based on the vote counting tree according to the masked voting results published by each voting party and the received label value, determines the masked statistical results output by the vote counting tree, and determines the first result and intermediate label value output by each operation node among the multiple operation nodes included in the vote counting tree, and determines the label commitment value based on the homomorphic commitment function and the intermediate label values, and publishes the label commitment value and each first result;

确定模块，用于确定所述计票方公布的标签承诺值以及各第一结果；A determination module, used to determine the label commitment value and each first result published by the vote counting party;

承诺模块，用于根据所述各第一结果，确定所述计票树中各运算单元输出的标签值，并根据同态承诺函数，确定各标签值的验证承诺值，并公布所述验证承诺值；A commitment module, used to determine the label value output by each operation unit in the vote counting tree according to the first results, determine the verification commitment value of each label value according to the homomorphic commitment function, and publish the verification commitment value;

验证模块，用于根据所述标签承诺值以及所述验证承诺值，对所述掩码统计结果进行公开验证；A verification module, used for publicly verifying the mask statistical result according to the label commitment value and the verification commitment value;

掩码模块，用于在所述掩码统计结果验证通过时，确定所述掩码统计结果对应的掩码比特份额，并公布，使所述计票方根据所述各投票方公布的掩码比特份额对所述掩码统计结果进行解密，确定并公布最终投票结果。The mask module is used to determine and announce the mask bit share corresponding to the mask statistical result when the mask statistical result is verified, so that the vote counting party decrypts the mask statistical result according to the mask bit share announced by each voting party, determines and announces the final voting result.

本公开提供了一种计算机可读存储介质，所述存储介质存储有计算机程序，所述计算机程序被处理器执行时实现上述电子投票的方法。The present disclosure provides a computer-readable storage medium, wherein the storage medium stores a computer program, and when the computer program is executed by a processor, the electronic voting method is implemented.

本公开提供了一种电子设备，包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序，所述处理器执行所述程序时实现上述电子投票的方法。The present disclosure provides an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the above-mentioned electronic voting method when executing the program.

本公开采用的上述至少一个技术方案能够达到以下有益效果：At least one of the above technical solutions adopted in the present disclosure can achieve the following beneficial effects:

本公开提供的电子投票的方法，确定各投票方公布的掩码投票结果，以及接收各投票方发送的掩码投票结果对应的初始标签值。之后，根据各掩码投票结果以及各初始标签值，基于预先构建的计票树，对各掩码投票结果进行统计，确定计票树输出的掩码统计结果，以及确定计票树包括的多个运算节点中的各运算节点输出的第一结果以及中间标签值。再基于同态承诺函数以及各中间标签值，生成标签承诺值，并公布标签承诺值以及各第一结果，使各投票方根据计票方公布的标签承诺值以及各第一结果，公开验证掩码统计结果。之后，在掩码统计结果验证通过时，确定各投票方公布的与掩码统计结果对应的掩码比特份额，并根据各掩码比特份额对掩码统计结果进行解密，确定并公布最终投票结果。The electronic voting method provided by the present disclosure determines the masked voting results announced by each voting party, and receives the initial label value corresponding to the masked voting results sent by each voting party. Afterwards, according to each masked voting result and each initial label value, based on the pre-constructed counting tree, each masked voting result is counted, the masked statistical results output by the counting tree are determined, and the first result and the intermediate label value output by each computing node in the multiple computing nodes included in the counting tree are determined. Then, based on the homomorphic commitment function and each intermediate label value, a label commitment value is generated, and the label commitment value and each first result are announced, so that each voting party publicly verifies the masked statistical results according to the label commitment value and each first result announced by the counting party. Afterwards, when the masked statistical results are verified, the masked bit share corresponding to the masked statistical results announced by each voting party is determined, and the masked statistical results are decrypted according to each masked bit share, and the final voting results are determined and announced.

从上述方法中可以看出，本公开在进行电子投票时，确定各投票方公布的掩码投票结果，以及接收各投票方发送的掩码投票结果对应的初始标签值。掩码投票结果为投票方根据掩码比特份额对投票结果进行处理后的结果，使得可以保护各投票方的投票结果中包含的隐私。之后，根据各掩码投票结果以及各初始标签值，基于预先构建的计票树，对各掩码投票结果进行统计，确定计票树输出的掩码统计结果，以及确定计票树包括的多个运算节点中的各运算节点输出的第一结果以及中间标签值。再基于同态承诺函数以及各中间标签值，生成标签承诺值，并公布标签承诺值以及各第一结果，使各投票方根据计票方公布的标签承诺值以及各第一结果，公开验证掩码统计结果。之后，在掩码统计结果验证通过时，确定各投票方公布的与掩码统计结果对应的掩码比特份额，并根据各掩码比特份额对掩码统计结果进行解密，确定并公布最终投票结果，使得投票方可以通过验证掩码统计结果的准确性，以此来保证计票方统计投票结果的过程的准确性。在掩码统计结果验证通过时采用各掩码比特份额对掩码统计结果进行解密，保证最终投票结果的准确性。It can be seen from the above method that when conducting electronic voting, the present disclosure determines the masked voting results announced by each voting party, and receives the initial label value corresponding to the masked voting results sent by each voting party. The masked voting result is the result after the voting party processes the voting result according to the mask bit share, so that the votes of each voting party can be protected. The privacy contained in the result. Afterwards, according to each masked voting result and each initial label value, based on the pre-constructed counting tree, each masked voting result is counted, the masked statistical result output by the counting tree is determined, and the first result and the intermediate label value output by each computing node in the multiple computing nodes included in the counting tree are determined. Then, based on the homomorphic commitment function and each intermediate label value, a label commitment value is generated, and the label commitment value and each first result are announced, so that each voting party publicly verifies the masked statistical result according to the label commitment value and each first result announced by the counting party. Afterwards, when the masked statistical result is verified, the masked bit share corresponding to the masked statistical result announced by each voting party is determined, and the masked statistical result is decrypted according to each masked bit share, and the final voting result is determined and announced, so that the voting party can verify the accuracy of the masked statistical result, thereby ensuring the accuracy of the process of the counting party counting the voting results. When the masked statistical result is verified, each masked bit share is used to decrypt the masked statistical result to ensure the accuracy of the final voting result.

BRIEF DESCRIPTION OF THE DRAWINGS

此处所说明的附图用来提供对本公开的进一步理解，构成本公开的一部分，本公开的示意性实施例及其说明用于解释本公开，并不构成对本公开的不当限定。在附图中：The drawings described herein are used to provide a further understanding of the present disclosure and constitute a part of the present disclosure. The illustrative embodiments of the present disclosure and their descriptions are used to explain the present disclosure and do not constitute an improper limitation on the present disclosure. In the drawings:

图1为本公开实施例提供的一种电子投票的方法的流程示意图。FIG1 is a flow chart of an electronic voting method provided in an embodiment of the present disclosure.

图2为本公开实施例提供的一种计票树的示意图。FIG2 is a schematic diagram of a vote counting tree provided in an embodiment of the present disclosure.

图3为本公开实施例提供的另一种电子投票的方法的流程示意图。FIG3 is a flow chart of another electronic voting method provided in an embodiment of the present disclosure.

图4为本公开实施例提供的一种电子投票的装置的结构示意图。FIG4 is a schematic diagram of the structure of an electronic voting device provided in an embodiment of the present disclosure.

图5为本公开实施例提供的另一种电子投票的装置的结构示意图。FIG5 is a schematic diagram of the structure of another electronic voting device provided in an embodiment of the present disclosure.

图6为本公开实施例提供的一种电子设备的结构示意图。FIG. 6 is a schematic diagram of the structure of an electronic device provided in an embodiment of the present disclosure.

DETAILED DESCRIPTION

为使本公开的目的、技术方案和优点更加清楚，下面将结合本公开具体实施例及相应的附图对本公开技术方案进行清楚、完整地描述。显然，所描述的实施例仅是本公开一部分实施例，而不是全部的实施例。基于本公开中的实施例，本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例，都属于本公开保护的范围。In order to make the purpose, technical solutions and advantages of the present disclosure clearer, the technical solutions of the present disclosure will be clearly and completely described below in combination with the specific embodiments of the present disclosure and the corresponding drawings. Obviously, the described embodiments are only part of the embodiments of the present disclosure, not all of the embodiments. Based on the embodiments in the present disclosure, all other embodiments obtained by ordinary technicians in this field without making creative work are within the scope of protection of the present disclosure.

以下结合附图，详细说明本公开各实施例提供的技术方案。The technical solutions provided by various embodiments of the present disclosure are described in detail below in conjunction with the accompanying drawings.

本公开提供了一种电子投票的方法，所述方法应用于计票方，如图1所示，图1为本公开实施例提供的一种电子投票的方法的流程示意图，包括以下步骤S100～S108。The present disclosure provides an electronic voting method, which is applied to a vote counter, as shown in FIG1 . FIG1 is a flow chart of an electronic voting method provided by an embodiment of the present disclosure, including the following steps S100 to S108 .

S100：确定各投票方公布的掩码投票结果，以及接收所述各投票方发送的所述掩码投票结果对应的初始标签值，其中，所述掩码投票结果为所述投票方根据掩码比特份额对投票结果进行处理后的结果，所述掩码比特份额为所述投票方基于安全多方计算预处理函数生成的。S100: Determine the masked voting results announced by each voting party, and receive the initial label value corresponding to the masked voting results sent by each voting party, wherein the masked voting results are the results after the voting party processes the voting results according to the masked bit shares, and the masked bit shares are generated by the voting party based on the secure multi-party computing preprocessing function.

在投票场景中，投票方根据投票选项，确定所选的选项为投票结果，并将投票结果告知计票方，计票方根据各投票方的投票结果，确定并公布最终投票结果，各投票方可以获知最终投票结果。投票场景可以为对待选人进行投票的场景、对待选事物进行投票的场景，本公开不做具体限定。不同的投票场景，投票方、计票方、投票选项以及投票结果可能不同。在选举场景中，投票方可以为选民或者选民所使用的投票设备，计票方可以为用于统计选民票数的计票人或者计票人所使用的计票设备，投票选项可以为同意待选人当选以及不同意待选人当选两个选项。投票方可以从两个选项中选择一个选项作为投票结果，并告知计票方，计票方根据各投票方的投票结果，确定并公布最终投票结果，该最终投票结果可以为同意或者不同意中的一个，还可以为同意与不同意的数量。后续可以根据最终投票结果确定待选人是否当选。 In the voting scenario, the voting party determines the selected option as the voting result according to the voting options, and informs the counting party of the voting results. The counting party determines and announces the final voting result according to the voting results of each voting party, and each voting party can know the final voting result. The voting scenario can be a scenario of voting for the candidate or a scenario of voting for the object to be elected, which is not specifically limited in this disclosure. In different voting scenarios, the voting party, the counting party, the voting options and the voting results may be different. In the election scenario, the voting party can be a voter or a voting device used by the voter, the counting party can be a vote counter for counting the votes of the voters or a counting device used by the counting party, and the voting options can be two options of agreeing to the election of the candidate and disagreeing to the election of the candidate. The voting party can choose one of the two options as the voting result and inform the counting party. The counting party determines and announces the final voting result according to the voting results of each voting party. The final voting result can be one of agreeing or disagreeing, and can also be the number of agreeing and disagreeing. It can be determined whether the candidate is elected according to the final voting result.

另外，在方案评估场景中，投票方可以为部门或者小组的成员或者各成员使用的投票设备，计票方可以为除部门或者小组之外的任意成员或者用于统计票数的设备，投票选项可以为待选方案通过以及待选方案不通过。待选方案为部门或者小组成员针对某一业务提出的方案，比如针对商品的经营方案。投票方可以从两个选项中选择一个选项作为投票结果，并告知计票方，计票方根据各投票方的投票结果，确定并公布最终投票结果，该最终投票结果可以为通过或者不通过中的一个，还可以为通过与不通过的数量。后续根据最终投票结果确定待选方案是否通过，若待选方案通过，后续可以按照待选方案执行业务，若待选方案不通过，则需要小组或者部门的成员重新提出方案。In addition, in the scenario of program evaluation, the voting party can be a member of a department or group or a voting device used by each member, the counting party can be any member other than the department or group or a device used to count votes, and the voting options can be whether the candidate program is passed or not. The candidate program is a program proposed by a department or group member for a certain business, such as a business plan for a commodity. The voting party can choose one of the two options as the voting result and inform the counting party. The counting party determines and announces the final voting result based on the voting results of each voting party. The final voting result can be one of passing or not passing, or the number of passing and not passing. Subsequently, whether the candidate program is passed is determined based on the final voting result. If the candidate program is passed, the business can be executed according to the candidate program. If the candidate program is not passed, the members of the group or department need to re-propose a plan.

但是，在投票场景中，需要保证投票方的隐私以及保证计票方确定出的最终投票结果的准确性。基于此，在电子投票中，用于统计票数(即各投票方的投票结果)的设备，即计票方，可以确定各投票方公布的掩码投票结果，以及接收各投票方发送的掩码投票结果对应的初始标签值，其中，计票方可以是系统、服务器，也可以是诸如台式电脑、笔记本电脑等电子设备。为了便于描述，下面以计票方为执行主体，对本公开提供的电子投票的方法进行说明。投票方可以为投票人所使用的投票设备，投票设备可以为终端、服务器、系统等，本公开不做具体限定。掩码投票结果为投票方根据掩码比特份额对投票结果进行处理后的结果，掩码比特份额为投票方基于安全多方计算(Secure Multi-party Computation,MPC)预处理函数生成的。掩码投票结果对应的初始标签值为投票方基于掩码投票结果随机生成的比特串。安全多方计算预处理函数为已有的安全多方计算库中的函数，该安全多方计算预处理函数可以基于计票树生成各投票方以及计票方的全局密钥、输入计票树中各运算节点的数据的掩码比特份额、计票树中各运算节点输出的数据的掩码比特份额、所需验证的各掩码比特份额的消息验证码以及各消息验证码对应的密钥。However, in the voting scenario, it is necessary to ensure the privacy of the voting party and the accuracy of the final voting results determined by the vote counting party. Based on this, in electronic voting, the device used to count the number of votes (i.e., the voting results of each voting party), i.e., the vote counting party, can determine the masked voting results announced by each voting party, and receive the initial label value corresponding to the masked voting results sent by each voting party, wherein the vote counting party can be a system, a server, or an electronic device such as a desktop computer or a laptop computer. For the convenience of description, the method of electronic voting provided by the present disclosure is described below with the vote counting party as the execution subject. The voting party can be the voting device used by the voter, and the voting device can be a terminal, a server, a system, etc., which is not specifically limited in the present disclosure. The masked voting result is the result after the voting party processes the voting result according to the masked bit share, and the masked bit share is generated by the voting party based on the secure multi-party computation (MPC) preprocessing function. The initial label value corresponding to the masked voting result is a bit string randomly generated by the voting party based on the masked voting result. The secure multi-party computing preprocessing function is a function in the existing secure multi-party computing library. The secure multi-party computing preprocessing function can generate the global keys of each voting party and the vote counting party based on the vote counting tree, the mask bit shares of the data input to each operation node in the vote counting tree, the mask bit shares of the data output by each operation node in the vote counting tree, the message verification code of each mask bit share that needs to be verified, and the key corresponding to each message verification code.

为了保证投票方的隐私，也就是保证投票方的投票结果不被泄露，投票方可以根据投票选项，确定投票结果，并根据计票方预先构建的计票树的拓扑结构，采用安全多方计算预处理函数，生成掩码比特份额。再采用掩码比特份额对投票结果进行加密，得到掩码投票结果，并公布。投票方还可以生成掩码投票结果对应的初始标签值，并将初始标签值发送给计票方。后续计票方可以确定各投票方公布的掩码投票结果，以及接收各投票方发送的掩码投票结果对应的初始标签值。其中，计票方可以预先公布预先构建的计票树，使投票方根据计票方公布的计票树的拓扑结构，确定掩码比特份额。初始标签值可以为投票方基于掩码投票结果随机生成的比特串，当掩码投票结果的比特值为0时，投票方可以随机生成K比特的比特串作为初始标签值，当掩码投票结果的比特值为1时，投票方可以将比特值为0时生成的比特串与预先存储的全局密钥进行异或(XOR)运算，将异或运算后的结果作为初始标签值。K为自然数，可以预先设置。该全局密钥可以为投票方预先基于安全多方计算预处理函数生成的。In order to ensure the privacy of the voter, that is, to ensure that the voting results of the voter are not disclosed, the voter can determine the voting results according to the voting options, and use the secure multi-party computing preprocessing function to generate the mask bit share according to the topological structure of the counting tree pre-constructed by the counting party. The voting result is then encrypted using the mask bit share to obtain the masked voting result and publish it. The voter can also generate an initial label value corresponding to the masked voting result and send the initial label value to the counting party. The counting party can subsequently determine the masked voting results published by each voting party, and receive the initial label value corresponding to the masked voting results sent by each voting party. Among them, the counting party can pre-publish the pre-constructed counting tree, so that the voter can determine the mask bit share according to the topological structure of the counting tree published by the counting party. The initial label value can be a bit string randomly generated by the voting party based on the masked voting result. When the bit value of the masked voting result is 0, the voting party can randomly generate a K-bit bit string as the initial label value. When the bit value of the masked voting result is 1, the voting party can perform an XOR operation on the bit string generated when the bit value is 0 and the pre-stored global key, and use the result of the XOR operation as the initial label value. K is a natural number and can be pre-set. The global key can be generated by the voting party in advance based on the secure multi-party computing preprocessing function.

S102：根据各掩码投票结果以及各初始标签值，基于预先构建的计票树，对所述各掩码投票结果进行统计，确定所述计票树输出的掩码统计结果，以及确定所述计票树包括的多个运算节点中的各运算节点输出的第一结果以及中间标签值。S102: According to each masked voting result and each initial label value, based on a pre-constructed counting tree, the masked voting results are counted to determine the masked statistical results output by the counting tree, and the first result and intermediate label value output by each of the multiple computing nodes included in the counting tree.

S104：基于同态承诺函数以及各中间标签值，生成标签承诺值，并公布所述标签承诺值以及各第一结果，使所述各投票方根据所述计票方公布的所述标签承诺值以及所述各第一结果，公开验证所述掩码统计结果。S104: Generate a label commitment value based on the homomorphic commitment function and each intermediate label value, and publish the label commitment value and each first result, so that each voting party publicly verifies the mask statistical result according to the label commitment value and each first result published by the counting party.

计票方根据各掩码投票结果以及各初始标签值，基于预先构建的计票树，对各掩码投票结果进行统计，确定计票树输出的掩码统计结果，以及确定各运算节点输出的第一结果以及中间标签值。之后，基于同态承诺(Homomorphic Commitment)函数以及各中间标签值，生成标签承诺值，并公布标签承诺值以及各第一结果，使各投票方根据计票方公布的标签承诺值以及各第一结果，公开验证掩码统计结果。 The counting party counts the masked voting results and the initial label values based on the pre-built counting tree, determines the masked statistical results output by the counting tree, and determines the first result and the intermediate label value output by each operation node. Afterwards, based on the homomorphic commitment function and the intermediate label values, the label commitment value is generated, and the label commitment value and the first results are announced, so that each voting party can publicly verify the masked statistical results based on the label commitment value and the first results announced by the counting party.

其中，公布标签承诺值以及各第一结果为向各投票方以及第三方公布标签承诺值以及各第一结果，第三方为除投票方以及计票方之外的人或者设备，比如在选举场景中，第三方可以为除待选人、选民或者投票设备、以及计票人或者计票设备之外的人或者设备。由于标签承诺值以及各第一结果是面向所有人或者设备公开的，故除上述各投票设备可以验证掩码统计结果之外，第三方也可以验证掩码统计结果，本公开不做具体限定。下述过程中的公开验证也表示除了各投票方和计票方可以验证之外，第三方也可以验证。Among them, publishing the label commitment value and each first result is to publish the label commitment value and each first result to each voting party and a third party. The third party is a person or device other than the voting party and the vote counting party. For example, in an election scenario, the third party can be a person or device other than the candidate, the voter or the voting device, and the vote counter or the vote counting device. Since the label commitment value and each first result are open to all people or devices, in addition to the above-mentioned voting devices being able to verify the masked statistical results, a third party can also verify the masked statistical results, and this disclosure does not make specific limitations. The public verification in the following process also means that in addition to the voting parties and the vote counting parties, a third party can also verify it.

计票树为计票方基于投票方的数量预先构建的。计票树包括若干运算节点以及叶子节点，计票树中的叶子节点表示各投票方对应的投票结果，每一个叶子节点表征一个投票方的投票结果。计票树中除叶子节点之外的其他节点均为运算节点，运算节点用于对输入该运算节点的数据进行异或运算、与(AND)运算等。计票树中的根运算节点输出的结果为对各投票方的投票结果进行统计后的最终投票结果。在一实施例中，对于计票树中的叶子节点的上游节点(即运算节点)来说，有两个投票方的投票结果输入该上游节点，对于该上游节点的上游节点来说，可以有四个投票方向该上游节点的上游节点中输入数据。The counting tree is pre-constructed by the counting party based on the number of voting parties. The counting tree includes a number of operation nodes and leaf nodes. The leaf nodes in the counting tree represent the voting results corresponding to each voting party, and each leaf node represents the voting result of a voting party. All nodes in the counting tree except the leaf nodes are operation nodes, and the operation nodes are used to perform XOR operations, AND operations, etc. on the data input into the operation node. The result output by the root operation node in the counting tree is the final voting result after the voting results of each voting party are counted. In one embodiment, for the upstream node (i.e., the operation node) of the leaf node in the counting tree, the voting results of two voting parties are input into the upstream node, and for the upstream node of the upstream node, four voting directions can input data into the upstream node of the upstream node.

例如，如图2所示，图2为本公开实施例提供的一种计票树的示意图，假设进行电子投票的投票方有n个，分别是投票方D₁～投票方D_n，各投票方对应的输入为V₁～V_n，将V₁～V_n作为计票树的叶子节点。由于统计票数过程可以表示为V₁+V₂+V₃+V₄+...+V_n，也可以表示为(V₁+V₂)+(V₃+V₄)+...+(V_n-1+V_n)＝[(V₁+V₂)+(V₃+V₄)]+...+(V_n-1+V_n)]，故在计票树的底层，可以将每两个叶子节点作为其上游节点的输入，比如叶子节点的V₁和V₂作为二者上游节点的输入，该上游节点为运算节点。从计票树的叶子节点的上游节点到顶层的过程中，每两个运算节点的输出作为其上游节点的输入。在图2中方框中有“+”的节点表示计票树中的运算节点，并且逐层增加运算节点的运算比特。两个叶子节点的上游运算节点的运算比特为1bit，该上游运算节点的上游运算节点的运算比特为2bit，逐层增加运算节点的运算比特，直到根运算节点。根运算节点输出的结果为V₁+V₂+V₃+V₄+...+V_n，该根运算节点的运算比特为log nbit。For example, as shown in FIG2, FIG2 is a schematic diagram of a vote counting tree provided by an embodiment of the present disclosure. Assume that there are n voting parties conducting electronic voting, namely, voting party _D1 to voting party _Dn , and the corresponding input of each voting party is _V1 to _Vn , and _V1 to _Vn are used as leaf nodes of the vote counting tree. Since the process of counting votes can be expressed as _V1 + _V2 + _V3 + _V4 +...+ _Vn , or can be expressed as ( _V1 + _V2 )+( _V3 + _V4 )+...+(Vn _-1 + _Vn )=[( _V1 + _V2 )+( _V3 + _V4 )]+...+(Vn _-1 + _Vn )], at the bottom layer of the vote counting tree, every two leaf nodes can be used as inputs of their upstream nodes, for example, _V1 and _V2 of the leaf nodes are used as inputs of their upstream nodes, and the upstream nodes are operation nodes. In the process from the upstream node of the leaf node of the vote counting tree to the top layer, the output of every two operation nodes is used as the input of its upstream node. The nodes with "+" in the box in Figure 2 represent the operation nodes in the vote counting tree, and the operation bits of the operation nodes are increased layer by layer. The operation bits of the upstream operation nodes of the two leaf nodes are 1 bit, and the operation bits of the upstream operation nodes of the upstream operation nodes are 2 bits. The operation bits of the operation nodes are increased layer by layer until the root operation node. The result output by the root operation node is V ₁ +V ₂ +V ₃ +V ₄ +...+V _n , and the operation bits of the root operation node are log n bits.

上述同态承诺函数用于对标签值进行处理，可以通过向标签值添加随机因子的方式对该标签值进行处理。上述在基于同态承诺函数以及各中间标签值，生成标签承诺值时，计票方可以基于同态承诺函数，确定各中间标签值对应的承诺值，将各承诺值的和作为标签承诺值。当然，计票方还可以先确定各中间标签值的和，再基于同态承诺函数，确定各中间标签值的和的承诺值为标签承诺值。标签承诺值用于投票方验证计票方统计投票结果的过程中所有运算节点或者运算单元输出的标签值是否正确，通过验证标签值是否准确，确定计票方基于运算节点或者运算单元得到的掩码统计结果是否准确。The above-mentioned homomorphic commitment function is used to process the label value, and the label value can be processed by adding a random factor to the label value. When the label commitment value is generated based on the homomorphic commitment function and each intermediate label value, the vote counting party can determine the commitment value corresponding to each intermediate label value based on the homomorphic commitment function, and use the sum of each commitment value as the label commitment value. Of course, the vote counting party can also first determine the sum of each intermediate label value, and then determine the commitment value of the sum of each intermediate label value as the label commitment value based on the homomorphic commitment function. The label commitment value is used by the voting party to verify whether the label values output by all computing nodes or computing units in the process of the counting party counting the voting results are correct. By verifying whether the label value is accurate, it is determined whether the mask statistical results obtained by the counting party based on the computing nodes or computing units are accurate.

具体的，计票方根据各掩码投票结果以及各初始标签值，依次针对预先构建的计票树中的每一个运算节点，确定输入该运算节点的掩码投票结果以及标签值，并根据输入该运算节点的掩码投票结果，确定该运算节点输出的掩码投票结果，作为第一结果，以及根据输入该运算节点的标签值，确定该运算节点输出的标签值，作为中间标签值。之后，将该运算节点输出的掩码投票结果作为输入该运算节点的下一个运算节点的掩码投票结果，以及将该运算节点输出的标签值作为输入该运算节点的下一个运算节点的标签值，直到确定出最后一个运算节点输出的掩码投票结果以及标签值，将最后一个运算节点输出的掩码投票结果作为计票树的输出的掩码统计结果。之后，计票方基于同态承诺函数以及各中间标签值，生成标签承诺值，并公布标签承诺值以及各第一结果，使各投票方根据计票方公布的标签承诺值以及各第一结果，公开验证掩码统计结果。Specifically, the vote counting party determines the masked voting result and label value of each operation node in the pre-constructed vote counting tree according to each masked voting result and each initial label value, and determines the masked voting result output by the operation node according to the masked voting result input to the operation node as the first result, and determines the label value output by the operation node according to the label value input to the operation node as the intermediate label value. Afterwards, the masked voting result output by the operation node is used as the masked voting result of the next operation node input to the operation node, and the label value output by the operation node is used as the label value of the next operation node input to the operation node, until the masked voting result and label value output by the last operation node are determined, and the masked voting result output by the last operation node is used as the masked statistical result of the output of the vote counting tree. Afterwards, the vote counting party generates a label commitment value based on the homomorphic commitment function and each intermediate label value, and publishes the label commitment value and each first result, so that each voting party publicly verifies the masked statistical result according to the label commitment value and each first result published by the vote counting party.

其中，该运算节点的下一个运算节点为以该运算节点输出的掩码投票结果以及标签值作为输入的运算节点。在确定输入该运算节点的掩码投票结果以及标签值时，若该运算节点为计票树中叶子节点的上游运算节点时，则输入该运算节点的掩码投票结果以及标签值为各投票方公布的各掩码投票结果以及接收到的各初始标签值中的一个。若该运算节点不为计票树中叶子节点的上游运算节点时，则输入该运算节点的掩码投票结果以及标签值为该运算节点的上一个运算节点输出的掩码投票结果以及标签值。The next operation node of this operation node is the mask voting result and label output by this operation node. The value is used as the input computing node. When determining the masked voting result and label value input to the computing node, if the computing node is the upstream computing node of the leaf node in the vote counting tree, the masked voting result and label value input to the computing node is one of the masked voting results announced by each voting party and the initial label values received. If the computing node is not the upstream computing node of the leaf node in the vote counting tree, the masked voting result and label value input to the computing node is the masked voting result and label value output by the previous computing node of the computing node.

在本公开中，运算节点中可以包含异或运算单元，一个运算节点中可以包括一个或者多个异或运算单元，故当各运算节点分别包括若干异或运算单元时，在上述步骤S102中，计票方可以根据各掩码投票结果以及各初始标签值，针对计票树中的每一个运算节点，且依次针对该运算节点中的每一个异或运算单元，确定输入该异或运算单元的掩码投票结果以及标签值，将确定出的掩码投票结果进行异或运算，确定该异或运算单元输出的掩码投票结果，作为第一结果。以及将确定出的标签值进行异或运算，确定该异或运算单元输出的标签值，作为中间标签值。之后，将该异或运算单元输出的掩码投票结果作为输入该异或运算单元的下一个异或运算单元的掩码投票结果，以及将该异或运算单元输出的标签值作为输入该异或运算单元的下一个异或运算单元的标签值，直到确定出最后一个异或运算单元输出的掩码投票结果以及标签值，将最后一个异或运算单元输出的掩码投票结果作为该运算节点输出的掩码投票结果，以及将最后一个异或运算单元输出的标签值作为该运算节点输出的标签值。之后，将该运算节点输出的掩码投票结果作为输入该运算节点的下一个运算节点的掩码投票结果，以及将该运算节点输出的标签值作为输入该运算节点的下一个运算节点的标签值，直到确定出最后一个运算节点输出的掩码投票结果以及标签值，将最后一个运算节点输出的掩码投票结果作为计票树输出的掩码统计结果。In the present disclosure, an operation node may include an XOR operation unit, and an operation node may include one or more XOR operation units. Therefore, when each operation node includes several XOR operation units, in the above step S102, the counting party may determine the masked voting result and label value input to the XOR operation unit for each operation node in the counting tree and for each XOR operation unit in the operation node in turn according to each masked voting result and each initial label value, perform XOR operation on the determined masked voting result, and determine the masked voting result output by the XOR operation unit as the first result. And perform XOR operation on the determined label value, and determine the label value output by the XOR operation unit as the intermediate label value. Afterwards, the masked voting result output by the XOR operation unit is used as the masked voting result of the next XOR operation unit input to the XOR operation unit, and the label value output by the XOR operation unit is used as the label value of the next XOR operation unit input to the XOR operation unit, until the masked voting result and label value output by the last XOR operation unit are determined, and the masked voting result output by the last XOR operation unit is used as the masked voting result output by the operation node, and the label value output by the last XOR operation unit is used as the label value output by the operation node. Afterwards, the masked voting result output by the operation node is used as the masked voting result of the next operation node input to the operation node, and the label value output by the operation node is used as the label value of the next operation node input to the operation node, until the masked voting result and label value output by the last operation node are determined, and the masked voting result output by the last operation node is used as the masked statistical result output by the counting tree.

其中，若该异或运算单元为该运算节点中的第一个运算单元时，输入该异或运算单元的掩码投票结果以及标签值为输入该运算节点的掩码投票结果以及标签值。若该异或运算单元不为该运算节点中的第一个运算单元时，输入该异或运算单元的掩码投票结果以及标签值为该异或运算单元的上一个异或运算单元输出的掩码投票结果以及标签值。Wherein, if the XOR operation unit is the first operation unit in the operation node, the mask voting result and label value input to the XOR operation unit are the mask voting result and label value input to the operation node. If the XOR operation unit is not the first operation unit in the operation node, the mask voting result and label value input to the XOR operation unit are the mask voting result and label value output by the previous XOR operation unit of the XOR operation unit.

在本公开中，运算节点中可以包含与运算单元，一个运算节点中可以包括一个或者多个与运算单元，故当各运算节点分别包括若干与运算单元时，在上述步骤102中，计票方可以根据各掩码投票结果以及各初始标签值，针对计票树中的每一个运算节点，且依次针对该运算节点中的每一个与运算单元，确定输入该与运算单元的掩码投票结果，并根据确定出的掩码投票结果，确定该与运算单元对应的单元密文。之后，确定输入该与运算单元的标签值，并根据确定出的标签值以及单元密文，确定该与运算单元输出的掩码投票结果以及标签值，并将确定出的掩码投票结果，作为第一结果，以及将确定出的标签值作为中间标签值。再将该与运算单元输出的掩码投票结果作为输入该与运算单元的下一个与运算单元的掩码投票结果，以及将该与运算单元输出的标签值作为输入该与运算单元的下一个与运算单元的标签值，直到确定出最后一个与运算单元输出的掩码投票结果以及标签值，将最后一个与运算单元输出的掩码投票结果作为该运算节点输出的掩码投票结果，以及将最后一个与运算单元输出的标签值作为该运算节点输出的标签值。之后，将该运算节点输出的掩码投票结果作为输入该运算节点的下一个运算节点的掩码投票结果，以及将该运算节点输出的标签值作为输入该运算节点的下一个运算节点的标签值，直到确定出最后一个运算节点输出的掩码投票结果以及标签值，将最后一个运算节点输出的掩码投票结果作为计票树输出的掩码统计结果。In the present disclosure, an operation node may include an AND operation unit, and an operation node may include one or more AND operation units. Therefore, when each operation node includes several AND operation units, in the above step 102, the counting party may determine the masked voting result input to the AND operation unit for each operation node in the counting tree, and for each AND operation unit in the operation node in turn, based on each masked voting result and each initial label value, and determine the unit ciphertext corresponding to the AND operation unit based on the determined masked voting result. Afterwards, determine the label value input to the AND operation unit, and determine the masked voting result and label value output by the AND operation unit based on the determined label value and unit ciphertext, and use the determined masked voting result as the first result, and use the determined label value as the intermediate label value. Then, the masked voting result output by the AND operation unit is used as the masked voting result of the next AND operation unit input to the AND operation unit, and the label value output by the AND operation unit is used as the label value of the next AND operation unit input to the AND operation unit, until the masked voting result and label value output by the last AND operation unit are determined, and the masked voting result output by the last AND operation unit is used as the masked voting result output by the operation node, and the label value output by the last AND operation unit is used as the label value output by the operation node. After that, the masked voting result output by the operation node is used as the masked voting result of the next operation node input to the operation node, and the label value output by the operation node is used as the label value of the next operation node input to the operation node, until the masked voting result and label value output by the last operation node are determined, and the masked voting result output by the last operation node is used as the masked statistical result output by the counting tree.

其中，若该与运算单元为该运算节点中的第一个运算单元时，输入该与运算单元的掩码投票结果以及标签值为输入该运算节点的掩码投票结果以及标签值。若该与运算单元不为该运算节点中的第一个运算单元时，输入该与运算单元的掩码投票结果以及标签值为该与运算单元的上一个与运算单元输出的掩码投票结果以及标签值。If the AND operation unit is the first operation unit in the operation node, the mask voting result and label value of the AND operation unit are input as the mask voting result and label value of the operation node. If the AND operation unit is not the first operation unit in the operation node, the mask voting result of the AND operation unit is input as The AND label value is the mask voting result and label value output by the previous AND operation unit of the AND operation unit.

上述单元密文为各投票方基于计票树确定的，并发送给计票方。故在上述步骤S100中，计票方可以将预先构建的计票树发送给各投票方，之后，确定各投票方公布的掩码投票结果，以及接收各投票方发送的计票树中各与运算单元的单元密文以及掩码投票结果对应的初始标签值。其中，每一个投票方可以为计票树中的每一个与运算单元生成对应的单元密文，并且在生成单元密文时，需要确定输入与运算单元的掩码投票结果的比特值，该比特值可以为0，也可以为1。由于有两个掩码投票结果输入与运算单元，故输入该与运算单元的掩码投票结果的比特值有4种组合方式，分别是00、01、10以及11，每一种组合方式对应一个单元密文，故每一个与运算单元对应的单元密文可基于多种组合生成，且每一种组合对应的单元密文可以由每一个投票方生成，即与运算单元对应若干单元密文。The above-mentioned unit ciphertext is determined by each voting party based on the vote counting tree and sent to the vote counting party. Therefore, in the above-mentioned step S100, the vote counting party can send the pre-constructed vote counting tree to each voting party, and then determine the masked voting results announced by each voting party, and receive the unit ciphertext of each AND operation unit in the vote counting tree sent by each voting party and the initial label value corresponding to the masked voting result. Among them, each voting party can generate a corresponding unit ciphertext for each AND operation unit in the vote counting tree, and when generating the unit ciphertext, it is necessary to determine the bit value of the masked voting result input to the AND operation unit, and the bit value can be 0 or 1. Since there are two masked voting results input to the AND operation unit, there are 4 combinations of the bit values of the masked voting results input to the AND operation unit, which are 00, 01, 10 and 11, respectively. Each combination corresponds to a unit ciphertext, so each unit ciphertext corresponding to the AND operation unit can be generated based on multiple combinations, and the unit ciphertext corresponding to each combination can be generated by each voting party, that is, there are several unit ciphertexts corresponding to the operation unit.

基于此，在上述根据确定出的掩码投票结果，确定该与运算单元对应的单元密文时，计票方可以根据确定出的掩码投票结果，确定掩码投票结果对应的比特值的组合方式，并根据确定出的组合方式，从各投票方发送的该与运算单元的各单元密文中，确定该与运算单元对应的各单元密文，即该与运算单元对应若干单元密文。比如投票方D₁和D₂分别向计票方发送了与运算单元A的4个单元密文，4个单元密文分别为基于4种组合方式(即00、01、10以及11)确定的，故计票方一共可以接收到8个与运算单元A的单元密文。假设确定出的掩码投票结果对应的比特值分别为0和1，故比特值的组合方式为01，计票方可以从投票方D₁和D₂发送的与运算单元A的8个单元密文中，确定组合方式01对应的单元密文，故计票方可以确定出与与运算单元A对应的两个单元密文。Based on this, when determining the unit ciphertext corresponding to the operation unit according to the determined masked voting result, the counting party can determine the combination of the bit values corresponding to the masked voting result according to the determined masked voting result, and determine the unit ciphertexts corresponding to the operation unit from the unit ciphertexts of the operation unit sent by each voting party according to the determined combination, that is, the number of unit ciphertexts corresponding to the operation unit. For example, voting parties _D1 and _D2 respectively sent 4 unit ciphertexts of the operation unit A to the counting party, and the 4 unit ciphertexts were determined based on 4 combinations (i.e., 00, 01, 10, and 11), so the counting party can receive a total of 8 unit ciphertexts of the operation unit A. Assuming that the bit values corresponding to the determined masked voting results are 0 and 1 respectively, the bit value combination is 01. The vote counter can determine the unit ciphertext corresponding to the combination 01 from the 8 unit ciphertexts of operation unit A sent by voting parties _D1 and _D2 . Therefore, the vote counter can determine the two unit ciphertexts corresponding to operation unit A.

上述在根据确定出的标签值以及单元密文，确定该与运算单元输出的掩码投票结果以及标签值时，计票方可以针对每一个单元密文，根据确定出的标签值以及该单元密文，确定该单元密文对应的该与运算单元输出的掩码投票结果以及标签值。之后，将确定出的各掩码投票结果作为该与运算单元输出的掩码投票结果，以及将确定出的各标签值作为该与运算单元输出的标签值。When determining the masked voting result and the label value output by the AND operation unit according to the determined label value and the unit ciphertext, the counting party can determine the masked voting result and the label value output by the AND operation unit corresponding to each unit ciphertext according to the determined label value and the unit ciphertext. Afterwards, the determined masked voting results are used as the masked voting results output by the AND operation unit, and the determined label values are used as the label values output by the AND operation unit.

在本公开中，运算节点还可以包括若干与运算单元和若干异或运算单元，故在上述步骤S102中，计票方可以根据各掩码投票结果以及各初始标签值，针对计票树中的每一个运算节点，且依次针对该运算节点中的每一个运算单元，确定该运算单元的类型，当该运算单元为异或运算单元时，按照上述过程确定该异或运算单元输出的掩码投票结果以及标签值，并将确定出的掩码投票结果作为第一结果，以及将确定出的标签值作为中间标签值，在此就不再赘述。之后，将确定出的掩码投票结果以及标签值作为输入该异或运算单元的下一个运算单元的掩码投票结果以及标签值。当该运算单元为与运算单元时，按照上述过程确定该与运算单元输出的掩码投票结果以及标签值，并将确定出的掩码投票结果作为第一结果，以及将确定出的标签值作为中间标签值，在此就不再赘述。之后，将确定出的掩码投票结果以及标签值作为输入该与运算单元的下一个运算单元的掩码投票结果以及标签值，后续过程与上述确定掩码统计结果以及标签承诺值的过程类似，在此就不再赘述。In the present disclosure, the operation node may also include several AND operation units and several XOR operation units. Therefore, in the above step S102, the vote counting party may determine the type of the operation unit for each operation node in the vote counting tree, and for each operation unit in the operation node in turn, according to each masked voting result and each initial label value. When the operation unit is an XOR operation unit, the masked voting result and label value output by the XOR operation unit are determined according to the above process, and the determined masked voting result is used as the first result, and the determined label value is used as the intermediate label value, which will not be repeated here. Afterwards, the determined masked voting result and label value are used as the masked voting result and label value of the next operation unit input to the XOR operation unit. When the operation unit is an AND operation unit, the masked voting result and label value output by the AND operation unit are determined according to the above process, and the determined masked voting result is used as the first result, and the determined label value is used as the intermediate label value, which will not be repeated here. Afterwards, the determined mask voting result and label value are used as the mask voting result and label value of the next operation unit input to the operation unit. The subsequent process is similar to the above process of determining the mask statistical result and label commitment value, which will not be repeated here.

另外，由于异或运算单元输出的掩码投票结果可以由输入该异或运算单元的掩码投票结果进行异或运算得到，并且各投票方的掩码投票结果是公布的，也就是任意方都可以获知各投票方的掩码投票结果，故在公开验证掩码统计结果时，计票方可以仅将确定出的各与运算单元输出的掩码投票结果作为第一结果，以及将各与运算单元输出的标签值作为中间标签值。之后，基于同态承诺函数以及各中间标签值，生成标签承诺值，并将标签承诺值以及各第一结果进行公布。In addition, since the masked voting results output by the XOR operation unit can be obtained by XORing the masked voting results input to the XOR operation unit, and the masked voting results of each voting party are published, that is, any party can know the masked voting results of each voting party, so when publicly verifying the masked statistical results, the counting party can only use the determined masked voting results output by each AND operation unit as the first result, and use the label value output by each AND operation unit as the intermediate label value. Afterwards, based on the homomorphic commitment function and each intermediate label value, a label commitment value is generated, and the label commitment value and each first result are published.

S106：在所述掩码统计结果验证通过时，确定所述各投票方公布的与所述掩码统计结果对应的掩码比特份额。 S106: When the mask statistical result is verified, determine the mask bit shares corresponding to the mask statistical result published by each voting party.

S108：根据各掩码比特份额对所述掩码统计结果进行解密，确定并公布最终投票结果。S108: Decrypt the masked statistical results according to the bit shares of each mask, and determine and publish the final voting results.

在掩码统计结果验证通过时，计票方确定各投票方公布的与掩码统计结果对应的掩码比特份额。根据各掩码比特份额对掩码统计结果进行解密，确定最终投票结果，并将最终投票结果进行公布。其中，每一个投票方均会向计票方发送掩码统计结果对应的掩码比特份额，该掩码比特份额用于对计票树最终输出的掩码统计结果进行解密。When the masked statistical result is verified, the counting party determines the masked bit share corresponding to the masked statistical result published by each voting party. The masked statistical result is decrypted according to each masked bit share, the final voting result is determined, and the final voting result is announced. Among them, each voting party will send the masked bit share corresponding to the masked statistical result to the counting party, and the masked bit share is used to decrypt the masked statistical result finally output by the counting tree.

具体的，各投票方根据上述步骤S104中计票方公布的标签承诺值以及各第一结果，对掩码统计结果进行公开验证。在掩码统计结果验证通过时，各投票方会公布与掩码统计结果对应的掩码比特份额。计票方可以确定各投票方公布的掩码比特份额，并根据各掩码比特份额对掩码统计结果进行解密，确定最终投票结果，并将最终投票结果进行公布。其中，每一个掩码比特份额均为投票方为计票树输出的掩码统计结果生成的密钥，计票方可以根据各掩码比特份额，对计票树输出的掩码统计结果进行解密。Specifically, each voting party publicly verifies the masked statistical results based on the label commitment value and each first result announced by the counting party in the above step S104. When the masked statistical results are verified, each voting party will announce the masked bit share corresponding to the masked statistical results. The counting party can determine the masked bit shares announced by each voting party, and decrypt the masked statistical results according to each masked bit share, determine the final voting results, and announce the final voting results. Among them, each masked bit share is a key generated by the voting party for the masked statistical results output by the counting tree, and the counting party can decrypt the masked statistical results output by the counting tree according to each masked bit share.

另外，为了保证各投票方公布的掩码比特份额的准确性，投票方可以基于同态承诺函数，确定掩码比特份额对应的掩码承诺值，并公布。计票方确定各投票方公布的与掩码比特份额对应的掩码承诺值，并根据各掩码承诺值，对各掩码比特份额进行公开验证。在各掩码比特份额验证通过时，根据各掩码比特份额对掩码统计结果进行解密，确定最终投票结果，并将最终投票结果公布。In addition, in order to ensure the accuracy of the masked bit shares announced by each voting party, the voting party can determine the masked commitment value corresponding to the masked bit share based on the homomorphic commitment function and announce it. The counting party determines the masked commitment value corresponding to the masked bit share announced by each voting party, and publicly verifies each masked bit share based on each masked commitment value. When each masked bit share is verified, the masked statistical results are decrypted based on each masked bit share, the final voting result is determined, and the final voting result is announced.

其中，每一个投票方公布的掩码承诺值包括原始承诺值以及其他承诺值，故在确定各投票方公布的与掩码比特份额对应的掩码承诺值时，计票方可以针对每一个投票方，确定该投票方公布的掩码比特份额对应的原始承诺值以及其他承诺值，其中，原始承诺值为该投票方基于该投票方对应的掩码比特份额确定的承诺值，其他承诺值为该投票方基于其他投票方公布的掩码比特份额确定的承诺值。其他投票方为除该投票方之外的投票方。The masked commitment value announced by each voting party includes the original commitment value and other commitment values. Therefore, when determining the masked commitment value corresponding to the masked bit share announced by each voting party, the vote counting party can determine the original commitment value and other commitment values corresponding to the masked bit share announced by the voting party for each voting party, wherein the original commitment value is the commitment value determined by the voting party based on the masked bit share corresponding to the voting party, and the other commitment values are the commitment values determined by the voting party based on the masked bit shares announced by other voting parties. Other voting parties are voting parties other than the voting party.

基于此，在根据各掩码承诺值，对各掩码比特份额进行公开验证时，计票方可以确定各原始承诺值的和为第一值，以及确定各其他承诺值的和为第二值。当第一值与第二值一致时，确定各掩码比特份额验证通过。当第一值与第二值不一致时，确定各掩码比特份额验证不通过，计票方公布验证不通过的消息。Based on this, when publicly verifying each mask bit share according to each mask commitment value, the vote counting party can determine the sum of each original commitment value as the first value, and determine the sum of each other commitment value as the second value. When the first value is consistent with the second value, it is determined that each mask bit share has passed the verification. When the first value is inconsistent with the second value, it is determined that each mask bit share has failed the verification, and the vote counting party announces the message of the verification failure.

在上述根据各掩码比特份额对掩码统计结果进行解密，确定最终投票结果时，可以采用下述公式(1)进行计算：
When the masked statistical results are decrypted according to the bit shares of each mask and the final voting result is determined, the following formula (1) can be used for calculation:

其中，z_w表示最终投票结果，z′_w表示掩码统计结果，表示异或运算，表示投票方D_i发送的各掩码比特份额，n表示投票方的数量。Among them, z _w represents the final voting result, z′ _w represents the mask statistical result, represents the exclusive OR operation, represents the share of each mask bit sent by voting party _Di , and n represents the number of voting parties.

从上述方法中可以看出，本公开在进行电子投票时，计票方可以确定各投票方公布的掩码投票结果，以及接收各投票方发送的掩码投票结果对应的初始标签值。掩码投票结果为投票方根据掩码比特份额对投票结果进行处理后的结果，使得可以保护各投票方的投票结果中包含的隐私。之后，根据各掩码投票结果以及各初始标签值，基于预先构建的计票树，对各掩码投票结果进行统计，确定计票树输出的掩码统计结果，以及确定计票树包括的多个运算节点中的各运算节点输出的第一结果以及中间标签值。再基于同态承诺函数以及各中间标签值，生成标签承诺值，并公布标签承诺值以及各第一结果，使各投票方根据计票方公布的标签承诺值以及各第一结果，公开验证掩码统计结果，以此来保证计票方统计投票结果的过程的准确性，也就是保证计票方确定出的掩码统计结果的准确性。并且计票方只知道掩码统计结果，不知道每一个投票方具体的投票结果，保护了投票方的隐私。另外，还加快了投票结果的计算速度，降低了时间成本。同时，在公开验证掩码统计结果时，除了各投票方之外，第三方也可以验证，更好地保证掩码统计结果的准确性。之后，在掩码统计结果验证通过时，确定各投票方公布的与掩码统计结果对应的掩码比特份额，并根据各掩码比特份额对掩码统计结果进行解密，确定并公布最终投票结果，使得计票方在掩码统计结果验证通过时采用各掩码比特份额对掩码统计结果进行解密，保证最终投票结果的准确性。It can be seen from the above method that when the present disclosure conducts electronic voting, the counting party can determine the masked voting results announced by each voting party, and receive the initial label value corresponding to the masked voting results sent by each voting party. The masked voting result is the result after the voting party processes the voting result according to the masked bit share, so that the privacy contained in the voting results of each voting party can be protected. Afterwards, according to each masked voting result and each initial label value, based on the pre-constructed counting tree, each masked voting result is counted, the masked statistical result output by the counting tree is determined, and the first result and the intermediate label value output by each computing node in the multiple computing nodes included in the counting tree are determined. Then, based on the homomorphic commitment function and each intermediate label value, a label commitment value is generated, and the label commitment value and each first result are announced, so that each voting party publicly verifies the masked statistical result according to the label commitment value and each first result announced by the counting party, so as to ensure the accuracy of the process of counting the voting results by the counting party, that is, to ensure the accuracy of the masked statistical result determined by the counting party. The vote counter only knows the masked statistical results, but not the specific voting results of each voter, which protects the privacy of the voter. In addition, it speeds up the calculation of voting results and reduces time costs. At the same time, when publicly verifying the masked statistical results, in addition to the voter, a third party can also Verification is performed to better ensure the accuracy of the masked statistical results. Afterwards, when the masked statistical results are verified, the masked bit shares corresponding to the masked statistical results published by each voting party are determined, and the masked statistical results are decrypted according to each masked bit share, and the final voting results are determined and announced, so that the counting party uses each masked bit share to decrypt the masked statistical results when the masked statistical results are verified, thereby ensuring the accuracy of the final voting results.

进一步地，为了保证各投票方公布的掩码比特份额的准确性，计票方还可以根据各投票方公布的与掩码比特份额对应的掩码承诺值，验证各掩码比特份额，并在各掩码比特份额验证通过时，采用各掩码比特份额对掩码统计结果进行解密，确定并公布最终投票结果。避免各投票方公布有误的掩码比特份额，保证确定出的最终投票结果的准确性。Furthermore, in order to ensure the accuracy of the mask bit shares announced by each voting party, the counting party can also verify each mask bit share according to the mask commitment value corresponding to the mask bit share announced by each voting party, and when each mask bit share is verified, use each mask bit share to decrypt the mask statistical result, determine and announce the final voting result. This prevents each voting party from announcing an incorrect mask bit share and ensures the accuracy of the final voting result.

在本公开中，除了通过验证标签值是否准确，确定掩码统计结果是否准确之外，还可以进一步地通过验证运算节点或者运算单元输出的掩码投票结果，确定掩码统计结果是否准确。故在上述步骤S104公布所述标签承诺以及各第一结果时，计票方还可以针对每一个与运算单元，确定输入该与运算单元的掩码投票结果，以及基于安全多方计算预处理函数，确定输入该与运算单元的可验证掩码比特份额和该与运算单元输出的可验证掩码比特份额。根据确定出的输入和输出的可验证掩码比特份额、以及掩码投票结果，确定该与运算单元的可验证检验比特。根据可验证检验比特，确定该与运算单元的消息验证码，并基于同态承诺函数，确定消息验证码的验证码承诺值。之后，确定各验证码承诺值的和为验证码聚合承诺值，并公布验证码聚合承诺值、各第一结果以及标签承诺值。其中，可验证掩码比特份额包括掩码比特份额、掩码比特份额对应的消息验证码以及其他投票方的掩码比特份额对应的消息验证码的密钥，其他投票方为除投票方自身之外的投票方。验证码聚合承诺值用于各投票方公开验证运算节点或者运算单元输出的掩码投票结果的准确性。In the present disclosure, in addition to verifying whether the label value is accurate and determining whether the mask statistics are accurate, it is also possible to further verify the mask voting results output by the operation node or the operation unit to determine whether the mask statistics are accurate. Therefore, when the label commitment and each first result are announced in the above step S104, the vote counting party can also determine the mask voting results input to the AND operation unit for each AND operation unit, and determine the verifiable mask bit share input to the AND operation unit and the verifiable mask bit share output by the AND operation unit based on the secure multi-party computing preprocessing function. According to the determined verifiable mask bit shares of the input and output, and the mask voting results, the verifiable check bits of the AND operation unit are determined. According to the verifiable check bits, the message verification code of the AND operation unit is determined, and the verification code commitment value of the message verification code is determined based on the homomorphic commitment function. Afterwards, the sum of the verification code commitment values is determined as the verification code aggregate commitment value, and the verification code aggregate commitment value, each first result and the label commitment value are announced. The verifiable masked bit shares include the masked bit shares, the message authentication codes corresponding to the masked bit shares, and the keys of the message authentication codes corresponding to the masked bit shares of other voting parties, where the other voting parties are voting parties other than the voting party itself. The verification code aggregate commitment value is used by each voting party to publicly verify the accuracy of the masked voting results output by the computing node or computing unit.

上述根据确定出的输入和输出的可验证掩码比特份额、以及掩码投票结果，确定该与运算单元的可验证检验比特时，可以采用下述公式(2)～(3)进行计算：

When determining the verifiable check bit of the AND operation unit based on the determined verifiable mask bit shares of the input and output and the mask voting result, the following formulas (2) to (3) can be used for calculation:

其中，以及表示计票方T基于安全多方计算预处理函数确定的该与运算单元对应的三元组中的三个参数，该三个参数可以为0，也可以为任意的三个数值。d_γ以及e_γ可以为任意预先设置的数值，也可以直接为0。表示计票方T确定出的该与运算单元的可验证检验比特，z′_α以及z′_β表示输入该与运算单元的两个掩码投票结果，以及表示计票方T确定出的输入该与运算单元的两个可验证掩码比特份额，表示计票方T确定出的该与运算单元输出的可验证掩码比特份额。in, as well as The three parameters in the triple corresponding to the operation unit determined by the vote counting party T based on the secure multi-party computation preprocessing function can be 0 or any three values. _{d γ} and e _γ can be any pre-set values or directly 0. represents the verifiable check bit of the AND operation unit determined by the vote counting party T, z′ _α and z′ _β represent the two masked voting results input into the AND operation unit, as well as represents the two verifiable mask bit shares of the input to the AND operation unit determined by the vote counter T, It represents the share of verifiable mask bits output by the AND operation unit determined by the vote counter T.

由于可验证检验比特是通过上述计算得到的，故该可验证检验比特中包括检验比特对应的消息验证码，计票方可以直接从该与运算单元对应的可验证检验比特中，确定该与运算单元的消息验证码，即检验比特对应的消息验证码。后续基于同态承诺函数，确定消息验证码的验证码承诺值。之后，确定各验证码承诺值的和为验证码聚合承诺值，该验证码聚合承诺值可以表示为其中，表示计票方T确定出的与运算单元w的消息验证码，W表示与运算单元集合，Com(x)表示同态承诺函数。Since the verifiable check bit is obtained through the above calculation, the verifiable check bit includes the message verification code corresponding to the check bit. The vote counter can directly determine the message verification code of the AND operation unit from the verifiable check bit corresponding to the AND operation unit, that is, the message verification code corresponding to the check bit. Subsequently, the verification code commitment value of the message verification code is determined based on the homomorphic commitment function. After that, the sum of the verification code commitment values is determined to be the verification code aggregate commitment value, which can be expressed as in, represents the message verification code of the operation unit w determined by the vote counter T, W represents the set of operation units, and Com(x) represents the homomorphic commitment function.

在上述步骤S102根据确定出的标签值以及单元密文，确定该与运算单元输出的掩码投票结果以及标签值时，计票方可以针对每一个单元密文，根据确定出的标签值以及该单元密文，确定该与运算单元输出的待验证掩码投票结果、该与运算单元输出的标签值以及该与运算单元输出的消息验证码(即该与运算单元输出的待验证掩码投票结果对应的消息验证码)。再确定基于安全多方计算预处理函数生成的该与运算单元输出的消息验证码的密钥，并根据密钥以及该与运算单元输出的待验证掩码投票结果，进行计算，确定第一计算结果。之后，判断各第一计算结果与各待验证掩码投票结果对应的消息验证码(即各与运算单元输出的消息验证码)是否一致。若是，将各待验证掩码投票结果作为该与运算单元输出的掩码投票结果。若否，确定验证不通过的待验证掩码投票结果对应的投票方，并向确定出的投票方发送验证不通过的消息。When determining the masked voting result and the label value output by the AND operation unit according to the determined label value and the unit ciphertext in the above step S102, the counting party can determine the masked voting result to be verified output by the AND operation unit, the label value output by the AND operation unit, and the message verification code (i.e., the masked voting result to be verified output by the AND operation unit) output by the AND operation unit according to the determined label value and the unit ciphertext for each unit ciphertext. The message verification code corresponding to the result is determined. Then the key of the message verification code output by the AND operation unit generated based on the secure multi-party computation preprocessing function is determined, and the calculation is performed according to the key and the masked voting result to be verified output by the AND operation unit to determine the first calculation result. Afterwards, it is determined whether each first calculation result is consistent with the message verification code corresponding to each masked voting result to be verified (that is, the message verification code output by each AND operation unit). If so, each masked voting result to be verified is used as the masked voting result output by the AND operation unit. If not, the voting party corresponding to the masked voting result to be verified that failed the verification is determined, and a verification failure message is sent to the determined voting party.

上述在根据确定出的标签值以及该单元密文，确定该与运算单元输出的待验证掩码投票结果、该与运算单元输出的标签值以及该与运算单元输出的消息验证码时，可以采用下述公式(4)进行计算：
When determining the mask voting result to be verified output by the AND operation unit, the label value output by the AND operation unit, and the message verification code output by the AND operation unit according to the determined label value and the unit ciphertext, the following formula (4) can be used for calculation:

其中，表示投票方D_i发送给计票方的该与运算单元对应的单元密文，t＝z′_α，z′_α表示输入该与运算单元的掩码投票结果，s＝z′_β，z′_β表示输入该与运算单元的掩码投票结果，表示输入该与运算单元的标签值，表示输入该与运算单元的标签值，表示该与运算单元输出的待验证掩码投票结果，表示待验证掩码投票结果对应的消息验证码，也就是该与运算单元输出的消息验证码，表示该与运算单元输出的中间标签值，表示投票方D_i确定出的其他投票方D_j的待验证掩码投票结果的消息验证码，该消息验证码为计票方根据确定出的标签值以及该单元密文确定出的，表示投票方D_i存储的其他投票方D_j确定出的该与运算单元输出的待验证掩码投票结果的消息验证码的密钥，表示其他投票方D_j确定出的该与运算单元输出的待验证掩码投票结果，Δ_i表示投票方D_i的全局密钥，表示该与运算单元输出的标签值。H(x)表示哈希函数，γ表示该与运算单元的输出，s,t分别表示该与运算单元的两个输入。in, represents the unit ciphertext corresponding to the AND operation unit sent by the voting party _Di to the counting party, t＝z′ _α , z′ _α represents the masked voting result input into the AND operation unit, s＝z′ _β , z′ _β represents the masked voting result input into the AND operation unit, Indicates the label value input to the AND operation unit. Indicates the label value input to the AND operation unit. Indicates the mask voting result to be verified output by the AND operation unit, Indicates the masked voting result to be verified The corresponding message verification code, that is, the message verification code output by the AND operation unit, Indicates the intermediate label value output by the AND operation unit. The message verification code representing the masked voting results to be verified of other voting parties _Dj determined by the voting party _Di is determined by the counting party based on the determined label value and the unit ciphertext. represents the key of the message authentication code of the masked voting result to be verified output by the AND operation unit and determined by other voting parties _Dj and stored by voting party D _i , represents the masked voting result to be verified output by the AND operation unit determined by other voting parties _Dj , _Δi represents the global key of voting party _Dj , Represents the label value output by the AND operation unit. H(x) represents the hash function, γ represents the output of the AND operation unit, and s and t represent the two inputs of the AND operation unit respectively.

在本公开中，其他投票方可以根据投票方公布的掩码投票结果，确定该掩码投票结果的初始标签值，并发送给计票方。该初始标签值为其他投票方基于掩码投票结果随机生成的K比特的比特串。故各投票方公布的每一个掩码投票结果均对应多个投票方生成的初始标签值。因此，在上述步骤S100中计票方可以接收到各投票方发送的各掩码投票结果对应的各初始标签值。In the present disclosure, other voting parties can determine the initial label value of the masked voting result based on the masked voting result announced by the voting party, and send it to the counting party. The initial label value is a K-bit bit string randomly generated by other voting parties based on the masked voting result. Therefore, each masked voting result announced by each voting party corresponds to an initial label value generated by multiple voting parties. Therefore, in the above step S100, the counting party can receive each initial label value corresponding to each masked voting result sent by each voting party.

基于此，在上述步骤S102中，计票方可以根据各掩码投票结果以及各掩码投票结果分别对应的各初始标签值，基于预先构建的计票树，对各掩码投票结果进行统计，确定计票树输出的掩码统计结果。具体的过程与上述每一个掩码投票结果均对应一个初始标签值的过程类似，只是每一个掩码投票结果均对应多个初始标签值而已，并且每一个异或运算单元和每一个与运算单元输出的标签值为包含多个标签值的集合，具体过程在此就不再赘述。Based on this, in the above step S102, the counting party can count each masked voting result based on the pre-constructed counting tree according to each masked voting result and each initial label value corresponding to each masked voting result, and determine the masked statistical result output by the counting tree. The specific process is similar to the above process in which each masked voting result corresponds to an initial label value, except that each masked voting result corresponds to multiple initial label values, and the label value output by each XOR operation unit and each AND operation unit is a set containing multiple label values. The specific process will not be repeated here.

在本公开中，计票方在公布标签承诺值以及各第一结果时，可以将标签承诺值以及各第一结果发送到公告板上，以使各投票方以及第三方获知标签承诺值以及各第一结果。当然，计票方在公布其他内容时，比如验证码聚合承诺值，也可以将需要公布的内容发送到公告板上，本公开不做具体限定。In the present disclosure, when the vote counting party announces the label commitment value and each first result, it can send the label commitment value and each first result to the bulletin board, so that each voting party and a third party can know the label commitment value and each first result. Of course, when the vote counting party announces other content, such as the verification code aggregation commitment value, it can also send the content to be announced to the bulletin board, and the present disclosure does not make specific limitations.

本公开还提供了一种电子投票的方法，所述方法应用于投票方，图3为本公开实施例提供的另一种电子投票的方法的流程示意图，该方法包括以下步骤S200～S210。The present disclosure further provides an electronic voting method, which is applied to a voter. FIG3 is a flow chart of another electronic voting method provided by an embodiment of the present disclosure, and the method includes the following steps S200 to S210.

S200：根据投票选项，确定投票结果，并根据计票方预先构建的计票树的拓扑结构，采用安全多方计算预处理函数，生成掩码比特份额。S200: Determine the voting result according to the voting options, and generate the mask bit share by using the secure multi-party computing preprocessing function according to the topological structure of the counting tree pre-constructed by the counting party.

S202：根据所述掩码比特份额，对所述投票结果进行处理，确定掩码投票结果，并公布，以及生成所述掩码投票结果对应的初始标签值，将所述初始标签值发送给所述计票方，使所述计票方根据各投票方公布的掩码投票结果以及接收到的初始标签值，基于所述计票树，对各掩码投票结果进行统计，确定所述计票树输出的掩码统计结果，以及确定所述计票树中包括的多个运算节点中的各运算节点输出的第一结果以及中间标签值，并基于同态承诺函数以及各中间标签值，生成标签承诺值，并公布所述标签承诺值以及各第一结果。S202: Process the voting result according to the mask bit share, determine the mask voting result, publish it, generate an initial label value corresponding to the mask voting result, and send the initial label value to the The vote counting party makes the vote counting party count the masked voting results announced by each voting party and the received initial label value based on the vote counting tree, determine the masked statistical results output by the vote counting tree, and determine the first result and intermediate label value output by each operation node among the multiple operation nodes included in the vote counting tree, generate a label commitment value based on the homomorphic commitment function and the intermediate label values, and publish the label commitment value and each first result.

为了保护投票结果中包含的隐私，投票方可以先根据投票选项，确定投票结果，并根据计票方预先构建的计票树的拓扑结构，采用安全多方计算预处理函数，生成掩码比特份额。再根据掩码比特份额，对投票结果进行处理，确定掩码投票结果，并公布，以及生成掩码投票结果对应的初始标签值，将初始标签值发送给计票方。其中，计票树为计票方根据各投票方的数量构建的。投票结果为投票方根据投票选项确定的，投票场景不同，投票选项不同，投票结果也就不同，当然，投票方也不同，具体的不同投票场景下投票方以及投票结果可以为何种数据如上述步骤S100中所述，在此就不再赘述。安全多方计算预处理函数为已有的安全多方计算库中的函数，上述生成掩码投票结果对应的初始标签值可以为投票方基于掩码投票结果随机生成标签值。In order to protect the privacy contained in the voting results, the voting party can first determine the voting results according to the voting options, and use the secure multi-party computing pre-processing function to generate the mask bit share according to the topological structure of the counting tree pre-constructed by the counting party. Then process the voting results according to the mask bit share, determine the masked voting results, and announce them, and generate the initial label value corresponding to the masked voting results, and send the initial label value to the counting party. Among them, the counting tree is constructed by the counting party according to the number of each voting party. The voting results are determined by the voting party according to the voting options. Different voting scenarios and different voting options will result in different voting results. Of course, the voting parties are also different. The specific voting parties and voting results in different voting scenarios can be what kind of data as described in the above step S100, which will not be repeated here. The secure multi-party computing pre-processing function is a function in the existing secure multi-party computing library. The initial label value corresponding to the masked voting result can be a label value randomly generated by the voting party based on the masked voting result.

具体的，投票方可以根据投票选项，确定投票结果，并根据计票方公布的计票树的拓扑结构，采用安全多方计算预处理函数，生成掩码比特份额，再根据掩码比特份额，对投票结果进行处理，确定掩码投票结果，并生成掩码投票结果对应的初始标签值。公布掩码投票结果，并将初始标签值发送给计票方。使计票方根据各投票方公布的掩码投票结果以及接收到的初始标签值，基于计票树，对各掩码投票结果进行统计，确定计票树输出的掩码统计结果，以及确定计票树包括的多个运算节点中的各运算节点输出的第一结果以及中间标签值，并基于同态承诺函数以及各中间标签值，生成标签承诺值，并公布标签承诺值以及各第一结果。Specifically, the voting party can determine the voting result according to the voting options, and use the secure multi-party computing preprocessing function to generate a mask bit share according to the topological structure of the counting tree published by the counting party, and then process the voting result according to the mask bit share to determine the masked voting result and generate an initial label value corresponding to the masked voting result. The masked voting result is published, and the initial label value is sent to the counting party. The counting party is enabled to count the masked voting results based on the counting tree according to the masked voting results published by each voting party and the received initial label value, determine the masked statistical results output by the counting tree, and determine the first result and intermediate label value output by each computing node in the multiple computing nodes included in the counting tree, and generate a label commitment value based on the homomorphic commitment function and each intermediate label value, and publish the label commitment value and each first result.

在本公开中，运算节点中可以包括与运算单元，一个运算节点中可以包括一个或者多个与运算单元，故当各运算节点分别包括若干与运算单元时，在将初始标签值发送给计票方时，投票方除了将掩码投票结果对应的初始标签值发送给计票方之外，还需要将计票树中的与运算单元对应的单元密文发送给计票方。因此，投票方可以针对计票树中的每一个运算节点，且依次针对该运算节点中的每一个与运算单元，确定输入该与运算单元的可验证掩码比特份额以及标签值，采用安全多方计算预处理函数，确定该与运算单元的三元组、该与运算单元输出的可验证掩码比特份额以及该与运算单元输出的标签值。然后，根据三元组、输入该与运算单元的可验证掩码比特份额、输入该与运算单元的标签值、该与运算单元输出的可验证掩码比特份额以及该与运算单元输出的标签值，确定该与运算单元对应的单元密文。然后，将计票树中各与运算单元对应的单元密文以及掩码投票结果对应的初始标签值发送给计票方。In the present disclosure, an operation node may include an AND operation unit, and an operation node may include one or more AND operation units. Therefore, when each operation node includes several AND operation units, when sending the initial label value to the vote counting party, the voting party needs to send the unit ciphertext corresponding to the AND operation unit in the vote counting tree to the vote counting party in addition to sending the initial label value corresponding to the masked voting result to the vote counting party. Therefore, the voting party can determine the verifiable mask bit share and label value input to the AND operation unit for each operation node in the vote counting tree, and for each AND operation unit in the operation node in turn, and use a secure multi-party computing preprocessing function to determine the triple of the AND operation unit, the verifiable mask bit share output by the AND operation unit, and the label value output by the AND operation unit. Then, according to the triple, the verifiable mask bit share input to the AND operation unit, the label value input to the AND operation unit, the verifiable mask bit share output by the AND operation unit, and the label value output by the AND operation unit, determine the unit ciphertext corresponding to the AND operation unit. Then, the unit ciphertext corresponding to each operation unit in the counting tree and the initial label value corresponding to the masked voting result are sent to the counting party.

其中，若该运算节点为计票树中叶子节点的上游运算节点时，则输入该运算节点的可验证掩码比特份额为投票方采用安全多方计算预处理函数生成的，输入该运算节点的标签值为投票方随机生成的K比特的比特串或者随机生成的K比特的比特串与全局密钥进行异或运算后的结果，也就是初始标签值。若该运算节点不为计票树中叶子节点的上游运算节点时，则输入该运算节点的可验证掩码比特份额以及标签值为该运算节点的上一个运算节点输出的可验证掩码比特份额以及标签值。Among them, if the operation node is the upstream operation node of the leaf node in the vote counting tree, the verifiable mask bit share input to the operation node is generated by the voting party using the secure multi-party computing preprocessing function, and the label value input to the operation node is the K-bit bit string randomly generated by the voting party or the result of the XOR operation of the randomly generated K-bit bit string and the global key, that is, the initial label value. If the operation node is not the upstream operation node of the leaf node in the vote counting tree, the verifiable mask bit share and label value input to the operation node are the verifiable mask bit share and label value output by the previous operation node of the operation node.

若该与运算单元为该运算节点中的第一个运算单元时，输入该与运算单元的可验证掩码比特份额以及标签值为输入该运算节点的可验证掩码比特份额以及标签值。若该与运算单元不为该运算节点中的第一个运算单元时，输入该与运算单元的可验证掩码比特份额以及标签值为该与运算单元的上一个运算单元输出的可验证掩码比特份额以及标签值。If the AND operation unit is the first operation unit in the operation node, the verifiable mask bit share and label value input to the AND operation unit are the verifiable mask bit share and label value input to the operation node. If the AND operation unit is not the first operation unit in the operation node, the verifiable mask bit share and label value input to the AND operation unit are the verifiable mask bit share and label value output by the previous operation unit of the AND operation unit.

另外，当该与运算单元的上一个运算单元为与运算单元时，采用安全多方计算预处理函数，确定该与运算单元的上一个运算单元输出的可验证掩码比特份额，并作为输入该与运算单元的可验证掩码比特份额，以及确定该与运算单元的上一个运算单元输出的标签值，并作为输入该与运算单元的标签值。当然，本公开中，运算节点中还可以包括若干异或运算单元，故当该与运算单元的上一个运算单元为异或运算单元时，确定输入该与运算单元的上一个运算单元(即异或运算单元)的可验证掩码比特份额以及标签值，将确定出的可验证掩码比特份额进行异或运算，并将运算后的结果作为异或运算单元输出的可验证掩码比特份额，以及将确定出的标签值进行异或运算，并将运算后的结果作为异或运算单元输出的标签值。将上述异或运算单元输出的可验证掩码比特份额以及标签值作为输入该与运算单元的可验证掩码比特份额以及标签值。In addition, when the previous operation unit of the AND operation unit is an AND operation unit, a secure multi-party computing preprocessing function is used to determine the verifiable mask bit share output by the previous operation unit of the AND operation unit and use it as Input the verifiable mask bit share of the AND operation unit, and determine the label value output by the previous operation unit of the AND operation unit, and use it as the label value input to the AND operation unit. Of course, in the present disclosure, the operation node may also include a plurality of XOR operation units, so when the previous operation unit of the AND operation unit is an XOR operation unit, determine the verifiable mask bit share and label value of the previous operation unit (i.e., the XOR operation unit) input to the AND operation unit, perform XOR operation on the determined verifiable mask bit share, and use the result after the operation as the verifiable mask bit share output by the XOR operation unit, and perform XOR operation on the determined label value, and use the result after the operation as the label value output by the XOR operation unit. Use the verifiable mask bit share and label value output by the above-mentioned XOR operation unit as the verifiable mask bit share and label value input to the AND operation unit.

上述在根据三元组、输入该与运算单元的可验证掩码比特份额、输入该与运算单元的标签值、该与运算单元输出的可验证掩码比特份额以及该与运算单元输出的标签值，确定该与运算单元对应的单元密文时，投票方可以根据三元组中的第一数值以及输入该与运算单元的第一可验证掩码比特份额，确定第一值，以及根据三元组中的第二数值以及输入该与运算单元的第二可验证掩码比特份额，确定第二值，具体可以采用下述公式(5)～(6)进行计算：

When determining the unit ciphertext corresponding to the AND operation unit according to the triple, the share of the verifiable mask bits input to the AND operation unit, the label value input to the AND operation unit, the share of the verifiable mask bits output by the AND operation unit, and the label value output by the AND operation unit, the voting party may determine the first value according to the first numerical value in the triple and the first share of the verifiable mask bits input to the AND operation unit, and determine the second value according to the second numerical value in the triple and the second share of the verifiable mask bits input to the AND operation unit. Specifically, the following formulas (5) to (6) may be used for calculation:

其中，三元组为采用安全多方计算预处理函数生成的三个参数，该三元组包含第一数值、第二数值以及第三数值，即投票方D_i确定出的该与运算单元的第一数值、第二数值以及第三数值分别为以及输入该与运算单元的可验证掩码比特份额包括第一可验证掩码比特份额以及第二可验证掩码比特份额，即投票方D_i确定出的输入该与运算单元的第一可验证掩码比特份额以及第二可验证掩码比特份额分别为以及当该与运算单元为该运算节点的第一运算单元，并且该运算节点为计票树中叶子节点的上游运算节点时，以及均可以为投票方基于安全多方计算函数生成的，也可以为0，本公开不做具体限定。表示投票方D_i确定出的第一值，表示投票方D_i确定出的第二值。Among them, the triplet is three parameters generated by the secure multi-party computing preprocessing function, and the triplet includes a first value, a second value, and a third value, that is, the first value, the second value, and the third value of the AND operation unit determined by the voting party _Di are respectively as well as The verifiable mask bit shares input to the AND operation unit include a first verifiable mask bit share and a second verifiable mask bit share, that is, the first verifiable mask bit share and the second verifiable mask bit share input to the AND operation unit determined by the voting party _Di are respectively as well as When the AND operation unit is the first operation unit of the operation node, and the operation node is the upstream operation node of the leaf node in the vote counting tree, as well as Both can be generated by the voting party based on a secure multi-party computing function, or can be 0, which is not specifically limited in this disclosure. represents the first value determined by the voting party _Di , Represents the second value determined by the voting party _Di.

上述以及在不为0时，可以采用下述公式(7)进行表示：
Above as well as When it is not 0, it can be expressed by the following formula (7):

其中，表示投票方D_i生成的输入该运算节点或者该与运算单元的可验证掩码比特份额，表示投票方D_i生成的掩码比特份额，表示对应的消息验证码，表示其他投票方D_j生成的输入该运算节点或者与运算单元的掩码比特份额对应的消息验证码对应的密钥。in, represents the share of verifiable mask bits generated by the voting party _Di and input into the operation node or the AND operation unit, represents the share of mask bits generated by voting party _Di , express The corresponding message verification code, Represents the key corresponding to the message authentication code generated by other voting parties _Dj and input into the operation node or corresponding to the mask bit share of the operation unit.

然后，将第一值以及第二值发送给其他投票方。该其他投票方为与投票方共同属于该运算节点的投票方，也就是该其他投票方为向该运算节点输入数据的投票方中除投票方(即上述投票方D_i，也就是作为执行主体的投票方)之外的投票方。接收其他投票方发送的第三值以及第四值，并将接收到的第三值以及第一值聚合，确定第一总值，以及将接收到的第四值以及第二值聚合，确定第二总值，具体可以采用下述公式(8)～(9)进行计算：

Then, the first value and the second value are sent to other voting parties. The other voting parties are voting parties that belong to the computing node together with the voting party, that is, the other voting parties are voting parties other than the voting party (that is, the above-mentioned voting party D _i , that is, the voting party as the execution subject) among the voting parties that input data to the computing node. The third value and the fourth value sent by other voting parties are received, and the received third value and the first value are aggregated to determine the first total value, and the received fourth value and the second value are aggregated to determine the second total value. Specifically, the following formulas (8) to (9) can be used for calculation:

其中，d_γ表示投票方D_i确定出的第一总值，n表示投票方的数量，表示投票方D_i确定出的第一值，表示投票方D_n确定出的第三值，并将第三值发送给投票方D_i，第一值与第三值的确定过程类似，只是由不同投票方在本地确定出的。e_γ表示投票方 D_i确定出的第二总值，表示投票方D_i确定出的第二值。表示投票方D_n确定出的第四值，并将第三值发送给投票方D_i，第二值与第四值的确定过程类似，只是由不同投票方在本地确定出的。Wherein, d _γ represents the first total value determined by the voting party _Di , n represents the number of voting parties, represents the first value determined by the voting party _Di , represents the third value determined by the voting party D _n , and the third value is sent to the voting party D _i . The determination process of the first value and the third value is similar, but they are determined locally by different voting parties. e _γ represents the voting party The second total value determined by D _i , Represents the second value determined by the voting party _Di. It represents the fourth value determined by the voting party D _n , and sends the third value to the voting party D _i . The second value is determined similarly to the fourth value, but is determined locally by different voting parties.

之后，根据第一总值、第二总值、三元组、该与运算单元输出的可验证掩码比特份额以及输入该与运算单元的可验证掩码比特份额，确定该与运算单元输出的待验证掩码投票结果，具体可以采用下述公式(10)～(11)进行计算：

Afterwards, the mask voting result to be verified output by the AND operation unit is determined according to the first total value, the second total value, the triplet, the share of the verifiable mask bits output by the AND operation unit, and the share of the verifiable mask bits input to the AND operation unit. Specifically, the following formulas (10) to (11) can be used for calculation:

其中，表示投票方D_i确定出的该与运算单元输出的待验证掩码投票结果，表示投票方D_i确定出的该与运算单元输出的可验证掩码比特份额，该与运算单元输出的可验证掩码比特份额为投票方D_i采用安全多方计算预处理函数生成的，t，s为比特值，每个t，s∈{0,1}。in, represents the masked voting result to be verified output by the AND operation unit determined by the voting party _Di , It represents the share of verifiable masked bits output by the AND operation unit determined by the voting party _Di , and the share of verifiable masked bits output by the AND operation unit is generated by the voting party _Di using the secure multi-party computing preprocessing function, t, s are bit values, and each t, s∈{0,1}.

之后，根据该与运算单元输出的待验证掩码投票结果、输入该与运算单元的标签值以及该与运算单元输出的标签值，确定该与运算单元对应的单元密文，具体可以采用下述公式(12)进行计算：
Afterwards, the unit ciphertext corresponding to the AND operation unit is determined according to the mask voting result to be verified output by the AND operation unit, the label value input to the AND operation unit, and the label value output by the AND operation unit. Specifically, the following formula (12) can be used for calculation:

其中，表示投票方D_i确定出的该与运算单元对应的单元密文，由于t可以为0，也可以为1，s可以为0，也可以为1，故t和s一共有4种组合方式，每一种组合方式对应一个单元密文，故该与运算单元对应的单元密文有4个。:＝为赋值符号，表示投票方D_i确定出的比特值为t时输入该与运算单元的标签值，表示投票方D_i确定出的比特值为t时输入该与运算单元的标签值，γ表示该与运算单元的输出，表示该与运算单元输出的待验证掩码投票结果的消息验证码，表示投票方D_i确定出的比特值为0时该与运算单元输出的标签值，Δ_i表示投票方D_i的全局密钥，表示投票方D_i存储的其他投票方D_j确定出的该与运算单元输出的待验证掩码投票结果的消息验证码对应的密钥。in, It indicates the unit ciphertext corresponding to the operation unit determined by the voting party _Di. Since t can be 0 or 1, and s can be 0 or 1, there are 4 combinations of t and s. Each combination corresponds to a unit ciphertext, so there are 4 unit ciphertexts corresponding to the operation unit. :＝ is the assignment symbol, It indicates that when the bit value determined by the voting party _Di is t, the label value input into the AND operation unit is represents the label value input to the AND operation unit when the bit value determined by the voting party _Di is t, γ represents the output of the AND operation unit, The message verification code representing the mask voting result to be verified output by the AND operation unit, represents the label value output by the AND operation unit when the bit value determined by the voting party _Di is 0, _Δi represents the global key of the voting party _Di , It represents the key corresponding to the message verification code of the masked voting result to be verified output by the operation unit and determined by other voting parties _Dj _and stored by the voting party Di.

若该与运算单元为该运算节点中第一个运算单元，并且该运算节点为计票树中叶子节点的上游运算节点时，上述和均为投票方D_i随机生成的K比特的比特串，只是比特值分别为t以及s。If the AND operation unit is the first operation unit in the operation node, and the operation node is the upstream operation node of the leaf node in the vote counting tree, the above and They are all K-bit bit strings randomly generated by the voting party _Di , but the bit values are t and s respectively.

在本公开中，由于投票方的掩码投票结果公布给所有其他投票方(即除投票方之外的其他投票方)，故其他投票方可以根据投票方公布的掩码投票结果，确定该掩码投票结果对应的初始标签值，并发送给计票方。该初始标签值为该其他投票方基于该掩码投票结果的比特值随机生成的K比特的比特串，具体过程与上述步骤S202生成初始标签值的过程类似，在此就不再赘述。基于此，计票方可以接收到各投票方发送的各掩码投票结果对应的各初始标签值。In the present disclosure, since the masked voting results of a voting party are announced to all other voting parties (i.e., other voting parties except the voting party), other voting parties can determine the initial label value corresponding to the masked voting results based on the masked voting results announced by the voting party, and send it to the counting party. The initial label value is a K-bit bit string randomly generated by the other voting parties based on the bit value of the masked voting results. The specific process is similar to the process of generating the initial label value in step S202 above, and will not be repeated here. Based on this, the counting party can receive each initial label value corresponding to each masked voting result sent by each voting party.

S204：确定所述计票方公布的标签承诺值以及各第一结果。S204: Determine the label commitment value and each first result published by the vote counting party.

S206：根据所述各第一结果，确定所述计票树中各运算节点输出的标签值，并根据同态承诺函数，确定各标签值的验证承诺值，并公布所述验证承诺值。S206: Determine the label value output by each operation node in the vote counting tree according to the first results, determine the verification commitment value of each label value according to the homomorphic commitment function, and publish the verification commitment value.

S208：根据所述标签承诺值以及所述验证承诺值，对所述掩码统计结果进行公开验证。S208: Publicly verify the mask statistics result according to the label commitment value and the verification commitment value.

投票方确定计票方公布的标签承诺值以及各第一结果，根据各第一结果，确定计票树中各运算节点输出的标签值，并根据同态承诺函数，确定各标签值的验证承诺值，并公布验证承诺值。之后，根据标签承诺值以及验证承诺值，对掩码统计结果进行公开验证。其中，计票树包括若干运算节点，在根据各第一结果，确定计票树中各运算节点输出的标签值时，由于各第一结果为计票树中各运算节点输出的掩码投票结果，故投票方可以确定其他投票方公布的掩码投票结果，根据上述步骤S202中确定出的掩码投票结果、其他投票方的掩码投票结果以及各第一结果，按照计票树中的各运算节点，计算计票树输出的掩码统计结果，并确定计票树中各运算节点输出的标签值。The voting party determines the label commitment value and each first result announced by the counting party, determines the label value output by each operation node in the counting tree according to each first result, and determines the verification commitment value of each label value according to the homomorphic commitment function. And publish the verification commitment value. Afterwards, the masked statistical results are publicly verified based on the label commitment value and the verification commitment value. Among them, the vote counting tree includes a number of operation nodes. When determining the label value output by each operation node in the vote counting tree according to each first result, since each first result is the masked voting result output by each operation node in the vote counting tree, the voting party can determine the masked voting results announced by other voting parties, and calculate the masked statistical results output by the vote counting tree according to the masked voting results determined in the above step S202, the masked voting results of other voting parties, and each first result according to each operation node in the vote counting tree, and determine the label value output by each operation node in the vote counting tree.

上述在根据同态承诺函数，确定各标签值的验证承诺值时，投票方可以先对各标签值进行聚合，再基于同态承诺函数，确定聚合后的标签值的承诺值为验证承诺值。投票方还可以先基于同态承诺函数，确定各标签值对应的承诺值，将各承诺值聚合后的结果作为验证承诺值，本公开不做具体限定。When determining the verification commitment value of each tag value according to the homomorphic commitment function, the voting party may first aggregate the tag values, and then determine the commitment value of the aggregated tag value as the verification commitment value based on the homomorphic commitment function. The voting party may also first determine the commitment value corresponding to each tag value based on the homomorphic commitment function, and use the result of aggregating the commitment values as the verification commitment value, which is not specifically limited in this disclosure.

在本公开中，运算节点还可以包括若干异或运算单元和若干与运算单元，故上述验证承诺值对应的各标签值为各运算单元输出的标签值。另外，由于异或运算单元输出的掩码投票结果可以由输入该异或运算单元的掩码投票结果进行异或运算得到，并且各投票方的掩码投票结果是公布的，也就是任意方都可以获知各投票方的掩码投票结果，故在公开验证掩码统计结果时，计票方可以仅将确定出的各与运算单元输出的掩码投票结果作为第一结果，以及确定各与运算单元输出的标签值对应的标签承诺值，并公布标签承诺值以及各第一结果。相应的，投票方也可以仅确定各与运算单元输出的标签值对应的验证承诺值，并公布。该验证承诺值具体可以表示为其中，表示投票方D_i确定出的与运算单元w输出的标签值，W表示与运算单元集合。In the present disclosure, the operation node may also include a number of XOR operation units and a number of AND operation units, so each label value corresponding to the above-mentioned verification commitment value is the label value output by each operation unit. In addition, since the masked voting result output by the XOR operation unit can be obtained by XOR operation of the masked voting result input to the XOR operation unit, and the masked voting result of each voting party is announced, that is, any party can know the masked voting result of each voting party, so when publicly verifying the masked statistical results, the counting party can only use the determined masked voting results output by each AND operation unit as the first result, and determine the label commitment value corresponding to the label value output by each AND operation unit, and announce the label commitment value and each first result. Correspondingly, the voting party can also only determine the verification commitment value corresponding to the label value output by each AND operation unit, and announce it. The verification commitment value can be specifically expressed as in, represents the label value output by AND operation unit w determined by the voting party _Di , and W represents the set of AND operation units.

在上述步骤S208中，投票方可以确定其他投票方公布的验证承诺值为其他验证承诺值，对其他验证承诺值以及验证承诺值进行聚合，再根据聚合后的验证承诺值以及标签承诺值，对掩码统计结果进行公开验证。其中，聚合后的验证承诺值可以表示为：其中，n表示投票方的数量。In the above step S208, the voting party can determine the verification commitment value announced by other voting parties as other verification commitment values, aggregate the other verification commitment values and the verification commitment value, and then publicly verify the mask statistics result based on the aggregated verification commitment value and the label commitment value. Among them, the aggregated verification commitment value can be expressed as: Here, n represents the number of voting parties.

上述在根据聚合后的验证承诺值以及标签承诺值，对掩码统计结果进行公开验证时，当聚合后的验证承诺值与标签承诺值一致时，说明掩码统计结果验证通过。也就是成立时，说明掩码统计结果验证通过。当聚合后的验证承诺值与标签承诺值不一致或者上述公式不成立时，说明掩码统计结果验证不通过，投票方公布掩码统计结果验证不通过的消息。其中，表示计票方公布的标签承诺值。When the mask statistics result is publicly verified based on the aggregated verification commitment value and the label commitment value, when the aggregated verification commitment value is consistent with the label commitment value, it means that the mask statistics result has passed the verification. When it is established, it means that the mask statistics result verification has passed. When the aggregated verification commitment value is inconsistent with the label commitment value or the above formula is not established, it means that the mask statistics result verification has failed, and the voting party announces the message that the mask statistics result verification has failed. Indicates the label commitment value announced by the vote counter.

另外，除了通过验证标签值是否准确，确定掩码统计结果是否准确之外，还可以进一步地通过验证运算节点或者运算单元输出的掩码投票结果，确定掩码统计结果是否准确。故在上述根据聚合后的验证承诺值以及标签承诺值，对掩码统计结果进行公开验证时，当聚合后的验证承诺值与标签承诺值一致时，确定其他投票方公布的掩码投票结果。之后，针对每一个与运算单元，根据各掩码投票结果以及各第一结果，确定输入该与运算单元的掩码投票结果，以及确定输入该与运算单元的可验证掩码比特份额和该与运算单元输出的可验证掩码比特份额。然后，根据确定出的输入和输出的可验证掩码比特份额、以及掩码投票结果，确定该与运算单元的可验证检验比特。再根据可验证检验比特，确定该与运算单元的消息验证码，并基于同态承诺函数，确定消息验证码的验证码承诺值。之后，确定各验证码承诺值的和为验证聚合承诺值，并公布验证聚合承诺值。然后，确定计票方公布的验证码聚合承诺值，并根据验证码聚合承诺值以及验证聚合承诺值，对掩码统计结果进行公开验证。其中，根据确定出的输入和输出的可验证掩码比特份额、以及掩码投票结果，确定该与运算单元的可验证检验比特，可以采用下述公式(13)进行计算：
In addition, in addition to verifying whether the label value is accurate and determining whether the mask statistics are accurate, it is also possible to further verify whether the mask statistics are accurate by verifying the mask voting results output by the operation node or operation unit. Therefore, when the mask statistics are publicly verified according to the aggregated verification commitment value and the label commitment value, when the aggregated verification commitment value is consistent with the label commitment value, the mask voting results announced by other voting parties are determined. Afterwards, for each AND operation unit, according to each mask voting result and each first result, the mask voting result input to the AND operation unit is determined, as well as the verifiable mask bit share input to the AND operation unit and the verifiable mask bit share output by the AND operation unit are determined. Then, according to the determined verifiable mask bit share of the input and output, and the mask voting result, the verifiable check bit of the AND operation unit is determined. Then, according to the verifiable check bit, the message verification code of the AND operation unit is determined, and the verification code commitment value of the message verification code is determined based on the homomorphic commitment function. Afterwards, the sum of the verification code commitment values is determined to be the verification aggregation commitment value, and the verification aggregation commitment value is announced. Then, the verification code aggregate commitment value announced by the vote counting party is determined, and the mask statistics result is publicly verified based on the verification code aggregate commitment value and the verification aggregate commitment value. Among them, the verifiable check bit of the AND operation unit is determined based on the determined input and output verifiable mask bit shares and the mask voting results, which can be calculated using the following formula (13):

其中，表示投票方D_i确定出的该与运算单元的可验证检验比特，z′_α以及z′_β表示投票方D_i确定出的输入该与运算单元的两个掩码投票结果，以及表示投票方D_i确定出的输入该与运算单元的两个可验证掩码比特份额，表示投票方D_i确定出的该与运算单元输出的可验证掩码比特份额。in, represents the verifiable check bit of the AND operation unit determined by the voting party _Di , z′ _α and z′ _β represent the two mask voting results input to the AND operation unit determined by the voting party _Di , as well as represents the two verifiable mask bit shares of the input to the AND operation unit determined by the voting party _Di , It represents the share of verifiable mask bits output by the AND operation unit determined by the voting party _Di.

由于可验证检验比特是通过上述计算得到的，故该可验证检验比特中包括检验比特对应的消息验证码，投票方可以直接从该与运算单元对应的可验证检验比特中，确定该与运算单元的消息验证码，即检验比特对应的消息验证码。后续基于同态承诺函数，确定消息验证码的验证码承诺值，再确定各验证码承诺值的和为验证聚合承诺值，该验证聚合承诺值可以表示为其中，表示投票方D_i确定出的与运算单元w的消息验证码，W表示与运算单元集合，Com(x)表示同态承诺函数。Since the verifiable check bit is obtained through the above calculation, the verifiable check bit includes the message verification code corresponding to the check bit. The voting party can directly determine the message verification code of the AND operation unit from the verifiable check bit corresponding to the AND operation unit, that is, the message verification code corresponding to the check bit. Subsequently, based on the homomorphic commitment function, the verification code commitment value of the message verification code is determined, and then the sum of the verification code commitment values is determined as the verification aggregate commitment value. The verification aggregate commitment value can be expressed as in, represents the message verification code of the operation unit w determined by the voting party _Di , W represents the set of operation units, and Com(x) represents the homomorphic commitment function.

上述在根据验证码聚合承诺值以及验证聚合承诺值，对掩码统计结果进行公开验证时，投票方可以确定其他投票方公布的验证聚合承诺值，将其他投票方的验证聚合承诺值以及上述确定出的验证聚合承诺值进行聚合，并根据聚合后的验证承诺值以及验证码聚合承诺值，对掩码统计结果进行公开验证。其中，聚合后的验证承诺值可以表示为当聚合后的验证承诺值与验证码聚合承诺值一致时，说明掩码统计结果验证通过，也就是成立时，说明掩码统计结果验证通过。当聚合后的验证承诺值与验证码聚合承诺值不一致或者上述公式不成立时，说明掩码统计结果验证不通过，投票方公布掩码统计结果验证不通过的消息。When publicly verifying the masked statistical results based on the verification code aggregate commitment value and the verification aggregate commitment value, the voting party can determine the verification aggregate commitment value announced by other voting parties, aggregate the verification aggregate commitment values of other voting parties and the above-determined verification aggregate commitment value, and publicly verify the masked statistical results based on the aggregated verification commitment value and the verification code aggregate commitment value. The aggregated verification commitment value can be expressed as When the aggregated verification commitment value is consistent with the verification code aggregate commitment value, it means that the mask statistics result verification has passed, that is, When it is established, it means that the masked statistical result verification has passed. When the aggregated verification commitment value is inconsistent with the verification code aggregate commitment value or the above formula does not hold, it means that the masked statistical result verification has failed, and the voting party announces the message that the masked statistical result verification has failed.

S210：在所述掩码统计结果验证通过时，确定所述掩码统计结果对应的掩码比特份额，并公布，使所述计票方根据所述各投票方公布的掩码比特份额对所述掩码统计结果进行解密，确定并公布最终投票结果。S210: When the masked statistical result is verified, the masked bit share corresponding to the masked statistical result is determined and announced, so that the vote counting party decrypts the masked statistical result according to the masked bit shares announced by each voting party, determines and announces the final voting result.

在掩码统计结果验证通过时，投票方确定掩码统计结果对应的掩码比特份额，并公布，使计票方根据各投票方公布的掩码比特份额对掩码统计结果进行解密，确定最终投票结果，并将最终投票结果进行公布。When the masked statistical result is verified, the voting party determines the masked bit share corresponding to the masked statistical result and announces it, so that the counting party decrypts the masked statistical result according to the masked bit share announced by each voting party, determines the final voting result, and announces the final voting result.

为了保证各投票方公布的掩码比特份额的准确性，在掩码统计结果验证通过时，投票方可以确定掩码统计结果对应的掩码比特份额，基于同态承诺函数，确定掩码比特份额对应的掩码承诺值，并公布，使计票方根据各投票方公布的与掩码比特份额对应的掩码承诺值，对各掩码比特份额进行公开验证，并在各掩码比特份额验证通过时，计票方根据各掩码比特份额对掩码统计结果进行解密，确定并公布最终投票结果。其中，掩码承诺值用于验证掩码比特份额是否准确，掩码承诺值包括原始承诺值以及其他承诺值，故在基于同态承诺函数，确定掩码比特份额对应的掩码承诺值，并公布时，投票方可以基于同态承诺函数，确定掩码比特份额对应的承诺值为原始承诺值，确定其他投票方公布的与掩码统计结果对应的掩码比特份额，并根据其他投票方公布的掩码比特份额，基于同态承诺函数，确定其他承诺值，并公布掩码比特份额、原始承诺值以及其他承诺值。使计票方根据各投票方公布的原始承诺值以及其他承诺值，确定各原始承诺值的和为第一值，以及确定各其他承诺值的和为第二值。当第一值与第二值一致时，确定各掩码比特份额验证通过。In order to ensure the accuracy of the masked bit shares announced by each voting party, when the masked statistical results are verified, the voting party can determine the masked bit shares corresponding to the masked statistical results, determine the masked commitment values corresponding to the masked bit shares based on the homomorphic commitment function, and announce them, so that the counting party can publicly verify each masked bit share according to the masked commitment values corresponding to the masked bit shares announced by each voting party, and when each masked bit share is verified, the counting party decrypts the masked statistical results according to each masked bit share, determines and announces the final voting results. Among them, the mask commitment value is used to verify whether the mask bit share is accurate. The mask commitment value includes the original commitment value and other commitment values. Therefore, when the mask commitment value corresponding to the mask bit share is determined based on the homomorphic commitment function and announced, the voting party can determine the commitment value corresponding to the mask bit share as the original commitment value based on the homomorphic commitment function, determine the mask bit share corresponding to the mask statistical result announced by other voting parties, and determine other commitment values based on the homomorphic commitment function according to the mask bit share announced by other voting parties, and announce the mask bit share, the original commitment value and other commitment values. The counting party determines that the sum of the original commitment values is the first value, and the sum of the other commitment values is the second value based on the original commitment values and other commitment values announced by each voting party. When the first value is consistent with the second value, it is determined that the verification of each mask bit share has passed.

在本公开中，投票方在公布掩码投票结果时，可以将掩码投票结果发送到公告板上，以使其他投票方、计票方以及第三方获知掩码投票结果。当然，投票方在公布其他内容时，比如验证承诺值、验证聚合承诺值以及掩码承诺值等，也可以将需要公布的内容发送到公告板上，本公开不做具体限定。In the present disclosure, when a voting party announces the masked voting results, it can send the masked voting results to a bulletin board so that other voting parties, vote counting parties, and third parties can learn of the masked voting results. Of course, when a voting party announces other content, such as verification commitment value, verification aggregate commitment value, and masked commitment value, it can also send the content to be announced to the bulletin board, which is not specifically limited in the present disclosure.

以上为本公开提供的电子投票的方法，基于同样的思路，本公开还提供了一种电子投票的装置，所述装置应用于计票方，如图4所示。 The above is the electronic voting method provided by the present disclosure. Based on the same idea, the present disclosure also provides an electronic voting device, which is applied to the vote counting party, as shown in FIG4 .

图4为本公开实施例提供的一种电子投票的装置的结构示意图，包括：FIG4 is a schematic diagram of the structure of an electronic voting device provided by an embodiment of the present disclosure, including:

第一确定模块300，用于确定各投票方公布的掩码投票结果，以及接收所述各投票方发送的所述掩码投票结果对应的标签值，其中，所述掩码投票结果为所述投票方根据掩码比特份额对投票结果进行处理后的结果，所述掩码比特份额为所述投票方基于安全多方计算预处理函数生成的；The first determination module 300 is used to determine the masked voting results announced by each voting party, and receive the label value corresponding to the masked voting results sent by each voting party, wherein the masked voting results are the results after the voting party processes the voting results according to the masked bit shares, and the masked bit shares are generated by the voting party based on the secure multi-party computing preprocessing function;

计票模块302，用于根据各掩码投票结果以及各初始标签值，基于预先构建的计票树，对所述各掩码投票结果进行统计，确定所述计票树输出的掩码统计结果，以及确定所述计票树包括的多个运算节点中的各运算节点输出的第一结果以及中间标签值；The vote counting module 302 is used to count the masked voting results and the initial label values based on the pre-constructed vote counting tree, determine the masked statistical results output by the vote counting tree, and determine the first result and the intermediate label value output by each operation node among the multiple operation nodes included in the vote counting tree;

公布模块304，用于基于同态承诺函数以及各中间标签值，生成标签承诺值，并公布所述标签承诺值以及各第一结果，使所述各投票方根据所述计票方公布的所述标签承诺值以及所述各第一结果，公开验证所述掩码统计结果；A publishing module 304 is used to generate a label commitment value based on the homomorphic commitment function and each intermediate label value, and publish the label commitment value and each first result, so that each voting party publicly verifies the mask statistical result according to the label commitment value and each first result published by the vote counting party;

第二确定模块306，用于在所述掩码统计结果验证通过时，确定所述各投票方公布的与所述掩码统计结果对应的掩码比特份额；A second determination module 306 is used to determine the mask bit shares corresponding to the mask statistical result published by each voting party when the mask statistical result is verified;

解密模块308，用于根据各掩码比特份额对所述掩码统计结果进行解密，确定并公布最终投票结果。The decryption module 308 is used to decrypt the mask statistical results according to the bit shares of each mask, and determine and publish the final voting results.

所述公布模块304具体用于，针对每一个与运算单元，确定输入该与运算单元的掩码投票结果，以及基于安全多方计算预处理函数，确定输入该与运算单元的可验证掩码比特份额和该与运算单元输出的可验证掩码比特份额；根据确定出的输入和输出的可验证掩码比特份额、以及掩码投票结果，确定该与运算单元的可验证检验比特；根据所述可验证检验比特，确定该与运算单元的消息验证码，并基于所述同态承诺函数，确定所述消息验证码的验证码承诺值；确定各验证码承诺值的和为验证码聚合承诺值，并公布所述验证码聚合承诺值、所述标签承诺值以及所述各第一结果。The publishing module 304 is specifically used to determine, for each AND operation unit, the mask voting result of the input to the AND operation unit, and based on the secure multi-party computing preprocessing function, determine the verifiable mask bit share of the input to the AND operation unit and the verifiable mask bit share of the output of the AND operation unit; determine the verifiable check bit of the AND operation unit according to the determined verifiable mask bit shares of the input and output, and the mask voting result; determine the message verification code of the AND operation unit according to the verifiable check bit, and determine the verification code commitment value of the message verification code based on the homomorphic commitment function; determine the sum of the verification code commitment values as the verification code aggregate commitment value, and publish the verification code aggregate commitment value, the label commitment value and the first results.

可选地，所述解密模块308具体用于，确定所述各投票方公布的与掩码比特份额对应的掩码承诺值；根据各掩码承诺值，对所述各掩码比特份额进行公开验证；在所述各掩码比特份额验证通过时，根据所述各掩码比特份额对所述掩码统计结果进行解密，确定所述最终投票结果。Optionally, the decryption module 308 is specifically used to determine the mask commitment value corresponding to the mask bit share published by each voting party; publicly verify each mask bit share according to each mask commitment value; when each mask bit share is verified, decrypt the mask statistical result according to each mask bit share to determine the final voting result.

所述解密模块308具体用于，针对每一个投票方，确定该投票方公布的掩码比特份额对应的原始承诺值以及其他承诺值，其中，所述原始承诺值为该投票方基于该投票方对应的掩码比特份额确定的承诺值，所述其他承诺值为该投票方基于其他投票方公布的掩码比特份额确定的承诺值；确定各原始承诺值的和为第一值，以及确定各其他承诺值的和为第二值；当所述第一值与所述第二值一致时，确定所述各掩码比特份额验证通过。The decryption module 308 is specifically used to determine, for each voting party, the original commitment value and other commitment values corresponding to the mask bit share announced by the voting party, wherein the original commitment value is the commitment value determined by the voting party based on the mask bit share corresponding to the voting party, and the other commitment values are the commitment values determined by the voting party based on the mask bit shares announced by other voting parties; determine the sum of the original commitment values as a first value, and determine the sum of the other commitment values as a second value; when the first value is consistent with the second value, determine that the verification of the mask bit shares has passed.

本公开还提供了一种电子投票的装置，所述装置应用于投票方，如图5所示。The present disclosure also provides an electronic voting device, which is applied to a voting party, as shown in FIG5 .

图5为本公开实施例提供的另一种电子投票的装置的结构示意图，包括：FIG5 is a schematic diagram of the structure of another electronic voting device provided by an embodiment of the present disclosure, including:

生成模块400，用于根据投票选项，确定投票结果，并根据计票方预先构建的计票树的拓扑结构，采用安全多方计算预处理函数，生成掩码比特份额；The generation module 400 is used to determine the voting result according to the voting options, and generate the mask bit share according to the topological structure of the counting tree pre-built by the counting party by using the secure multi-party computing pre-processing function;

发送模块402，用于根据所述掩码比特份额，对所述投票结果进行处理，确定掩码投票结果，并公布，以及生成所述掩码投票结果对应的初始标签值，将所述初始标签值发送给所述计票方，使所述计票方根据各投票方公布的掩码投票结果以及接收到的初始标签值，基于所述计票树，对各掩码投票结果进行统计，确定所述计票树输出的掩码统计结果，以及确定所述计票树包括的多个运算节点中的各运算节点输出的第一结果以及中间标签值，并基于同态承诺函数以及各中间标签值，生成标签承诺值，并公布所述标签承诺值以及各第一结果；The sending module 402 is used to process the voting results according to the mask bit share, determine the masked voting results, and publish them, and generate an initial label value corresponding to the masked voting results, and send the initial label value to the counting party, so that the counting party counts the masked voting results based on the counting tree according to the masked voting results published by each voting party and the received initial label value, and determines the output of the counting tree. The masked statistical results, and the first results and intermediate label values output by each operation node in the plurality of operation nodes included in the vote counting tree are determined, and based on the homomorphic commitment function and the intermediate label values, a label commitment value is generated, and the label commitment value and the first results are announced;

确定模块404，用于确定所述计票方公布的标签承诺值以及各第一结果；A determination module 404, configured to determine the label commitment value and each first result published by the vote counting party;

承诺模块406，用于根据所述各第一结果，确定所述计票树中各运算单元输出的标签值，并根据同态承诺函数，确定各标签值的验证承诺值，并公布所述验证承诺值；The commitment module 406 is used to determine the label value output by each operation unit in the vote counting tree according to the first results, determine the verification commitment value of each label value according to the homomorphic commitment function, and publish the verification commitment value;

验证模块408，用于根据所述标签承诺值以及所述验证承诺值，对所述掩码统计结果进行公开验证；A verification module 408, configured to publicly verify the mask statistical result according to the label commitment value and the verification commitment value;

掩码模块410，用于在所述掩码统计结果验证通过时，确定所述掩码统计结果对应的掩码比特份额，并公布，使所述计票方根据所述各投票方公布的掩码比特份额对所述掩码统计结果进行解密，确定并公布最终投票结果。The mask module 410 is used to determine and publish the mask bit share corresponding to the mask statistical result when the mask statistical result is verified, so that the vote counting party decrypts the mask statistical result according to the mask bit share published by each voting party, determines and publishes the final voting result.

可选地，所述验证模块408具体用于，确定其他投票方公布的验证承诺值为其他验证承诺值；对所述其他验证承诺值以及所述验证承诺值进行聚合；根据聚合后的验证承诺值以及所述标签承诺值，对所述掩码统计结果进行公开验证。Optionally, the verification module 408 is specifically used to determine the verification commitment values announced by other voting parties as other verification commitment values; aggregate the other verification commitment values and the verification commitment value; and publicly verify the mask statistical results based on the aggregated verification commitment value and the label commitment value.

所述验证模块408具体用于，当所述聚合后的验证承诺值与所述标签承诺值一致时，确定所述其他投票方公布的掩码投票结果；针对每一个与运算单元，根据各掩码投票结果以及所述各第一结果，确定输入该与运算单元的掩码投票结果，以及确定输入该与运算单元的可验证掩码比特份额和该与运算单元输出的可验证掩码比特份额；根据确定出的输入和输出的可验证掩码比特份额、以及所述掩码投票结果，确定该与运算单元的可验证检验比特；根据所述可验证检验比特，确定该与运算单元的消息验证码，并基于所述同态承诺函数，确定所述消息验证码的验证码承诺值；确定各验证码承诺值的和为验证聚合承诺值，并公布所述验证聚合承诺值；确定所述计票方公布的验证码聚合承诺值，并根据所述验证码聚合承诺值以及所述验证聚合承诺值，对所述掩码统计结果进行公开验证。The verification module 408 is specifically used to, when the aggregated verification commitment value is consistent with the label commitment value, determine the mask voting results announced by the other voting parties; for each AND operation unit, determine the mask voting result input to the AND operation unit according to each mask voting result and the first results, as well as determine the verifiable mask bit share input to the AND operation unit and the verifiable mask bit share output by the AND operation unit; determine the verifiable check bit of the AND operation unit according to the determined verifiable mask bit share of the input and output, and the mask voting result; determine the message verification code of the AND operation unit according to the verifiable check bit, and determine the verification code commitment value of the message verification code based on the homomorphic commitment function; determine the sum of the verification code commitment values as the verification aggregate commitment value, and announce the verification aggregate commitment value; determine the verification code aggregate commitment value announced by the counting party, and publicly verify the mask statistical result according to the verification code aggregate commitment value and the verification aggregate commitment value.

可选地，所述掩码模块410具体用于，确定所述掩码统计结果对应的掩码比特份额；基于所述同态承诺函数，确定所述掩码比特份额对应的掩码承诺值，并公布，使所述计票方根据所述各投票方公布的与掩码比特份额对应的掩码承诺值，对所述各掩码比特份额进行公开验证。Optionally, the mask module 410 is specifically used to determine the mask bit share corresponding to the mask statistical result; based on the homomorphic commitment function, determine the mask commitment value corresponding to the mask bit share, and publish it, so that the vote counting party can publicly verify each mask bit share according to the mask commitment value corresponding to the mask bit share published by each voting party.

所述掩码模块410具体用于，基于所述同态承诺函数，确定所述掩码比特份额对应的承诺值为原始承诺值；确定其他投票方公布的与所述掩码统计结果对应的掩码比特份额，并根据所述其他投票方公布的掩码比特份额，基于所述同态承诺函数，确定其他承诺值，并公布所述掩码比特份额、所述原始承诺值以及所述其他承诺值。The mask module 410 is specifically used to determine, based on the homomorphic commitment function, that the commitment value corresponding to the mask bit share is the original commitment value; determine the mask bit share corresponding to the mask statistical result announced by other voting parties, and determine other commitment values based on the homomorphic commitment function according to the mask bit share announced by the other voting parties, and announce the mask bit share, the original commitment value and the other commitment values.

本公开还提供了一种计算机可读存储介质，该存储介质存储有计算机程序，计算机程序被处理器执行时实现上述电子投票的方法。The present disclosure also provides a computer-readable storage medium, which stores a computer program. When the computer program is executed by a processor, the above-mentioned electronic voting method is implemented.

本公开还提供了一种电子设备。如图6所示，在硬件层面，该电子设备包括处理器、内部总线、网络接口、内存以及非易失性存储器，当然还可能包括其他业务所需要的硬件。处理器从非易失性存储器中读取对应的计算机程序到内存中然后运行，以实现上述电子投票的方法。The present disclosure also provides an electronic device. As shown in FIG6 , at the hardware level, the electronic device includes a processor, an internal bus, a network interface, a memory, and a non-volatile memory, and may also include hardware required for other services. The processor reads the corresponding computer program from the non-volatile memory into the memory and then runs it to implement the above-mentioned electronic voting method.

当然，除了软件实现方式之外，本公开并不排除其他实现方式，比如逻辑器件抑或软硬件结合的方式等等，也就是说以下处理流程的执行主体并不限定于各个逻辑单元，也可以是硬件或逻辑器件。 Of course, in addition to software implementation, the present disclosure does not exclude other implementation methods, such as logic devices or a combination of software and hardware, etc., that is, the execution subject of the following processing flow is not limited to each logic unit, but can also be hardware or logic devices.

在20世纪90年代，对于一个技术的改进可以很明显地区分是硬件上的改进(例如，对二极管、晶体管、开关等电路结构的改进)还是软件上的改进(对于方法流程的改进)。然而，随着技术的发展，当今的很多方法流程的改进已经可以视为硬件电路结构的直接改进。设计人员几乎都通过将改进的方法流程编程到硬件电路中来得到相应的硬件电路结构。因此，不能说一个方法流程的改进就不能用硬件实体模块来实现。例如，可编程逻辑器件(Programmable Logic Device,PLD)(例如现场可编程门阵列(Field Programmable Gate Array，FPGA))就是这样一种集成电路，其逻辑功能由用户对器件编程来确定。由设计人员自行编程来把一个数字系统“集成”在一片PLD上，而不需要请芯片制造厂商来设计和制作专用的集成电路芯片。而且，如今，取代手工地制作集成电路芯片，这种编程也多半改用“逻辑编译器(logic compiler)”软件来实现，它与程序开发撰写时所用的软件编译器相类似，而要编译之前的原始代码也得用特定的编程语言来撰写，此称之为硬件描述语言(Hardware Description Language，HDL)，而HDL也并非仅有一种，而是有许多种，如ABEL(Advanced Boolean Expression Language)、AHDL(Altera Hardware Description Language)、Confluence、CUPL(Cornell University Programming Language)、HDCal、JHDL(Java Hardware Description Language)、Lava、Lola、MyHDL、PALASM、RHDL(Ruby Hardware Description Language)等，目前最普遍使用的是VHDL(Very-High-Speed Integrated Circuit Hardware Description Language)与Verilog。本领域技术人员也应该清楚，只需要将方法流程用上述几种硬件描述语言稍作逻辑编程并编程到集成电路中，就可以很容易得到实现该逻辑方法流程的硬件电路。In the 1990s, it was very clear whether the improvement of a technology was hardware improvement (for example, improvement of the circuit structure of diodes, transistors, switches, etc.) or software improvement (improvement of the method flow). However, with the development of technology, many of the improvements of the method flow today can be regarded as direct improvements of the hardware circuit structure. Designers almost always obtain the corresponding hardware circuit structure by programming the improved method flow into the hardware circuit. Therefore, it cannot be said that the improvement of a method flow cannot be implemented with hardware entity modules. For example, a programmable logic device (PLD) (such as a field programmable gate array (FPGA)) is such an integrated circuit whose logical function is determined by the user's programming of the device. Designers can "integrate" a digital system on a PLD by programming themselves, without having to ask chip manufacturers to design and produce dedicated integrated circuit chips. Moreover, nowadays, instead of manually making integrated circuit chips, this kind of programming is mostly implemented by "logic compiler" software, which is similar to the software compiler used when developing programs. The original code before compilation must also be written in a specific programming language, which is called Hardware Description Language (HDL). There is not only one kind of HDL, but many kinds, such as ABEL (Advanced Boolean Expression Language), AHDL (Altera Hardware Description Language), Confluence, CUPL (Cornell University Programming Language), HDCal, JHDL (Java Hardware Description Language), Lava, Lola, MyHDL, PALASM, RHDL (Ruby Hardware Description Language), etc., and the most commonly used ones are VHDL (Very-High-Speed Integrated Circuit Hardware Description Language) and Verilog. Those skilled in the art should also know that it is only necessary to program the method flow slightly in the above-mentioned hardware description languages and program it into the integrated circuit, and then it is easy to obtain the hardware circuit that realizes the logic method flow.

控制器可以按任何适当的方式实现，例如，控制器可以采取例如微处理器或处理器以及存储可由该(微)处理器执行的计算机可读程序代码(例如软件或固件)的计算机可读介质、逻辑门、开关、专用集成电路(Application Specific Integrated Circuit，ASIC)、可编程逻辑控制器和嵌入微控制器的形式，控制器的例子包括但不限于以下微控制器：ARC 625D、Atmel AT91SAM、Microchip PIC18F26K20以及Silicone Labs C8051F320，存储器控制器还可以被实现为存储器的控制逻辑的一部分。本领域技术人员也知道，除了以纯计算机可读程序代码方式实现控制器以外，完全可以通过将方法步骤进行逻辑编程来使得控制器以逻辑门、开关、专用集成电路、可编程逻辑控制器和嵌入微控制器等的形式来实现相同功能。因此这种控制器可以被认为是一种硬件部件，而对其内包括的用于实现各种功能的装置也可以视为硬件部件内的结构。或者甚至，可以将用于实现各种功能的装置视为既可以是实现方法的软件模块又可以是硬件部件内的结构。The controller may be implemented in any suitable manner, for example, the controller may take the form of a microprocessor or processor and a computer readable medium storing a computer readable program code (e.g., software or firmware) executable by the (micro)processor, a logic gate, a switch, an application specific integrated circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include but are not limited to the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20, and Silicone Labs C8051F320, and the memory controller may also be implemented as part of the control logic of the memory. It is also known to those skilled in the art that in addition to implementing the controller in a purely computer readable program code manner, the controller may be implemented in the form of a logic gate, a switch, an application specific integrated circuit, a programmable logic controller, and an embedded microcontroller by logically programming the method steps. Therefore, such a controller may be considered as a hardware component, and the means for implementing various functions included therein may also be considered as a structure within the hardware component. Or even, the means for implementing various functions may be considered as both a software module for implementing the method and a structure within the hardware component.

上述实施例阐明的系统、装置、模块或单元，具体可以由计算机芯片或实体实现，或者由具有某种功能的产品来实现。一种典型的实现设备为计算机。具体的，计算机例如可以为个人计算机、膝上型计算机、蜂窝电话、相机电话、智能电话、个人数字助理、媒体播放器、导航设备、电子邮件设备、游戏控制台、平板计算机、可穿戴设备或者这些设备中的任何设备的组合。The systems, devices, modules or units described in the above embodiments may be implemented by computer chips or entities, or by products with certain functions. A typical implementation device is a computer. Specifically, the computer may be, for example, a personal computer, a laptop computer, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.

为了描述的方便，描述以上装置时以功能分为各种单元分别描述。当然，在实施本公开时可以把各单元的功能在同一个或多个软件和/或硬件中实现。For the convenience of description, the above device is described in various units according to their functions. Of course, when implementing the present disclosure, the functions of each unit can be implemented in the same or multiple software and/or hardware.

本领域内的技术人员应明白，本公开的实施例可提供为方法、系统、或计算机程序产品。因此，本公开可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且，本公开可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art will appreciate that the embodiments of the present disclosure may be provided as methods, systems, or computer program products. Therefore, the present disclosure may take the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, the present disclosure may take the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program code.

本公开是参照根据本公开实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器，使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present disclosure is described with reference to flowcharts and/or block diagrams of methods, devices (systems), and computer program products according to embodiments of the present disclosure. It should be understood that the flowcharts and/or block diagrams may be implemented by computer program instructions. Each process and/or box in the flowchart and/or block diagram, and the combination of the processes and/or boxes in the flowchart and/or block diagram. These computer program instructions can be provided to a processor of a general-purpose computer, a special-purpose computer, an embedded processor or other programmable data processing device to generate a machine, so that the instructions executed by the processor of the computer or other programmable data processing device generate a device for implementing the functions specified in one process or multiple processes in the flowchart and/or one box or multiple boxes in the block diagram.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中，使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品，该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing device to operate in a specific manner, so that the instructions stored in the computer-readable memory produce a manufactured product including an instruction device that implements the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.

这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上，使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理，从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions may also be loaded onto a computer or other programmable data processing device so that a series of operational steps are executed on the computer or other programmable device to produce a computer-implemented process, whereby the instructions executed on the computer or other programmable device provide steps for implementing the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.

在一个典型的配置中，计算设备包括一个或多个处理器(CPU)、输入/输出接口、网络接口和内存。In a typical configuration, a computing device includes one or more processors (CPU), input/output interfaces, network interfaces, and memory.

内存可能包括计算机可读介质中的非永久性存储器，随机存取存储器(Random Access Memory，RAM)和/或非易失性内存等形式，如只读存储器(Read-Only Memory，ROM)或闪存(flash RAM)。内存是计算机可读介质的示例。Memory may include non-permanent storage in a computer-readable medium, in the form of random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash RAM. Memory is an example of a computer-readable medium.

计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括，但不限于相变内存(Phase Change RAM，PRAM)、静态随机存取存储器(Static Random-Access Memory，SRAM)、动态随机存取存储器(Dynamic Random Access Memory，DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(Electrically Erasable Programmable Read Only Memory，EEPROM)、快闪记忆体(Flash Memory)或其他内存技术、只读光盘只读存储器(Compact Disc Read Only Memory，CD-ROM)、数字多功能光盘(Digital Versatile Disc，DVD)或其他光学存储、磁盒式磁带，磁带及磁盘存储或其他磁性存储设备或任何其他非传输介质，可用于存储可以被计算设备访问的信息。按照本文中的界定，计算机可读介质不包括暂存电脑可读媒体(transitory media)，如调制的数据信号和载波。Computer readable media include permanent and non-permanent, removable and non-removable media that can be implemented by any method or technology to store information. Information can be computer readable instructions, data structures, program modules or other data. Examples of computer storage media include, but are not limited to, Phase Change RAM (PRAM), Static Random-Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of random access memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), Flash Memory or other memory technology, Compact Disc Read Only Memory (CD-ROM), Digital Versatile Disc (DVD) or other optical storage, magnetic cassettes, tape and disk storage or other magnetic storage devices or any other non-transmission media that can be used to store information that can be accessed by a computing device. As defined in this article, computer-readable media does not include transitory media such as modulated data signals and carrier waves.

还需要说明的是，术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含，从而使得包括一系列要素的过程、方法、商品或者设备不仅包括那些要素，而且还包括没有明确列出的其他要素，或者是还包括为这种过程、方法、商品或者设备所固有的要素。在没有更多限制的情况下，由语句“包括一个……”限定的要素，并不排除在包括所述要素的过程、方法、商品或者设备中还存在另外的相同要素。It should also be noted that the terms "include", "comprises" or any other variations thereof are intended to cover non-exclusive inclusion, so that a process, method, commodity or device including a series of elements includes not only those elements, but also other elements not explicitly listed, or also includes elements inherent to such process, method, commodity or device. In the absence of more restrictions, the elements defined by the sentence "comprises a ..." do not exclude the existence of other identical elements in the process, method, commodity or device including the elements.

本公开可以在由计算机执行的计算机可执行指令的一般上下文中描述，例如程序模块。一般地，程序模块包括执行特定任务或实现特定抽象数据类型的例程、程序、对象、组件、数据结构等等。也可以在分布式计算环境中实践本公开，在这些分布式计算环境中，由通过通信网络而被连接的远程处理设备来执行任务。在分布式计算环境中，程序模块可以位于包括存储设备在内的本地和远程计算机存储介质中。The present disclosure may be described in the general context of computer-executable instructions executed by a computer, such as program modules. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform specific tasks or implement specific abstract data types. The present disclosure may also be practiced in distributed computing environments where tasks are performed by remote processing devices connected through a communications network. In a distributed computing environment, program modules may be located in local and remote computer storage media, including storage devices.

本公开中的各个实施例均采用递进的方式描述，各个实施例之间相同相似的部分互相参见即可，每个实施例重点说明的都是与其他实施例的不同之处。尤其，对于系统实施例而言，由于其基本相似于方法实施例，所以描述的比较简单，相关之处参见方法实施例的部分说明即可。Each embodiment in the present disclosure is described in a progressive manner, and the same or similar parts between the embodiments can be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, for the system embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and the relevant parts can be referred to the partial description of the method embodiment.

以上所述仅为本公开的实施例而已，并不用于限制本公开。对于本领域技术人员来说，本公开可以有各种更改和变化。凡在本公开的精神和原理之内所作的任何修改、等同替换、改进等，均应包含在本公开的权利要求范围之内。 The above description is only an embodiment of the present disclosure and is not intended to limit the present disclosure. In general, the present disclosure may have various changes and variations. Any modification, equivalent substitution, improvement, etc. made within the spirit and principle of the present disclosure should be included in the scope of the claims of the present disclosure.

Claims

A method for electronic voting, characterized in that the method is applied to a vote counting party, and the method comprises:

Determine the masked voting results published by each voting party, and receive the initial label value corresponding to the masked voting results sent by each voting party, wherein the masked voting results are the results of the voting party processing the voting results according to the masked bit shares, and the masked bit shares are generated by the voting party based on the secure multi-party computing preprocessing function;

According to each masked voting result and each initial label value, based on a pre-constructed counting tree, the masked voting results are counted, the masked statistical result output by the counting tree is determined, and the first result and the intermediate label value output by each computing node among the multiple computing nodes included in the counting tree are determined;

Based on the homomorphic commitment function and each intermediate label value, a label commitment value is generated, and the label commitment value and each first result are announced, so that each voting party publicly verifies the masked statistical result according to the label commitment value and each first result announced by the vote counting party;

When the mask statistical result is verified, determining the mask bit shares corresponding to the mask statistical result published by each voting party;

The masked statistical results are decrypted according to the bit shares of each mask, and the final voting results are determined and announced.

The method according to claim 1, characterized in that the operation node comprises a plurality of AND operation units;

The label commitment value and each first result are announced, including:

For each AND unit,

Determine the mask voting result input to the AND operation unit, and determine the verifiable mask bit share input to the AND operation unit and the verifiable mask bit share output by the AND operation unit based on the secure multi-party computation preprocessing function;

Determine the verifiable check bit of the AND operation unit according to the determined verifiable mask bit shares of the input and output and the mask voting result;

Determine a message authentication code of the AND operation unit according to the verifiable check bit, and determine a verification code commitment value of the message authentication code based on the homomorphic commitment function;

The sum of the verification code commitment values is determined to be the verification code aggregate commitment value, and the verification code aggregate commitment value, the label commitment value and the first results are published.

The method according to claim 1, characterized in that the mask statistical result is decrypted according to each mask bit share to determine the final voting result, comprising:

Determining the mask commitment value corresponding to the mask bit share announced by each voting party;

Publicly verifying each mask bit share according to each mask commitment value;

When the verification of each mask bit share is passed, the mask statistical result is decrypted according to each mask bit share to determine the final voting result.

The method of claim 3, wherein the masked commitment value includes the original commitment value and other commitment values;

Determining the mask commitment value corresponding to the mask bit share announced by each voting party includes:

For each voting party, determine the original commitment value and other commitment values corresponding to the mask bit share announced by the voting party, wherein the original commitment value is the commitment value determined by the voting party based on the mask bit share corresponding to the voting party, and the other commitment values are the commitment values determined by the voting party based on the mask bit shares announced by other voting parties;

According to each mask commitment value, each mask bit share is publicly verified, including:

Determining a sum of the original commitment values as a first value, and determining a sum of the other commitment values as a second value;

When the first value is consistent with the second value, it is determined that the verification of each mask bit share is passed.

A method for electronic voting, characterized in that the method is applied to a voting party, and the method comprises:

Determine the voting result according to the voting options, and generate the mask bit share using the secure multi-party computing pre-processing function based on the topology of the counting tree pre-built by the counting party;

According to the mask bit share, the voting result is processed to determine the masked voting result and publish it, and an initial label value corresponding to the masked voting result is generated and sent to the vote counting party. The vote counting party counts the masked voting results published by each voting party and the received initial label value based on the vote counting tree, determines the masked statistical results output by the vote counting tree, and determines the first result and the intermediate label value output by each operation node among the multiple operation nodes included in the vote counting tree, generates a label commitment value based on the homomorphic commitment function and the intermediate label values, and publishes the label commitment value and each first result;

Determine the label commitment value and each first result published by the vote counting party;

Determine the label value output by each computing node in the vote counting tree according to each of the first results, determine the verification commitment value of each label value according to the homomorphic commitment function, and publish the verification commitment value;

Publicly verifying the mask statistical result according to the label commitment value and the verification commitment value;

When the masked statistical result is verified, the masked bit share corresponding to the masked statistical result is determined and announced, so that the vote counting party decrypts the masked statistical result according to the masked bit shares announced by each voting party, determines and announces the final voting result.

The method according to claim 5, characterized in that the publicly verifying the mask statistical result according to the label commitment value and the verification commitment value comprises:

Determine the verification commitment values announced by other voting parties as other verification commitment values;

Aggregating the other verification commitment values and the verification commitment value;

The mask statistics result is publicly verified according to the aggregated verification commitment value and the label commitment value.

The method according to claim 6, characterized in that the operation node comprises a plurality of AND operation units;

The publicly verifying the mask statistical result according to the aggregated verification commitment value and the label commitment value includes:

When the aggregated verification commitment value is consistent with the label commitment value, determining the masked voting results announced by the other voting parties;

For each AND unit,

Determine the mask voting result input to the AND operation unit, and determine the verifiable mask bit share input to the AND operation unit and the verifiable mask bit share output by the AND operation unit according to each mask voting result and each first result;

Determine the sum of the verification code commitment values as the verification aggregate commitment value, and publish the verification aggregate commitment value;

Determine the verification code aggregate commitment value announced by the vote counting party, and publicly verify the mask statistical result based on the verification code aggregate commitment value and the verification aggregate commitment value.

The method according to claim 5, characterized in that determining the mask bit share corresponding to the mask statistical result and announcing it comprises:

Determining a mask bit share corresponding to the mask statistical result;

Based on the homomorphic commitment function, the mask commitment value corresponding to the mask bit share is determined and announced, so that the vote counting party can publicly verify the mask bit shares according to the mask commitment value corresponding to the mask bit share announced by each voting party.

The method of claim 8, wherein the masked commitment value includes an original commitment value and other commitment values;

The determining, based on the homomorphic commitment function, a mask commitment value corresponding to the mask bit share and announcing the same comprises:

Based on the homomorphic commitment function, determining that the commitment value corresponding to the masked bit share is an original commitment value;

Determine the mask bit shares corresponding to the mask statistical results published by other voting parties, and determine other commitment values based on the mask bit shares published by other voting parties and the homomorphic commitment function, and publish the mask bit shares, the original commitment value and the other commitment values.

An electronic voting device, characterized in that the device is applied to a vote counting party, and the device comprises:

A first determination module is used to determine the masked voting results announced by each voting party, and receive the initial label value corresponding to the masked voting results sent by each voting party, wherein the masked voting results are the results after the voting party processes the voting results according to the masked bit shares, and the masked bit shares are generated by the voting party based on the secure multi-party computing preprocessing function;

A vote counting module is used to count the masked voting results and the initial label values based on a pre-constructed vote counting tree, determine the masked statistical results output by the vote counting tree, and determine the first result and the intermediate label value output by each operation node among the multiple operation nodes included in the vote counting tree;

A publishing module, used to generate a label commitment value based on the homomorphic commitment function and each intermediate label value, and publish the label commitment value and each first result, so that each voting party publicly verifies the mask statistical result according to the label commitment value and each first result published by the vote counting party;

A second determination module is used to determine the mask bit shares corresponding to the mask statistical result published by each voting party when the mask statistical result is verified;

The decryption module is used to decrypt the mask statistical results according to the bit shares of each mask, and determine and publish the final voting results.

An electronic voting device, characterized in that the device is applied to a voting party, and the device comprises:

A generation module is used to determine the voting result according to the voting options, and generate the mask bit share according to the topological structure of the counting tree pre-built by the counting party by using a secure multi-party computing pre-processing function;

A sending module, used to process the voting results according to the mask bit share, determine the masked voting results, and publish them, and generate a label value corresponding to the masked voting results, and send the label value to the vote counting party, so that the vote counting party counts the masked voting results based on the vote counting tree according to the masked voting results published by each voting party and the received label value, determines the masked statistical results output by the vote counting tree, and determines the first result and intermediate label value output by each operation node among the multiple operation nodes included in the vote counting tree, and determines the label commitment value based on the homomorphic commitment function and the intermediate label values, and publishes the label commitment value and each first result;

A determination module, used to determine the label commitment value and each first result published by the vote counting party;

A commitment module, used to determine the label value output by each operation unit in the vote counting tree according to the first results, determine the verification commitment value of each label value according to the homomorphic commitment function, and publish the verification commitment value;

A verification module, used for publicly verifying the mask statistical result according to the label commitment value and the verification commitment value;

The mask module is used to determine and announce the mask bit share corresponding to the mask statistical result when the mask statistical result is verified, so that the vote counting party decrypts the mask statistical result according to the mask bit share announced by each voting party, determines and announces the final voting result.

A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program, and when the computer program is executed by a processor, the method described in any one of claims 1 to 9 is implemented.

An electronic device comprises a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor implements the method described in any one of claims 1 to 9 when executing the computer program.