Supporting Official Electronic IDs (eIDs)

Identity is fundamental to secure and reliable voting systems. While Vocdoni Z is designed to be identity-neutral—supporting any form of identification that adheres to the protocol rules—we recognize that native support for widely adopted electronic identities (eIDs) can significantly enhance the distribution and adoption of the protocol.

To this end, we have developed a zkSNARK circuit capable of verifying an official eID, specifically the Spanish DNIe version 3.0. The mechanism is similar for other eIDs, electronic passports, and is likely compatible with the upcoming eIDAS standard in the European Union.

For mass adoption, it's essential to provide a user-friendly interface. Most modern smartphones are equipped with NFC (Near Field Communication) readers, which can read data from eIDs and electronic passports. By leveraging NFC technology, we enable users to interact with their official eIDs using their smartphones.

However, generating a zkSNARK proof on a smartphone (a device with limited computational resources) may not be feasible at present. Until it is achievable on mobile devices, a potential solution is to delegate the proof generation (or part of it) to a trusted server, ensuring that user data remains secure and the integrity of the proof is maintained.

The zkSNARK circuit is designed to perform several critical verifications to ensure the authenticity of the voter's identity and the correctness of their vote, all while preserving privacy:

1. Verification of eID Data Authenticity: Checks the RSA signature of the eID data to confirm its authenticity. Validates that the eID data has not been tampered with and originates from a trusted authority.
2. Certificate Validity Verification: Ensures that the certificate was valid at the time of signing by verifying the Online Certificate Status Protocol (OCSP) response. Confirms that the certificate had not been revoked and was within its validity period when the signature was made.
3. Ballot Encryption Verification: Verifies that the homomorphically encrypted ballot is correctly computed according to the Paillier encryption scheme. Ensures that the voter's encrypted vote adheres to the specified rules of the voting process.

Detailed Verifications within the Circuit

Ballot Encryption Verification: Ensure that the ballot ciphertext corresponds to the plaintext vote encrypted using the Paillier encryption formula.

• Verify that the ciphertext was correctly computed from the plaintext and the encryption parameters.
• Check compliance with the ballot protocol rules specified in the voting process parameters.

Message Signature Verification: Confirm that the message containing the voter's data was signed by the owner of the eID.

• Verify that the pkcs1_signature is a valid RSA PKCS#1 signature of the hash of the message.
• Use the public key extracted from the x509_certificate to verify the signature.
• Ensure that the message has not been altered and was signed by the legitimate holder of the certificate.

X.509 Certificate Verification: Validate the authenticity and validity of the voter's eID certificate.

• Certificate Policy OID Check:
  • Extract and verify the Certificate Policy Object Identifier (OID) from the certificate.
  • Ensure that the certificate has the correct policy identifier for a valid eID certificate.
• Validity Period Check:
  • Confirm that the signature date (signature_date) falls within the certificate's "Not Before" and "Not After" validity period.
  • This ensures that the certificate was valid at the time of signing.

OCSP Response Verification: Ensure that the certificate was not revoked and was valid at the time of signing.

1. Parse the OCSP Response: Extract the serial number, certificate status (good, revoked, or unknown), and the validity period from the OCSP response.
2. Certificate Status Check: Confirm that the OCSP response indicates the certificate status as "good" at the time of signing.
3. Serial Number Match: Verify that the serial number in the OCSP response matches that of the x509_certificate.
4. OCSP Response Validity: Ensure that the OCSP response was valid at the time of verification.
5. OCSP Responder Identity Verification: Check that the OCSP response was signed by a trusted OCSP responder. Verify the OCSP responder's certificate and ensure it is authorized by the Certificate Authority (CA), including checking for the OCSP signing extension.
6. OCSP Response Signature Verification: Use the OCSP responder's public key to verify the signature on the OCSP response.
7. OCSP Responder's Certificate Chain Validation: Validate the certificate chain of the OCSP responder to ensure it is trusted and signed by the same CA that issued the voter's certificate.

Certificate Chain Validation: Confirm that the voter's certificate is authentic and issued by a trusted authority.

• Certificate Signature Verification: Verify that the x509_certificate is signed by one of the trusted Certificate Authorities. Use the public keys of the trusted CAs to validate the signature on the voter's certificate.
• Certificate Chain Integrity: Validate the entire certificate chain up to a trusted root CA. Ensure that each certificate in the chain is properly signed and has not been revoked.

Certificate Policy OID Verification: Ensure that the certificate was issued under the correct policy and intended use.

• Extract the Certificate Policy OID from the x509_certificate under the Certificate Policies extension.
• Compare the extracted OID with the expected OID for a valid eID certificate (which can be hardcoded or provided as a public input to the circuit).
• This verification confirms that the certificate meets the required guidelines for its intended use in the voting process.