Abstract
Public confidence in voting technologies has been badly shaken over the past years by, amongst other events, the problems with the 2000 and 2004 US presidential elections and the 2007 French presidential election. Serious vulnerabilities have been exposed and documented in all the existing electronic voting systems. Many of these systems use proprietary, protected code and the voters and election officials are expected to take assurances of the suppliers and certifiers on trust.
In the face of this, many activists argue that all voting systems employing information technology in place of humans to process the votes must be flawed and we should return to pen-and-paper along with hand counting. The critiques of existing voting technologies are undoubtedly well-founded, but to infer from this that all technology must be flawed is an elementary error of logic. In this chapter, I present an alternative response and describe schemes that derive their trustworthiness from maximal transparency and auditability.
Designing voting systems that provide high levels of assurance of accuracy and ballot secrecy with minimal trust assumptions is an immensely challenging one. The requirements of accuracy and auditability are in direct conflict with those of ballot secrecy. A voting system must deliver high assurance of accuracy and privacy in a highly hostile environment: the system may try to cheat the voters, voters may try to circumvent the system, officials may try to manipulate the outcome and coercers may attempt to influence voters. Furthermore, we must recognise that this is not a purely technical problem: a technically perfect solution that is not usable or does not command the confidence of the voters is not a viable solution.
Recently significant progress has been made and a number of schemes developed that provide verifiability of the election. These seek to provide end-to-end verifiability of the outcome, i.e., the accuracy of the outcome is independent of the code or hardware that implements the ballot processing. The assurance is derived from maximal transparency and auditability. Voters are provided with mechanisms to check that their vote is accurately included in the final tally, all the while maintaining ballot secrecy. Thus, the assurance depends ultimately on the voters rather than the probity of election officials, suppliers of voting systems, etc.
In this chapter, I describe the requirements for voting systems, the required cryptographic building blocks and a variety of threats they have to deal with. I then describe the Prêt à Voter scheme, a particularly voter-friendly example of a voter-verifiable, high assurance scheme. I also describe a number of enhancements to the basic scheme that are designed to counter those threats to which the basic version of Prêt à Voter is potentially vulnerable.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Cryptographic schemes can support the requirement to reveal links between receipts and votes, but this can only be done with the cooperation of a predefined threshold number of servers. These servers could be controlled by independent authorities and organisations. Thus, the checks and balances preventing abuses of such a capability are far more transparent and accountable than at present.
- 2.
A simple example of such an algorithm is based on Fermat’s Little Theorem: if p is prime, then \(\forall a \in {Z}_{p}^{{_\ast}},{a}^{p-1} = 1 ({\rm mod} p)\). Thus, for a putative prime p, we choose a set of as at random and check whether Fermat’s congruence holds for all of them. If it does, then we have, with high probability, identified a prime p.
- 3.
This reminds me of being puzzled as a kid by talk of “testing the bomb”.
- 4.
The list of encrypted receipts could be published for example in The Times.
- 5.
With a conventional VVPAT system with un-encrypted ballots, using a till roll record introduces the possibility of correlation between the order on the roll and the order voters entered the booth, undermining ballot privacy.
References
Anonymity Bibliography. http://freehaven.net/anonbib/.
B. Adida. Advances in cryptographic voting systems, PhD thesis, MIT, July 2006.
B. Adida and R. L. Rivest. Scratch and vote: Self-contained paper-based cryptographic voting. In Workshop on Privacy in the Electronic Society, Alexandria, Virginia, 2006.
L. Adleman R. Rivest, and A. Shamir. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120–126, 1978.
O. Baudron, P.-A. Fouque, D. Pontecheval, G. Poupard, and J. Stern. Practical multi-candidate election system. In Symposium on Principles of Distributed Computing, pp. 274–283. ACM, 2001.
J. Beneloh and D. Tuinstra. Receipt-free secret-ballot elections. In Symposium on Theory of Computing, pp. 544–553. ACM, 1994.
D. Chaum. Untraceable mail, return addresses and digital pseudonyms. Communications of the ACM, 24(2):84–88, 1981.
D. Chaum. Secret-ballot receipts: True voter-verifiable elections. IEEE Security and Privacy, 2(1):38–47, 2004.
D. Chaum and T. P. Pedersen. Wallet databases with observers. In CRYPTO ’92: Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology, pp. 89–105. Springer, 1993.
D. Chaum, P. Y. A. Ryan, and S. Schneider. A practical, voter-verifiable election scheme. In European Symposium on Research in Computer Security, Lecture Notes in Computer Science, vol. 3679. Springer, 2005.
M. Clarkson and A. Myers. Coercion-resistant remote voting using decryption mixes. In Workshop on Frontiers of Electronic Elections, Milan, 2005.
I. Damgard, M. Jurik, and J. Nielsen. A generalization of Paillier’s public-key system with applications to electronic voting, 2003. Available from www.daimi.au.dk/~ivan/GenPaillier_finaljour.ps.
G. Danezis. Better anonymous communications, PhD thesis, University of Cambridge, July 2004. http://www.cl.cam.ac.uk/~gd216/thesis.pdf.
W. Diffie and M. E. Hellman. New directions in cryptography. In Transactions on Information Theory, vol. IT-22, November 1976, pp. 644–654. IEEE, 1976.
Y. ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. In Transaction on Information Theory, vol. 31, pp. 469–472. IEEE, 1985.
A. J. Feldman et al. Security analysis of the Diebold Accuvote-TS voting machine. Princeton, September 2006. itpolicy.princeton.edu/voting/ts-paper.pdf.
A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identification and signature problems. In Advances in Cryptology – Crypto ’86, pp. 186–194, New York. Springer, 1987.
K. Fisher et al. Punchscan, introduction and definition. http://www.cisa.umbc.edu/papers/FisherWote2006.pdf.
M. Gogolewski et al. Kleptographic attacks on e-election schemes. In International Conference on Emerging Trends in Information and Communication Security, 2006. http://www.nesc.ac.uk/talks/639/Day2/workshop-slides2.pdf.
R. S. Brumbaugh, Ancient Greek Gadgets and Devices. Crowell, New York, 1966. ISBN 0837174279.
Andrew Gumbel. Steal This Vote!. Nation Books, New York, 2005.
J. Heather. Implementing STV securely in prêt à voter. In Proceedings of Computer Security Foundations, pp. 157–169, 2007.
M. Jakobsson, A. Juels, and R. Rivest. Making mix nets robust for electronic voting by randomized partial checking. In USENIX Security Symposium, pp. 339–353, 2002.
D. W. Jones. A brief illustrated history of voting, 2003. http://www.cs.uiowa. edo/ jones/voting/pictures .
D. W. Jones. Threats to voting systems, 2005. http://vote.nist.gov/threats/papers/threats_to_voting_systems.pdf.
A. Juels, D. Catalano, and M. Jakobsson. Coercion-resistant Electronic Elections. In Proceedings of the 2005 ACM workshop on Privacy in the electronic society, pp. 61–70. November 2005.
C. Karlof, N. Sastry, and D. Wagner. Cryptographic voting protocols: A systems perspective. In USENIX Security Symposium, Lecture Notes in Computer Science, vol. 3444, pp. 186–200. Springer, 2005.
T. Kohno, A. Stubblefield, A. D. Rubin, and D. S. Wallach. Analysis of an electronic voting system. In Symposium on Security and Privacy. IEEE, 2004.
A. Neff. A verifiable secret shuffle and its application to e-voting. In Conference on Computer and Communications Security, pp. 116–125. ACM, 2001.
P. Paillier. Public-key cryptosystems based on composite degree residuosity classes. Proceedings of the Eurocrypt ‘99, Lecture Notes in Computer Science, vol. 1592, pp. 223–238. IACR, Springer, 1999.
B. Randell and P. Y. A. Ryan. Voting technologies and trust. IEEE Security and Privacy, 4(5):50–56, 2006.
R. L. Rivest. The three ballot voting system, 2006. theory.lcs.mit.edu/rivest/ Rivest-TheThreeBallotVotingSystem.pdf.
P. Y. A. Ryan. Towards a dependability case for the Chaum voting scheme. DIMACS Workshop on Electronic Voting – Theory and Practice, 2004.
P. Y. A. Ryan. A variant of the chaum voting scheme. Technical Report CS-TR-864, University of Newcastle upon Tyne, 2004.
P. Y. A. Ryan. A variant of the Chaum voting scheme. In Proceedings of the Workshop on Issues in the Theory of Security, pp. 81–88. ACM, 2005.
P. Y. A. Ryan. Putting the human back in voting protocols. In Fourteenth International Workshop on Security Protocols, Lecture Notes in Computer Science. Springer, 2006.
P. Y. A. Ryan. The computer ate my vote. Technical Report Newcastle University CS-TR-988, University of Newcastle upon Tyne, 2007.
P. Y. A. Ryan and T. Peacock. Prêt à voter: a systems perspective. Technical Report CS-TR-929, University of Newcastle upon Tyne, 2005.
P. Y. A. Ryan and S. Schneider. Prêt à voter with re-encryption mixes. In European Symposium on Research in Computer Security, Lecture Notes in Computer Science, vol. 4189. Springer, 2006.
A. Shamir. How to share a secret. Communications of the ACM, 22:612–613, 1979.
D. R. Stinson. Cryptography, Theory and Practice. Chapman and Hall, CRC, Boca Raton, 2006.
A. Young and M. Yung. The dark side of black-box cryptography, or: Should we trust capstone? In Crypto’96, Lecture Notes in Computer Science, pp. 89–103. Springer, 1996.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag London Limited
About this chapter
Cite this chapter
Ryan, P. (2010). The Computer Ate My Vote. In: Boca, P., Bowen, J., Siddiqi, J. (eds) Formal Methods: State of the Art and New Directions. Springer, London. https://doi.org/10.1007/978-1-84882-736-3_5
Download citation
DOI: https://doi.org/10.1007/978-1-84882-736-3_5
Published:
Publisher Name: Springer, London
Print ISBN: 978-1-84882-735-6
Online ISBN: 978-1-84882-736-3
eBook Packages: Computer ScienceComputer Science (R0)