Skip to main content
SpringerLink
Log in

The Computer Ate My Vote

  • Chapter
  • First Online:
Formal Methods: State of the Art and New Directions

Abstract

Public confidence in voting technologies has been badly shaken over the past years by, amongst other events, the problems with the 2000 and 2004 US presidential elections and the 2007 French presidential election. Serious vulnerabilities have been exposed and documented in all the existing electronic voting systems. Many of these systems use proprietary, protected code and the voters and election officials are expected to take assurances of the suppliers and certifiers on trust.

In the face of this, many activists argue that all voting systems employing information technology in place of humans to process the votes must be flawed and we should return to pen-and-paper along with hand counting. The critiques of existing voting technologies are undoubtedly well-founded, but to infer from this that all technology must be flawed is an elementary error of logic. In this chapter, I present an alternative response and describe schemes that derive their trustworthiness from maximal transparency and auditability.

Designing voting systems that provide high levels of assurance of accuracy and ballot secrecy with minimal trust assumptions is an immensely challenging one. The requirements of accuracy and auditability are in direct conflict with those of ballot secrecy. A voting system must deliver high assurance of accuracy and privacy in a highly hostile environment: the system may try to cheat the voters, voters may try to circumvent the system, officials may try to manipulate the outcome and coercers may attempt to influence voters. Furthermore, we must recognise that this is not a purely technical problem: a technically perfect solution that is not usable or does not command the confidence of the voters is not a viable solution.

Recently significant progress has been made and a number of schemes developed that provide verifiability of the election. These seek to provide end-to-end verifiability of the outcome, i.e., the accuracy of the outcome is independent of the code or hardware that implements the ballot processing. The assurance is derived from maximal transparency and auditability. Voters are provided with mechanisms to check that their vote is accurately included in the final tally, all the while maintaining ballot secrecy. Thus, the assurance depends ultimately on the voters rather than the probity of election officials, suppliers of voting systems, etc.

In this chapter, I describe the requirements for voting systems, the required cryptographic building blocks and a variety of threats they have to deal with. I then describe the Prêt à Voter scheme, a particularly voter-friendly example of a voter-verifiable, high assurance scheme. I also describe a number of enhancements to the basic scheme that are designed to counter those threats to which the basic version of Prêt à Voter is potentially vulnerable.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Cryptographic schemes can support the requirement to reveal links between receipts and votes, but this can only be done with the cooperation of a predefined threshold number of servers. These servers could be controlled by independent authorities and organisations. Thus, the checks and balances preventing abuses of such a capability are far more transparent and accountable than at present.

  2. 2.

    A simple example of such an algorithm is based on Fermat’s Little Theorem: if p is prime, then \(\forall a \in {Z}_{p}^{{_\ast}},{a}^{p-1} = 1 ({\rm mod} p)\). Thus, for a putative prime p, we choose a set of as at random and check whether Fermat’s congruence holds for all of them. If it does, then we have, with high probability, identified a prime p.

  3. 3.

    This reminds me of being puzzled as a kid by talk of “testing the bomb”.

  4. 4.

    The list of encrypted receipts could be published for example in The Times.

  5. 5.

    With a conventional VVPAT system with un-encrypted ballots, using a till roll record introduces the possibility of correlation between the order on the roll and the order voters entered the booth, undermining ballot privacy.

References

  1. Anonymity Bibliography. http://freehaven.net/anonbib/.

  2. B. Adida. Advances in cryptographic voting systems, PhD thesis, MIT, July 2006.

    Google Scholar 

  3. B. Adida and R. L. Rivest. Scratch and vote: Self-contained paper-based cryptographic voting. In Workshop on Privacy in the Electronic Society, Alexandria, Virginia, 2006.

    Google Scholar 

  4. L. Adleman R. Rivest, and A. Shamir. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120–126, 1978.

    Article  MathSciNet  MATH  Google Scholar 

  5. O. Baudron, P.-A. Fouque, D. Pontecheval, G. Poupard, and J. Stern. Practical multi-candidate election system. In Symposium on Principles of Distributed Computing, pp. 274–283. ACM, 2001.

    Google Scholar 

  6. J. Beneloh and D. Tuinstra. Receipt-free secret-ballot elections. In Symposium on Theory of Computing, pp. 544–553. ACM, 1994.

    Google Scholar 

  7. D. Chaum. Untraceable mail, return addresses and digital pseudonyms. Communications of the ACM, 24(2):84–88, 1981.

    Article  Google Scholar 

  8. D. Chaum. Secret-ballot receipts: True voter-verifiable elections. IEEE Security and Privacy, 2(1):38–47, 2004.

    Article  Google Scholar 

  9. D. Chaum and T. P. Pedersen. Wallet databases with observers. In CRYPTO ’92: Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology, pp. 89–105. Springer, 1993.

    Google Scholar 

  10. D. Chaum, P. Y. A. Ryan, and S. Schneider. A practical, voter-verifiable election scheme. In European Symposium on Research in Computer Security, Lecture Notes in Computer Science, vol. 3679. Springer, 2005.

    Google Scholar 

  11. M. Clarkson and A. Myers. Coercion-resistant remote voting using decryption mixes. In Workshop on Frontiers of Electronic Elections, Milan, 2005.

    Google Scholar 

  12. I. Damgard, M. Jurik, and J. Nielsen. A generalization of Paillier’s public-key system with applications to electronic voting, 2003. Available from www.daimi.au.dk/~ivan/GenPaillier_finaljour.ps.

  13. G. Danezis. Better anonymous communications, PhD thesis, University of Cambridge, July 2004. http://www.cl.cam.ac.uk/~gd216/thesis.pdf.

  14. W. Diffie and M. E. Hellman. New directions in cryptography. In Transactions on Information Theory, vol. IT-22, November 1976, pp. 644–654. IEEE, 1976.

    Google Scholar 

  15. Y. ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. In Transaction on Information Theory, vol. 31, pp. 469–472. IEEE, 1985.

    Google Scholar 

  16. A. J. Feldman et al. Security analysis of the Diebold Accuvote-TS voting machine. Princeton, September 2006. itpolicy.princeton.edu/voting/ts-paper.pdf.

    Google Scholar 

  17. A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identification and signature problems. In Advances in Cryptology – Crypto ’86, pp. 186–194, New York. Springer, 1987.

    Google Scholar 

  18. K. Fisher et al. Punchscan, introduction and definition. http://www.cisa.umbc.edu/papers/FisherWote2006.pdf.

  19. M. Gogolewski et al. Kleptographic attacks on e-election schemes. In International Conference on Emerging Trends in Information and Communication Security, 2006. http://www.nesc.ac.uk/talks/639/Day2/workshop-slides2.pdf.

  20. R. S. Brumbaugh, Ancient Greek Gadgets and Devices. Crowell, New York, 1966. ISBN 0837174279.

    Google Scholar 

  21. Andrew Gumbel. Steal This Vote!. Nation Books, New York, 2005.

    Google Scholar 

  22. J. Heather. Implementing STV securely in prêt à voter. In Proceedings of Computer Security Foundations, pp. 157–169, 2007.

    Google Scholar 

  23. M. Jakobsson, A. Juels, and R. Rivest. Making mix nets robust for electronic voting by randomized partial checking. In USENIX Security Symposium, pp. 339–353, 2002.

    Google Scholar 

  24. D. W. Jones. A brief illustrated history of voting, 2003. http://www.cs.uiowa. edo/ jones/voting/pictures .

  25. D. W. Jones. Threats to voting systems, 2005. http://vote.nist.gov/threats/papers/threats_to_voting_systems.pdf.

  26. A. Juels, D. Catalano, and M. Jakobsson. Coercion-resistant Electronic Elections. In Proceedings of the 2005 ACM workshop on Privacy in the electronic society, pp. 61–70. November 2005.

    Google Scholar 

  27. C. Karlof, N. Sastry, and D. Wagner. Cryptographic voting protocols: A systems perspective. In USENIX Security Symposium, Lecture Notes in Computer Science, vol. 3444, pp. 186–200. Springer, 2005.

    Google Scholar 

  28. T. Kohno, A. Stubblefield, A. D. Rubin, and D. S. Wallach. Analysis of an electronic voting system. In Symposium on Security and Privacy. IEEE, 2004.

    Google Scholar 

  29. A. Neff. A verifiable secret shuffle and its application to e-voting. In Conference on Computer and Communications Security, pp. 116–125. ACM, 2001.

    Google Scholar 

  30. P. Paillier. Public-key cryptosystems based on composite degree residuosity classes. Proceedings of the Eurocrypt ‘99, Lecture Notes in Computer Science, vol. 1592, pp. 223–238. IACR, Springer, 1999.

    Google Scholar 

  31. B. Randell and P. Y. A. Ryan. Voting technologies and trust. IEEE Security and Privacy, 4(5):50–56, 2006.

    Article  Google Scholar 

  32. R. L. Rivest. The three ballot voting system, 2006. theory.lcs.mit.edu/rivest/ Rivest-TheThreeBallotVotingSystem.pdf.

    Google Scholar 

  33. P. Y. A. Ryan. Towards a dependability case for the Chaum voting scheme. DIMACS Workshop on Electronic Voting – Theory and Practice, 2004.

    Google Scholar 

  34. P. Y. A. Ryan. A variant of the chaum voting scheme. Technical Report CS-TR-864, University of Newcastle upon Tyne, 2004.

    Google Scholar 

  35. P. Y. A. Ryan. A variant of the Chaum voting scheme. In Proceedings of the Workshop on Issues in the Theory of Security, pp. 81–88. ACM, 2005.

    Google Scholar 

  36. P. Y. A. Ryan. Putting the human back in voting protocols. In Fourteenth International Workshop on Security Protocols, Lecture Notes in Computer Science. Springer, 2006.

    Google Scholar 

  37. P. Y. A. Ryan. The computer ate my vote. Technical Report Newcastle University CS-TR-988, University of Newcastle upon Tyne, 2007.

    Google Scholar 

  38. P. Y. A. Ryan and T. Peacock. Prêt à voter: a systems perspective. Technical Report CS-TR-929, University of Newcastle upon Tyne, 2005.

    Google Scholar 

  39. P. Y. A. Ryan and S. Schneider. Prêt à voter with re-encryption mixes. In European Symposium on Research in Computer Security, Lecture Notes in Computer Science, vol. 4189. Springer, 2006.

    Google Scholar 

  40. A. Shamir. How to share a secret. Communications of the ACM, 22:612–613, 1979.

    Article  MathSciNet  MATH  Google Scholar 

  41. D. R. Stinson. Cryptography, Theory and Practice. Chapman and Hall, CRC, Boca Raton, 2006.

    MATH  Google Scholar 

  42. A. Young and M. Yung. The dark side of black-box cryptography, or: Should we trust capstone? In Crypto’96, Lecture Notes in Computer Science, pp. 89–103. Springer, 1996.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Luxembourg, Luxembourg, Luxembourg

    Peter Y.A. Ryan

Authors
  1. Peter Y.A. Ryan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Peter Y.A. Ryan .

Editor information

Editors and Affiliations

  1. Hornbill Systems Ltd., Ares, Odyssey Business Park, West End Road, Ruislip, HA4 6QD, United Kingdom

    Paul Boca

  2. Museophile Ltd., Sonning Eye, Reading, Oxon., RG4 6TN, United Kingdom

    Jonathan P. Bowen

  3. Informatics Research Group, Sheffield Hallam University, City Campus, Sheffield, S1 1WB, United Kingdom

    Jawed Siddiqi

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag London Limited

About this chapter

Cite this chapter

Ryan, P. (2010). The Computer Ate My Vote. In: Boca, P., Bowen, J., Siddiqi, J. (eds) Formal Methods: State of the Art and New Directions. Springer, London. https://doi.org/10.1007/978-1-84882-736-3_5

Download citation

  • DOI: https://doi.org/10.1007/978-1-84882-736-3_5

  • Published:

  • Publisher Name: Springer, London

  • Print ISBN: 978-1-84882-735-6

  • Online ISBN: 978-1-84882-736-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation