Advertisement

Verified Certificate Checking for Counting Votes

  • Milad K. GhaleEmail author
  • Dirk Pattinson
  • Ramana Kumar
  • Michael Norrish
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11294)

Abstract

We introduce a new framework for verifying electronic vote counting results that are based on the Single Transferable Vote scheme (STV). Our approach frames electronic vote counting as certified computation where each execution of the counting algorithm is accompanied by a certificate that witnesses the correctness of the output. These certificates are then checked for correctness independently of how they are produced. We advocate verification of the verifier rather than the software used to produce the result. We use the theorem prover HOL4 to formalise the STV vote counting scheme, and obtain a fully verified certificate checker. By connecting HOL4 to the verified CakeML compiler, we then extract an executable that is guaranteed to behave correctly with respect to the formal specification of the protocol down to machine level. We demonstrate that our verifier can check certificates of real-size elections efficiently. Our encoding is modular, so repeating the same process for another different STV scheme would require a minimal amount of additional work.

References

  1. 1.
    Alkassar, E., Böhme, S., Mehlhorn, K., Rizkallah, C.: A framework for the verification of certifying computations. J. Autom. Reason. 52(3), 241–273 (2014)MathSciNetCrossRefGoogle Scholar
  2. 2.
    Blum, M., Kannan, S.: Designing programs that check their work. In: Proceedings of the 21st Annual ACM Symposium on Theory of Computing, 14–17 May 1989, Seattle, Washington, USA, pp. 86–97 (1989)Google Scholar
  3. 3.
    Brooks, L., Griffits, A.: NSW council elections: computer ‘guesstimate’ might have ignored your vote. ABC News, September 2017. http://www.abc.net.au/news/2017-09-14/computer-algorithms-may-sway-local-council-elections/8944186
  4. 4.
    Chaum, D.: Untraceable electronic mail return addresses and digital pseudonyms. In: Gritzalis, D.A. (ed.) Secure Electronic Voting, pp. 211–219. Springer, Boston (2003).  https://doi.org/10.1007/978-1-4615-0239-5_14CrossRefGoogle Scholar
  5. 5.
    Conway, A., Blom, M., Naish, L., Teague, V.: An analysis of New South Wales electronic vote counting. In: Proceedings of the ACSW 2017, pp. 24:1–24:5 (2017)Google Scholar
  6. 6.
    Cortier, V., Eigner, F., Kremer, S., Maffei, M., Wiedling, C.: Type-based verification of electronic voting protocols. In: Focardi, R., Myers, A. (eds.) POST 2015. LNCS, vol. 9036, pp. 303–323. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46666-7_16CrossRefGoogle Scholar
  7. 7.
    Cortier, V., Galindo, D., Glondu, S., Izabachène, M.: Election verifiability for Helios under weaker trust assumptions. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8713, pp. 327–344. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-11212-1_19CrossRefGoogle Scholar
  8. 8.
    Cortier, V., Galindo, D., Küsters, R., Müller, J., Truderung, T.: Verifiability notions for e-voting protocols. IACR Cryptology ePrint Archive 2016, 287 (2016)Google Scholar
  9. 9.
    Dahlweid, M., Moskal, M., Santen, T., Tobies, S., Schulte, W.: VCC: contract-based modular verification of concurrent C. In: 31st International Conference on Software Engineering, ICSE 2009, Vancouver, Canada, 16–24 May 2009, Companion Volume, pp. 429–430 (2009)Google Scholar
  10. 10.
    Droop, H.R.: On methods of electing representatives. J. Stat. Soc. Lond. 44(2), 141–202 (1881). http://www.jstor.org/stable/2339223CrossRefGoogle Scholar
  11. 11.
    Ghale, M.K., Goré, R., Pattinson, D.: A formally verified single transferable voting scheme with fractional values. In: Krimmer, R., Volkamer, M., Braun Binder, N., Kersting, N., Pereira, O., Schürmann, C. (eds.) E-Vote-ID 2017. LNCS, vol. 10615, pp. 163–182. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-68687-5_10CrossRefGoogle Scholar
  12. 12.
    Greenaway, D., Andronick, J., Klein, G.: Bridging the gap: automatic verified abstraction of C. In: Beringer, L., Felty, A. (eds.) ITP 2012. LNCS, vol. 7406, pp. 99–115. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-32347-8_8CrossRefGoogle Scholar
  13. 13.
    Guéneau, A., Myreen, M.O., Kumar, R., Norrish, M.: Verified characteristic formulae for CakeML. In: Yang, H. (ed.) ESOP 2017. LNCS, vol. 10201, pp. 584–610. Springer, Heidelberg (2017).  https://doi.org/10.1007/978-3-662-54434-1_22CrossRefGoogle Scholar
  14. 14.
    Kremer, S., Ryan, M., Smyth, B.: Election verifiability in electronic voting protocols. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 389–404. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-15497-3_24CrossRefGoogle Scholar
  15. 15.
    Küsters, R., Truderung, T., Vogt, A.: Accountability: definition and relationship to verifiability. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, Chicago, Illinois, USA, 4–8 October 2010, pp. 526–535 (2010)Google Scholar
  16. 16.
    Küsters, R., Truderung, T., Vogt, A.: Verifiability, privacy, and coercion-resistance: new insights from a case study. In: 32nd IEEE Symposium on Security and Privacy, S&P 2011, 22–25 May 2011, Berkeley, California, USA, pp. 538–553 (2011)Google Scholar
  17. 17.
    McConnell, R.M., Mehlhorn, K., Näher, S., Schweitzer, P.: Certifying algorithms. Comput. Sci. Rev. 5(2), 119–161 (2011)CrossRefGoogle Scholar
  18. 18.
    Myreen, M.O., Owens, S.: Proof-producing translation of higher-order logic into pure and stateful ML. J. Funct. Program. 24(2–3), 284–315 (2014)MathSciNetCrossRefGoogle Scholar
  19. 19.
    Noschinski, L., Rizkallah, C., Mehlhorn, K.: Verification of certifying computations through autocorres and simpl. In: Badger, J.M., Rozier, K.Y. (eds.) NFM 2014. LNCS, vol. 8430, pp. 46–61. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-06200-6_4CrossRefGoogle Scholar
  20. 20.
    Pattinson, D., Schürmann, C.: Vote counting as mathematical proof. In: Pfahringer, B., Renz, J. (eds.) AI 2015. LNCS (LNAI), vol. 9457, pp. 464–475. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-26350-2_41CrossRefGoogle Scholar
  21. 21.
    Pattinson, D., Tiwari, M.: Schulze voting as evidence carrying computation. In: Ayala-Rincón, M., Muñoz, C.A. (eds.) ITP 2017. LNCS, vol. 10499, pp. 410–426. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-66107-0_26CrossRefGoogle Scholar
  22. 22.
    Tan, Y.K., Myreen, M.O., Kumar, R., Fox, A.C.J., Owens, S., Norrish, M.: A new verified compiler backend for CakeML. In: Garrigue, J., Keller, G., Sumii, E. (eds.) Proceedings of the 21st ACM SIGPLAN International Conference on Functional Programming, ICFP 2016, Nara, Japan, 18–22 September 2016, pp. 60–73. ACM (2016). http://doi.acm.org/10.1145/2951913.2951924
  23. 23.
    Verity, F., Pattinson, D.: Formally verified invariants of vote counting schemes. In: Proceedings of the Australasian Computer Science Week Multiconference, ACSW 2017, Geelong, Australia, 31 January–3 February 2017, pp. 31:1–31:10 (2017). http://doi.acm.org/10.1145/3014812.3014845

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Milad K. Ghale
    • 1
    Email author
  • Dirk Pattinson
    • 1
  • Ramana Kumar
    • 2
  • Michael Norrish
    • 3
  1. 1.Australian National UniversityCanberraAustralia
  2. 2.Data61, CSIRO and UNSWKensingtonAustralia
  3. 3.Data61, CSIRO, and ANUCanberraAustralia

Personalised recommendations