Strategies for Voter-Initiated Election Audits
Many verifiable electronic voting systems are dependent on voter-initiated auditing. This auditing allows the voter to check the construction of their cryptographic ballot, and is essential in both gaining assurance in the honesty of the constructing device, and ensuring the integrity of the election as a whole. A popular audit approach is the Benaloh Challenge , which involves first constructing the complete ballot, before asking the voter whether they wish to cast or audit it.
In this paper we model the Benaloh Challenge as an inspection game, and evaluate various voter strategies for deciding whether to cast or audit their ballot. We shall show that the natural strategies for voter-initiated auditing do not form Nash equilibria, assuming a payoff matrix that describes remote voting. This prevents authorities from providing voters with a sensible auditing strategy. We will also show that when the constructing device has prior knowledge of how a voter might vote, it critically undermines the effectiveness of the auditing. This is particularly relevant to internet voting systems, some of which also rely on Benaloh Challenges for their auditing step.
A parallel version, in which the voter constructs multiple ballots and then chooses which one to vote with, can form Nash equilibria. It still relies on some uncertainty about which one the voter will choose.
KeywordsNash Equilibrium Remote Setting Audit Strategy Electronic Vote System Voter Intent
Thanks to Wojtek Jamroga, Ron Rivest, and Josh Benaloh for interesting conversations about this work.
- 1.Adida, B.: Helios: web-based open-audit voting. USENIX Secur. Symp. 17, 335–348 (2008)Google Scholar
- 2.Adida, B., Rivest, R.L.: Scratch & vote: self-contained paper-based cryptographic voting. In: Proceedings of the 5th ACM Workshop on Privacy in Electronic Society, pp. 29–40. ACM (2006)Google Scholar
- 3.Bell, S., Benaloh, J., Byrne, M.D., Debeauvoir, D., Eakin, B., Kortum, P., McBurnett, N., Pereira, O., Stark, P.B., Wallach, D.S., Fisher, G., Montoya, J., Parker, M., Winn, M.: Star-vote: a secure, transparent, auditable, and reliable voting system. In: 2013 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections (EVT/WOTE 2013). USENIX Association, Washington, D.C. https://www.usenix.org/conference/evtwote13/workshop-program/presentation/bell
- 4.Ben-Nun, J., Fahri, N., Llewellyn, M., Riva, B., Rosen, A., Ta-Shma, A., Wikström, D.: A new implementation of a dual (paper and cryptographic) voting system. In: Electronic Voting, pp. 315–329 (2012)Google Scholar
- 5.Benaloh, J.: Simple verifiable elections. EVT 6, 5 (2006)Google Scholar
- 6.Benaloh, J.: Ballot casting assurance via voter-initiated poll station auditing. EVT 7, 14 (2007)Google Scholar
- 7.Chaum, D.: Surevote: technical overview. In: Proceedings of the workshop on trustworthy elections (WOTE 2001) (2001)Google Scholar
- 8.Chaum, D., Carback, R., Clark, J., Essex, A., Popoveniuc, S., Rivest, R.L., Ryan, P.Y., Shen, E., Sherman, A.T.: Scantegrity II: end-to-end verifiability for optical scan election systems using invisible ink confirmation codes. EVT 8, 1–13 (2008)Google Scholar
- 10.Karayumak, F., Olembo, M.M., Kauer, M., Volkamer, M.: Usability analysis of helios-an open source verifiable remote electronic voting system. In: EVT/WOTE 2011 (2011)Google Scholar
- 11.Kiayias, A., Zacharias, T., Zhang, B.: Ceremonies for end-to-end verifiable elections (2015)Google Scholar
- 15.Sandler, D., Derr, K., Wallach, D.S.: Votebox: a tamper-evident, verifiable electronic voting system. In: USENIX Security Symposium, vol. 4, p. 87 (2008)Google Scholar