Automatic Margin Computation for Risk-Limiting Audits

  • Bernhard Beckert
  • Michael Kirsten
  • Vladimir Klebanov
  • Carsten Schürmann
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10141)


A risk-limiting audit is a statistical method to create confidence in the correctness of an election result by checking samples of paper ballots. In order to perform an audit, one usually needs to know what the election margin is, i.e., the number of votes that would need to be changed in order to change the election outcome.

In this paper, we present a fully automatic method for computing election margins. It is based on the program analysis technique of bounded model checking to analyse the implementation of the election function. The method can be applied to arbitrary election functions without understanding the actual computation of the election result or without even intuitively knowing how the election function works.

We have implemented our method based on the model checker CBMC; and we present a case study demonstrating that it can be applied to real-world elections.


Risk-limiting audit Margin computation Software bounded model checking Static analysis 



This work has been partly supported by COST Action IC1205 on Computational Social Choice. This publication was made possible in part by the DemTech grant 10-092309 from the Danish Council for Strategic Research, Program Commission on Strategic Growth Technologies and in part by NPRP Grant #7-988-1-178 from the Qatar National Research Fund (a member of Qatar Foundation). The statements made herein are solely the responsibility of the authors.


  1. 1.
    Andoni, A., Daniliuc, D., Khurshid, S.: Evaluating the “small scope hypothesis”. Technical report, MIT Laboratory for Computer Science, Cambridge, MA (2003)Google Scholar
  2. 2.
    Bartholdi, J.J., Orlin, J.: Single transferable vote resists strategic voting. Soc. Choice Welf. 8, 341–354 (1991)MathSciNetzbMATHGoogle Scholar
  3. 3.
    Beckert, B., Goré, R., Schürmann, C., Bormer, T., Wang, J.: Verifying voting schemes. J. Inf. Secur. Appl. 19(2), 115–129 (2014)Google Scholar
  4. 4.
    Biere, A., Cimatti, A., Clarke, E., Zhu, Y.: Symbolic model checking without BDDs. In: Cleaveland, W.R. (ed.) TACAS 1999. LNCS, vol. 1579, pp. 193–207. Springer, Heidelberg (1999). doi: 10.1007/3-540-49059-0_14 CrossRefGoogle Scholar
  5. 5.
    Blom, M.L., Stuckey, P.J., Teague, V., Tidhar, R.: Efficient computation of exact IRV margins. Computing Research Repository (CoRR) abs/1508.04885 (2015)Google Scholar
  6. 6.
    Cary, D.: Estimating the margin of victory for instant-runoff voting. In: Conference on Electronic Voting Technology/Workshop on Trustworthy Elections (EVT/WOTE). USENIX Association (2011)Google Scholar
  7. 7.
    Clarke, E., Kroening, D., Lerda, F.: A tool for checking ANSI-C programs. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 168–176. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-24730-2_15 CrossRefGoogle Scholar
  8. 8.
    Statistik, D.: Befolkning og valg (2015). Accessed 23 August 2016
  9. 9.
    Eén, N., Sörensson, N.: An extensible SAT-solver. In: International Conference on Theory and Applications of Satisfiability Testing (SAT), Selected Revised Papers, pp. 502–518 (2003)Google Scholar
  10. 10.
    Elklit, J., Pade, A.B., Nyholm Miller, N.: The parliamentary electoral system in Denmark (2011). Accessed 23 August 2016
  11. 11.
    Gallagher, M.: Proportionality, disproportionality and electoral systems. Elect. Stud. 10(1), 33–51 (1991)CrossRefGoogle Scholar
  12. 12.
    Holzer, A., Schallhart, C., Tautschnig, M., Veith, H.: FShell: systematic test case generation for dynamic analysis and measurement. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 209–213. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-70545-1_20 CrossRefGoogle Scholar
  13. 13.
    Jackson, D.: Software Abstractions: Logic, Language, and Analysis. MIT Press, Cambridge (2006)Google Scholar
  14. 14.
    Lindeman, M., Stark, P.B.: A gentle introduction to risk-limiting audits. IEEE Secur. Priv. 10(5), 42–49 (2012)CrossRefGoogle Scholar
  15. 15.
    Magrino, T.R., Rivest, R.L., Shen, E., Wagner, D.: Computing the margin of victory in IRV elections. In: Conference on Electronic Voting Technology/Workshop on Trustworthy Elections (EVT/WOTE). USENIX Association (2011)Google Scholar
  16. 16.
    Sarwate, A., Checkoway, S., Shacham, H.: Risk-limiting audits and the margin of victory in nonplurality elections. Stat. Polit. Policy 4(1), 29–64 (2013)Google Scholar
  17. 17.
    Smith, A.M., Butler, E., Popovic, Z.: Quantifying over play: constraining undesirable solutions in puzzle design. In: International Conference on the Foundations of Digital Games (FDG), pp. 221–228 (2013)Google Scholar
  18. 18.
    Stark, P.B.: Super-simple simultaneous single-ballot risk-limiting audits. In: Conference on Electronic Voting Technology/Workshop on Trustworthy Elections (EVT/WOTE), pp. 1–16 (2010)Google Scholar
  19. 19.
    Stark, P.B., Teague, V.: Verifiable european elections: risk-limiting audits for D’Hondt and its relatives. USENIX J. Elect. Technol. Syst. (JETS) 1, 18–39 (2014)Google Scholar
  20. 20.
    Vorobyov, K., Krishnan, P.: Combining static analysis and constraint solving for automatic test case generation. In: Fifth IEEE International Conference on Software Testing, Verification and Validation (ICST), pp. 915–920 (2012)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Bernhard Beckert
    • 1
  • Michael Kirsten
    • 1
  • Vladimir Klebanov
    • 1
  • Carsten Schürmann
    • 2
  1. 1.Institute of Theoretical InformaticsKarlsruheGermany
  2. 2.IT University of Copenhagen (ITU)CopenhagenDenmark

Personalised recommendations