Single Layer Optical-Scan Voting with Fully Distributed Trust
- 2 Citations
- 856 Downloads
Abstract
We present a new approach for cryptographic end-to-end verifiable optical-scan voting. Ours is the first that does not rely on a single point of trust to protect ballot secrecy while simultaneously offering a conventional single layer ballot form and unencrypted paper trail. We present two systems following this approach. The first system uses ballots with randomized confirmation codes and a physical in-person dispute resolution procedure. The second system improves upon the first by offering an informational dispute resolution procedure and a public paper audit trail through the use of self-blanking invisible ink confirmation codes. We then present a security analysis of the improved system.
Keywords
Dispute Resolution Correctness Proof Poll Worker Visual Cryptography Election CommissionPreview
Unable to display preview. Download preview PDF.
References
- 1.Adida, B., Rivest, R.L.: Scratch & vote: self-contained paper-based cryptographic voting. In: ACM WPES, pp. 29–40 (2006)Google Scholar
- 2.Benaloh, J.: Administrative and public verifiability: Can we have both? In: EVT (2008)Google Scholar
- 3.Benaloh, J.: Ballot casting assurance via voter-initiated poll station auditing. In: EVT (2007)Google Scholar
- 4.Benaloh (né Cohen), J.D., Fisher, M.J.: A robust and verifiable cryptographically secure election scheme. In: SFCS (1985)Google Scholar
- 5.Carback, R.T., Chaum, D., Clark, J., Conway, J., Essex, A., Hernson, P.S., Mayberry, T., Popoveniuc, S., Rivest, R.L., Shen, E., Sherman, A.T., Vora, P.L.: Scantegrity II election at takoma park. In: USENIX Security Symposium (2010)Google Scholar
- 6.Chaum, D.: Secret-ballot receipts: True voter-verifiable elections. IEEE Security and Privacy 2(1), 38–47 (2004)CrossRefGoogle Scholar
- 7.Chaum, D., Carback, R., Clark, J., Essex, A., Popoveniuc, S., Rivest, R.L., Ryan, P.Y.A., Shen, E., Sherman, A.T.: Scantegrity II: end-to-end verifiability for optical scan election systems using invisible ink confirmation codes. In: EVT (2008)Google Scholar
- 8.Chaum, D., Carback, R., Clark, J., Essex, A., Popoveniuc, S., Rivest, R.L., Ryan, P.Y.A., Shen, E., Sherman, A.T., Vora, P.L.: Scantegrity ii: end-to-end verifiability by voters of optical scan elections through confirmation codes. IEEE Transactions on Information Forensics and Security 4(4), 611–627 (2009)CrossRefGoogle Scholar
- 9.Chaum, D., Essex, A., Carback, R., Clark, J., Popoveniuc, S., Sherman, A.T., Vora, P.: Scantegrity: End-to-end voter verifiable optical-scan voting. IEEE Security and Privacy 6(3), 40–46 (2008)CrossRefGoogle Scholar
- 10.Chaum, D., Ryan, P.Y.A., Schneider, S.: A Practical Voter-Verifiable Election Scheme. In: De Capitani di Vimercati, S., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 118–139. Springer, Heidelberg (2005)CrossRefGoogle Scholar
- 11.Clark, J., Hengartner, U.: On the use of financial data as a random beacon. In: EVT/WOTE (2010)Google Scholar
- 12.Clarkson, W., Weyrich, T., Finkelstein, A., Heninger, N., Alex Halderman, J., Felten, E.W.: Fingerprinting blank paper using commodity scanners. In: IEEE Symposium on Security and Privacy (2009)Google Scholar
- 13.Cramer, R., Gennaro, R., Schoenmakers, B.: A Secure and Optimally Efficient Multi-authority Election Scheme. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 103–118. Springer, Heidelberg (1997)Google Scholar
- 14.Essex, A., Clark, J., Carback, R.T., Popoveniuc, S.: Punchscan in practice: an e2e election case study. In: WOTE (2007)Google Scholar
- 15.Essex, A., Clark, J., Hengartner, U., Adams, C.: How to print a secret. In: HotSec (2009)Google Scholar
- 16.Essex, A., Clark, J., Hengartner, U., Adams, C.: Eperio: Mitigating technical complexity in cryptographic election verification. In: EVT/WOTE (2010)Google Scholar
- 17.Fiat, A., Shamir, A.: How to Prove Yourself: Practical Solutions to Identification and Signature Problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)Google Scholar
- 18.Goldwasser, S., Kalai, Y.T., Rothblum, G.N.: One-Time Programs. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 39–56. Springer, Heidelberg (2008)Google Scholar
- 19.Carback III, R.T., Popoveniuc, S., Sherman, A.T., Chaum, D.: Punchscan with independent ballot sheets: Simplifying ballot printing and distribution with independently selected ballot halves. In: WOTE (2007)Google Scholar
- 20.Jarrous, A., Pinkas, B.: Secure Hamming Distance Based Computation and Its Applications. In: Abdalla, M., Pointcheval, D., Fouque, P.-A., Vergnaud, D. (eds.) ACNS 2009. LNCS, vol. 5536, pp. 107–124. Springer, Heidelberg (2009)CrossRefGoogle Scholar
- 21.Kelsey, J., Regenscheid, A., Moran, T., Chaum, D.: Attacking Paper-Based E2E Voting Systems. In: Chaum, D., Jakobsson, M., Rivest, R.L., Ryan, P.Y.A., Benaloh, J., Kutylowski, M., Adida, B. (eds.) Towards Trustworthy Elections. LNCS, vol. 6000, pp. 370–387. Springer, Heidelberg (2010)CrossRefGoogle Scholar
- 22.Kubiak, P.: A modification of punchscan: Trust distribution. In: FEE (2006)Google Scholar
- 23.Küsters, R., Truderung, T., Vogt, A.: Improving and Simplifying a Variant of Prêt à Voter. In: Ryan, P.Y.A., Schoenmakers, B. (eds.) VOTE-ID 2009. LNCS, vol. 5767, pp. 37–53. Springer, Heidelberg (2009)CrossRefGoogle Scholar
- 24.Kutyłowski, M., Zagórski, F.: Scratch, Click & Vote: E2E Voting over the Internet. In: Chaum, D., Jakobsson, M., Rivest, R.L., Ryan, P.Y.A., Benaloh, J., Kutylowski, M., Adida, B. (eds.) Towards Trustworthy Elections. LNCS, vol. 6000, pp. 343–356. Springer, Heidelberg (2010)CrossRefGoogle Scholar
- 25.Lundin, D., Treharne, H., Ryan, P.Y.A., Schneider, S., Heather, J., Xia, Z.: Tear and destroy: Chain voting and destruction problems shared by prèt â voter and punchscan and a solution using visual encryption. In: FEE (2006)Google Scholar
- 26.Lundin, D., Ryan, P.Y.A.: Human Readable Paper Verification of Prêt à Voter. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 379–395. Springer, Heidelberg (2008)CrossRefGoogle Scholar
- 27.Moran, T., Naor, M.: Basing Cryptographic Protocols on Tamper-Evident Seals. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 285–297. Springer, Heidelberg (2005)CrossRefGoogle Scholar
- 28.Moran, T., Naor, M.: Split-ballot voting: Everlasting privacy with distributed trust. In: ACM CCS (2007)Google Scholar
- 29.Naor, M., Shamir, A.: Visual Cryptography. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 1–12. Springer, Heidelberg (1995)CrossRefGoogle Scholar
- 30.Andrew Neff, C.: Practical high certainty intent verification for encrypted votes. Technical report, VoteHere Whitepaper (2004)Google Scholar
- 31.Park, C., Itoh, K., Kurosawa, K.: Efficient Anonymous Channel and All/Nothing Election Scheme. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 248–259. Springer, Heidelberg (1994)Google Scholar
- 32.Paul, N., Evans, D., Rubin, A.D., Wallach, D.S.: Authentication for remote voting. In: HCISS (2003)Google Scholar
- 33.Pedersen, T.P.: A Threshold Cryptosystem without a Trusted Party. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 522–526. Springer, Heidelberg (1991)Google Scholar
- 34.Popoveniuc, S., Carback, R.: Clearvote: An end-to-end voting system that distributes privacy between printers. In: WPES (2010)Google Scholar
- 35.Popoveniuc, S., Hosp, B.: An introduction to punchscan. In: WOTE (2006)Google Scholar
- 36.Rabin, M.: Transaction protection by beacons. Journal of Computer and System Sciences 27(2) (1983)Google Scholar
- 37.Ryan, P.Y.A., Schneider, S.A.: Prêt à Voter with Re-encryption Mixes. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 313–326. Springer, Heidelberg (2006)CrossRefGoogle Scholar
- 38.Ryan, P.A., Teague, V.: Ballot permutations in prèt â voter. In: EVT/WOTE (2009)Google Scholar
- 39.Ryan, P.A., Teague, V.: Pretty good democracy. In: Workshop on Security Protocols (2009)Google Scholar
- 40.Sandler, D.R., Derr, K., Wallach, D.S.: VoteBox: a tamper-evident, verifiable electronic voting system. In: USENIX Security Symposium (2008)Google Scholar
- 41.Sherman, A.T., Carback, R.T., Chaum, D., Clark, J., Essex, A., Hernson, P.S., Mayberry, T., Popoveniuc, S., Rivest, R.L., Shen, E., Sinha, B., Vora, P.L.: Scantegrity mock election at takoma park. In: EVOTE (2010)Google Scholar
- 42.Xia, Z., Schneider, S.A., Heather, J.: Analysis, improvement and simplification of prèt â voter with paillier encryption. In: EVT (2008)Google Scholar