Josh Benaloh. Senior Cryptographer Microsoft Research

Similar documents
An Overview on Cryptographic Voting Systems

Feng Hao and Peter Y A Ryan (Eds.) Real-World Electronic Voting: Design, Analysis and Deployment

An Introduction to Cryptographic Voting Systems

Brittle and Resilient Verifiable Voting Systems

Technology & Elections Policy Brief Series. Security Issues with Online Voting Dr. Dan S. Wallach

Thoughts On Appropriate Technologies for Voting

Auditability and Verifiability of Elec4ons Ronald L. Rivest

Security of Voting Systems

arxiv: v3 [cs.cr] 3 Nov 2018

Cryptographic Voting Protocols: Taking Elections out of the Black Box

AFFIDAVIT OF POORVI L. VORA. 1. My name is Poorvi L. Vora. I am a Professor of Computer Science at The George

STAR-Vote: A Secure, Transparent, Auditable, and Reliable Voting System

General Framework of Electronic Voting and Implementation thereof at National Elections in Estonia

Ad Hoc Voting on Mobile Devices

An Object-Oriented Framework for Digital Voting

An untraceable, universally verifiable voting scheme

Privacy of E-Voting (Internet Voting) Erman Ayday

Secure Voter Registration and Eligibility Checking for Nigerian Elections

Towards Secure Quadratic Voting

SECURITY, ACCURACY, AND RELIABILITY OF TARRANT COUNTY S VOTING SYSTEM

Secure Electronic Voting

A Secure Paper-Based Electronic Voting With No Encryption

Estonian National Electoral Committee. E-Voting System. General Overview

THE PEOPLE S CHOICE. Abstract. system. Team: FireDragon. Team Members: Shoufu Luo*, Jeremy D. Seideman*, Gary Tsai

Ronald L. Rivest MIT CSAIL Warren D. Smith - CRV

Addressing the Challenges of e-voting Through Crypto Design

Colorado s Risk-Limiting Audits (RLA) CO Risk-Limiting Audits -- Feb Neal McBurnett

STAR-Vote: A Secure, Transparent, Auditable, and Reliable Voting System

Risk-Limiting Audits

L9. Electronic Voting

An Application of time stamped proxy blind signature in e-voting

Statement on Security & Auditability

Should We Vote Online? Martyn Thomas CBE FREng Livery Company Professor of Information Technology Gresham College

A Study on Ways to Apply the Blockchain-based Online Voting System 1

Survey of Fully Verifiable Voting Cryptoschemes

A MULTIPLE BALLOTS ELECTION SCHEME USING ANONYMOUS DISTRIBUTION

The problems with a paper based voting

Running head: ROCK THE BLOCKCHAIN 1. Rock the Blockchain: Next Generation Voting. Nikolas Roby, Patrick Gill, Michael Williams

The usage of electronic voting is spreading because of the potential benefits of anonymity,

THE FUTURE OF E-VOTING

COURAGEOUS LEADERSHIP Instilling Voter Confidence in Election Infrastructure

Union Elections. Online Voting. for Credit. Helping increase voter turnout & provide accessible, efficient and secure election processes.

The Economist Case Study: Blockchain-based Digital Voting System. Team UALR. Connor Young, Yanyan Li, and Hector Fernandez

Towards a Standard Architecture for Digital Voting Systems - Defining a Generalized Ballot Schema

E- Voting System [2016]

Challenges and Advances in E-voting Systems Technical and Socio-technical Aspects. Peter Y A Ryan Lorenzo Strigini. Outline

Blockchain a brief overview

Netvote: A Blockchain Voting Protocol

Supporting Debates over Citizen Initiatives

Risk-limiting Audits in Colorado

Designing issues and requirement to develop online e- voting system systems having a voter verifiable audit trail.

PRIVACY in electronic voting

CHAPTER 2 LITERATURE REVIEW

bitqy The official cryptocurrency of bitqyck, Inc. per valorem coeptis Whitepaper v1.0 bitqy The official cryptocurrency of bitqyck, Inc.

How do I know my vote is safe?

Arthur M. Keller, Ph.D. David Mertz, Ph.D.

Electronic Voting: An Electronic Voting Scheme using the Secure Payment card System Voke Augoye. Technical Report RHUL MA May 2013

Usability Analysis of Helios - An Open Source Verifiable Remote Electronic Voting System

Election Cybersecurity

Every Vote Counts: Ensuring Integrity in Large-Scale DRE-based Electronic Voting

Act means the Municipal Elections Act, 1996, S.O. 1996, c.32 as amended. All references to sections in this procedure are references to the Act.

National Intelligence, 2017 at iii; Securing Elections from Foreign Interference, Brennan Center for Justice, June 29, 2017 at 4.

Design and Prototype of a Coercion-Resistant, Voter Verifiable Electronic Voting System

a. With existing technology, is it possible to enable and ensure safe and secure voting online today?

Int. J. of Security and Networks, Vol. x, No. x, 201X 1, Vol. x, No. x, 201X 1

The Effectiveness of Receipt-Based Attacks on ThreeBallot

Secure Electronic Voting: New trends, new threats, new options. Dimitris Gritzalis

Protocol to Check Correctness of Colorado s Risk-Limiting Tabulation Audit

Swiss E-Voting Workshop 2010

PRIVACY PRESERVING IN ELECTRONIC VOTING

Apollo End-to-end Verifiable Internet Voting with Recovery from Vote Manipulation

DESIGN AND ANALYSIS OF SECURED ELECTRONIC VOTING PROTOCOL

Distributed Protocols at the Rescue for Trustworthy Online Voting

Direct Democracy Is it possible? Do we want?

Towards a Practical, Secure, and Very Large Scale Online Election

Electronic Voting Service Using Block-Chain

I-A. Voting Systems As Part of Cyber Security Critical Infrastructure.

Large scale elections by coordinating electoral colleges

The E-voting Controversy: What are the Risks?

CRYPTOGRAPHIC PROTOCOLS FOR TRANSPARENCY AND AUDITABILITY IN REMOTE ELECTRONIC VOTING SCHEMES

Author(s) Takabatake, Yu; Kotani, Daisuke; Ok.

Michigan Election Reform Alliance P.O. Box Ypsilanti, MI

E-Voting as a Teaching Tool

Electronic Voting Systems

Prêt à Voter: a Voter-Verifiable Voting System Peter Y. A. Ryan, David Bismark, James Heather, Steve Schneider, and Zhe Xia

This is a repository copy of Verifiable Classroom Voting in Practice.

Requiring Software Independence in VVSG 2007: STS Recommendations for the TGDC

Secure Electronic Voting: Capabilities and Limitations. Dimitris Gritzalis

STATE OF NEW JERSEY. SENATE, No th LEGISLATURE

Basic Election Admin Facts Need for Data By Kimball Brace, President Election Data Services, Inc. Denver June, 2014

Johns Hopkins University Security Privacy Applied Research Lab

Pennsylvania Needs Resilient, Evidence-Based Elections

City of Toronto Election Services Internet Voting for Persons with Disabilities Demonstration Script December 2013

SpeakUp: remote unsupervised voting

Accessible Voter-Verifiability

SECTION 8. ELECTION AND VOTER REGISTRATION RECORDS

SECURE REMOTE VOTER REGISTRATION

Machine-Assisted Election Auditing

Testimony of Dr. Dan S. Wallach Ohio Joint Committee on Ballot Security March 18, 2004

COMPUTING SCIENCE. University of Newcastle upon Tyne. Verified Encrypted Paper Audit Trails. P. Y. A. Ryan TECHNICAL REPORT SERIES

Transcription:

Josh Benaloh Senior Cryptographer Microsoft Research

September 6 2018

Findings and Recommendations The election equipment market and certification process are badly broken. We need better ways to incentivize innovation.

Findings and Recommendations Congressional funding should be provided to better support Election Assistance Commission, state and local jurisdictions, research, and NIST standards (VVSG).

Findings and Recommendations States should provide more election funding, participate in cross-state registration list matching programs, and provide vote-by-mail tracking.

Findings and Recommendations Internet Voting should not be done today (and never with blockchains).

Findings and Recommendations There was extensive Russian intrusion into the 2016 election in the form of disinformation and infiltration of voter registration databases. However, there is no evidence of tampering with actual votes.

Findings and Recommendations Nevertheless, the vote casting and tabulation systems are extremely vulnerable.

Prof. J. Alex Halderman University of Michigan My undergraduate security class could have changed the results of the 2016 election.

Findings and Recommendations We should replace existing paperless voting systems with paper-based systems.

Findings and Recommendations We must apply best practices to our election registration and voting systems. However, this is not sufficient. The challenge is asymmetric.

Findings and Recommendations Since we can t ensure that our election systems cannot be corrupted, good auditing is essential. We can at least detect tampering even if we can t prevent it.

Findings and Recommendations Two kinds of auditing are recommended. 1. Administrative: Risk-Limiting Audits 2. Public: End-to-End Verifiability

Risk-Limiting Audits Advanced statistical methods and new techniques can enable far more efficient traditional administrative audits.

End-to-End (E2E) Verifiability Cryptographic techniques can enable public audits that shift the paradigm and democratize the electoral process.

What is Possible? Technology exists that enables any inaccuracies and tampering of election tallies to be detected not just by election officials, but also by any candidate, media outlet, voter, or other observer and not just external tampering, but corruption by election officials, equipment vendors, and others. This is known as End-to-End (E2E) Verifiability.

End-to-End Verifiable Elections An election is end-to-end verifiable if 1. Voters can verify that their own selections have been correctly recorded. 2. Anyone can verify that the recorded votes have been correctly tallied.

I d love to describe how but I could easily spend 90 minutes. Here s the 90 second version.

Privacy must be Enforced Voters must be unable to disclose their votes to others. Open-ballot elections would be sooo much easier to secure.

Elections Prior to Secret Ballots The County Election George Caleb Bingham 1852

A Public Election Ledger Voter Name Alice Smith Bob Williams Carol James David Fuentes Ellen Chu Vote Jefferson Adams Adams Jefferson Jefferson Totals Jefferson 3 Adams 2

An End-to-End Verifiable Election Voter Name Alice Smith Bob Williams Carol James David Fuentes Ellen Chu Vote Jefferson Adams Adams Jefferson Jefferson Totals Jefferson 3 Adams 2

A Secret-Ballot E2E-V Election Voter Name Vote Alice Smith Jefferson X37BM6YPM Bob Williams Adams 2J8CNF2KQ Carol James Adams VRSF5JQWZ David Fuentes Jefferson MW5B2VA7Y Ellen Chu Jefferson 8VPPS2L39 Totals Jefferson 3 Adams 2

A Secret-Ballot E2E-V Election Voter Name Vote Alice Smith Jefferson X37BM6YPM Bob Williams Adams 2J8CNF2KQ Carol James Adams VRSF5JQWZ David Fuentes Jefferson MW5B2VA7Y Ellen Chu Jefferson 8VPPS2L39 Totals Jefferson 3 Adams 2

A Secret-Ballot E2E-V Election Voter Name Vote Alice Smith Jefferson X37BM6YPM Bob Williams Adams 2J8CNF2KQ Carol James Adams VRSF5JQWZ David Fuentes Jefferson MW5B2VA7Y Ellen Chu Jefferson 8VPPS2L39 Totals Jefferson 3 Adams 2

A Secret-Ballot E2E-V Election X37BM6YPM 2J8CNF2KQ VRSF5JQWZ MW5B2VA7Y 8VPPS2L39 Totals Jefferson 3 Adams 2

A Secret-Ballot E2E-V Election Mathematical Proof X37BM6YPM 2J8CNF2KQ VRSF5JQWZ MW5B2VA7Y 8VPPS2L39 Totals Jefferson 3 Adams 2

A Secret-Ballot E2E-V Election Voter Name Vote Alice Smith Jefferson X37BM6YPM Bob Williams Adams 2J8CNF2KQ Carol James Adams VRSF5JQWZ David Fuentes Jefferson MW5B2VA7Y Ellen Chu Jefferson 8VPPS2L39 Totals Jefferson 3 Adams 2

Current Technology This is not speculative new technology. The basic techniques have existed for decades and there are several ways to realize them. But new refinements are now making this practical just at a time when the need is being appreciated.

Real-World Deployments Helios (www.heliosvoting.org) Adida and others Used to elect president of UC Louvain, Belgium. Used in Princeton University student government. Used by ACM, IACR, and other professional societies. Scantegrity II (www.scantegrity.org) Chaum, Rivest, many others Used for 2009 & 2011 municipal elections in Takoma Park, MD. STAR-Vote Benaloh, Byrne, Eakin, Kortum, McBurnett, Pereira, Stark, Wallach Designed for use in Travis County, Texas.

2015 U.S. Vote Foundation study Internet voting in public elections should never be done without E2E-verifiability.

New (draft) 2018 EAC standards (VVSG): Compliant systems must either be paper-based or E2E-verifiable.

Thank you.

What About Blockchain Voting? Can blockchain technology be used to enable secure online voting?

Applications of Blockchains Distributed Currency Contracts Distributed Public Ledger Applications Voting?

Blockchains and Elections Elections have central authorities. Set the ballot contents Set and maintain eligibility requirements Set start/end time of election Note that authority need not be trusted!

Blockchains and Elections An election s designated central authority can simply post the same information (digitally signed) on a public web site.

Blockchains and Elections Blockchains do not provide anonymity and authentication. These can be provided with cryptography. But once the cryptography is added, the blockchains become superfluous.

Blockchains and Elections Blockchains don t solve fundamental problems with online voting. Client malware can change votes. Targeted DoS can disenfranchise voters. Voters are subject to coercion.

Blockchains and Elections Blockchains create new problems. There is no accountability. There is no certainty. A mining majority has total control.

Variations? Not all blockchains look like bitcoin. Private rather than public blockchains Proof of stake rather than proof of work DAGs rather than chains

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback