Ronald L. Rivest MIT CSAIL Warren D. Smith - CRV

Similar documents
The Effectiveness of Receipt-Based Attacks on ThreeBallot

A Secure Paper-Based Electronic Voting With No Encryption

COMPUTING SCIENCE. University of Newcastle upon Tyne. Verified Encrypted Paper Audit Trails. P. Y. A. Ryan TECHNICAL REPORT SERIES

A Verifiable Voting Protocol based on Farnel

Prêt à Voter: a Voter-Verifiable Voting System Peter Y. A. Ryan, David Bismark, James Heather, Steve Schneider, and Zhe Xia

An untraceable, universally verifiable voting scheme

General Framework of Electronic Voting and Implementation thereof at National Elections in Estonia

Privacy of E-Voting (Internet Voting) Erman Ayday

An Overview on Cryptographic Voting Systems

Cryptographic Voting Protocols: Taking Elections out of the Black Box

Risk-Limiting Audits

PRIVACY in electronic voting

evoting after Nedap and Digital Pen

Voting Protocol. Bekir Arslan November 15, 2008

Secure Electronic Voting

Using Prêt à Voter in Victorian State Elections. EVT August 2012

Ballot Reconciliation Procedure Guide

Pretty Good Democracy for more expressive voting schemes

Swiss E-Voting Workshop 2010

Security of Voting Systems

Chapter 11. Weighted Voting Systems. For All Practical Purposes: Effective Teaching

Auditability and Verifiability of Elec4ons Ronald L. Rivest

ThreeBallot in the Field

Thoughts On Appropriate Technologies for Voting

An Introduction to Cryptographic Voting Systems

Survey of Fully Verifiable Voting Cryptoschemes

Challenges and Advances in E-voting Systems Technical and Socio-technical Aspects. Peter Y A Ryan Lorenzo Strigini. Outline

Johns Hopkins University Security Privacy Applied Research Lab

The usage of electronic voting is spreading because of the potential benefits of anonymity,

Int. J. of Security and Networks, Vol. x, No. x, 201X 1, Vol. x, No. x, 201X 1

Paper-based electronic voting

Josh Benaloh. Senior Cryptographer Microsoft Research

Design and Prototype of a Coercion-Resistant, Voter Verifiable Electronic Voting System

L9. Electronic Voting

A Robust Electronic Voting Scheme Against Side Channel Attack

L14. Electronic Voting

CHAPTER 2 LITERATURE REVIEW

A paramount concern in elections is how to regularly ensure that the vote count is accurate.

Local elections. Referendum on the voting system used to elect MPs to the House of Commons

Addressing the Challenges of e-voting Through Crypto Design

Machine-Assisted Election Auditing

Receipt-Free Universally-Verifiable Voting With Everlasting Privacy

Brittle and Resilient Verifiable Voting Systems

Formal Verification of Selene with the Tamarin prover

On Some Incompatible Properties of Voting Schemes

Towards Trustworthy e-voting using Paper Receipts

RECEIPT-FREE UNIVERSALLY-VERIFIABLE VOTING WITH EVERLASTING PRIVACY

PRIVACY PRESERVING IN ELECTRONIC VOTING

User Guide for the electronic voting system

Feng Hao and Peter Y A Ryan (Eds.) Real-World Electronic Voting: Design, Analysis and Deployment

Receipt-Free Homomorphic Elections and Write-in Voter Verified Ballots

Security Analysis on an Elementary E-Voting System

福井大学審査 学位論文 博士 ( 工学 )

A MULTIPLE BALLOTS ELECTION SCHEME USING ANONYMOUS DISTRIBUTION

Arthur M. Keller, Ph.D. David Mertz, Ph.D.

Secure Electronic Voting: New trends, new threats, new options. Dimitris Gritzalis

Electronic Voting: An Electronic Voting Scheme using the Secure Payment card System Voke Augoye. Technical Report RHUL MA May 2013

Secure Voter Registration and Eligibility Checking for Nigerian Elections

Vote for Best Candy...

Human readable paper verification of Prêt à Voter

Union Elections. Online Voting. for Credit. Helping increase voter turnout & provide accessible, efficient and secure election processes.

A Modular Voting Architecture ( Frogs )

Key Considerations for Implementing Bodies and Oversight Actors

A vvote: a Verifiable Voting System

Privacy Issues in an Electronic Voting Machine

Split-Ballot Voting: Everlasting Privacy With Distributed Trust

Audits: an in-depth review of Venezuela s automatic voting

Privacy in evoting (joint work with Erik de Vink and Sjouke Mauw)

Key Considerations for Oversight Actors

Scottish Parliamentary election

Receipt-Free Homomorphic Elections and Write-in Ballots

Instructions for Closing the Polls and Reconciliation of Paper Ballots for Tabulation (Relevant Statutes Attached)

Direct Democracy Is it possible? Do we want?

Prêt à Voter with Confirmation Codes

Electronic Voting. Mohammed Awad. Ernst L. Leiss

Election Inspector Training Points Booklet

Blind Signatures in Electronic Voting Systems

Check off these skills when you feel that you have mastered them. Identify if a dictator exists in a given weighted voting system.

September 18, pm

Chief Electoral Officer Directives for the Counting of Ballots (Elections Act, R.S.N.B. 1973, c.e-3, ss.5.2(1), s.87.63, 87.64, 91.1, and 91.

The E-voting Controversy: What are the Risks?

Towards Secure Quadratic Voting

APPENDIX MODERATOR'S RETURN

OCSE Vienna 17/ Open Source Remote Electronic Voting in Norway

Estonian National Electoral Committee. E-Voting System. General Overview

Good morning. I am Don Norris, Professor of Public Policy and Director of the

Abstract: We present a modular voting architecture in which vote generation is performed separately from vote casting.

Colorado s Risk-Limiting Audits (RLA) CO Risk-Limiting Audits -- Feb Neal McBurnett

Accessible Voter-Verifiability

Electronic Voting A Strategy for Managing the Voting Process Appendix

CRYPTOGRAPHIC PROTOCOLS FOR TRANSPARENCY AND AUDITABILITY IN REMOTE ELECTRONIC VOTING SCHEMES

Secure Electronic Voting: Capabilities and Limitations. Dimitris Gritzalis

Towards a Practical, Secure, and Very Large Scale Online Election

vvote: a Verifiable Voting System

Estimating the Margin of Victory for an IRV Election Part 1 by David Cary November 6, 2010

City of Orillia Tabulator Instructions

Voting with Unconditional Privacy by Merging Prêt-à-Voter and PunchScan

Lecture 6 Cryptographic Hash Functions

Exact, Efficient and Information-Theoretically Secure Voting with an Arbitrary Number of Cheaters

Selene: Voting with Transparent Verifiability and Coercion-Mitigation

Transcription:

G B + + B - Ballot Ballot Box Mixer Receipt ThreeBallot, VAV, and Twin Ronald L. Rivest MIT CSAIL Warren D. Smith - CRV Talk at EVT 07 (Boston) August 6, 2007

Outline End-to-end voting systems ThreeBallot VAV Twin

End-to-end voting systems Voter composes and casts ballot as usual, except cast ballot may be encrypted. Cast ballots posted on public bulletin board (PBB). Voter gets receipt allowing her to confirm & correct posting of her ballot; receipt is typically copy of cast ballot as it should be posted. Tally is computed by election officials from ballots on PBB (proof of correctness also computed and posted).

End-to-end voting systems VM PBB EO Result Receipt Receipt Voter Cast Ballot Confirm Posting Verify Tally

End-to-end voting systems VM PBB EO Result Receipt Receipt Voter Cast Ballot Confirm Posting Verify Tally Cast as intended? Posted as cast? Counted as posted?

Crypto end-to-end voting systems Cast ballots are encrypted. With encrypted ballots, need to ensure they are cast as intended [challenging]. With receipts, need to ensure that they don t reveal how voter voted [not so hard]. With tally, need to ensure that election result is publicly verifiable [manageable]. Examples: Punchscan, PretAVoter, Scratch&Vote,

Crypto-free end-to-end systems Is it possible to have an end-to-end voting system without using cryptography?? cryptography?

Crypto-free end-to-end systems Is it possible to have an end-to-end voting system without using cryptography?? Yes. ThreeBallot. Yes. VAV. Yes. Twin. cryptography?

ThreeBallot

Voting w/o crypto -- ThreeBallot Each voter casts three plaintext ballots All three cast ballots go on PBB. Voter takes home copy of arbitrarilychosen one as receipt. Receipt does not indicate how she voted, but serves as integrity check on PBB.

ThreeBallot Ballot Ballot Ballot President Alice Bob Charles Vice President David Erica r9>k*@0e!4$% President Alice Bob Charles Vice President David Erica *t3]a&;nzs^_= President Alice Bob Charles Vice President David Erica u)/+8c$@.?( Each row has 1 or 2 marks. Not 0, not 3. All three ballots cast and posted on PBB. Voter takes home copy of one as receipt.

ThreeBallot Ballot Ballot Ballot President Alice Bob Charles Vice President David Erica r9>k*@0e!4$% President Alice Bob Charles Vice President David Erica *t3]a&;nzs^_= President Alice Bob Charles Vice President David Erica u)/+8c$@.?( Each row has 1 or 2 marks. Not 0, not 3. All three ballots cast and posted on PBB. Voter takes home copy of one as receipt.

Tallying in ThreeBallot Tally as usual: each candidate receives n extra votes (n = number of voters), but election outcome is unchanged. Works for (or can be adapted for) ordinary plurality voting, approval voting, and range voting, but not for IRV or other schemes where voter must rank-order choices. Also doesn t work for write-in votes.

Casting ballots Votes are cast in a physical ballot box; order of casting is lost, and it is should be impossible to figure out which three ballots originally formed a ballot triple.

Ensuring valid votes Need way to ensure that votes are valid -- voter doesn t vote zero or three times for anyone. Voter casts ballots through a checker machine that checks validity of ballot triple before allowing them to be cast. Ballot Ballot Ballot Checker Machine Ballot Box

Making receipts Voter may arbitrarily choose one ballot to be copied as her receipt. No record kept of which was copied. Can integrate copying with checker (Shamos checker). Receipts should be unforgeable. Ballot Ballot Ballot Receipt Checker Machine Ballot Box

Confirming Posting Ballots aren t posted on PBB until polls are closed. Each ballot should have a unique ID (matching ID on receipt copy), so that ID can be looked up on PBB. Voters should not see (and/or not be able to memorize) ID s for ballots that were not copied (to prevent vote-selling).

Short Ballot Assumption (SBA) Since ballots are published in plaintext, voters must not be able to identify their ballots by the selection of choices made. Short Ballot Assumption: ballot is short enough so that each possible arrangement of choices likely to have been made by several voters. Can separate ballot into several short ones to ensure SBA. SBA also prevents reconstruction attacks.

Integrity of PBB Since no one knows which ballots posted on PBB have been copied for receipts, any significant tampering with PBB is likely to be detectable.

Coercion-freeness Voter can bring home an arbitrarylooking receipt, independent of her choices. Thus, voter can t sell vote using her receipt. Adversary (or voter) can t determine which three ballots were in original triple from PBB and receipt.

Usability Not so good! Voting three ballots would be confusing to many! Note: Can mix OneBallot (ordinary ballots) with ThreeBallot: OneBallot voters don t get receipts. But their ballots posted on PBB are protected along with ThreeBallots.

ThreeBallot is end-to-end ThreeBallot provides end-to-end security: Voter is confident her ballot is cast as intended. Voter can check that her ballot is included in collection of ballots being tallied. Voters can check that tampering with collection has not occurred. Anyone can add up ballots on PBB to obtain correct election result.

+ G + B - VAV B (Vote // Anti-Vote // Vote)

VAV = ThreeBallot Variation Like ThreeBallot: each voter casts three ballots and takes home copy of one as a receipt. But VAV works for any vote-tallying system (e.g. IRV), not just plurality, approval, and range-voting. Key idea: one ballot may cancel another ballot. Of three ballots cast, two of them must cancel each other.

VAV Example Ballots (Blank) Ballot President Alice Bob Charles V _ Ballot President Alice Bob Charles A _ Ballot President Alice Bob Charles V _ Vice President David Erica Vice President David Erica Vice President David Erica 4765239014119052 155236349001341 144578232133782

VAV Example Ballots Ballot President Alice Bob Charles V 1 3 2 Ballot President Alice Bob Charles A 1 3 2 Ballot President Alice Bob Charles V 3 1 2 Vice President David Erica 2 1 Vice President David Erica 2 1 Vice President David Erica 1 2 4765239014119052 155236349001341 144578232133782 Second (Anti-) ballot cancels first ballot, since they are identical except for A/V notations. As in ThreeBallot, voter can take home copy of any one ballot as her receipt.

Tallying VAV ballots Tallier finds pairs of V/A ballots that cancel, and removes such pairs from further consideration. (The ballots in a pair don t need to have originated with the same voter.) Remaining ballots are tallied to determine election results. VAV handles any voting system. VAV also provides end-to-end security.

Ballot original Ballot Box twin Mixer Twin Receipt

Key Idea for Twin With ThreeBallot, voter could not use take-home receipt to sell her vote, because it copied only a part of her ballot. With Twin, voter can not use take-home receipt to sell her vote, because it is copy of some other voter s ballot. Single original may be copied more than once, or not at all. Simple!

Mixing up voter receipts Voter places her receipt into the bin, and receives a copy of some previous voter s receipt from the bin. First 10 voters don t get take-home receipt. Voter checks PBB with her take-home receipt. At end of day, bin has all original receipts; enables additional check on PBB. Receipt

Mixing up voter receipts Voter places her receipt into the bin, and receives a copy of some previous voter s receipt from the bin. First 10 voters don t get take-home receipt. Voter checks PBB with her take-home receipt. At end of day, bin has all original receipts; enables additional check on PBB. Receipt Previous Voter s Receipt

Mixing up voter receipts Voter places her receipt into the bin, and receives a copy of some previous voter s receipt from the bin. First 10 voters don t get take-home receipt. Voter checks PBB with her take-home receipt. At end of day, bin has all original receipts; enables additional check on PBB. Take-home Receipt Receipt copy Previous Voter s Receipt

Mixing up voter receipts Voter places her receipt into the bin, and receives a copy of some previous voter s receipt from the bin. First 10 voters don t get take-home receipt. Voter checks PBB with her take-home receipt. At end of day, bin has all original receipts; enables additional check on PBB. Take-home Receipt Receipt Previous Voter s Receipt

Mixing up voter receipts Voter places her receipt into the bin, and receives a copy of some previous voter s receipt from the bin. First 10 voters don t get take-home receipt. Voter checks PBB with her take-home receipt. At end of day, bin has all original receipts; enables additional check on PBB. Take-home Receipt Receipt

Mixing up voter receipts Voter places her receipt into the bin, and receives a copy of some previous voter s receipt from the bin. First 10 voters don t get take-home receipt. Voter checks PBB with her take-home receipt. At end of day, bin has all original receipts; enables additional check on PBB. Take-home Receipt

Properties of Twin [Exchange] Voter gets a copy of some other voter s receipt as her take-home receipt. [Anonymity] Voter does not know which other voter she received copy from. [Collusion-Resistance] Adversary has no good way of collecting all copies of some receipt. [Coverage] Constant fraction of all receipts are copied as take-home receipts, with high probability. [End-to-end security] Twin provides end-to-end security. Twin is similar to Farnel protocol, except we are applying it to receipts, not ballots, and we distribute copies rather than originals.

Conclusions End-to-end voting systems provide improved assurance of correctness of election outcome. It is possible to implement end-toend voting systems without using cryptography.

(The End)

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback