Using Prêt à Voter in Victorian State Elections. EVT August 2012

Similar documents
A vvote: a Verifiable Voting System

vvote: a Verifiable Voting System

Prêt à Voter: a Voter-Verifiable Voting System Peter Y. A. Ryan, David Bismark, James Heather, Steve Schneider, and Zhe Xia

Challenges and Advances in E-voting Systems Technical and Socio-technical Aspects. Peter Y A Ryan Lorenzo Strigini. Outline

COMPUTING SCIENCE. University of Newcastle upon Tyne. Verified Encrypted Paper Audit Trails. P. Y. A. Ryan TECHNICAL REPORT SERIES

Swiss E-Voting Workshop 2010

Addressing the Challenges of e-voting Through Crypto Design

Voting Protocol. Bekir Arslan November 15, 2008

Towards Trustworthy e-voting using Paper Receipts

An Overview on Cryptographic Voting Systems

Paper-based electronic voting

Ronald L. Rivest MIT CSAIL Warren D. Smith - CRV

Prêt à Voter with Confirmation Codes

Human readable paper verification of Prêt à Voter

evoting after Nedap and Digital Pen

Pretty Good Democracy for more expressive voting schemes

Accessible Voter-Verifiability

Union Elections. Online Voting. for Credit. Helping increase voter turnout & provide accessible, efficient and secure election processes.

Int. J. of Security and Networks, Vol. x, No. x, 201X 1, Vol. x, No. x, 201X 1

The usage of electronic voting is spreading because of the potential benefits of anonymity,

Prêt à Voter: a Systems Perspective

An untraceable, universally verifiable voting scheme

Punchscan: Introduction and System Definition of a High-Integrity Election System

TECHNICAL REPORT SERIES. No. CS-TR-1071 February, Human readable paper verification of Pret a Voter. David Lundin and Peter Y. A. Ryan.

An Introduction to Cryptographic Voting Systems

Secure Electronic Voting

General Framework of Electronic Voting and Implementation thereof at National Elections in Estonia

Electronic Voting: An Electronic Voting Scheme using the Secure Payment card System Voke Augoye. Technical Report RHUL MA May 2013

Cryptographic Voting Protocols: Taking Elections out of the Black Box

PRIVACY in electronic voting

Verity Touch Writer. Hart InterCivic Inc.

Key Considerations for Implementing Bodies and Oversight Actors

A Robust Electronic Voting Scheme Against Side Channel Attack

Feng Hao and Peter Y A Ryan (Eds.) Real-World Electronic Voting: Design, Analysis and Deployment

Arthur M. Keller, Ph.D. David Mertz, Ph.D.

Design and Prototype of a Coercion-Resistant, Voter Verifiable Electronic Voting System

Privacy of E-Voting (Internet Voting) Erman Ayday

The Effectiveness of Receipt-Based Attacks on ThreeBallot

Electronic Voting. Mohammed Awad. Ernst L. Leiss

Towards a Standard Architecture for Digital Voting Systems - Defining a Generalized Ballot Schema

COMPUTING SCIENCE. University of Newcastle upon Tyne. Pret a Voter with a Human-Readable, Paper Audit Trail. P. Y. A. Ryan. TECHNICAL REPORT SERIES

Survey of Fully Verifiable Voting Cryptoschemes

Auditability and Verifiability of Elec4ons Ronald L. Rivest

Key Considerations for Oversight Actors

CHAPTER 2 LITERATURE REVIEW

福井大学審査 学位論文 博士 ( 工学 )

AADHAR BASED ELECTRONIC VOTING SYSTEM USING BIOMETRIC AUTHENTICATION AND IOT

Voting in New South Wales Australia Bicameral Parliament hence two contests per election held every 4 years Lower House single candidate per

On the Independent Verification of a Punchscan Election

STAR-Vote: A Secure, Transparent, Auditable, and Reliable Voting System

Individual Verifiability in Electronic Voting

Ballot Reconciliation Procedure Guide

This is a repository copy of Verifiable Classroom Voting in Practice.

2016 Election Judges Manual. Casting Ballots. At the Scanning Unit Inserting a Ballot into the Ballot Scanner

Johns Hopkins University Security Privacy Applied Research Lab

PRIVACY PRESERVING IN ELECTRONIC VOTING

Procedures for the Use of Optical Scan Vote Tabulators

Direct Recording Electronic Voting Machines

Act means the Municipal Elections Act, 1996, c. 32 as amended;

SECURITY, ACCURACY, AND RELIABILITY OF TARRANT COUNTY S VOTING SYSTEM

Election Inspector Training Points Booklet

A Secure Paper-Based Electronic Voting With No Encryption

Receipt-Free Universally-Verifiable Voting With Everlasting Privacy

IC Chapter 3. Counting Ballot Card Votes

An Object-Oriented Framework for Digital Voting

Machine-Assisted Election Auditing

Secure Electronic Voting: New trends, new threats, new options. Dimitris Gritzalis

A Verifiable Voting Protocol based on Farnel

FULL-FACE TOUCH-SCREEN VOTING SYSTEM VOTE-TRAKKER EVC308-SPR-FF

CRYPTOGRAPHIC PROTOCOLS FOR TRANSPARENCY AND AUDITABILITY IN REMOTE ELECTRONIC VOTING SCHEMES

A MULTIPLE BALLOTS ELECTION SCHEME USING ANONYMOUS DISTRIBUTION

The USENIX Journal of Election Technology and Systems. Volume 1, Number 1 August 2013

Trusted Logic Voting Systems with OASIS EML 4.0 (Election Markup Language)

RECEIPT-FREE UNIVERSALLY-VERIFIABLE VOTING WITH EVERLASTING PRIVACY

E-Voting, a technical perspective

Citizen engagement and compliance with the legal, technical and operational measures in ivoting


City of Toronto Election Services Internet Voting for Persons with Disabilities Demonstration Script December 2013

Netvote: A Blockchain Voting Protocol

Every Vote Counts: Ensuring Integrity in Large-Scale DRE-based Electronic Voting

Secure Electronic Voting: Capabilities and Limitations. Dimitris Gritzalis

Community Electoral Education Kit

Mitigating Coercion, Maximizing Confidence in Postal Elections

COMMISSION CHECKLIST FOR NOVEMBER GENERAL ELECTIONS (Effective May 18, 2004; Revised July 15, 2015)

Estonian National Electoral Committee. E-Voting System. General Overview

SECTION 6: Closing Procedures. Declare the Polls Closed 83. Closing Assignments 84. Job 1: Close the Precinct Scanner 85. Remove the Memory Card 86

On Some Incompatible Properties of Voting Schemes

Design of Distributed Voting Systems

Global Conditions (applies to all components):

Security of Voting Systems

How to challenge and cast your e-vote

Elections for everyone. Experiences of people with disabilities at the 8 June 2017 UK Parliamentary general election

IC Chapter 13. Voting by Ballot Card Voting System

A paramount concern in elections is how to regularly ensure that the vote count is accurate.

Registrar of Voters Certification. Audit ( 9 320f)

Did you sign in for training? Did you silence your cell phone? Do you need to Absentee Vote? Please Hold Questions to the end.

Privacy Issues in an Electronic Voting Machine

Trivitas: Voters directly verifying votes

A Linked-List Approach to Cryptographically Secure Elections Using Instant Runoff Voting

User Guide for the electronic voting system

Transcription:

Using Prêt à Voter in Victorian State Elections EVT August 2012 Craig Burton 1 Chris Culnane 2 James Heather 2 Thea Peacock 3 Peter Y. A. Ryan 3 Steve Schneider 2 Sriram Srinivasan 2 Vanessa Teague 4 Roland Wen 5 Zhe Xia 2

Structure of talk Voting in the State of Victoria, Australia VEC s motivation for e-voting Introducing the Prêt a Voter voter-verifiable system Adapting to the VEC requirements: practical challenges Conclusion

Legislative Assembly (Lower House) Full preferential voting: number the candidates in order of preference. http://www.vec.vic.gov.au/vote/vote-howto-state.html

Legislative Council (Upper House) ATL: select exactly one choice; or BTL: number the candidates in order of preference http://www.vec.vic.gov.au/vote/vote-howto-state.html

VEC s motivation for electronic voting VEC was an early adopter of e-voting (2006) flexibility: for remote (but supervised) voting including overseas, out of state, out of district accessibility: supports voters with disabilities. Electronic voting machines also handle foreign languages. Complexity of ballots means need for help to avoid malformed ballots but human help loses privacy usability: to reduce (accidental) informal ballots BUT: proprietary system not open to inspection; lack of verifiability; issues with integration with VEC processes WANT e-voting but recognise the need for verifiability

Context of this project Australian elections: solution needs to be able to handle STV and preferential voting. Prêt à Voter judged to be the most appropriate voter-verifiable system able to support this. usability vs security: what can you ask and expect voters to do? scalability: issues to be resolved for us to scale up to a state election. pragmatics: scanning (including OCR) and printing. integrity and trust: the electorate must have confidence in the solution.

Prêt à Voter A voter-verifiable voting system Verifiability: voters, independent checkers can verify stages of the election Integrity: evidence provided that the result is correct Privacy: have to trust some elements of the system, but aim to minimize this

Voting with Prêt à Voter Place X or preferences against desired candidate. (candidates in random order) Separate left hand side. Destroy left hand side. Cast (scan) vote. Take receipt home. 4. Diane 2. Bob 5. Elaine 3 5 2 3. Crystal 1. Alice 1 4 #1726

Publish the ballots cast Voter receipts prevent election officials from altering or removing votes. Voters confirm inclusion of their vote Public bulletin board of votes cast. 2 4 3 5 1 #1665 5 3 4 1 2 #0809 4 5 3 1 2 #2197 3 5 2 1 4 #1726 Voter s receipt 3 5 2 1 4 #1726

Public bulletin board of votes cast. Tallying the votes 2 4 3 5 1 #1665 5 3 4 1 2 #0809 4 5 3 1 2 #2197 3 5 2 1 4 #1726

Tallying the votes Public bulletin board of votes cast. Public list of votes, shuffled and decrypted. 2 4 3 5 1 #1665 5 3 4 1 2 #0809 Alice 4 Bob 5 Crystal 1 Diane 3 Elaine 2 etc 4 5 3 1 2 #2197 3 5 2 1 4 #1726 Votes need to be decrypted to be tallied etc etc

Tallying the votes Public bulletin board of votes cast. Public list of votes, shuffled and decrypted. 2 4 3 5 1 #1665 5 3 4 1 2 #0809 Alice 4 Bob 5 Crystal 1 Diane 3 Elaine 2 etc 4 5 3 1 2 #2197 3 5 2 1 4 #1726 The links are not published (receipts are not linked to votes) etc etc

Tallying When the votes are cast: Publish the votes cast (newspaper, or web bulletin board) these should match the receipts, and voters can check. Mix up the votes (see next slide), so resulting votes are not linked to input votes (which correspond to receipts): Decrypt the mixed votes Publish the resulting votes. Count the votes.

Re-encryption mixnets with proofs (Chaum; Park et al.; Sako and Kilian ) Server 1 Server 2 Server 3 Server 4 Re-encryption mixing: {c,r1} {c,r2} are different encryptions of c

Re-encryption mixnets with proofs (Chaum; Park et al.; Sako and Kilian ) Server 1 Server 2 Server 3 Server 4 proof1 proof 2 proof 3 proof 4 Tellers provide `proofs of shuffles : that the set of encrypted values is not changed from one stage to the next. These proofs can be independently checked.

End-to-end Verifiability for Prêt à Voter Voters Ballot Casting Encrypted Votes Ballot Shuffling by mixnet Encrypted Votes Decrypt and Count Results Verify by receipts Verify by checking proofs Verify by public information End-to-end verifiability

Practical Challenges

Practical challenges In practice in Victorian State elections there are typically around 35+ BTL candidates Prêt à Voter requires those candidates to be in a random order on each ballot Significant cryptography required to create the ballot forms Presenting 35+ spaces for voters to write preferences in a single column will require a long ballot form. Difficult for voters to find their choices by hand; issues around the order candidates are presented to voters Accessibility issues are compounded

Adapting Prêt à Voter: Front end Solution: Use an offline Electronic Ballot Marker to assist the voter to complete the ballot. It will capture the voter s preferences in a user-friendly way, and will print the preferences on the ballot form. Presents the candidates in the given fixed order Captures the voters preferences via touch screen Prints the preferences onto the ballot form in the appropriate permutation Voter confirms selection before scanning. Alerts voter if ballot not well formed Can have accessibility plug-ins (vision/mobility impaired) and offer different languages. NB: does lose the attractive feature of Prêt à Voter that no device learns the vote. Seems unavoidable.

End-to-end Verifiability for Prêt à Voter with EBM Voters Construct Ballot with EBM Printed Vote Ballot Casting Encrypted Votes Ballot Shuffling by mixnet Encrypted Votes Decrypt and Count Results Verify by checking EMB printing Verify by receipts Verify by checking proofs Verify by public information End-to-end verifiability

VEC Ballot Form

Ballot form gives the permutation Ballot Form front side Serial number: 1 No. 1 Legislative Assembly Donna Alice Charlie Bob Legislative Council Above the Line (ATL) Serial No. 1 (Donna, Alice, Charlie, Bob), (Lib Dem, Labour, Green), (Steve, Vanessa, Craig, Peter Chris, Thea, James) [ ] Lib Dem [ ] Labour [ ] Green Onion code QR Candidate QR code

Ballot form gives the permutation Ballot Form Back side Serial number: 1 No. 1 Steve Vanessa Craig Peter Chris Thea James Legislative Council Below the Line (BTL)

A VEC ballot example The front side The back side

Victorian Voter Experience

1. Language selection and training Language: English [X] French [ ] Chinese [ ] Training Yes [X] No [ ]

2. Scan candidate QR code (device obtains permutation) Candidate QR code

3a. Construct vote via voting device (LA + LC-ATL) LA: Alice: 4 Bob: 1 Charlie: 3 Donna: 2 LC-ATL: Green [ ] Labour [X] Lib Dem [ ]

3b. Construct vote via voting device (LA + LC-BTL) LC-BTL: Chris: 6 Craig: 1 James: 7 Peter: 2 Steve: 3 Thea: 4 Vanessa: 5

3c. Vote casting for blind voters No. 1 Legislative Assembly Donna Alice Charlie Bob [ ] Lib Dem [ ] Labour [ ] Green Legislative Council Above the Line (ATL) LA: Alice: (4) Bob: Charlie: Donna: You have voted 4 for Alice. Now please vote for Bob. Clipped corner

4a. Overprint on ballot form (LA + LC-ATL) Ballot form Serial number: 1 No. 1 (2) Donna (4) Alice (3) Charlie (1) Bob Legislative Assembly Legislative Council Above the Line (ATL) [ ] Lib Dem [X] Labour [ ] Green No. 1 Steve Vanessa Craig Peter Chris Thea James Legislative Council Below the Line (BTL) Front Side Back Side (empty)

4b. Overprint on ballot form (LA + LC-BTL) Ballot form Serial number: 1 No. 1 (2) Donna (4) Alice (3) Charlie (1) Bob Legislative Assembly Legislative Council Above the Line (ATL) [ ] Lib Dem [ ] Labour [ ] Green No. 1 (3) Steve (5) Vanessa (1) Craig (2) Peter (6) Chris (4) Thea (7) James Legislative Council Below the Line (BTL) Front Side (ATL empty) Back Side

5. Shred the names Legislative Assembly Alice Bob Charlie Donna Legislative Council Above the Line (ATL) Front side: LA + LC-ATL candidates Back side: LC-BTL candidates Lib Dem Labour Green

No. 1 6a. Submit vote (LA + LC-ATL) (2) (4) (3) (1) No. 1 No. 1 (2) (4) (3) No. 1 [ ] (1) [ ] [X] [ ] [X] [ ] Front Back Bulletin Board 1 Scan Front Back 3 No.1: {2,4,3,1}, [2], {} Submit to WBB No.1 (2) (4) (3) (1) [ ] [X] [ ]

No. 1 6b. Submit vote (LA + LC-BTL) (2) (4) (3) (1) No. 1 (3) (5) No. 1 (2) (4) (3) No. 1 (3) (5) [ ] (1) (2) (1) [ ] (1) (2) (6) [ ] [ ] (6) (4) (7) [ ] [ ] Front (4) (7) Back Bulletin Board 1 Scan Front Back 3 No.1: {2,4,3,1}, [], {3,5,1,2,6,4,7} Submit to WBB No.1 (2) (3) (4) (5) (3) (1) (1) (2) [ ] (6) [ ] (4) [ ] (7)

No. 1 (2) (4) (3) (1) No. 1 Bulletin Board 2 over print [ ] [X] [ ] Overprinted Signature 1 {No.1: {2,4,3,1}, [2], {}}_SK(WBB) No.1 (2) (4) (3) (1) [ ] [X] [ ]

No. 1 (2) (4) (3) (1) No. 1 (3) (5) (1) (2) (6) (4) Bulletin Board 2 over print [ ] [ ] [ ] (7) Overprinted Signature 1 {No.1: {2,4,3,1}, [], {3,5,1,2,6,4,7}}_SK(WBB) No.1 (2) (3) (4) (5) (3) (1) (1) (2) [ ] (6) [ ] (4) [ ] (7)

8a. WBB check later (LA + LC-ATL) No. 1 (2) (4) (3) (1) [ ] [X] [ ] receipt No. 1 No.1 (2) (4) (3) (1) [ ] [X] [ ] Bulletin Board

8b. WBB check later (LA + LC-BTL) No. 1 No.1 (2) (2) (4) (3) (1) [ ] [ ] [ ] (4) (3) (1) [ ] [ ] [ ] (3) (5) (1) (2) (6) (4) (7) receipt No. 1 (3) (5) (1) (2) (6) (4) (7) No.1 (2) (3) (4) (5) (3) (1) (1) (2) [ ] (6) [ ] (4) [ ] (7) Bulletin Board

Adapting Prêt à Voter: Processing the votes We use Douglas Wikström s implementation of a reencryption mixnet: the Verificatum system. This provides shuffles, re-encryptions and proofs. It also provides the final decryption step following the mix, to produce a list of plaintext votes. Given the large numbers of candidates, each preference list is compressed into a small number of ciphertexts to optimise the mixing process, and expanded at the other end. These steps are also verifiable. [Technical details in the paper]

Implementation Timings Processing stage Time taken Approximation Cipher generation 39hrs 34mins 1.4 seconds per ballot Mixing ATL 2hrs 0mins 12 ballots per second Decryption ATL 12mins 9s 120 ballots per second Mixing BTL 1hr 33mins 2 ballots per second Decryption BTL 9mins 27sec 18 ballots per second Reconstructing BTL 57mins 10sec 3 ballots per second 100,000 ballots: 38 candidates, 8 parties, 90000 ATL + 10000 BTL votes

Distributed Ballot Generation Server 1 Server 2 Server 3 A A B B C C D D Servers inject randomness, and re-encrypt with a different key for the two parts: (PKp{c,r1}, PKm{c,r1 }) (PKp{c,r2}, PKm{c,r2 })

Servers publish proofs of shuffle PKm and PKp are threshold keys Distributed Ballot Generation Candidate list encrypted with PKm Provably same candidate list encrypted with PKp Server 1 Server 2 Server 3 A A B B C C D D proof 1 proof 2 proof 3

Print on Demand: step 1 Ballot printer < PKp(b_i) > < ZKP(b_i) > Bulletin Board Printer generates a blinding factor b_i for each candidate. Encrypts them with PKp Sends them to the ballot servers as a ballot request, with a proof of knowledge (ZKP)

Print on Demand: step 2 Bulletin Board Ballot #N PKp(c_1) PKp(c_2) PKp(c_3) PKp(c_4) Ballot server selects an unused ballot: #N Combines the blinding factors with the encrypted names (Threshold) decrypts the blinded names

Print on Demand: step 2 Bulletin Board Ballot #N PKp(c_1+b_1) PKp(c_2+b_2) PKp(c_3+b_3) PKp(c_4+b_4) Ballot server selects an unused ballot: #N Combines the blinding factors with the encrypted names (Threshold) decrypts the blinded names

Print on Demand: step 2 Bulletin Board Ballot #N c_1+b_1 c_2+b_2 c_3+b_3 c_4+b_4 Ballot server selects an unused ballot: #N Combines the blinding factors with the encrypted names (Threshold) decrypts the blinded names

Print on Demand: step 3 < c_i + b_i > Bulletin Board Ballot printer Blinded candidate names returned to the printer

Print on Demand: step 4 Ballot #N c_1+b_1 c_2+b_2 c_3+b_3 Ballot printer c_4+b_4 Printer removes blindings on names Printer can then print ballot form

Print on Demand: step 4 Ballot #N c_1 c_2 c_3 Ballot printer c_4 Printer removes blindings on names Printer can then print ballot form

Print on Demand: step 4 #N c_1 c_2 c_3 c_4 Ballot #N c_1 c_2 c_3 Ballot printer c_4 Printer removes blindings on names Printer can then print ballot form

Auditing printed ballots If a printed ballot is challenged...... the ballot servers can threshold decrypt the blinding factors PKp(b_i) provided by the printer,... which enables the c_i + b_i values to be unblinded and checked against the printed ballot... or can threshold decrypt the candidate names Kp(c_i) directly, and check against the printed ballot

Conclusion Usability, accessibility, and remote voting, while retaining assurance in the system, are key drivers. Prêt à Voter can be customised to the VEC requirements. The main new design feature is the EBM, which introduces fresh challenges. Scaling up also raises issues with processing the votes A demonstrator is currently being implemented for evaluation, with a view to VEC trialling it next year The system can handle the scale of Australian state elections Verifiability comes from the ability to check the information published by the system. The code is also open to inspection, though it s the output of the code that is verified

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback