A Secure Paper-Based Electronic Voting With No Encryption

Similar documents
Ronald L. Rivest MIT CSAIL Warren D. Smith - CRV

COMPUTING SCIENCE. University of Newcastle upon Tyne. Verified Encrypted Paper Audit Trails. P. Y. A. Ryan TECHNICAL REPORT SERIES

The usage of electronic voting is spreading because of the potential benefits of anonymity,

An Overview on Cryptographic Voting Systems

An Introduction to Cryptographic Voting Systems

Voting Protocol. Bekir Arslan November 15, 2008

COMPUTING SCIENCE. University of Newcastle upon Tyne. Pret a Voter with a Human-Readable, Paper Audit Trail. P. Y. A. Ryan. TECHNICAL REPORT SERIES

The Effectiveness of Receipt-Based Attacks on ThreeBallot

Josh Benaloh. Senior Cryptographer Microsoft Research

PRIVACY in electronic voting

Cryptographic Voting Protocols: Taking Elections out of the Black Box

Brittle and Resilient Verifiable Voting Systems

evoting after Nedap and Digital Pen

Human readable paper verification of Prêt à Voter

Aadhaar Based Voting System Using Android Application

Accessible Voter-Verifiability

Challenges and Advances in E-voting Systems Technical and Socio-technical Aspects. Peter Y A Ryan Lorenzo Strigini. Outline

A Robust Electronic Voting Scheme Against Side Channel Attack

An untraceable, universally verifiable voting scheme

Privacy of E-Voting (Internet Voting) Erman Ayday

Machine-Assisted Election Auditing

Prêt à Voter: a Voter-Verifiable Voting System Peter Y. A. Ryan, David Bismark, James Heather, Steve Schneider, and Zhe Xia

Towards a Standard Architecture for Digital Voting Systems - Defining a Generalized Ballot Schema

Addressing the Challenges of e-voting Through Crypto Design

Secure Electronic Voting

An Object-Oriented Framework for Digital Voting

Security Analysis on an Elementary E-Voting System

L14. Electronic Voting

FULL-FACE TOUCH-SCREEN VOTING SYSTEM VOTE-TRAKKER EVC308-SPR-FF

THE PROPOSAL OF GIVING TWO RECEIPTS FOR VOTERS TO INCREASE THE SECURITY OF ELECTRONIC VOTING

Secure Voter Registration and Eligibility Checking for Nigerian Elections

L9. Electronic Voting

PRIVACY PRESERVING IN ELECTRONIC VOTING

Thoughts On Appropriate Technologies for Voting

ThreeBallot in the Field

Survey of Fully Verifiable Voting Cryptoschemes

Using Prêt à Voter in Victorian State Elections. EVT August 2012

General Framework of Electronic Voting and Implementation thereof at National Elections in Estonia

Arthur M. Keller, Ph.D. David Mertz, Ph.D.

Auditability and Verifiability of Elec4ons Ronald L. Rivest

CHAPTER 2 LITERATURE REVIEW

TRADITIONAL (PAPER BALLOT) VOTING ELECTION POLICIES and PROCEDURES. for the 2018 MUNICIPAL ELECTION October 22, 2018

A Verifiable Voting Protocol based on Farnel

Towards Trustworthy e-voting using Paper Receipts

Formal Verification of Selene with the Tamarin prover

Security of Voting Systems

Software Independence

Ad Hoc Voting on Mobile Devices

Johns Hopkins University Security Privacy Applied Research Lab

Trusted Logic Voting Systems with OASIS EML 4.0 (Election Markup Language)

SECURITY, ACCURACY, AND RELIABILITY OF TARRANT COUNTY S VOTING SYSTEM

Distributed Protocols at the Rescue for Trustworthy Online Voting

Swiss E-Voting Workshop 2010

TECHNICAL REPORT SERIES. No. CS-TR-1071 February, Human readable paper verification of Pret a Voter. David Lundin and Peter Y. A. Ryan.

Electronic Voting A Strategy for Managing the Voting Process Appendix

Blind Signatures in Electronic Voting Systems

Pretty Good Democracy for more expressive voting schemes

Int. J. of Security and Networks, Vol. x, No. x, 201X 1, Vol. x, No. x, 201X 1

LOCAL UNION ELECTION GUIDE

A MULTIPLE BALLOTS ELECTION SCHEME USING ANONYMOUS DISTRIBUTION

Secure Electronic Voting: New trends, new threats, new options. Dimitris Gritzalis

On Some Incompatible Properties of Voting Schemes

Constitution of the University of Toronto Computer Science Student Union

An Application of time stamped proxy blind signature in e-voting

Summative Usability Assessments of STAR-Vote: A Cryptographically Secure e2e Voting System That Has Been Empirically Proven to Be Easy to Use

Split-Ballot Voting: Everlasting Privacy With Distributed Trust

Colorado s Risk-Limiting Audits (RLA) CO Risk-Limiting Audits -- Feb Neal McBurnett

Risk-Limiting Audits

Supporting Debates over Citizen Initiatives

The E-voting Controversy: What are the Risks?

Direct Democracy Is it possible? Do we want?

Remote Internet voting: developing a secure and efficient frontend

Every Vote Counts: Ensuring Integrity in Large-Scale DRE-based Electronic Voting

Exact, Efficient and Information-Theoretically Secure Voting with an Arbitrary Number of Cheaters

Voting with Unconditional Privacy by Merging Prêt-à-Voter and PunchScan

The Economist Case Study: Blockchain-based Digital Voting System. Team UALR. Connor Young, Yanyan Li, and Hector Fernandez

Design and Prototype of a Coercion-Resistant, Voter Verifiable Electronic Voting System

Feng Hao and Peter Y A Ryan (Eds.) Real-World Electronic Voting: Design, Analysis and Deployment

A paramount concern in elections is how to regularly ensure that the vote count is accurate.

Real Democracy: Post-Election Audits for Range Voting

AKA PROTOCOL FOR ONLINE MEETINGS

2016 Poll Worker Training

Privacy Issues in an Electronic Voting Machine

Paper-based electronic voting

Secure and Reliable Electronic Voting. Dimitris Gritzalis

From Error to Error: Why Voters Could not Cast a Ballot and Verify Their Vote With Helios, Prêt à Voter, and Scantegrity II

Electronic Voting: An Electronic Voting Scheme using the Secure Payment card System Voke Augoye. Technical Report RHUL MA May 2013

GUIDELINES FOR THE USE OF ELECTORAL PRODUCTS

Secure Electronic Voting: Capabilities and Limitations. Dimitris Gritzalis

SpeakUp: remote unsupervised voting

A Modular Voting Architecture ( Frogs )

2016 Poll Worker Training

STAR-Vote: A Secure, Transparent, Auditable, and Reliable Voting System

City of Toronto Election Services Internet Voting for Persons with Disabilities Demonstration Script December 2013

Key Considerations for Implementing Bodies and Oversight Actors

Post-Election Audit Pilots, and New Physical and Cyber Security Requirements in Indiana Election Code

CELL PHONES OR ELECTRONIC DEVICES THAT MAY BE CONNECTED TO THE INTERNET ARE NOT PERMITTED IN THE ABSENTEE COUNTING BOARD

Voting Matters Democracies Need Voters Name: Get Registe red Motor Voter Law Political Parties Influence Voters

E- Voting System [2016]

Yes, my name's Priit, head of the Estonian State Election Office. Right. So how secure is Estonia's online voting system?

Transcription:

A Secure Paper-Based Electronic Voting With No Encryption Asghar Tavakoly, Reza Ebrahimi Atani Department of Computer Engineering, Faculty of engineering, University of Guilan, P.O. Box 3756, Rasht, Iran. atavakoly@msc.guilan.ac.ir, rebrahimi@guilan.ac.ir Abstract: We present a paper-based voting method that attempts to achieve the privacy of voters and election universal verifiability and integrity with only paper ballots and without using any cryptography method. The voting procedure is easy and it needs only selecting the intention of voter over screen of an electronic device. The rest of the voting procedure will be carried out by the device. Voter gets a receipt that can be used to verify that his vote has been counted in final tally as he intended. However the receipt cannot help voter to reveal who he voted for. Also vote selling or coercion is not possible even with the voter s cooperation. The ballot in our voting method has two side, one positive and one negative. Ballots have been prepared for voting in prepackaged form (i.e. 5 ballots per package). Some bubbles of each ballot are prefilled in random way. Numbers of positive and negative filled bubbles are equal with each other and also for each candidate in a package. For example if every package has 30 filled bubbles and if there are three candidates, there would be 10 filled bubbles for each candidate in a package. As it is clear half of those are positive and the other half are negative. The procedure of OneBallot voting is as follows: Voter puts the ballot inside of an electronic device and then he chooses his candidate on the device screen. Then device print another ballot exact same as the original one by one difference; the device fills one positive bubble or unfills one negative bubbles for the selected candidate. First action can be done on the original ballot but the second one needs to print new ballot inevitably. Then device makes a copy from new ballot as voter s receipt and transfers original ballot to the ballot box. After election, there will be a copy from all of ballots in a public board (i.e. a website). 1 Introduction In recent decades some electronic voting schemes have been proposed to make election systems more robust and accurate. The two most important properties in all of these schemes are privacy and universal verifiability. First means that it must not be possible track down the relation between ballots and voters (anonymity) and also voter must not be able to prove who he voted for (anti-coercion). The second property means the correctness of election procedure must be clear for everyone. In other words it must be guaranteed that voters votes have been tallied in the same way that they have intended. In this paper we introduce a simple paper based voting system. It tries to preserve both properties without using any encryption method. First try in this area was the ThreeBallot voting system that has been 1

represented by R. L. Rivest. It was remarkable in preserving integrity and privacy of voters and many details in our method have been inspired from it. Our method is easy to vote for voters by only choosing the favorite candidate on the screen of an electronic device. In next section we explain how the device does rest of the work. Voter gets a receipt and he can use it to check that his vote is included in the final tally or not. We need a public board to put copy of ballots in sight of voters to give them ability of checking their receipts and investigating final result of election. The paper constitutes following parts: in next part, we explain details of our voting system that consists of structure of ballot, structure of electronic device and also the voting procedure in details. Third part contains security considerations and we explain how our voting system preserves privacy and integrity properties. In fourth part we describe other considerations and finally conclusion and references are in parts 5 th and 6 th. 2 Details of Voting System In this part we explain our voting system. It consists of structure of ballot, structure and usages of electronic device and explanation of all steps of voting procedure. 2.1 Ballot Structure As we illustrated before, each ballot consists of two sides. One of them with white background is positive and the other with gray background is negative. There is three bubbles in each of the sides for each candidate and some of them are prefilled randomly. Number of positive and negative prefilled bubbles for each candidate in a package must be a fixed number. There is also a long number on bottom of each side of the ballot as its ID. It helps voter to recognize his ballot from his receipt after election. Figure 1 shows an example of a ballot for our voting system. 2.2 Electronic Device Structure The electronic device must have some abilities to precede the voting procedure. It must have a screen to let voters choose their favorite candidate. It must be able to print new ballots Alice Bob Carol 2277763907620553 8710945560326719 Figure 1: A ballot sample for OneBallot voting system 2

with the correct arrangement of filled bubbles in case of unfilling negative bubbles. It also must sign new ballots in a way to make them recognizable from raw ballots. It can do this by putting a particular stamp on the ballot. Refer to figure 2 to see a voted ballot. 2.3 How To Vote The procedure of voting is as follows: 1- First voter gets a ballot and puts it in the electronic device. 2- Then the voter chooses his favorite candidate on the screen. 3- Device decides to fill a bubble in positive part or unfill a bubble from negative part. If it took second action it must print a new ballot with new arrangement of filled bubbles that has one fewer from original ballot in negative side. 4- Next and final step is printing a copy from the ballot as voter s receipt. Then device transfers the original ballot to the ballot box. 3 Security 3.1 Preserving Privacy of Voters The two most important properties of an election are privacy and integrity. We preserve first one by making voter s intention unrecognizable from his receipt. Coercer cannot find out which mark is voter s intention. Since any combination of prefilled ballots are possible and also the procedure of choosing bubble by device is done randomly. Thus it is not possible to find out who voter voted for from his receipt and it preserves voter s privacy. There is only one arrangement that making it must be forbidden for device. With a little attention it can be understand that three filled negative bubbles with three empty positive bubbles for a candidate means the voter did not vote for that candidate. Thus the device must not make this arrangement on a ballot. 3.2 Integrity and Universal Verifiability Preserving integrity is as follows: after election there will be a copy of all the ballots in a public board (i.e. a web site) and also a list consists of name of persons who were present in the election. Number of ballots must be as same as number of voters plus a few more that depends on the last package. For example if we used just one ballot from the last package, number of unsigned ballots is number of ballots in a package minus one. By revealing ballots anyone can check his receipt with his original ballot to make sure that his vote is present in final tally and it has been tallied as intended. Also anyone can do tallying procedure from scratch by himself for checking correctness of the final result. Adding or diminishing ballots is not possible because for that to happen list and number of voters must change. Changing the signed ballots is also impossible because it can be notified by voters and it rise the risk of losing the integrity of election. If someone cannot find his copy in the public board exactly as it was, he can fill a protest and deliver it to election official. 3

Alice Bob Carol voted 2277763907620553 8710945560326719 Figure 1: A sample for a voted ballot 4 Discussions There is some important cases that worth to note that we list them here: - About our voting method it must be mentioned that our method is easy to vote by just selecting the voter s favorite candidate on a screen. So it does not need any necessary education or training for voters. - Trying not using any encryption method, helps everybody understand what is going on during the election procedure. Unlike to using encryption methods that is not so clear and comprehensible. In this method everyone can scrutinize the ballots by himself to be sure about the correctness of final result. - There must be a question about number of bubbles. However, our method works with two or even with one bubble per positive and negative sides of a ballot, but it makes creating random patterns a little bit difficult. So any number more than two works fine. - Sometimes we may need letting voters to vote for more than one candidate, for example in range voting. For this to happen we may need new design for the ballot. For example if in an election five candidate are competing, we need at least five bubbles in each side for both negative and positive sections. Device can make random patterns by choosing aggregate random number of negative or positive bubbles with the same size as selected number by the voter for each candidate. - Next problem is difficulty in counting or talling the votes because of plurality of filled bubbles. However if it even may help in some cases when positive and negative filled bubbles are equal for a candidate. This way it does not need to record anything at all. - The election procedure depends highly on accurate working of electronic device. Without device it is not possible to precede voting procedure. 5 Conclusion We presented a paper based voting method in easy template for voting and also understanding the security properties for everyone. It is highly verifiable and assures voters that their vote tallied as intended. Everyone can do the process of scrutiny by himself to make sure that final result is correct. It is because tampering ballots is not possible in our method. Besides integrity it is worth to note that privacy of voters is in high degree too. From voter s receipt, no one can find out who the voter voted for and it means there cannot be vote coercion. 4

It must be mentioned that main idea of this paper inspired from the ThreeBallot voting system that belongs to R. L. Rivest. Thus thank him and anyone who helped and participated in ThreeBallot voting system and examined its security aspects that helped us to review them and consider them in our work. 6 References [1] R. L. Rivest, The ThreeBallot Voting System, 2006. [2] R. A. Fink, Applying Trustworthy Computing to End-To-End Electronic Voting, PHD thesis, 2010. [3] D. Balzarotti, G. Banks, M. Cova, V. Felmetsger, R. Kemmerer, W. Robertson, F. Valeur and G. Vigna, An Experience in Testing the Security of Real-World Electronic Voting Systems, IEEE Transactions on Software Engineering, 2010 [4] F. Yumeng, T.Liye, L. Fanbao and G. Chong, Electronic Voting: A Review and Taxonomy, International Conference on Industrial Control and Elections Engineering (ICICEE), 2012. [5] R. Kusters, T. Truderung and A.Vogt, Clash Attacks on the Verifiability of E-Voting, IEEE Symposium on Security and Privacy, 2012. [6] R. Kusters, T. Truderung and A.Vogt, Verifiability Privacy and Coercion-Resistance: New insights from a Case Study, IEEE Symposium on Security and Privacy, 2011. [7] A. O. Santin, R. G. Costa and C. A. Maziero, Three-Ballot-Based Secure Electronic Voting System, IEEE Security and Privacy, 2008. [8] B. Adida, Advances in cryptography voting system, PHD thesis, MIT department of EECS, 2006. [9] F. N. Al-Shammari, A. Villafiorita, K. Weldemariam, Understanding the Development Trends of Electronic Voting Systems, ARES, 2012 [10] S. P. Everett, K. Greene, M. D. Byrne, D. S. Wallach, K. Derr, D. Sandler and T. Torous, Electronic Voting Machines versus Traditional Methods: Improved Preference, Similar Performance, CHI, 2008. [11] R. Ara ujo, R. Cust odio, A. Wiesmaier, and T. Takagi, An electronic scheme for the Farnel paperbased voting protocol, ACNS 06, 2006. [12] J. Kelsey, A. Regenscheid, T. Moran and D. Chaum, Attacking Paper-Based E2E Voting Systems, 2008. [13] R. L. Rivest and J. P. Wack, On the notion of software independence in voting systems, 2006. [14] B. Randell and P. Y. A. Ryan, Voting technologies and trust, IEEE Security and Privacy, 2006. [15] P. Y. A. Ryan and T. Peacock, Prˆet `a Voter: A system perspective, University of Newcastle, 2005. 5

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback