1 / 34

Independently-Verifiable Secret-Ballot Elections

Independently-Verifiable Secret-Ballot Elections. Poorvi L. Vora Department of Computer Science The George Washington University. Outline. Current voting technology, limitations Cryptographic approach; paradigm shift “End-to-end” voting systems Electronic E2E voting systems.

farsiris
Télécharger la présentation

Independently-Verifiable Secret-Ballot Elections

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Independently-Verifiable Secret-Ballot Elections Poorvi L. Vora Department of Computer Science The George Washington University

  2. Outline • Current voting technology, limitations • Cryptographic approach; paradigm shift • “End-to-end” voting systems • Electronic E2E voting systems

  3. Current Technology

  4. In the world’s oldest continuous democracy • Humboldt County, CA:voting machinesdropped 197 votes – Wired, 12-8-2008 • Florida’s 13th Congressional District (2006): One in seven votes recorded on voting systems was blank – US Government Accountability Office, 2-8-2008 • Franklin County, Ohio: computer error gave Bush 3,893 extra votes in one precinct – WaPo, 11-6-2004 • In a North Carolina County: 4,500 votes were lost –WaPo, 11-6- 2004

  5. Voting Machine Analysis • Kohno et al (2004): Diebold AccuVote-TS DRE* • Voters can cast unlimited votes without detection • Insiders can modify votes and match votes to voters • Felten (2006) • "Hotel Minibar Keys Open Diebold Voting Machines • Bishop, Wagner et al (2007): CA “Top to Bottom Review” • Voter can insert a virus into code • Virus can spread through the state’s election system And so on …. optical scan (Kiayias et al, 2007), Ohio voting machines OS + DRE (McDaniel et al, 2007); NJ DREs (Appel et al, 2009); *DRE: Direct Recording Electronic

  6. More exhaustive testing? • Not possible to test large programs for the absence of errors • Cannot rely only on • software and • software testing • Go back to paper, or keep paper back-up

  7. At least “we” can count paper BUT • Everyone cannot use paper • Inefficient and inaccurate counts and recounts (e.g. Minnesota Senate election) Problems of integrity remain • “we” = persons with privilege • Still need to secure cast ballots till counting

  8. Integrity Issues Are these our only choices: • Trust: • chain of custody of voting systems/paper back-up and • those who count OR • Watch • all locks on all precincts, and • all counts

  9. Cryptographic Voting Systems

  10. Paradigm Shift Audit the ElectionNot the Equipment Instead of checking • all the software, and • that it will perform several operations correctly every time Determine that only the tally is correct, only this time

  11. Encrypted Paper Trail 1. Voter Casts Encrypted Vote and Takes Copy out of Polling Booth 2. Voter Checks Receipt on Website/Newspaper

  12. 5: McCain 3:Romney 5: McCain 3:Romney Tally Tally 34W1 AC1U Voting system HY40 • Public digital audit trail • commitment by voting system • for proof of tally • Public digital audit trail • commitment by voting system • for proof of tally 9IK1 2LS7 B8OH 5TJG DEV6 Tally Computation 3. Voting system reveals tally and a digital audit trail to begin the proof of tally correctness

  13. Partial decryption using assymetric-key cryptography 34W1 5GXT McCain AC1U NZ2Q Romney HY40 LN04 McCain 9IK1 S43R McCain 2LS7 77JH McCain B8OH MBFD Romney 5TJG AZ9J Romney DEV6 LOQ1 McCain On public website: anyone can compute tally For example: Invention of Secure Electronic VotingVotes are decrypted and shuffledMixnet:David Chaum (1981): Public key encryption/decryption

  14. Tally Audit 4. Public audit performed by auditors Successful audit verifies tally without revealing information on votes Open • Voting protocols can protect • tally integrity or • vote secrecy (but not both) • against an adversary who can break the cryptography

  15. 34W1 5GXT McCain AC1U NZ2Q Romney HY40 LN04 McCain 9IK1 S43R McCain 2LS7 77JH McCain B8OH MBFD Romney 5TJG AZ9J Romney DEV6 LOQ1 McCain For Example: Tally AuditJakobsson, Juels, Rivest (2002) * * * * * * * * On public website: anyone can check opened commitments

  16. The story so far (in 2002) … • Very interesting theoretical results Chaum (1981), Cohen (now Benaloh) and Fischer (1985), Benaloh and Tuinstra (1994), Sako and Kilian (1995), • Relevant: zero-knowledge proofs and interactive/non-interactive proofs (e.g. Goldwasser-Micali-Rackoff (1985) ) • BUT: Computers vote OR humans encrypt votes • Encryption on trusted machines • Cannot use in polling booth • Cannot use to vote from home, because • Home PCs can have viruses • Adversary can threaten or bribe voter

  17. Trusted encryption without trusted encryption device?

  18. E2E Systems: Voter-Verifiable VotingVoters need not trust encryption device • Electronic: Chaum (2002-3); Neff (2004); Benaloh (2006); VoteBox (2007) • Paper Ballots: Prêt à Voter (2005); Punchscan (2005); Scratch and Vote (2006); Voting Ducks (2006); Scantegrity (2007) • Remote: Rijnland Internet Election System (RIES) Netherlands governmental elections (2004, 2006); Helios (2008); not resistant to remote coercion

  19. Example: Prêt à Voter Ryan et al, 2005 1. System encrypts vote 2. Voters can choose to audit the encryption or cast it 3. Audit ballot by opening onion “Onion” Ballot Receipt Picture from Stefan Popoveniuc, PhD Dissertation, GW, 2009

  20. Scantegrity IITakoma Park Municipal Election: 2009Scantegrity II front end + Punchscan back-end UMBC, GW, MIT, Waterloo, UOttawa

  21. First fully-voter-verifiable secret-ballot governmental election • November 3, 2009: Takoma Park, MD • Mayor + 6 Council Members • 1728 votes cast (10,934 registered voters) • Candidates were ranked by voters (instant runoff voting) • Unique: • Public audit of tally • Open-source • Fully-verifiable by voters

  22. Scantegrity II (2008) UMBC, GW, MIT, Waterloo, UOttawa Photo by Alex Rivest

  23. Website Verification • Immediately after election (10-11 pm) • Scantegrity count announced • Codes made available online • 81 unique ballot verifications, 64 before Takoma Park complaint deadline (Nov. 6) • One complaint • Codes not clear enough for one voter • Voter noted “0” • Scantegrity website said “8” • Voter trusted Scantegrity code was correct • Audit check later revealed Scantegrity code was correct

  24. Audits: (Closed) Manual Vote Count • November 5, afternoon • Jointly by Scantegrity and Takoma Park • Corroborated Scantegrity total • Few differences, due to difference between: • machine reading (by scanner) and • human determination of voter intent • Election certified at 7 pm. • by Chair, Board of Elections, to City Council

  25. Audits: Encryption Audit Lillie Coney* Audited ballots through the day Chose about 50 ballots at random Exposed all confirmation codes Took home copies of marked ballots Checked them against commitments when opened after election With familiarity, voters, including candidate representatives, can do this too • * Associate Director, Electronic Privacy Information Center and • Public Policy Coordinator for the National Committee for Voting Integrity (NCVI)

  26. Audits: Digital Audit Trail Dr. Ben Adida* and Dr. Filip Zagórski+ • Audited the entire digital audit trail and independently confirmed tally correctness • Provided their own copy of confirmation codes for voter check • Pointed out discrepancies in documentation * Helios and Center for Research on Computation and Society, Harvard University +Institute of Mathematics and Computer Science, Wroclaw University of Technology, Poland

  27. Universally Verifiable Anyone can perform the audits performed by Adida and Zagórski • BoE Chair expects other voters will, using software provided by Adida and Zagórski • Voters can write their own software, using Scantegrity public spec

  28. Limitations • Bulletin Board (website) needs to be secure • Ensure that it doesn’t present one code to voters, another to auditors • Hence Adida and Zagórski made their own copies and requested voters to check • The cryptographic protocol does not prevent ballot stuffing, we had to use procedures • Paper ballots are inaccessible to those with motor and visual disabilities

  29. Electronic Independently-Verifiable Elections?

  30. Electronic Audit • Voter: “Vote for Bob” • System prints encryption and signs it • Voter: “I want to audit this encryption” • System shows that it encrypted vote for Alice • Voter knows system cheated, but no proof without hard record of “Vote for Bob” • If we keep hard record, then has to be destroyed if voter chooses to vote, not audit • Need observers during audit. Can we do that without voting system detecting an audit?

  31. Conclusions • Can have better integrity of election outcome using E2E systems • Challenges exist in making E2E systems electronic

  32. Acknowledgements Collaborators: Carback, Chaum, Clark, Coney, Essex, van de Graaf, Hall, Hosp, Popoveniuc, Rivest, Ryan, Shen, Sherman, Wagner At NIST: Hastings, Kelsey, Peralta, Popoveniuc, Regenscheid Help with Takoma Park election: City Clerk and Board of Elections, Takoma Park Independent auditors: Adida, Coney, Zagórski Survey: Baumeister Others: Florescu, Jones, Relan, Rubio, Sonawane, Support: NSF IIS 0505510, NSF CNS 0831149, NSF CNS 0937267 School of Engineering and Applied Science, GW: start-up funds

  33. Extras

More Related