1 / 55

VHTi Data Demonstration

VHTi Data Demonstration. Andrew Berg Director, Engineering. Agenda. What is VHTi and why is it important How does VHTi fit into an election Show the detailed steps of VHTi in an election and the data flow of VHTi This is not a detail look at the math behind VHTi. Protection vs. Detection.

iolani
Télécharger la présentation

VHTi Data Demonstration

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. VHTi Data Demonstration Andrew BergDirector, Engineering

  2. Agenda • What is VHTi and why is it important • How does VHTi fit into an election • Show the detailed steps of VHTi in an election and the data flow of VHTi • This is not a detail look at the math behind VHTi

  3. Protection vs. Detection • The worst election nightmare is undetected fraud. • Protection alone is just half the solution • No way today to prove election integrity end-to-end. • Standard security tweaks are an arms race versus hackers (real or theoretical). • Insiders may always be suspect. • Detection is also needed • Provide indisputable proof of election integrity. • Raise alarms when mistakes or intrusions occur. • Open the process fully to public scrutiny.

  4. VHTi provides Detection VHTi proves election results are valid end-to-end. VHTi is voter-verified audit technology that works inside any electronic voting machine (DRE) and provides two things: Election Transcript for Independent Audit Private Voter-Verified Receipt Receipts are verified against independently audited results Voter Confidence Results Confidence

  5. VHTi proves your vote was counted properly Without VHTi, voting machines can alter ballots, destroying voter intent. VHTi provides mechanisms to audit the voting machines to ensure that voter intent is preserved. Voter Confidence Results Confidence

  6. Roles with VHTi • Election Official • Sign documents • Organize Tabulation Authorities • Publish data for Observer review • Tabulation Authority • Decrypt ballots in a way that preserves privacy • Voter • Vote, and confirm receipt is properly printed • After election, compare receipt against Verification Statement • Observer • Verify all protocol data relationships in published Election Transcript • Could be anyone

  7. Data Demo General Assumptions • In order to illustrate VHTi data, this demonstration uses a simple single precinct election. • 1 Precinct • 1 Voting Machine • 5 Voters • 1 Ballot Style • 1 Question • 3 Tabulation Authorities • 2 Tabulation Authorities needed to tabulate

  8. Data Demo High-Level Steps • The steps can be split into 4 high-level categories

  9. Step 1 - Configure Election • First the Election Official will define the basic election configuration. • For this demonstration, we use: • Election: 1960 Presidential Election • County: Cook County IL • Precinct Name: Lincoln Park High School • Precinct Number: 123

  10. Step 2 Create Election Official Key Pairs • Next the Election Official creates their private / public key pair, used to sign documents. These digital credentials will provide proof of authenticity of documents. • Election Official Private Key (kept secret) • Election Official Public Key (published) • This key pair could be replaced with x.509 if desired.

  11. Step 2 - Election Official Key Pairs Data Election Official Public Key Election Official Private Key

  12. Step 3 - Define Election Parameters • The Election Official will determine the number of Tabulation Authorities who will be participating in the election. • For purposes of this demonstration, a total of three Tabulation Authorities will participate. Of those three, two will be required to complete to tabulate after the election. • N=3 • T=2 • It is important to have more than 1 Tabulation Authority required to tabulate. That way in order to defraud the election the Tabulation Authorities would have to collude. It is not necessary to have the total number of Tabulation Authorities required to tabulate, incase something happens to one of the Tabulation Authorities.

  13. Step 4 - Set up Tabulation Authorities • The Tabulation Authorities need to establish their own key pairs. Additionally, they will meet to complete a step in which they produce the election public key. • Election Public Key • Tabulation Authority Secret Shares (Election Private Key) • The Tabulation Authority Secret Shares have to be kept secret by each Tabulation Authority.

  14. Step 4 - Tabulation Authority Data Election Public Key & Support Data

  15. Step 4 - Tabulation Authority Data Tabulation Authority Secret Share (Private)

  16. Step 5 - Create and Sign Blank Ballot Styles • Once the Election Official has created and approved the basic ballot styles, the ballot data can be imported into the VHTi system. • VHTi Ballot Skeleton • VHTi Blank Ballot • VHTi Signed Blank Ballot

  17. Step 5 – Ballot Data Ballot Skeleton Data

  18. Step 5 – Ballot Data Blank Ballot The Signed Blank Ballot is the Blank Ballot plus the Election Official public signature

  19. Step 6 – Voting Machine Preparation • Once the ballot data has been formatted for VHTi, the ballot data must be loaded onto the Voting Machines. Additionally, the Voting Machine will be configured with a Private Key / Public Key pair which will enable the Voting Machine to sign the ballots, thereby authenticating the legitimacy of the data. • Voting Machine Private Key • Voting Machine Public Key • Signed Blank Ballot • This is in addition to the standard voting machine data being loaded to run the election.

  20. Step 6 – Voting Machine Data • Voting Machine Public Key • Voting Machine Private Key

  21. Step 7 - Publish Pre-Election Data • Prior to the election, the Election Official will publish data for review by any interested observer. This information is made publicly available as a key part of the VHTi protocol, and is key to the transparency of the election. Election Official Public Key Blank Ballot Voting Machine Public Key The Blank Ballot would be signed before being published.

  22. Step 8 – Election Day Voting • 5 voters complete ballots, 3 vote for Kennedy, and 2 vote for Nixon. This is a sample of one ballot, which will be used for the data sample.

  23. Step 8 – Election Day Voting • Data that is used internally by the Voting Machine • VHTi Clear Text Ballot Data • Marked Ballot Data that comes out of the Voting Machine • VHTi Signed Receipt Data • VHTi Printed Receipt Text • Signed Voted Ballot

  24. Step 8 – Voting Data Clear Text Ballot Data Blank Ballot Data

  25. Step 8 – Voting Data Marked Ballot Data

  26. Step 8 – Voting Data Signed Receipt Data

  27. Step 8 – Voting Data Printed Receipt Text

  28. Step 8 – Voting Data Signed Voted Ballot

  29. Begin Tabulation Prep

  30. Step 9 – Collect Data from Voting Machines • After the polls close, the results are collected from the voting machines. Signed Ballot Box as it comes from voting machines • Signed Voted Ballots • Very large data set • Voter Verifiable (with a receipt) • Has BSN and can be tracked by a voter Extract Raw Ballot Box • Raw Ballot Box • Many times smaller • Still countable • No BSN, voter cannot track

  31. Step 9 – Raw Election Data Signed Voted Ballot Data Raw Voted Ballot Data

  32. Step 10 - Shuffle • The Tabulation Authorities 0 and 2 will participate in the VHTi tabulation process. Tabulation Authority 1 was not involved.

  33. Step 10 - Shuffle • The Tabulation Authorities shuffle (mix) the ballot box to make it impossible to link the votes back to the ballot sequence numbers. This protects the privacy of the voters. Tabulation Authority 0 • Raw Ballot Box In • Raw Ballot Box Out • Shuffle Proof Tabulation Authority 2 • Raw Ballot Box In • Raw Ballot Box Out • Shuffle Proof • The Raw Ballot Box In for Tabulation Authority 2 is the same as the Raw Ballot Box Out for Tabulation Authority 0.

  34. Step 10 – Tabulation Authority 0 Shuffle Data Raw Ballot Box In Data Raw Ballot Box Out Data

  35. Step 10 – Tabulation Authority 0 Shuffle Data Shuffle Proof

  36. Step 10 – Tabulation Authority 2 Shuffle Data Raw Ballot Box In Data Raw Ballot Box Out Data

  37. Step 10 – Tabulation Authority 2 Shuffle Data Shuffle Proof

  38. Step 11 - Partial Decrypt • Once the ballots are anonymous, it is safe to decrypt and count them. Each authority partially decrypts the shuffled ballots. Tabulation Authority 0 • Partial Decrypt Tabulation Authority 2 • Partial Decrypt

  39. Step 11 – Partial Decrypt Data Partial Decrypt from Tabulation Authority 0 Partial Decrypt from Tabulation Authority 2

  40. Step 12 - Combine Partial Decrypts • The Partial Decrypts from each of the Tabulation Authorities are combined to produce plain text anonymous ballots. Plain Text Ballots Data

  41. Step 13 - Tabulate Results Plain Text Ballot Data Blank Ballot Data Election Tally

  42. Step 14 - Assemble Transcript • The Transcript includes the intermediate data from the shuffle and decrypt process with accompanying mathematical proofs that the ballots were not tampered with. Included in the Transcript • Ballots from Voting Machines • Raw Ballot Box Out for Tabulation Authority 0 • Raw Ballot Box Out for Tabulation Authority 2 • Shuffle Proofs for Tabulation Authorities • Partial Decrypts from Tabulation Authorities

  43. Step 14 – Transcript Data Election Transcript

  44. Step 15 - Check and Sign Transcript • After the Election Transcript has been assembled, the election official will check it for correctness and then sign it. Signed Transcript Data

  45. Step 16 - Create Verification Statement • The Election Official will use the receipt data to assemble the Verification Statement for publication. This will be used by voters to compare their receipt information, providing the voter proof that the voting machine cast their ballot as intended. • Receipt Data by BSN • Voted Ballot

  46. Step 16 - Verification Statement Data Receipt Data by BSN

  47. Step 16 - Verification Statement Data Voted Ballot Verification Statement is created from this data.

  48. Step 17 – Publish Data • The Election Official will publish the verification statement and transcript for review by independent observers. With this information, voters can be sure that their vote was properly delivered by the voting machine, and observers can check that all data was properly counted and tabulated. • Election Results • Transcript • Verification Statement • Various Public Keys (published in Step 7) • List of precincts and the number of voters who voted at each

  49. Step 17 – Publish Data Election Tally Transcript Data

  50. Step 17 – Publish Data Verification Statement

More Related