1 / 21

Coercion-Resistant STV tallying

Coercion-Resistant STV tallying. Vanessa Teagu e Dept. Computer Science and Software Engineering University of Melbourne Joint work with Lee Naish Dagstuhl Frontiers of Electronic Voting . Plan. Explaining the problem Defining a solution STV tallying Some ideas that don’t work

michi
Télécharger la présentation

Coercion-Resistant STV tallying

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Coercion-Resistant STV tallying Vanessa Teague Dept. Computer Science and Software Engineering University of Melbourne Joint work with Lee Naish Dagstuhl Frontiers of Electronic Voting

  2. Plan • Explaining the problem • Defining a solution • STV tallying • Some ideas that don’t work • Our solution • Conclusion

  3. What a vote looks like ALPTicket.pdf

  4. Problem: Coercion(The “Italian attack”) • In the Australian Senate, 70 candidates • Before the election, the coercer tells the voter a particular vote, choosing one that’s unlikely to appear otherwise • After the election, perhaps during tallying, the coercer looks for that vote • This is a problem even for paper-based systems • Verifiability vs. coercion-resistance • Breaking up the vote is impossible

  5. Plan • Explaining the problem • Defining a solution • STV tallying • Some ideas that don’t work • Our solution • Conclusion

  6. Defining coercion • Most definitions don’t consider STV • Those based on faking credentials or swapping votes don’t apply • For the voter, deciding whether to obey the coercer involves calculating the probability of getting caught • The probability is a function of other’s votes • For the coercer, rewarding or punishing the voter involves calculating the probability that that voter obeyed.

  7. Defining coercion (cont’d) • Based on a definition by Okamoto • Extended for probabilistic information • The system is coercion-resistant if • For all votes demanded by the coercer • For all votes submitted by the voter (instead) • The probability that the coercer can be “confident enough” that the voter disobeyed is “low enough”

  8. Security model • Tallier is not a coercer, but not trusted to count properly • It proves that it is doing the tally correctly, without revealing enough information to allow coercion • (Related work by Goh & Golle • removes this separation between coercer and tallier, but • only works for one-seat STV)

  9. Plan • Explaining the problem • Defining a solution • STV tallying • Some ideas that don’t work • Our solution • Conclusion

  10. More details: Tallying • For electing multiple candidates by “proportional representation” • Used in Cambridge MA, Ireland & Australia • Every voter lists all candidates in their order of preference

  11. More on tallying (one seat) • Tally every vote’s first preference • If a candidate gets a majority, they win. STOP • Eliminate the candidate with the lowest tally • Redistribute: • Delete that candidate from every vote • Shift other candidates up • Go to 1

  12. Even more on tallying (multi-seat) • Let the quota be • Tally every vote’s first preference • If a candidate gets a quota, they get a seat. • Redistribute their votes, re-weighted so that the total weight is equal to the excess over a quota • e.g. if they got 1.5 quotas, multiply by 1/3 = (1.5-1)/1.5 • Go to 2 • Eliminate the candidate with the lowest tally • Redistribute • Go to 1

  13. Plan • Explaining the problem • Defining a solution • STV tallying • Some ideas that don’t work • Our solution • Conclusion

  14. Idea that doesn’t work (1) • Reveal only the preferences that are used • The coercer can put candidates unlikely to be elected at the front of the required permutation • In multi-seat STV, preferences after a candidate who gets a seat are used

  15. Idea that doesn’t work (2) • Reveal only which votes are being redistributed • (and which candidate is being eliminated) • The coercer can keep track of particular votes and note that some sequences don’t occur • e.g. if A gets is eliminated first, then B, the coercer could see that nobody put A first and B second • Coercer can make this more likely by careful choice of A and B

  16. Idea that doesn’t work (3) • Reveal the tally of every candidate after every round of eliminations • Again, the coercer can see that some sequences don’t occur • If redistributing A’s votes doesn’t increase B’s tally, then nobody put A before B • This is (a bit less than) what the Australian Electoral Commission reveals

  17. Plan • Explaining the problem • Defining a solution • STV tallying • Some ideas that don’t work • Our solution • Conclusion

  18. Solution that does work • The tallier writes its computations on the bulletin board • At each round, tallier reveals • Who gets a seat or gets eliminated • For multi-seat STV, the weight of redistributed votes • Correct to only a few decimal places • Proves correctness with (honest-verifier) ZKPs

  19. Solution that does work (cont’d)

  20. Solution that does work (cont’d) • Every vote is a square matrix of modified El Gamal values • Vij is Enc(1) if candidate j is the i-th preference, Enc(0) otherwise • Tallying of first row by homomorphism • As in Cramer, Gennaro, Schoenmakers • Proof of who should be eliminated (or seated) by range proof • e.g. Mao • Proof of correct redistribution of candidate c’ s votes by • Chaum, Evertse & van de Graaf’s proof of simultaneous dlog, and • Cramer, Damgård and Schoenmakers’ proofs of partial knowledge • “c is in row 1 and I deleted row 1, or c is in row 2 and I deleted row 2, or …”

  21. Conclusion • Coercion resistance for STV is subtle • Even the Aus electoral commission got it wrong • For this work, efficiency is an issue • This generates about 100TB of data • Further work • It would be nice not to have to trust the EC not to be a coercer • An end-to-end voting system

More Related