1 / 83

How Elections Should Really Be Run

How Elections Should Really Be Run. Josh Benaloh Senior Cryptographer Microsoft Research. Disclaimer Any opinions presented in this talk are my own and do not necessary represent those of the Microsoft Corporation or any subsidiary or partner thereof. The Year Is …. 2008.

luna
Download Presentation

How Elections Should Really Be Run

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. How Elections ShouldReally Be Run Josh Benaloh Senior Cryptographer Microsoft Research

  2. Disclaimer Any opinions presented in this talk are my own and do not necessary represent those of the Microsoft Corporation or any subsidiary or partner thereof.

  3. The Year Is … 2008

  4. Sophisticated Mathematics 0 5 4 2008.00 2 1 .99 Remainder appears to be statistically near to zero.

  5. This year … … there will be a U.S. Presidential election. (Don’t tell, maybe no one will notice.)

  6. The Current Voting Landscape

  7. The Current Voting Landscape • Hand-Counted Paper

  8. The Current Voting Landscape • Hand-Counted Paper • Punch Cards

  9. The Current Voting Landscape • Hand-Counted Paper • Punch Cards • Lever Machines

  10. The Current Voting Landscape • Hand-Counted Paper • Punch Cards • Lever Machines • Optical Scan Ballots

  11. The Current Voting Landscape • Hand-Counted Paper • Punch Cards • Lever Machines • Optical Scan Ballots • Touch-Screen Terminals

  12. The Current Voting Landscape • Hand-Counted Paper • Punch Cards • Lever Machines • Optical Scan Ballots • Touch-Screen Terminals • Various Hybrids

  13. Vulnerabilities and Trust • All of these systems have substantial vulnerabilities. • All of these systems require trust in the honesty and expertise of election officials. Can we do better?

  14. End-to-End Voter-Verifiability As a voter, I can be sure that • My vote is • Cast as intended • Counted as cast • All votes are counted as cast … without having to trust anyone or anything.

  15. Lloyd Bentsen Syndrome: I know computers… I’ve worked with computers… You cannot trust computers.

  16. More specifically … There are a million ways to tamper with software: • Insider attacks • Exploitation of bugs and vulnerabilities • Configuration errors • etc. How can one trust an election to software?

  17. A Web-Based Election • Voters post their names and votes to a public web site. • Anyone who cares to do so can • Check that their own votes are correctly posted • Check that other voters are legitimate • Check that the totals are correct

  18. But wait … This isn’t a secret-ballot election. Quite true, but it’s enough to show that voter-verifiability is possible … and also to falsify arguments that electronic elections are inherently untrustworthy.

  19. Privacy • The only ingredient missing from this “toy” web-based election is privacy – and the things which flow from privacy (e.g. protection from coercion). • Performing tasks while preserving privacy is the bailiwick of cryptography. • Cryptographic techniques can enable end-to-end verifiable elections while preserving voter privacy.

  20. End-to-End Verifiable Elections • Voters post their names and encrypted votes to a public web site. • At the end of the election, administrators post the tally together with a cryptographic proof that the tally “matches” the set of encrypted votes.

  21. End-to-End Verifiable Elections • Anyone who cares to do so can • Check that their own encrypted votes are correctly posted • Check that other voters are legitimate • Check the cryptographic proof of the correctness of the announced tally

  22. Is it Really This Easy? Yes … … but there are lots of details to get right.

  23. Some Important Details • How is the ballot encryption and decryption done? • How is the cryptographic proof of the tally done?

  24. Fundamental Tallying Decision You have essentially two paradigms to choose from … • Anonymized Ballots (Mix Networks) • Ballotless Tallying (Homomorphic Encryption)

  25. Anonymized Ballots

  26. Ballotless Tallying

  27. Pros and Cons of Ballots • Ballots simplify write-ins. • Ballots make it harder to enforce privacy.

  28. Ballotless Tallying

  29. The Homomorphic Paradigm • Benaloh (Cohen), Fischer (1985) …

  30. Tally The Homomorphic Paradigm

  31. Tally The Homomorphic Paradigm

  32. Homomorphic Encryption It is possible to construct public-key encryption functions such that if A is an encryption of aand B is an encryption of b then AB is an encryption of a+b. (AE(a))  (BE(b))  (ABE(a+b))

  33. Homomorphic Encryption In particular, given an encryption ME(m) , one can create a differentM’E(m) by generating an encryption of zero ZE(0) and forming M’=MZ.

  34. Homomorphic Encryption Some Homomorphic Functions • RSA: E(m) = memod n • ElGamal: E(m,r) = (gr,mhr) mod p • Benaloh: E(m,r) = rxgmmod n • Pallier: E(m,r) = rngmmod n2

  35. Homomorphic Techniques

  36. Homomorphic Techniques

  37. Homomorphic Techniques

  38. Homomorphic Techniques

  39. Homomorphic Techniques

  40. Homomorphic Techniques

  41. Homomorphic Techniques

  42. Homomorphic Techniques The product of the encryptions of the votes constitutes an encryption of the sum of the votes.

  43. Tally The Homomorphic Paradigm

  44. Anonymized Ballots

  45. The Mix-Net Paradigm • Chaum (1981) …

  46. The Mix-Net Paradigm

  47. Vote Vote Vote Vote The Mix-Net Paradigm MIX

  48. The Mix-Net Paradigm Vote MIX Vote Vote Vote

  49. A Re-encryption Mix MIX

  50. A Re-encryption Mix MIX

More Related