Voting* - PowerPoint PPT Presentation

fleur
voting n.
Skip this Video
Loading SlideShow in 5 Seconds..
Voting* PowerPoint Presentation
play fullscreen
1 / 23
Download Presentation
Presentation Description
125 Views
Download Presentation

Voting*

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Voting* CSCI284 Spring 2005 GWU *This telling influenced by Josh Benaloh and Sara Robinson

  2. Goals of an election • Integrity: each vote is correctly counted • Anonymity: a vote cannot be connected to a voter (without voter complicity) • Involuntary privacy: a voter cannot prove how she voted CS284/Spring05/GWU/Vora/Voting

  3. Goals of an election • Voter verifiability: a voter can confirm that her vote was: • counted as cast and • anonymous • Public verifiability: a member of the public can verify that the election has integrity, anonymity and involuntary privacy • Robustness: an individual cannot falsely charge that the above objectives were not achieved CS284/Spring05/GWU/Vora/Voting

  4. Typical election participants and roles • Voter requires that her vote is: • counted correctly and • is anonymous. • Polling Booth/Station • correctly communicates votes • ensures voter anonymity • ensures only legitimate voters vote • ensures each voter votes only once CS284/Spring05/GWU/Vora/Voting

  5. Typical election participants – contd. • Trustees ensure that votes are counted correctly and anonymously after leaving polling booth • Independent Third Parties observe and ensure process is followed at polling booth • Auditor/Certification Authority certifies election results were determined as specified • Public follow election process as much as possible CS284/Spring05/GWU/Vora/Voting


  6. Anonymity and Integrity

  7. Anonymity and Integrity • Either • hide the voter (e.g. Chaum MIXnet (1981)) or • hide the vote (Benaloh Homomorphic Secret Sharing) all through the process*. • Both require more than one trustee *Inspired by: Electronic Voting Schemes (Zuzana Rjaskova, MSc thesis, 2003) CS284/Spring05/GWU/Vora/Voting

  8. Hide the voter: A single MIX EKiEKi+1…EKn(m1) EKi+1…EKn(m(1)) MIX i: Decryption + shuffle EKiEKi+1…EKn(m2) EKi+1…EKn(m(2)) EKiEKi+1…EKn(mk) EKi+1…EKn(m(k)) CS284/Spring05/GWU/Vora/Voting

  9. Hide the voter: MIXnet: Many consecutive MIXesrun by trustees in e-voting Count decrypted votes Trustee n (MIX n) Trustee 1 (MIX 1) Trustee 2 (MIX 2) …. CS284/Spring05/GWU/Vora/Voting

  10. Hide the vote: Homomorphic Secret Sharing • Use a secret sharing scheme where: the sum of the shares are shares of the sum of the secrets (votes) vi  (si1, si2, …siN) i=1K vi  (i=1K si1, i=1K si2, … i=1K siN) • And a public key cryptosystem where: encrypted values of the sum of shares can be computed from encrypted values of the shares (Ej(s1j), Ej(s2j), … Ej(sKj))  Ej(i=1K si1) CS284/Spring05/GWU/Vora/Voting

  11. Hide the vote: Each trustee calculates a share of the sum • Each voter splits her vote into a share each for the N trustees: vi  (si1, si2, …siN) • She encrypts each share with the public key of the corresponding trustee Ej(sij) and sends it • Each trustee computes its share of the sum of the votes (Ej(s1j), Ej(s2j), … Ej(sKj))  Ej(i=1K si1)  i=1K si1 • Anyone can compute the sum of the votes from the shares (i=1K si1, i=1K si2, … i=1K siN)  i=1K vi CS284/Spring05/GWU/Vora/Voting

  12. Can show both methods provide anonymity and integrity • Homomorphic secret sharing as described previously requires the existence of a secure homomorphic encryption scheme; El Gamal is thought to be one such • Another option is for the voter to send to each trustee the vote encrypted with a share of a key, so that trustees get together to obtain the vote. RSA is thought to be capable of providing the homomorphic properties for this. CS284/Spring05/GWU/Vora/Voting

  13. Voter Verifiability The system so far: Trustees: Counting, anonymity

  14. Voter verifiability • Challenge: allow the voter to keep a record of her vote so she can • determine that it was counted as cast (voter verifiability) • yet not prove how she voted (involuntary privacy) • Further, this record ought to be on paper, so as to allow processing of the vote in case of failure of the electronic systems CS284/Spring05/GWU/Vora/Voting

  15. Paper Record: Solution (Chaum, Neff) • Encrypted paper receipts which can be decrypted only by a subset of trustees • Example: the encrypted vote that is input to the MIXnet • Example: the encrypted shares sent to individual trustees using homomorphic encryption CS284/Spring05/GWU/Vora/Voting

  16. How does the voter know the encryption decrypts to her vote? • Chaum solution: Provide two, symmetric, encrypted paper ballots such that: • One ballot on top of the other provides the decrypted ballot • The voter chooses which ballot to take away • Each ballot has, before the voter chooses, printed “commitments”: the encrypted versions of both ballots for the trustees, and a serial number • After the voter chooses, the seed for the encrypted version CS284/Spring05/GWU/Vora/Voting

  17. Public Verifiability The system so far: Trustees: Counting, anonymity Voter-verified Encrypted Vote Polling Booth Store link between vote and serial number?

  18. Public verifiability • The polling booth needs to be checked to determine it is: • Communicating votes correctly (including no ballot stuffing) • Not retaining copies of votes linked to voter (or voter sequence) • Issuing valid receipts • The trustees need to be audited to determine that they are following the decryption/counting/anonymizing process. CS284/Spring05/GWU/Vora/Voting

  19. Polling booth check obtained by: • Posting all receipts to be counted at a publicly accessible place, such as a website • Voters or their representatives can check the presence of their receipts • Voters, Interested Third Parties and Auditors can check commitments to ensure that each receipt was appropriately generated by the Polling Booth CS284/Spring05/GWU/Vora/Voting

  20. Need participation Need a minimum number of checks of both: • receipt presence (only possible through voter participation) and • receipt accuracy (does not require voter participation) to ensure a given probability that all votes posted were correctly generated Without these checks, voting is not less accurate than that of any electronic system without checks Might be less accurate than a mechanical/physical system which requires more effort to break? CS284/Spring05/GWU/Vora/Voting

  21. Trustee check obtained by auditing CS284/Spring05/GWU/Vora/Voting

  22. Robustness

  23. Signed Receipts • The entire receipt is digitally signed by the polling booth • This prevents voters from generating false receipts to claim a rigged election CS284/Spring05/GWU/Vora/Voting