Wombat Voting Alon Rosen IDC Herzliya July 20, 2012
Project Participants Amnon Ta Shma (TAU) Douglas Wikstrom (KTH) Ben Riva (TAU) NikoFarhi (TAU) Morgan Llewellyn (IMT Lucca) Jonathan Ben-Nun IDC Students: TomerGabbai, Doron Sharon, ShiranKleiderman, IdoBergerfroind, AsafGamliel, Daniel Rapaport, OmriBaumer, AsafInger, EitanGrundland
4 Years ago… Well, introducing computers will help us for sure * Meir Shitrit, Israel’s former Minister of Interior
Not what we hoped for... The design process was problematic: • No public scrutiny • No open design • And, the resulting system was not satisfactory: • No paper trail • No transparency • …
Secrecy vs. Verifiability Voting system convince Carl the coercer Alice
Desired Properties Aliceverifiesher vote. Everyoneverifiestallying. Alicecannot be coerced by Carl.
Paper vs. Electronic • Paper elections • Local attacks • Lacks transparency • Electronic elections today • Global attacks • Undetectable • Unrecoverable • No transparency • Ideally • No local/global attacks • Full transparency
What is Transparency? Anyone can verify that: • their vote is cast as intended • the votes were counted as cast
Main Features • Simple design. • Voter privacy. • End-to-end verifiability. • No need to trust the designers!
Objectives • Easy to use. • Versatile. • Paper backup.
Public Ballots Alice: Sweet Bridget: Sweet Carol: Salty Tally Sweet….2 Salty…...1 Alice
Encrypted Public Ballots Alice: Sweet Bridget: Sweet Carol: Salty Everyone verifies the tally Tally Sweet….2 Salty…...1 Alice verifies her vote Alice
System components • Dual ballot • Voting machine • Polling station committee • Public bulletin board • Mixnet Vote
The Ballot א א
Voting Booth • Vote selection • Ballot printing • Hardware • Touch screen • Printer
Polling Station • Voter identification • Vote casting • Hardware • A desktop computer • 2D barcode scanner
Tallying • Encrypted votes are mixed by the mixnet. • Mixed decrypted votes and proofs of correctness are published in the Bulletin board. • Paper votes may be tallied according to policy.
Auditing • Auditing the machine (“cast as intended”): • Audit by users using Android application. • Random audit by designated auditors. • Auditing the bulletin board. • Android application. • Validation of mixnet proofs of correctness: • Built-in verifier. • 2 Independent verifiers.
Behind the scenes Auditing the booth: cast-or-audit
Behind the scenes Auditing the booth: cast-or-audit Auditing the tally: Verifiable Mixnet
Elections with Wombat • IDC Student council elections: May 17-19 2011 • Meretz party chairman: February 7, 2012 • IDC Student council elections: May 21-23 2012
IDC 2011 Elections • Non-profit college with ~6000 students. • 28 different races. • Students eligible to vote on multiple races. • 2097 students voted.
Some Statistics • Voting took 1-2 minutes: • 30 Seconds for voter identification • 30 Seconds for scanning the ballot • 579 voters verified ballot at bulletin board • Students encouraged to verify with a coveted prize • (2 x faculty parking spots).
Questionnaire • 403 students answered an on-line survey. • 78 answered a random exit survey. • Students encouraged to answer by offering prize. • High levels of voter satisfaction and confidence. • The processes of folding ballots and validating votes should be improved.
Questionnaire • “How satisfied are you with your voting experience?” • “The Voting Process Was Clear and Simple”
Meretz Party Leader • Party leader elected by party council consisting of 950 representatives. • Highly diverse set of voters: • Age (many over 50), gender, education, ethnicity… • 830 (88%) voted. • 23 voters verifiedtheir vote.
IDC 2012 Elections • 2120 Students voted. • Only 16 students checked their votes.
Difficulties & Lessons • Technical difficulties: • Electricity power loss. • Printer hanging. • Difficulties in folding the ballot. • Mitigated by volunteers instructing voters before entering the voting booth.