1 / 40

A Supervised Verifiable Voting Protocol for the Victorian Electoral Commission

A Supervised Verifiable Voting Protocol for the Victorian Electoral Commission. Craig Burton 1 Chris Culnane 2 James Heather 2 Thea Peacock 3 Peter Y. A. Ryan 3 Steve Schneider 2 Sriram Srinivasan 2 Vanessa Teague 4 Roland Wen 5 Zhe Xia 2. Structure of talk.

rachelroberts
Download Presentation

A Supervised Verifiable Voting Protocol for the Victorian Electoral Commission

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Supervised Verifiable Voting Protocol for the Victorian Electoral Commission • Craig Burton1 Chris Culnane2 James Heather2 • Thea Peacock3 Peter Y. A. Ryan3 Steve Schneider2 • Sriram Srinivasan2 Vanessa Teague4 Roland Wen5 Zhe Xia2

  2. Structure of talk • Voting in the State of Victoria, Australia • VEC’s motivation for e-voting and its challenges • Adapting Prêt à Voter to the VEC requirements • Conclusion

  3. Legislative Assembly (Lower House) • Full preferential voting: number the candidates in order of preference. http://www.vec.vic.gov.au/vote/vote-howto-state.html

  4. Legislative Council (Upper House) • ATL: select exactly one choice; or • BTL: number the candidates in order of preference http://www.vec.vic.gov.au/vote/vote-howto-state.html

  5. VEC’s motivation for electronic voting • VEC was an early adopter of e-voting (2006) • flexibility: for supervised voting including overseas, out of state, out of district, last for 2 weeks before the election day • accessibility: supports voters with disabilities. Electronic voting machines also handle foreign languages. Complexity of ballots means need for help - human help loses privacy • usability: to reduce (accidental) informal ballots • BUT: proprietary system not open to inspection; lack of verifiability; issues with integration with VEC processes • WANT e-voting but recognise the need for verifiability

  6. Context of this project • Australian elections: solution needs to be able to handle STV and preferential voting. Prêt à Voter judged to be the most appropriate voter-verifiable system able to support this. • usability vs security: keep voter’s task as familiar as possible, cannot expect too much from the election officials. • scalability: issues to be resolved for us to scale up to a state election. • pragmatics: scanning (including OCR) and (over)printing. • integrity and trust: the electorate must have confidence in the solution.

  7. 4. Diane 2. Bob 5. Elaine 3. Crystal 1. Alice Prêt à Voter • A voter-verifiable voting system • Verifiability: voters, independent checkers can verify stages of the election • Integrity (unconditional): evidence provided that the result is correct • Privacy: have to trust some elements of the system, but aim to minimize this {42521}pk

  8. Challenges

  9. Practical challenges • In practice in Victorian State elections there are typically around 35+ BTL candidates • Prêt à Voter requires those candidates to be in a random order on each ballot • Significant cryptography required to create the ballot forms • Presenting 35+ spaces for voters to write preferences in a single column will require a long ballot form. • Difficult for voters to find their choices by hand; issues around the order candidates are presented to voters • Accessibility issues are compounded

  10. Adapting Prêt à Voter: Front end • Solution: Use an offline Electronic Ballot Marker (EBM) to assist the voter to complete the ballot. • It will capture the voter’s preferences in a user-friendly way, and will print the preferences on the ballot form. • Presents the candidates in the given fixed order • Captures the voters preferences via touch screen • Prints the preferences onto the ballot form in the appropriate permutation • Voter confirms selection before scanning. • Alerts voter if ballot not well formed • Can have accessibility plug-ins (vision/mobility impaired) and offer different languages / training modules.

  11. VEC Ballot Form

  12. Ballot form gives the permutation Ballot Form – front side Serial number: 1 Serial No. 1 (Donna, Alice, Charlie, Bob), (Lib Dem, Labour, Green), (Steve, Vanessa, Craig, Peter Chris, Thea, James) Onion QR code Candidate QR code

  13. Ballot form gives the permutation Ballot Form – Back side Serial number: 1

  14. A VEC ballot example The front side The back side

  15. Victorian Voter Experience

  16. Language: English [X] French [ ] Chinese [ ] Training Yes [X] No [ ] 1. Language selection and training

  17. 2. Scan candidate QR code (device obtains permutation) Onion QR code Candidate QR code Candidate QR code

  18. LA: Alice: 4 Bob: 1 Charlie: 3 Donna: 2 LC-ATL: Green [ ] Labour [X] Lib Dem [ ] 3a. Construct vote via voting device(LA + LC-ATL)

  19. LC-BTL: Chris: 6 Craig: 1 James: 7 Peter: 2 Steve: 3 Thea: 4 Vanessa: 5 3b. Construct vote via voting device(LA + LC-BTL)

  20. LA: Alice: (4) Bob: ( ) Charlie: ( ) Donna: ( ) You have voted 4 for Alice. Now please vote for Bob. 3c. Vote casting for blind voters Clipped corner

  21. 4a. Overprint on ballot form (LA + LC-ATL) Ballot form Serial number: 1 Back Side (empty) Front Side

  22. 4b. Overprint on ballot form (LA + LC-BTL) Ballot form Serial number: 1 Back Side Front Side (ATL empty)

  23. Front side: LA + LC-ATL candidates Back side: LC-BTL candidates 5. Shred the names

  24. No.1 (2) ( ) (4) ( ) (3) ( ) (1) ( ) [ ] ( ) [X] ( ) [ ] ( ) 6a. Submit vote (LA + LC-ATL) Bulletin Board Front Back Front Back ② Display to the voter satisfy/modify ③ No.1: {2,4,3,1}, [2], {} ① Scan Submit to WBB

  25. No.1 (2) (3) (4) (5) (3) (1) (1) (2) [ ] (6) [ ] (4) [ ] (7) 6b. Submit vote (LA + LC-BTL) Bulletin Board Front Back Front Back ② Display to the voter satisfy/modify ③ No.1: {2,4,3,1}, [], {3,5,1,2,6,4,7} ① Scan Submit to WBB

  26. No.1 (2) ( ) (4) ( ) (3) ( ) (1) ( ) [ ] ( ) [X] ( ) [ ] ( ) 7a. Receipt printing (LA + LC-ATL) No.1 (2) (4) (3) (1) [ ] [X] [ ] ( ) ( ) ( ) ( ) ( ) ( ) ( ) Bulletin Board Signature QR code ② print ① {No.1: {2,4,3,1}, [2], {}}_SK(WBB)

  27. No.1 (2) (3) (4) (5) (3) (1) (1) (2) [ ] (6) [ ] (4) [ ] (7) 7b. Receipt printing (LA + LC-BTL) No.1 (2) (4) (3) (1) [ ] [ ] [ ] (3) (5) (1) (2) (6) (4) (7) Bulletin Board Signature QR code ② print ① {No.1: {2,4,3,1}, [], {3,5,1,2,6,4,7}}_SK(WBB)

  28. No.1 (2) ( ) (4) ( ) (3) ( ) (1) ( ) [ ] ( ) [X] ( ) [ ] ( ) 8a. WBB check later (LA + LC-ATL) Bulletin Board No.1 Match? (2) (4) (3) (1) [ ] [X] [ ] ( ) ( ) ( ) ( ) ( ) ( ) ( ) Match? receipt

  29. No.1 (2) (3) (4) (5) (3) (1) (1) (2) [ ] (6) [ ] (4) [ ] (7) 8b. WBB check later (LA + LC-BTL) Bulletin Board No.1 Match? (2) (4) (3) (1) [ ] [ ] [ ] (3) (5) (1) (2) (6) (4) (7) Match? receipt

  30. Adapting Prêt à Voter:Processing the votes • We use Douglas Wikström’s implementation of a re-encryption mixnet: the Verificatum system. • This provides shuffles, re-encryptions and proofs. • It also provides the final decryption step following the mix, to produce a list of plaintext votes. • Vote packing: given the large numbers of candidates, each preference list is compressed into a small number of ciphertexts to optimise the mixing process, and expanded at the other end. These steps are also verifiable. [Technical details in our EVOTE 2012 paper]

  31. Implementation Timings 100,000 ballots:38 candidates, 8 parties, 90000 ATL + 10000 BTL votes

  32. Ongoing work and outstanding issues • WBB: the main unsolved outstanding problem in verifiable voting • Distributed ballot generation: no single party has control over (or knowledge of) the candidate ordering • Print-on-demand: ballots printed on demand at the polling station, since a voter can use any polling station to cast a vote in their registered district • Signatures: what is the best way to check authenticity of the receipt (smart phone & help organization)? • Usability: for voters and poll workers • Quantify auditing / integrity • Technical developments are discussed further in our EVT 2012 paper: “Using Prêt à Voter in Victorian State Elections” (August 2012)

  33. Conclusion • Usability, accessibility, and remote voting, while retaining assurance in the system, are key drivers. • Prêt à Voter can be customised to the VEC requirements. The main new design feature is the EBM, which introduces fresh challenges. Scaling up also raises issues with processing the votes • A demonstrator is currently being implemented for evaluation, with a view to VEC trialling it next year • Verifiability comes from the ability to check the information published by the system. The code is also open to inspection, though it’s the output of the code that is verified

  34. End

  35. 4. Diane 6QakL5sR 2. Bob 5. Elaine 3. Crystal 1. Alice Voting with Prêt à Voter • Place X or preferences against desired candidate. (candidates in random order) • Separate left hand side. • Destroy left hand side. • Cast (scan) vote. • Take receipt home. 3 5 2 1 4

  36. 6QakL5sR Publish the ballots cast • Voter receipts prevent election officials from altering or removing votes. • Voters confirm inclusion of their vote Voter’s receipt 2 Public bulletin board of votes cast. 4 3 3 5 1 ifde 5 5 2 3 4 1 1 2 w8u 4 4 5 3 1 2 jt1e 3 5 2 1 4 6Qak

  37. Tallying • When the votes are cast: • Publish the votes cast (newspaper, or web bulletin board) • these should match the receipts, and voters can check. • Mix up the votes (see next slide), so resulting votes are not linked to input votes (which correspond to receipts): • Decrypt the mixed votes • Publish the resulting votes. • Count the votes.

  38. Mix nets (Chaum; Jakobsson&Juels) Server 1 Server 2 Server 3 Server 4 • Re-encryption mixing: {c,r1} → {c,r2} are different encryptions of c

  39. Mix nets (Chaum; Jakobsson&Juels) Server 1 Server 2 Server 3 Server 4 proof1 proof 2 proof 3 proof 4 • Tellers provide `proofs of shuffles’: that the set of encrypted values is not changed from one stage to the next. • These proofs can be independently checked.

  40. End-to-end Verifiability for Prêt à Voter Ballot Shuffling by mixnet Ballot Casting Encrypted Votes Encrypted Votes Decrypt and Count Voters Results Verify by public information Verify by checking proofs Verify by receipts End-to-end verifiability

More Related