1 / 19

Secret Ballot Receipts: True Voter Verifiable Elections

Secret Ballot Receipts: True Voter Verifiable Elections. Author: David Chaum Published: IEEE Security & Privacy Presenter: Adam Anthony. Outline. Paper Selection Criteria Secret Ballot Discussion Electronic vs. Handwritten ballots Summary of Results Physical Receipt Characteristics

andrew
Download Presentation

Secret Ballot Receipts: True Voter Verifiable Elections

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Secret Ballot Receipts:True Voter Verifiable Elections Author: David Chaum Published: IEEE Security & Privacy Presenter: Adam Anthony

  2. Outline • Paper Selection Criteria • Secret Ballot Discussion • Electronic vs. Handwritten ballots • Summary of Results • Physical Receipt Characteristics • Verifying Votes • Properties of the system • Encoding, decoding, tallying votes • Conclusion

  3. Paper Selection • Google Scholar: 25 Citations • Published in IEEE Security and Privacy 2004 • David Chaum: founded the International Association for Cryptographic Research, has filed 25 separate cryptography related patents • Referenced directly in Wednesday’s paper • Scored 1,545,673 out of a possible 1,545,674 points on the “Adam Anthony thinks it’s a really neat paper” scale

  4. Secret Ballots • Required by free democracies • Basic premise: The voter brings nothing out of the polling place that he didn’t bring in that would provide information as to who he voted for. • Buttons, T-Shirts, etc. allowed • Copy of ballot, plaintext ballot materials, not allowed

  5. Trust Issues • Handwritten Ballots are the “Gold Standard” of voting • Electronic voting machines are considered insecure

  6. Summary of Results • Use visual encryption to produce a zero-information ballot receipt • Eliminates the need for proprietary “black box” systems • Setup: • A normal computer running openly published, verifiable software • A special receipt printer • User may take part of the encrypted receipt with him which can be used (personally, or by his party affiliation officials) to verify the correctness of his ballot • Additionally, correctness can be verified without revealing who he voted for • Tallying of votes is also quickly verifiable

  7. Printer Requirements • Printer fundamentally appears to be a simple cash register receipt printer • Printer heads are positioned to print on both the front and back of a clear polymer tape • The tape is actually 2 laminated pieces of tape • The bottom inch contains instructions for separating the tape

  8. Receipts, continued

  9. Encoding a Receipt • Generate one pad of random pixel symbols (white sheet) • The second pad is created by choosing the correct symbol to either allow transparency or opacity (red sheet) • Transparent portions produce the type-set report • Swap every other pixel symbol between the two sheets so that either layer can be chosen as the receipt

  10. Verifying Receipts • Handheld scanners can be used to verify ballot consistency outside the polling place • Digital copies of the receipts are sent to the main server • Online: Enter the serial number at the bottom of the receipt and verify the image on record is identical to your own • Eventually, all ballots are decrypted and posted online as well, to verify the count

  11. Properties • If your receipt is correctly posted, you can be sure (with acceptable probability) that your vote will be included correctly in the tally • No one can decode your receipt or otherwise link it to your vote except by breaking the code or decrypting it using all the secret keys, each of which is assigned to a different trustee • There are only 3 ways a system could change a voter’s ballot without direct detection • Print an incorrect layer, gambling they’ll choose the other layer • Use the same serial number for 2 different receipts, hoping the 2 voters choose the same layer • Perform a tally process step incorrectly, taking the chance that the step will escape selection during the audit • There is a 50/50 chance that any of the above fraud attempts will succeed, per ballot

  12. Meat, Potatoes, Hold the Vegetables • Where we’ve been: • System Hardware Specification • Encoding Receipts • Verifying Receipts • Properties of the system • Where we’re going • Mathematical model of the voting process • Mathematical model of the tallying process • Proof of system properties

  13. About Dolls • Author uses the “Russian Doll” analogy to explain the decryption process. • A Doll consists of a set of random pads, added together (mod 2) • The largest doll is used to create the “background” sheet • There is a set of private keys that “opens” one of each of the dolls. • The output of the decryption yields a partially decrypted message, as well as the value of the next “doll” • Several trustees oversee each phase of decryption, basic key management schemes protect against missing/corrupt trustees

  14. Voting Phase • The voter supplies a ballot image B • The system responds by providing two 4-tuples <Lz,q,Dt,Db> - this is the data printed on each separate layer • The voter visually verifies that Lt  Lb = B and that q, Dt, Db are identical on both layers • Voter aborts if there is a problem, or selects x = t or b for his choice of the top or bottom layer

  15. Voting Phase, cont. • The system makes two digital signatures, and provides them as a 2-tuple <sx(q), ox(Lz,q,Dt,Db, sx(q)) > • The voter (or a designate) performs a consistency check to ensure that the digital signatures of the 2-tuple check, using agreed public inverses of the system’s private signature functions sx and ox,with the unsigned version of the corresponding values of the selected 4-tuple (as printed) on the selected layer, and that sx(q) correctly determines Dx and the half of the elements of Lx that it should determine

  16. Remember that each layer contains an equal amount of ‘red’ bits (the message) and ‘white’ bits (the sum of dolls) Let Rz and Wz be matrices representing the set of red and white bits for layer image Lz Let h and h’ be pseudo-random functions of q ei is a public key corresponding to a trustee’s private key di Lti,2j - (i mod 2) = Rt Lti,2j - (i + 1 mod 2) = Wt Lbi,2j - (i + 1 mod 2) = Rb Lbi,2j - (i mod 2) = Wb Rx Wy = Bx Wzi,j = (dzk  dzk-1  …  dz1) d’zl = h(sz(q),l) dzl = h’(d’zl) Dzl = el(d’zl … e2(dz2(e1(d’z1)) The final Doll, Dz = Dzk Yet more on the voting phase

  17. Decryption to Plaintext • Input Lx and Dy , refer to them as Bk, Dk • Compute d’l from Dk using the proper private key • Dk-1 = Dk/ d’l • Find dl using h’ • Compute Bk-1 = Bk dl • B0 = Bz, the plaintext ballot

  18. More important than decryption

  19. Conclusion • Reduces the cost of integrity while raising its level dramatically • Voters are able to assure their own vote • Voting can be more accessible due to the better handling of provisional ballots • Hardware system costs are lower than current black-box systems, cost of printers should be less than the money saved • Simpler maintenance, easier upgrade, multiple uses • Open code means opposing parties will work hard to assure its integrity, and the government can fund the operation as well • The auditing of trustees and system integrity is easily automated, and mathematically sound

More Related