340 likes | 543 Views
Independently-Verifiable Secret-Ballot Elections. Poorvi L. Vora Department of Computer Science The George Washington University. Outline. Current voting technology, limitations Cryptographic approach; paradigm shift “End-to-end” voting systems Electronic E2E voting systems.
E N D
Independently-Verifiable Secret-Ballot Elections Poorvi L. Vora Department of Computer Science The George Washington University
Outline • Current voting technology, limitations • Cryptographic approach; paradigm shift • “End-to-end” voting systems • Electronic E2E voting systems
In the world’s oldest continuous democracy • Humboldt County, CA:voting machinesdropped 197 votes – Wired, 12-8-2008 • Florida’s 13th Congressional District (2006): One in seven votes recorded on voting systems was blank – US Government Accountability Office, 2-8-2008 • Franklin County, Ohio: computer error gave Bush 3,893 extra votes in one precinct – WaPo, 11-6-2004 • In a North Carolina County: 4,500 votes were lost –WaPo, 11-6- 2004
Voting Machine Analysis • Kohno et al (2004): Diebold AccuVote-TS DRE* • Voters can cast unlimited votes without detection • Insiders can modify votes and match votes to voters • Felten (2006) • "Hotel Minibar Keys Open Diebold Voting Machines • Bishop, Wagner et al (2007): CA “Top to Bottom Review” • Voter can insert a virus into code • Virus can spread through the state’s election system And so on …. optical scan (Kiayias et al, 2007), Ohio voting machines OS + DRE (McDaniel et al, 2007); NJ DREs (Appel et al, 2009); *DRE: Direct Recording Electronic
More exhaustive testing? • Not possible to test large programs for the absence of errors • Cannot rely only on • software and • software testing • Go back to paper, or keep paper back-up
At least “we” can count paper BUT • Everyone cannot use paper • Inefficient and inaccurate counts and recounts (e.g. Minnesota Senate election) Problems of integrity remain • “we” = persons with privilege • Still need to secure cast ballots till counting
Integrity Issues Are these our only choices: • Trust: • chain of custody of voting systems/paper back-up and • those who count OR • Watch • all locks on all precincts, and • all counts
Paradigm Shift Audit the ElectionNot the Equipment Instead of checking • all the software, and • that it will perform several operations correctly every time Determine that only the tally is correct, only this time
Encrypted Paper Trail 1. Voter Casts Encrypted Vote and Takes Copy out of Polling Booth 2. Voter Checks Receipt on Website/Newspaper
5: McCain 3:Romney 5: McCain 3:Romney Tally Tally 34W1 AC1U Voting system HY40 • Public digital audit trail • commitment by voting system • for proof of tally • Public digital audit trail • commitment by voting system • for proof of tally 9IK1 2LS7 B8OH 5TJG DEV6 Tally Computation 3. Voting system reveals tally and a digital audit trail to begin the proof of tally correctness
Partial decryption using assymetric-key cryptography 34W1 5GXT McCain AC1U NZ2Q Romney HY40 LN04 McCain 9IK1 S43R McCain 2LS7 77JH McCain B8OH MBFD Romney 5TJG AZ9J Romney DEV6 LOQ1 McCain On public website: anyone can compute tally For example: Invention of Secure Electronic VotingVotes are decrypted and shuffledMixnet:David Chaum (1981): Public key encryption/decryption
Tally Audit 4. Public audit performed by auditors Successful audit verifies tally without revealing information on votes Open • Voting protocols can protect • tally integrity or • vote secrecy (but not both) • against an adversary who can break the cryptography
34W1 5GXT McCain AC1U NZ2Q Romney HY40 LN04 McCain 9IK1 S43R McCain 2LS7 77JH McCain B8OH MBFD Romney 5TJG AZ9J Romney DEV6 LOQ1 McCain For Example: Tally AuditJakobsson, Juels, Rivest (2002) * * * * * * * * On public website: anyone can check opened commitments
The story so far (in 2002) … • Very interesting theoretical results Chaum (1981), Cohen (now Benaloh) and Fischer (1985), Benaloh and Tuinstra (1994), Sako and Kilian (1995), • Relevant: zero-knowledge proofs and interactive/non-interactive proofs (e.g. Goldwasser-Micali-Rackoff (1985) ) • BUT: Computers vote OR humans encrypt votes • Encryption on trusted machines • Cannot use in polling booth • Cannot use to vote from home, because • Home PCs can have viruses • Adversary can threaten or bribe voter
E2E Systems: Voter-Verifiable VotingVoters need not trust encryption device • Electronic: Chaum (2002-3); Neff (2004); Benaloh (2006); VoteBox (2007) • Paper Ballots: Prêt à Voter (2005); Punchscan (2005); Scratch and Vote (2006); Voting Ducks (2006); Scantegrity (2007) • Remote: Rijnland Internet Election System (RIES) Netherlands governmental elections (2004, 2006); Helios (2008); not resistant to remote coercion
Example: Prêt à Voter Ryan et al, 2005 1. System encrypts vote 2. Voters can choose to audit the encryption or cast it 3. Audit ballot by opening onion “Onion” Ballot Receipt Picture from Stefan Popoveniuc, PhD Dissertation, GW, 2009
Scantegrity IITakoma Park Municipal Election: 2009Scantegrity II front end + Punchscan back-end UMBC, GW, MIT, Waterloo, UOttawa
First fully-voter-verifiable secret-ballot governmental election • November 3, 2009: Takoma Park, MD • Mayor + 6 Council Members • 1728 votes cast (10,934 registered voters) • Candidates were ranked by voters (instant runoff voting) • Unique: • Public audit of tally • Open-source • Fully-verifiable by voters
Scantegrity II (2008) UMBC, GW, MIT, Waterloo, UOttawa Photo by Alex Rivest
Website Verification • Immediately after election (10-11 pm) • Scantegrity count announced • Codes made available online • 81 unique ballot verifications, 64 before Takoma Park complaint deadline (Nov. 6) • One complaint • Codes not clear enough for one voter • Voter noted “0” • Scantegrity website said “8” • Voter trusted Scantegrity code was correct • Audit check later revealed Scantegrity code was correct
Audits: (Closed) Manual Vote Count • November 5, afternoon • Jointly by Scantegrity and Takoma Park • Corroborated Scantegrity total • Few differences, due to difference between: • machine reading (by scanner) and • human determination of voter intent • Election certified at 7 pm. • by Chair, Board of Elections, to City Council
Audits: Encryption Audit Lillie Coney* Audited ballots through the day Chose about 50 ballots at random Exposed all confirmation codes Took home copies of marked ballots Checked them against commitments when opened after election With familiarity, voters, including candidate representatives, can do this too • * Associate Director, Electronic Privacy Information Center and • Public Policy Coordinator for the National Committee for Voting Integrity (NCVI)
Audits: Digital Audit Trail Dr. Ben Adida* and Dr. Filip Zagórski+ • Audited the entire digital audit trail and independently confirmed tally correctness • Provided their own copy of confirmation codes for voter check • Pointed out discrepancies in documentation * Helios and Center for Research on Computation and Society, Harvard University +Institute of Mathematics and Computer Science, Wroclaw University of Technology, Poland
Universally Verifiable Anyone can perform the audits performed by Adida and Zagórski • BoE Chair expects other voters will, using software provided by Adida and Zagórski • Voters can write their own software, using Scantegrity public spec
Limitations • Bulletin Board (website) needs to be secure • Ensure that it doesn’t present one code to voters, another to auditors • Hence Adida and Zagórski made their own copies and requested voters to check • The cryptographic protocol does not prevent ballot stuffing, we had to use procedures • Paper ballots are inaccessible to those with motor and visual disabilities
Electronic Audit • Voter: “Vote for Bob” • System prints encryption and signs it • Voter: “I want to audit this encryption” • System shows that it encrypted vote for Alice • Voter knows system cheated, but no proof without hard record of “Vote for Bob” • If we keep hard record, then has to be destroyed if voter chooses to vote, not audit • Need observers during audit. Can we do that without voting system detecting an audit?
Conclusions • Can have better integrity of election outcome using E2E systems • Challenges exist in making E2E systems electronic
Acknowledgements Collaborators: Carback, Chaum, Clark, Coney, Essex, van de Graaf, Hall, Hosp, Popoveniuc, Rivest, Ryan, Shen, Sherman, Wagner At NIST: Hastings, Kelsey, Peralta, Popoveniuc, Regenscheid Help with Takoma Park election: City Clerk and Board of Elections, Takoma Park Independent auditors: Adida, Coney, Zagórski Survey: Baumeister Others: Florescu, Jones, Relan, Rubio, Sonawane, Support: NSF IIS 0505510, NSF CNS 0831149, NSF CNS 0937267 School of Engineering and Applied Science, GW: start-up funds