1 / 31

Ben Hosp, Nils Janson, Phillipe Moore, John Rowe, Rahul Simha, Jonathan Stanton, Poorvi Vora

Ben Hosp, Nils Janson, Phillipe Moore, John Rowe, Rahul Simha, Jonathan Stanton, Poorvi Vora {bhosp, simha, jstanton, poorvi} @gwu.edu Dept. of Computer Science George Washington University. Integrity during ballot casting: paper receipts.

shelly
Download Presentation

Ben Hosp, Nils Janson, Phillipe Moore, John Rowe, Rahul Simha, Jonathan Stanton, Poorvi Vora

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Ben Hosp, Nils Janson, Phillipe Moore, John Rowe, Rahul Simha, Jonathan Stanton, Poorvi Vora {bhosp, simha, jstanton, poorvi} @gwu.edu Dept. of Computer Science George Washington University

  2. Integrity during ballot casting: paper receipts Challenge: allow the voter to keep a record of her vote so • she can determine that it has been counted correctly, yet • not prove how she voted This record on paper, so “computer” problems will not destroy the record

  3. CVV* can do this, with, from the voter’s POV • A voting system that will “just work” • The only additional effort required of the voter is to pull a lever up or down arbitrarily. • Caveat: a non-negligible percentage of voters or their representatives mustmake the effort to check their ballot receipts. * Based on a method by David Chaum

  4. Election Goals • Integrity – Correct vote count. • Anonymity – I can’t tell how you voted. • Involuntary Privacy – You can’t prove to me how you voted. • Voter Verifiability – You, the voter, can verify the first two goals. • Public Verifiability – Anyone can verify the first three goals. • Robustness – If something goes wrong it can be detected and fixed

  5. CVV Assumes • A set of n independent trustees, all of whom do not collude (can be made k of n) • Collusion can violate privacy without being detected • Collusion cannot violate integrity without detection • All n trustees are functional (can be made k of n) • A nonfunctional trustee (or > k nonfunctional trustees) can cause a denial of service attack

  6. CVV Assumes • A not necessarily trustworthy polling machine • Cannot violate count integrity • Can violate privacy (sees ballot) • No collusion between authentication process and polling machine • Collusion can lead to ballot stuffing • Sufficiently large number of receipts checked – by voter or authorized third party • Requires process

  7. poster

  8. CVV is • A prototype implementation of Chaum’s voter-verifiable voting system • Using commonly available, low-cost hardware and OS platforms

  9. Stage 2 • Demo 1: walk-through

  10. The Voting ProcessBallot Casting • The voter uses the voting booth machine to generate some image: her vote. • The booth prints out two layers • which are random by themselves, • but when overlaid, display the image.

  11. Layer generation The layers are generated using two strings of random numbers • Each created by adding trustee shares • Each of size half of the number of image pixels • One for the top layer, other for bottom • Laid in staggered form on the two layers R R R R R R R R R R R R R R R R

  12. Layer generation • Other half pixels on each layer are such that the overlay is the correct vote  = Other vote:

  13. Different types of receipts • Optical (additive) overlay: Chaum • Many other symbols by Jeroen van de Graf

  14. The Voting ProcessReceipt Choice • The voter chooses one layer for her receipt. • Some other “stuff” is printed on the chosen layer. • The unchosen layer is destroyed. • The chosen layer is stored or transmitted • It can be shown that the machine can cheat in only one of the two receipts if the overlay represents the vote.

  15. The Voting ProcessReceipt Checking • Receipts at counting station can all be checked, by a third party, for correctness. • A voter can check her own receipt has reached the counting station or have it checked by a third party. • Automated checking that a hard copy matches an image at counting station not yet implemented by CVV. Visual checking possible.

  16. Cheating machine caught with probability half If the machine has cheated on a vote which has the check performed • it will be detected with non-negligible probability (one-half?) • this does not depend on the hardness of any problem using any computational model, but • on the randomness of the voter choice Does not depend on voter trust of poll worker checks

  17. The Complete Ballot The receipt/vote has the following fields: • The vote ID • The encrypted image. • Information for trustees required to decrypt • the top layer. • the bottom layer • A signature of the vote ID • info required by non-trustee to recreate above for chosen layer, but • not unchosen one • used to check commitments. • A signature of the whole ballot to prevent false claims of uncounted votes Pre choice { { Post choice

  18. The Complete Ballot The information on the ballot • Can be used by anyone to verify that the ballot was correctly constructed, but • Cannot be used to decrypt the ballot except by appropriate combination of trustees.

  19. The Vote-Decryption Process – similar to a regular MIX • Random pixels were generated using a different seed for each trustee for top and bottom • The seed of the chosen layer made available on the receipt for checking • The other seed made available in nested encrypted form for the trustees to generate random part of unchosen layer

  20. The Vote-Decryption Process Each trustee: • for each ballot: • extracts his seed • incrementally regenerates the random numbers on the other layer • adds his share to the ballot • shuffles all the ballots • passes on the ballots to the next trustee

  21. Receipt Decryption R R R R  = R R R R would have looked like The other vote

  22. The Auditor • The first trustee is asked to reveal, to the public, a random half of his shuffle. • The next trustee reveals the other half. • And so forth • no ballot can be completely traced through the shuffles.

  23. The Auditor • Each trustee provides • A correspondence between input and output images • A seed value Such that • the encryption of the seed with his public key gives the encrypted information • the difference between the output and input images of the revealed half of their shuffle was generated using the seed • Cheating trustee caught with probability half for every vote cheated on

  24. Reduce “negative aspects” of voter verification by Participation by major political interests public interest organizations as: • Trustees • Third party working on behalf of voter to • Check that receipt is on website • Check that receipt was correctly generated (For this, need them to actively obtain receipts) • Witnesses of trustee decryption process and audit

  25. Reduce “negative aspects” of voter verification by - II Process that includes encouraging voter verification when fraud detected or alleged: • If a voter claims his vote not counted, encourage enough voters to check their votes to determine extent of fraud/error • If a displayed receipt does not check, check receipts in that precinct to determine extent of fraud/error

  26. Current status of CVV • Prototype implemented in Java • Currently supports low-end ink jet printing • Plan • Open source release • User-friendly ballots • Pre-packaged election tool kit for third-party elections (e.g. student elections). Those interested please contact us. • Construction of various other primitives for plug and play

  27. More Next Steps • Performance and Robustness Testing and Enhancements • Trials in local and school elections • for education and • to test usefulness and acceptance of scheme • With Political Science and Public Affairs Faculty Determine if there is a difference in acceptance along group lines: • Political parties • Age • Race • Ability (among handicapped; Braille overlay methods can be developed)

  28. References and Acknowledgements • David Chaum • David Chaum, “Secret-Ballot Receipts: True Voter-Verifiable Elections”, IEEE Security and Privacy, January-February 2004 (Vol. 2, No. 1) • Poorvi Vora, “David Chaum’s Voter Verification using Encrypted Paper Receipts”, www.seas.gwu.edu/~poorvi/Chaum/chaum.pdf Also on DIMACS website linked from talk abstract

  29. Extras

  30. CVV - How it worksbased on Chaum voter-verifiable voting system • Voter votes. Obtains an encrypted receipt that even she cannot decrypt outside polling booth • only all n trustees can decrypt it • this can be modified to k of n trustees. We will describe later how she can be sure the polling machine did not cheat • Voter checks for receipt on public website. If it is there, her vote has reached the counting station

  31. CVV - How it works • Possessor (voter or third party or anyone if receipt on website) can check if receipt is correctly generated. • All votes at counting station are serially (partially) decrypted and shuffled by trustees (version of MIX) • Final, unencrypted, shuffled votes are counted. Conditional count announced. • Trustee decryption and shuffle is audited. Final count announced, election certified.

More Related