Title: Ben Hosp, Nils Janson, Phillipe Moore, John Rowe, Rahul Simha, Jonathan Stanton, Poorvi Vora
1- Ben Hosp, Nils Janson, Phillipe Moore, John Rowe,
Rahul Simha, Jonathan Stanton, Poorvi Vora - bhosp, simha, jstanton, poorvi _at_gwu.edu
- Dept. of Computer Science
- George Washington University
2Integrity during ballot casting paper receipts
- Challenge allow the voter to keep a record of
her vote so - she can determine that it has been counted
correctly, yet - not prove how she voted
- This record on paper, so computer problems will
not destroy the record
3CVV can do this, with, from the voters POV
- A voting system that will just work
- The only additional effort required of the voter
is to pull a lever up or down arbitrarily. - Caveat a non-negligible percentage of voters or
their representatives must make the effort to
check their ballot receipts. - Based on a method by David Chaum
4Election Goals
- Integrity Correct vote count.
- Anonymity I cant tell how you voted.
- Involuntary Privacy You cant prove to
me how you voted. - Voter Verifiability You, the voter, can verify
the first two goals. - Public Verifiability Anyone can verify the
first three goals. - Robustness If something goes wrong it can be
detected and fixed
5CVV Assumes
- A set of n independent trustees, all of whom do
not collude (can be made k of n) - Collusion can violate privacy without being
detected - Collusion cannot violate integrity without
detection - All n trustees are functional (can be made k of
n) - A nonfunctional trustee (or gt k nonfunctional
trustees) can cause a denial of service attack
6CVV Assumes
- A not necessarily trustworthy polling machine
- Cannot violate count integrity
- Can violate privacy (sees ballot)
- No collusion between authentication process and
polling machine - Collusion can lead to ballot stuffing
- Sufficiently large number of receipts checked
by voter or authorized third party - Requires process
7poster
8CVV is
- A prototype implementation of Chaums
voter-verifiable voting system - Using commonly available, low-cost hardware and
OS platforms
9Stage 2
10The Voting ProcessBallot Casting
- The voter uses the voting booth machine to
generate some image her vote. - The booth prints out two layers
- which are random by themselves,
- but when overlaid, display the image.
11Layer generation
- The layers are generated using two strings of
random numbers - Each created by adding trustee shares
- Each of size half of the number of image pixels
- One for the top layer, other for bottom
- Laid in staggered form on the two layers
R
R
R
R
R
R
R
R
R
R
R
R
R
R
R
R
12Layer generation
- Other half pixels on each layer are such that the
overlay is the correct vote
?
Other vote
13Different types of receipts
- Optical (additive) overlay Chaum
- Many other symbols by Jeroen van de Graf
14The Voting ProcessReceipt Choice
- The voter chooses one layer for her receipt.
- Some other stuff is printed on the chosen
layer. - The unchosen layer is destroyed.
- The chosen layer is stored or transmitted
- It can be shown that the machine can cheat in
only one of the two receipts if the overlay
represents the vote.
15The Voting ProcessReceipt Checking
- Receipts at counting station can all be checked,
by a third party, for correctness. - A voter can check her own receipt has reached the
counting station or have it checked by a third
party. - Automated checking that a hard copy matches an
image at counting station not yet implemented by
CVV. Visual checking possible.
16Cheating machine caught with probability half
- If the machine has cheated on a vote which has
the check performed - it will be detected with non-negligible
probability (one-half?) - this does not depend on the hardness of any
problem using any computational model, but - on the randomness of the voter choice
- Does not depend on voter trust of poll worker
checks
17The Complete Ballot
- The receipt/vote has the following fields
- The vote ID
- The encrypted image.
- Information for trustees required to decrypt
- the top layer.
- the bottom layer
- A signature of the vote ID
- info required by non-trustee to recreate above
for chosen layer, but - not unchosen one
- used to check commitments.
- A signature of the whole ballot to prevent false
claims of uncounted votes
Pre choice
Post choice
18The Complete Ballot
- The information on the ballot
- Can be used by anyone to verify that the ballot
was correctly constructed, but - Cannot be used to decrypt the ballot except by
appropriate combination of trustees.
19The Vote-Decryption Process similar to a
regular MIX
- Random pixels were generated using a different
seed for each trustee for top and bottom - The seed of the chosen layer made available on
the receipt for checking - The other seed made available in nested encrypted
form for the trustees to generate random part of
unchosen layer
20The Vote-Decryption Process
- Each trustee
- for each ballot
- extracts his seed
- incrementally regenerates the random numbers
on the other layer - adds his share to the ballot
- shuffles all the ballots
- passes on the ballots to the next trustee
21Receipt Decryption
R
R
R
R
?
R
R
R
R
would have looked like
The other vote
22The Auditor
- The first trustee is asked to reveal, to the
public, a random half of his shuffle. - The next trustee reveals the other half.
- And so forth
- no ballot can be completely traced through the
shuffles.
23The Auditor
- Each trustee provides
- A correspondence between input and output images
- A seed value
- Such that
- the encryption of the seed with his public key
gives the encrypted information - the difference between the output and input
images of the revealed half of their shuffle was
generated using the seed - Cheating trustee caught with probability half for
every vote cheated on
24Reduce negative aspects of voter verification by
- Participation by
- major political interests
- public interest organizations
- as
- Trustees
- Third party working on behalf of voter to
- Check that receipt is on website
- Check that receipt was correctly generated
- (For this, need them to actively obtain receipts)
- Witnesses of trustee decryption process and audit
25Reduce negative aspects of voter verification
by - II
- Process that includes encouraging voter
verification when fraud detected or alleged - If a voter claims his vote not counted, encourage
enough voters to check their votes to determine
extent of fraud/error - If a displayed receipt does not check, check
receipts in that precinct to determine extent of
fraud/error
26Current status of CVV
- Prototype implemented in Java
- Currently supports low-end ink jet printing
- Plan
- Open source release
- User-friendly ballots
- Pre-packaged election tool kit for third-party
elections (e.g. student elections). Those
interested please contact us. - Construction of various other primitives for plug
and play
27More Next Steps
- Performance and Robustness Testing and
Enhancements - Trials in local and school elections
- for education and
- to test usefulness and acceptance of scheme
- With Political Science and Public Affairs Faculty
- Determine if there is a difference in acceptance
along group lines - Political parties
- Age
- Race
- Ability (among handicapped Braille overlay
methods can be developed)
28References and Acknowledgements
- David Chaum
- David Chaum, Secret-Ballot Receipts True
Voter-Verifiable Elections, IEEE Security and
Privacy, January-February 2004 (Vol. 2, No. 1) - Poorvi Vora, David Chaums Voter Verification
using Encrypted Paper Receipts,
www.seas.gwu.edu/poorvi/Chaum/chaum.pdf - Also on DIMACS website linked from talk abstract
29 30CVV - How it worksbased on Chaum
voter-verifiable voting system
- Voter votes. Obtains an encrypted receipt that
even she cannot decrypt outside polling booth - only all n trustees can decrypt it
- this can be modified to k of n trustees.
- We will describe later how she can be sure the
polling machine did not cheat - Voter checks for receipt on public website. If it
is there, her vote has reached the counting
station
31CVV - How it works
- Possessor (voter or third party or anyone if
receipt on website) can check if receipt is
correctly generated. - All votes at counting station are serially
(partially) decrypted and shuffled by trustees
(version of MIX) - Final, unencrypted, shuffled votes are counted.
Conditional count announced. - Trustee decryption and shuffle is audited. Final
count announced, election certified.