Secret Ballot Receipts: True Voter Verifiable Elections - PowerPoint PPT Presentation

1 / 19

About This Presentation

Title:

Secret Ballot Receipts: True Voter Verifiable Elections

Description:

Number of Views:48

Avg rating:3.0/5.0

Slides: 20

Provided by: Ada560

Category:

more less

Transcript and Presenter's Notes

Title: Secret Ballot Receipts: True Voter Verifiable Elections

1
Secret Ballot ReceiptsTrue Voter Verifiable
Elections

2
Outline

3
Paper Selection

Google Scholar 25 Citations
Published in IEEE Security and Privacy 2004
David Chaum founded the International
Association for Cryptographic Research, has filed
25 separate cryptography related patents
Referenced directly in Wednesdays paper
Scored 1,545,673 out of a possible 1,545,674
points on the Adam Anthony thinks its a really
neat paper scale

4
Secret Ballots

Required by free democracies
Basic premise The voter brings nothing out of
the polling place that he didnt bring in that
would provide information as to who he voted for.
Buttons, T-Shirts, etc. allowed
Copy of ballot, plaintext ballot materials, not
allowed

5
Trust Issues

6
Summary of Results

Use visual encryption to produce a
zero-information ballot receipt
Eliminates the need for proprietary black box
systems
Setup
A normal computer running openly published,
verifiable software
A special receipt printer
User may take part of the encrypted receipt with
him which can be used (personally, or by his
party affiliation officials) to verify the
correctness of his ballot
Additionally, correctness can be verified without
revealing who he voted for
Tallying of votes is also quickly verifiable

7
Printer Requirements

Printer fundamentally appears to be a simple cash
register receipt printer
Printer heads are positioned to print on both the
front and back of a clear polymer tape
The tape is actually 2 laminated pieces of tape
The bottom inch contains instructions for
separating the tape

8
Receipts, continued
9
Encoding a Receipt

Generate one pad of random pixel symbols (white
sheet)
The second pad is created by choosing the correct
symbol to either allow transparency or opacity
(red sheet)
Transparent portions produce the type-set report
Swap every other pixel symbol between the two
sheets so that either layer can be chosen as the
receipt

10
Verifying Receipts

Handheld scanners can be used to verify ballot
consistency outside the polling place
Digital copies of the receipts are sent to the
main server
Online Enter the serial number at the bottom of
the receipt and verify the image on record is
identical to your own
Eventually, all ballots are decrypted and posted
online as well, to verify the count

11
Properties

If your receipt is correctly posted, you can be
sure (with acceptable probability) that your vote
will be included correctly in the tally
No one can decode your receipt or otherwise link
it to your vote except by breaking the code or
decrypting it using all the secret keys, each of
which is assigned to a different trustee
There are only 3 ways a system could change a
voters ballot without direct detection
Print an incorrect layer, gambling theyll choose
the other layer
Use the same serial number for 2 different
receipts, hoping the 2 voters choose the same
layer
Perform a tally process step incorrectly, taking
the chance that the step will escape selection
during the audit
There is a 50/50 chance that any of the above
fraud attempts will succeed, per ballot

12
Meat, Potatoes, Hold the Vegetables

13
About Dolls

Author uses the Russian Doll analogy to explain
the decryption process.
A Doll consists of a set of random pads, added
together (mod 2)
The largest doll is used to create the
background sheet
There is a set of private keys that opens one
of each of the dolls.
The output of the decryption yields a partially
decrypted message, as well as the value of the
next doll
Several trustees oversee each phase of
decryption, basic key management schemes protect
against missing/corrupt trustees

14
Voting Phase

The voter supplies a ballot image B
The system responds by providing two 4-tuples
ltLz,q,Dt,Dbgt - this is the data printed on each
separate layer
The voter visually verifies that Lt ? Lb B and
that q, Dt, Db are identical on both layers
Voter aborts if there is a problem, or selects
x t or b for his choice of the top or bottom
layer

15
Voting Phase, cont.

The system makes two digital signatures, and
provides them as a 2-tuple ltsx(q), ox(Lz,q,Dt,Db,
sx(q)) gt
The voter (or a designate) performs a consistency
check to ensure that the digital signatures of
the 2-tuple check, using agreed public inverses
of the systems private signature functions sx
and ox,with the unsigned version of the
corresponding values of the selected 4-tuple (as
printed) on the selected layer, and that sx(q)
correctly determines Dx and the half of the
elements of Lx that it should determine

16
Yet more on the voting phase

Remember that each layer contains an equal amount
of red bits (the message) and white bits (the
sum of dolls)
Let Rz and Wz be matrices representing the set of
red and white bits for layer image Lz
Let h and h be pseudo-random functions of q
ei is a public key corresponding to a trustees
private key di

17
Decryption to Plaintext

18
More important than decryption
19
Conclusion

Reduces the cost of integrity while raising its
level dramatically
Voters are able to assure their own vote
Voting can be more accessible due to the better
handling of provisional ballots
Hardware system costs are lower than current
black-box systems, cost of printers should be
less than the money saved
Simpler maintenance, easier upgrade, multiple
uses
Open code means opposing parties will work hard
to assure its integrity, and the government can
fund the operation as well
The auditing of trustees and system integrity is
easily automated, and mathematically sound