6. There is a
potential paradigm shift.
A means of
election verification
far more powerful
than other methods.
5
7. Three Points
1. Voting is a unique trust problem.
2. Cryptography is not just about secrets,
it creates trust between competitors,
it democratizes the auditing process.
3. Open-Audit Voting
is closing in on practicality.
6
10. Wooten got the news from his wife, Roxanne,
who went to City Hall on Wednesday
to see the election results.
"She saw my name with zero votes by it.
She came home and asked me if
I had voted for myself or not."
9
13. Bad Analogies
Dan Wallach’s great rump session talk.
More than that
ATMs and planes are vulnerable
(they are, but that’s not the point)
It’s that voting is much harder.
12
14. Bad Analogies
Adversaries
➡ pilots vs. passengers (airline is on your side, I think.)
➡ banking privacy is only voluntary:
you are not the enemy.
Failure Detection & Recover
➡ plane crashes & statements vs. 2% election fraud
➡ Full banking receipts vs. destroying election evidence
Imagine
➡ a bank where you never get a receipt.
➡ an airline where the pilot is working against you.
13
34. Public Ballots
Bulletin Board
Bob:
McCain
Carol:
Obama
21
35. Public Ballots
Bulletin Board
Bob:
McCain
Carol:
Obama
Alice
21
36. Public Ballots
Bulletin Board
Alice: Bob:
Obama McCain
Carol:
Obama
Alice
21
37. Public Ballots
Bulletin Board
Alice: Bob:
Obama McCain
Carol:
Obama
Tally
Obama....2
McCain....
Alice
1
21
38. Encrypted Public Ballots
Bulletin Board
Alice: Bob:
Rice Clinton
Carol:
Rice
Tally
Obama....2
McCain....
Alice
1
22
39. Encrypted Public Ballots
Bulletin Board
Alice: Bob:
Rice Clinton
Carol:
Ali Rice
ce
ver Tally
ifies
he
rv Obama....2
ote
McCain....
Alice
1
22
40. Encrypted Public Ballots
Bulletin Board
Alice: Bob:
Rice Clinton
Carol:
Ali
ce Rice ta lly
e
hTally
ver
ifi ifie st
es
he ne ver
rv ve ryo Obama....2
ote E
McCain....
Alice
1
22
47. Democratizing Audits
Each voter is responsible for checking
their receipt (no one else can.)
Anyone, a voter or a public org,
can audit the tally and
verify the list of cast ballots.
Thus, OPEN-AUDIT Voting.
24
48. 2.
Cryptography is
not just about secrets,
creates trust between
competitors.
25
50. So, yes, we encrypt,
and then we operate on the
encrypted data in public, so
everyone can see.
In particular, because the vote
is encrypted, it can remain
labeled with voter’s name.
27
56. Threshold Decryption
Secret key is shared amongst multiple parties:
all (or at least a quorum) need to cooperate to decrypt.
8b5637
29
57. Threshold Decryption
Secret key is shared amongst multiple parties:
all (or at least a quorum) need to cooperate to decrypt.
Dec sk1 b739cb
8b5637
29
58. Threshold Decryption
Secret key is shared amongst multiple parties:
all (or at least a quorum) need to cooperate to decrypt.
Dec sk1 b739cb
Dec sk2 261ad7
8b5637
29
59. Threshold Decryption
Secret key is shared amongst multiple parties:
all (or at least a quorum) need to cooperate to decrypt.
Dec sk1 b739cb
Dec sk2 261ad7
8b5637
Dec sk3 7231bc
29
60. Threshold Decryption
Secret key is shared amongst multiple parties:
all (or at least a quorum) need to cooperate to decrypt.
Dec sk1 b739cb
Dec sk2 261ad7
8b5637
Dec sk3 7231bc
Dec sk4 8239ba
29
61. Threshold Decryption
Secret key is shared amongst multiple parties:
all (or at least a quorum) need to cooperate to decrypt.
Dec sk1 b739cb
Dec sk2 261ad7
8b5637 "Obama"
Dec sk3 7231bc
Dec sk4 8239ba
29
73. Electronic Experience
Voter interacts with a voting
machine
Voting Machine
Alice
Obtains a freshly printed receipt
that displays the encrypted ballot
Encrypted Vote
Takes the receipt home and uses it
as a tracking number.
Receipts posted for public tally.
35
74. Paper Experience
David
Adam
Bob
Charlie
David _______
Adam _______
Bob _______ Pre-print paper ballots with some
indirection betw candidate and choice
Charlie _______
_______
8c3sw
_______
_______
_______
8c3sw
Break the indirection (tear, detach)
Adam - x
8c3sw
for effective encryption
Bob - q
Charlie - r
David - m Take receipt home and use it
Adam - x
Bob - q
8c3sw
as tracking number.
Charlie - r
q
q
David - m
r
r m
m x
x
8c3sw
Receipts posted for public tally.
q r m x
36
81. Benaloh Casting
"Obama"
Encrypted
Ballot
Alice
"AUDIT"
Alice
38
82. Benaloh Casting
"Obama"
Encrypted
Ballot
Alice
"AUDIT"
Decrypted
Ballot
Alice
38
83. Benaloh Casting
"Obama"
Encrypted
Ballot
Alice
"AUDIT"
Decrypted
Ballot
Alice
Encrypted Decrypted
Ballot Ballot
VERIFICATION
38
84. Benaloh Casting
"Obama"
Encrypted
Ballot
Alice
"AUDIT"
Decrypted
Ballot
Alice
Encrypted Decrypted
Ballot Ballot
VERIFICATION
38
85. Benaloh Casting
"Obama"
Encrypted
Ballot
Alice
"AUDIT"
Decrypted
Ballot
Alice
Encrypted Decrypted
Ballot Ballot
VERIFICATION
38
86. Benaloh Casting
"Obama"
Encrypted
Ballot
Alice
"AUDIT"
Decrypted
Ballot
Alice Alice
Encrypted Decrypted
Ballot Ballot
VERIFICATION
38
87. Benaloh Casting
"Obama"
Encrypted
Ballot
Alice
"AUDIT" "CAST"
Decrypted
Ballot
Alice Alice
Encrypted Decrypted
Ballot Ballot
VERIFICATION
38
88. Benaloh Casting
"Obama"
Encrypted
Ballot
Alice
"AUDIT" "CAST"
Decrypted Signed
Ballot Encrypted
Ballot
Alice Alice
Encrypted Decrypted
Ballot Ballot
VERIFICATION
38
89. Benaloh Casting
"Obama"
Encrypted
Ballot
Alice
"AUDIT" "CAST"
Decrypted Signed
Ballot Encrypted
Ballot
Alice Alice
Encrypted Decrypted
Ballot Ballot
VERIFICATION
Alice
38
90. Benaloh Casting
"Obama"
Encrypted
Ballot
Alice
"AUDIT" "CAST"
Decrypted Signed
Ballot Encrypted
Ballot
Alice Alice
Encrypted Decrypted
Ballot Ballot
Signed
Encrypted
Ballot
VERIFICATION
Alice
38
91. Many more great ideas
Neff ’s MarkPledge
➡ high-assurance, human-verifiable, proofs of correct encryption
Scantegrity
➡ closely mirrors opscan voting
ThreeBallot by Rivest
➡ teaching the concept of open-audit without deep crypto
STV: Ramchen, Teague, Benaloh & Moran.
➡ handling complex election styles
Prêt-à-Voter by Ryan et al.
➡ elegant, simple, paper-based
39
93. Three Points
1. Voting is a unique trust problem.
2. Cryptography is not just about secrets,
it creates trust between competitors,
it democratizes the auditing process.
3. Open-Audit Voting
is closing in on practicality.
41