Presentation is loading. Please wait.

Presentation is loading. Please wait.

©1996-2004 VoteHere, Inc. All rights reserved. November 2004 VHTi Data Demonstration Andrew Berg Director, Engineering.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "©1996-2004 VoteHere, Inc. All rights reserved. November 2004 VHTi Data Demonstration Andrew Berg Director, Engineering."— Presentation transcript:

1 ©1996-2004 VoteHere, Inc. All rights reserved. November 2004 VHTi Data Demonstration Andrew Berg Director, Engineering

2 Agenda  What is VHTi and why is it important  How does VHTi fit into an election  Show the detailed steps of VHTi in an election and the data flow of VHTi  This is not a detail look at the math behind VHTi

3 Protection vs. Detection The worst election nightmare is undetected fraud. Protection alone is just half the solution  No way today to prove election integrity end-to-end.  Standard security tweaks are an arms race versus hackers (real or theoretical).  Insiders may always be suspect. Detection is also needed  Provide indisputable proof of election integrity.  Raise alarms when mistakes or intrusions occur.  Open the process fully to public scrutiny.

4 VHTi provides Detection VHTi  proves election results are valid end-to-end. VHTi is voter-verified audit technology that works inside any electronic voting machine (DRE) and provides two things: Voter Confidence Private Voter-Verified Receipt Results Confidence Election Transcript  for Independent Audit Receipts are verified against independently audited results

5 VHTi proves your vote was counted properly Voter ConfidenceResults Confidence Without VHTi, voting machines can alter ballots, destroying voter intent. VHTi provides mechanisms to audit the voting machines to ensure that voter intent is preserved.

6 Roles with VHTi Election Official  Sign documents  Organize Tabulation Authorities  Publish data for Observer review Tabulation Authority  Decrypt ballots in a way that preserves privacy Voter  Vote, and confirm receipt is properly printed  After election, compare receipt against Verification Statement Observer  Verify all protocol data relationships in published Election Transcript  Could be anyone

7 Data Demo General Assumptions In order to illustrate VHTi data, this demonstration uses a simple single precinct election.  1 Precinct  1 Voting Machine  5 Voters  1 Ballot Style  1 Question  3 Tabulation Authorities  2 Tabulation Authorities needed to tabulate

8 Data Demo High-Level Steps The steps can be split into 4 high-level categories

9 Step 1 - Configure Election First the Election Official will define the basic election configuration. For this demonstration, we use:  Election: 1960 Presidential Election  County: Cook County IL  Precinct Name: Lincoln Park High School  Precinct Number: 123

10 Step 2 Create Election Official Key Pairs Next the Election Official creates their private / public key pair, used to sign documents. These digital credentials will provide proof of authenticity of documents.  Election Official Private Key (kept secret)  Election Official Public Key (published) This key pair could be replaced with x.509 if desired.

11 Step 2 - Election Official Key Pairs Data Election Official Public Key Election Official Private Key

12 Step 3 - Define Election Parameters The Election Official will determine the number of Tabulation Authorities who will be participating in the election. For purposes of this demonstration, a total of three Tabulation Authorities will participate. Of those three, two will be required to complete to tabulate after the election.  N=3  T=2 It is important to have more than 1 Tabulation Authority required to tabulate. That way in order to defraud the election the Tabulation Authorities would have to collude. It is not necessary to have the total number of Tabulation Authorities required to tabulate, incase something happens to one of the Tabulation Authorities.

13 Step 4 - Set up Tabulation Authorities The Tabulation Authorities need to establish their own key pairs. Additionally, they will meet to complete a step in which they produce the election public key.  Election Public Key  Tabulation Authority Secret Shares (Election Private Key) The Tabulation Authority Secret Shares have to be kept secret by each Tabulation Authority.

14 Step 4 - Tabulation Authority Data Election Public Key & Support Data

15 Step 4 - Tabulation Authority Data Tabulation Authority Secret Share (Private)

16 Step 5 - Create and Sign Blank Ballot Styles Once the Election Official has created and approved the basic ballot styles, the ballot data can be imported into the VHTi system. ElectionNovember 1960 General Election CountyCook County, Illinois PrecinctLincoln Park High SchoolPrecinct Number123  VHTi Ballot Skeleton  VHTi Blank Ballot  VHTi Signed Blank Ballot ContestPresident & Vice-President of the United States InstructionsVote for One John Fitzgerald Kennedy & Lyndon Baines JohnsonDemocrat Richard Milhous Nixon & Henry Cabot LodgeRepublican

17 Step 5 – Ballot Data Ballot Skeleton Data

18 Step 5 – Ballot Data Blank Ballot The Signed Blank Ballot is the Blank Ballot plus the Election Official public signature

19 Step 6 – Voting Machine Preparation Once the ballot data has been formatted for VHTi, the ballot data must be loaded onto the Voting Machines. Additionally, the Voting Machine will be configured with a Private Key / Public Key pair which will enable the Voting Machine to sign the ballots, thereby authenticating the legitimacy of the data.  Voting Machine Private Key  Voting Machine Public Key  Signed Blank Ballot This is in addition to the standard voting machine data being loaded to run the election.

20 Step 6 – Voting Machine Data Voting Machine Public Key Voting Machine Private Key

21 Step 7 - Publish Pre-Election Data Prior to the election, the Election Official will publish data for review by any interested observer. This information is made publicly available as a key part of the VHTi protocol, and is key to the transparency of the election. Election Official Public Key Voting Machine Public Key Blank Ballot The Blank Ballot would be signed before being published.

22 Step 8 – Election Day Voting 5 voters complete ballots, 3 vote for Kennedy, and 2 vote for Nixon. This is a sample of one ballot, which will be used for the data sample. ElectionNovember 1960 General Election CountyCook County, Illinois PrecinctLincoln Park High SchoolPrecinct Number123 ContestPresident & Vice-President of the United States InstructionsVote for One John Fitzgerald Kennedy & Lyndon Baines JohnsonDemocrat Richard Milhous Nixon & Henry Cabot LodgeRepublican

23 Step 8 – Election Day Voting Data that is used internally by the Voting Machine  VHTi Clear Text Ballot Data  Marked Ballot Data that comes out of the Voting Machine  VHTi Signed Receipt Data  VHTi Printed Receipt Text  Signed Voted Ballot

24 Step 8 – Voting Data Clear Text Ballot Data Blank Ballot Data

25 Step 8 – Voting Data Marked Ballot Data

26 Step 8 – Voting Data Signed Receipt Data

27 Step 8 – Voting Data Printed Receipt Text

28 Step 8 – Voting Data Signed Voted Ballot

29 Begin Tabulation Prep

30 Step 9 – Collect Data from Voting Machines After the polls close, the results are collected from the voting machines. Signed Ballot Box as it comes from voting machines  Signed Voted Ballots  Very large data set  Voter Verifiable (with a receipt)  Has BSN and can be tracked by a voter Extract Raw Ballot Box  Raw Ballot Box  Many times smaller  Still countable  No BSN, voter cannot track

31 Step 9 – Raw Election Data Signed Voted Ballot Data Raw Voted Ballot Data

32 Step 10 - Shuffle The Tabulation Authorities 0 and 2 will participate in the VHTi tabulation process. Tabulation Authority 1 was not involved.

33 Step 10 - Shuffle The Tabulation Authorities shuffle (mix) the ballot box to make it impossible to link the votes back to the ballot sequence numbers. This protects the privacy of the voters. Tabulation Authority 0  Raw Ballot Box In  Raw Ballot Box Out  Shuffle Proof Tabulation Authority 2  Raw Ballot Box In  Raw Ballot Box Out  Shuffle Proof The Raw Ballot Box In for Tabulation Authority 2 is the same as the Raw Ballot Box Out for Tabulation Authority 0.

34 Step 10 – Tabulation Authority 0 Shuffle Data Raw Ballot Box In DataRaw Ballot Box Out Data

35 Step 10 – Tabulation Authority 0 Shuffle Data Shuffle Proof

36 Step 10 – Tabulation Authority 2 Shuffle Data Raw Ballot Box In DataRaw Ballot Box Out Data

37 Step 10 – Tabulation Authority 2 Shuffle Data Shuffle Proof

38 Step 11 - Partial Decrypt Once the ballots are anonymous, it is safe to decrypt and count them. Each authority partially decrypts the shuffled ballots. Tabulation Authority 0  Partial Decrypt Tabulation Authority 2  Partial Decrypt

39 Step 11 – Partial Decrypt Data Partial Decrypt from Tabulation Authority 0 Partial Decrypt from Tabulation Authority 2

40 Step 12 - Combine Partial Decrypts The Partial Decrypts from each of the Tabulation Authorities are combined to produce plain text anonymous ballots. Plain Text Ballots Data

41 Step 13 - Tabulate Results Plain Text Ballot DataBlank Ballot Data Answer ReferenceCandidateNumber of Votes A0John Fitzgerald Kennedy & Lyndon Baines Johnson3 A1Richard Milhous Nixon & Henry Cabot Lodge2 Election Tally

42 Step 14 - Assemble Transcript The Transcript includes the intermediate data from the shuffle and decrypt process with accompanying mathematical proofs that the ballots were not tampered with. Included in the Transcript  Ballots from Voting Machines  Raw Ballot Box Out for Tabulation Authority 0  Raw Ballot Box Out for Tabulation Authority 2  Shuffle Proofs for Tabulation Authorities  Partial Decrypts from Tabulation Authorities

43 Step 14 – Transcript Data Election Transcript

44 Step 15 - Check and Sign Transcript After the Election Transcript has been assembled, the election official will check it for correctness and then sign it. Signed Transcript Data

45 Step 16 - Create Verification Statement The Election Official will use the receipt data to assemble the Verification Statement for publication. This will be used by voters to compare their receipt information, providing the voter proof that the voting machine cast their ballot as intended.  Receipt Data by BSN  Voted Ballot

46 Step 16 - Verification Statement Data Receipt Data by BSN

47 Step 16 - Verification Statement Data Voted Ballot Verification Statement is created from this data.

48 Step 17 – Publish Data The Election Official will publish the verification statement and transcript for review by independent observers. With this information, voters can be sure that their vote was properly delivered by the voting machine, and observers can check that all data was properly counted and tabulated.  Election Results  Transcript  Verification Statement  Various Public Keys (published in Step 7)  List of precincts and the number of voters who voted at each

49 Step 17 – Publish Data Election Tally Transcript Data Answer ReferenceCandidateNumber of Votes A0John Fitzgerald Kennedy & Lyndon Baines Johnson3 A1Richard Milhous Nixon & Henry Cabot Lodge2

50 Step 17 – Publish Data Verification Statement

51 Step 18 – Observers Check Transcript and Verification Statement Observers can download the Transcript and Verification Statement to confirm that all the ballots were properly counted and tabulated. They can check the Transcript using a Transcript checker created by any party they trust. Independent audits of Election Transcript prove voter intent counted as shown on receipt

52 Step 19 – Voters Check Receipts Voters check their receipt against the Verification Statement to confirm that the voting machine cast their vote correctly and counted properly. Voter verifies that his receipt is in the election results, proving his vote was counted properly

53 VHTi proves your vote was counted properly Voter ConfidenceResults Confidence

54 Resources Data from the Demo www.votehere.com/ Documents & Papers www.votehere.com/documents.html Reference Source Code Implementation www.votehere.com/downloads.html

55 ©1996-2004 VoteHere, Inc. All rights reserved. November 2004 Thank You

Download ppt "©1996-2004 VoteHere, Inc. All rights reserved. November 2004 VHTi Data Demonstration Andrew Berg Director, Engineering."

Similar presentations

Testing Relational Database

Testing Relational Database
Analysis of an Internet Voting Protocol Dale Neal Garrett Smith.

Analysis of an Internet Voting Protocol Dale Neal Garrett Smith.
Secret Ballot Receipts: True Voter Verifiable Elections Author: David Chaum Published: IEEE Security & Privacy Presenter: Adam Anthony.

Secret Ballot Receipts: True Voter Verifiable Elections Author: David Chaum Published: IEEE Security & Privacy Presenter: Adam Anthony.
Testing the AutoMARK Ballot Marking Device on Election Day.

Testing the AutoMARK Ballot Marking Device on Election Day.
RPC Mixing: Making Mix-Nets Robust for Electronic Voting Ron Rivest MIT Markus Jakobsson Ari Juels RSA Laboratories.

RPC Mixing: Making Mix-Nets Robust for Electronic Voting Ron Rivest MIT Markus Jakobsson Ari Juels RSA Laboratories.
Talk by Vanessa Teague, University of Melbourne Joint work with Chris Culnane, James Heather & Steve Schneider at University of.

Talk by Vanessa Teague, University of Melbourne Joint work with Chris Culnane, James Heather & Steve Schneider at University of.
Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.

Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.
2010 ELECTION TRAINING POLL CLERK. PRECINCT OFFICIALS The precinct team consists of: The precinct team consists of:  Republican  One Inspector  One.

2010 ELECTION TRAINING POLL CLERK. PRECINCT OFFICIALS The precinct team consists of: The precinct team consists of:  Republican  One Inspector  One.
The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.

The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.
Civitas Verifiability and Coercion Resistance for Remote Voting University of South Alabama August 15, 2012 Michael Clarkson The George Washington University.

Civitas Verifiability and Coercion Resistance for Remote Voting University of South Alabama August 15, 2012 Michael Clarkson The George Washington University.
Civitas Security and Transparency for Remote Voting Swiss E-Voting Workshop September 6, 2010 Michael Clarkson Cornell University with Stephen Chong (Harvard)

Civitas Security and Transparency for Remote Voting Swiss E-Voting Workshop September 6, 2010 Michael Clarkson Cornell University with Stephen Chong (Harvard)
A Pairing-Based Blind Signature

A Pairing-Based Blind Signature
ThreeBallot, VAV, and Twin Ronald L. Rivest – MIT CSAIL Warren D. Smith - CRV Talk at EVT’07 (Boston) August 6, 2007 Ballot Box Ballot Mixer Receipt G.

ThreeBallot, VAV, and Twin Ronald L. Rivest – MIT CSAIL Warren D. Smith - CRV Talk at EVT’07 (Boston) August 6, 2007 Ballot Box Ballot Mixer Receipt G.
ETen E-Poll ID – Strasbourg COE meeting 23-24 November, 2006 Slide 1 E-TEN 29332 E-POLL Project Electronic Polling System for Remote Operation Strasbourg.

ETen E-Poll ID – Strasbourg COE meeting November, 2006 Slide 1 E-TEN E-POLL Project Electronic Polling System for Remote Operation Strasbourg.
Cryptographic Voting Protocols: A Systems Perspective Chris Karlof Naveen Sastry David Wagner UC-Berkeley Direct Recording Electronic voting machines (DREs)

Cryptographic Voting Protocols: A Systems Perspective Chris Karlof Naveen Sastry David Wagner UC-Berkeley Direct Recording Electronic voting machines (DREs)
Wombat Voting Alon Rosen IDC Herzliya July 20, 2012.

Wombat Voting Alon Rosen IDC Herzliya July 20, 2012.
TGDC Meeting, Jan 2011 Evaluating risk within the context of the voting process Ann McGeehan Director of Elections Office of the Texas Secretary of State.

TGDC Meeting, Jan 2011 Evaluating risk within the context of the voting process Ann McGeehan Director of Elections Office of the Texas Secretary of State.
Charlie Daniels Arkansas Secretary of State HAVA Compliant Voting Systems Security Considerations General Recommendations to Enhance Security and Integrity.

Charlie Daniels Arkansas Secretary of State HAVA Compliant Voting Systems Security Considerations General Recommendations to Enhance Security and Integrity.
Self-Enforcing E-Voting (SEEV) Feng Hao Newcastle University, UK CryptoForma’13, Egham.

Self-Enforcing E-Voting (SEEV) Feng Hao Newcastle University, UK CryptoForma’13, Egham.
Election Observer Training 2008 Elections Certification & Training Program 360.902.4180.

Election Observer Training 2008 Elections Certification & Training Program

Similar presentations

Ads by Google