Presentation is loading. Please wait.

Presentation is loading. Please wait.

Perspectives on “End-to-End” Voting Systems

Published byNeal Eaton Modified over 6 years ago

Similar presentations

Presentation on theme: "Perspectives on “End-to-End” Voting Systems"— Presentation transcript:

1 Perspectives on “End-to-End” Voting Systems
Ballot Bob Box Bob 42 Sue 31 Verifiably! Perspectives on “End-to-End” Voting Systems Ronald L. Rivest MIT CSAIL NIST E2E Workshop George Washington University October 13, 2009

2 Change happens! Greeks: pottery shards Public voting (early U.S.)
Paper ballots preprinted by parties Australian paper ballots (mark choice) Lever machines Punch cards Optical scan DRE (Touch-screen) DRE + VVPAT (paper audit trail) Vote by mail (absentee voting)

3 Change happens! Diffie and Hellman, 1976:
“We stand today at the brink of a revolution in cryptography.” Today, we see evidence of a similar revolution in voting systems: Voting systems for which the statements: ``Trust me” and ``The hardware and software have been thoroughly tested!” are no longer acceptable justifications of an election outcome!

4 2000 Bush v. Gore A real 9.0 ``earthquake’’
Put spotlight on U.S. voting systems, which clearly needed improvement! Help America Vote Act (HAVA) 2002: Threw money at the problem Provided a means for better standards to (eventually) be devised Created EAC (Election Assistance Commission)

5 Academics get (more) involved, too!
2001 CalTech/MIT Voting Technology Project 2005 NSF Funds ``ACCURATE” (A Center for Correct, Usable, Reliable, Auditable and Transparent Elections)

6 New conferences WOTE (Workshop on Trustworthy Elections) and EVT (Electronic Voting Technology) conference series start: 2001: WOTE’01 (Bodega Bay) 2004: DIMACS Workshop on Electronic Voting (WOTE II; Princeton) 2005: FEE (Frontiers in Electronic Elections; Milan) 2006: WOTE’06 (Cambridge UK) 2007: WOTE’07 (Ottawa) 2007: EVT’07 (Boston) 2008: FEV (Frontiers of Electronic Voting; Dagstuhl) 2008: WOTE’08 (Leuven, Belgium) 2008: EVT’08 (San Jose) 2009: EVT'09/WOTE'09 (Montreal)

7 New idea bubbles up: E2E A number of researchers proposed (at nearly same time, not necessarily independently) ideas for achieving higher assurance of election integrity, without having to trust hardware, software, election officials, and without violating voter privacy: Chaum (‘04 IEEE Sec/Privacy: visual crypto based) Neff (’04: Vote Here) Ryan (’04: Pret A Voter) Since then, field has blossomed… (Punchscan, Scratch-and-Vote, ThreeBallot, Scantegrity, Twin, Helios, … schemes without names …)

8 It’s all about verification!
Don’t just check the equipment – verify each election outcome!

9 Voting Steps recorded as intended cast (and collected) as recorded
counted as cast Ballot Bob Box Bob 42 Sue 31

10 Verifiable Voting Steps
Verifiably recorded as intended (by voter) cast (and collected) as recorded counted as cast Ballot Bob Box Bob 42 Sue 31

11 Verifiable Voting Steps
Verifiably recorded as intended Verifiably cast (and collected) as recorded (by voter) counted as cast Ballot Bob Box Bob 42 Sue 31

12 Verifiable Voting Steps
Verifiably recorded as intended Verifiably cast (and collected) as recorded Verifiably counted as cast (by anyone) Ballot Bob Box Bob 42 Sue 31

13 Verifiably Recorded as Intended?
Only voter knows her intentions, and these should be kept private, so only she can verify the record of her vote. This is relatively easy with paper ballots (hand-marked or machine-marked) What about non-paper computer records? Ballot Bob Box Bob 42 Sue 31

14 Viewpoint on high-tech
We should think of a computer (or other forms of “high tech”) as a very fast and well-trained four-year old child. The child may be very helpful (she is fast, and well-trained!) but may not always do the right thing (she’s only four!). For something as important as an election, a ``grown-up’’ should always check her work.

15 You just can’t do a ``logic and accuracy’’ test on a four-year old to ensure that she will do the right thing later! design and/or certify a perfect four-year-old who always does the right thing!

16 Verifiably Recorded as Intended?
What about non-paper computer records? Trusting a computer is rather like whispering in the ear of a four-year old, and hoping she’ll record your vote correctly. Use paper ballots, or figure out how to verify that four-year-old is recording your vote correctly…

17 Verifiable Voting Steps
Verifiably recorded as intended Verifiably cast (and collected) as recorded (by voter) counted as cast Ballot Bob Box Bob 42 Sue 31

18

19 Verifiably cast (and collected) as recorded??
Collection of cast ballots needs to be public, and cast ballots need to be identifiable, so voter can find her ballot and check that it is correctly included. Most E2E proposals put cast ballot collection on a web site that voters may access. But, voter should not be able to sell her vote! Ballots should be encrypted; voter may be given ciphertext, as receipt (i.e., encrypted receipt). Recorded-as-intended verification also then needs to check enciphering (done by a fast four-year old!)… Now we have something new: verifiable chain of custody!

20 Verifiable Voting Steps
Verifiably recorded as intended Verifiably cast (and collected) as recorded Verifiably counted as cast (by anyone) Ballot Bob Box Bob 42 Sue 31

21 Verifiably counted as cast ??
Given a collection of encrypted cast ballots, how can we produce a verifiable final result? This problem is well understood, and not as hard as it looks. You can decrypt collection first, as long as voter can’t prove which plaintext corresponds to her ballot. This can be done using mixnets, which allow anyone to check correctness of decryption. Then, tallying plaintext ballots is easy. Other approaches also work.

22 Verified Voting Steps Verified!
Verified: recorded as intended (by voter) Verified: cast (and collected) as recorded (‘’) Verified: counted as cast (by anyone) Verified! Ballot Bob Box Bob 42 Sue 31

23 E2E is qualitatively new
E2E voting systems provide greater assurance that the election outcome is correct than traditional systems (e.g. even opscan with post-election auditing). No need to trust ``four-year olds” (or election officials) for integrity of election outcome (``four-year-old-independent” = S.I.) There are many proposed variations on these ideas.

24 Some issues are unchanged
Still need to control who may vote, and how often (ballot-box stuffing an issue, as with any voting scheme).

25 Tradeoffs E2E provides increased integrity of election outcome, at some cost in terms of Support needed for new steps (e.g. verification steps), and for web site as public ``ballot box” Usability Transparency // complexity ?? Increased potential for voter privacy violations

26 Detection vs. Prevention
Verification is only ``error detection’’, not ``error prevention’’ – you need to be able to deal with verification failures: Recording error: spoil ballot | fire four-year-old Cast/collection error: detect loss of ballots (not a new problem). Easy to fix if voter has (encrypted) balot copy. Watch out for mischievous voters! Tally error: re-do tally (And, of course, make sure your election officials and ``four-year-olds’’ are all well-trained, to minimize problems and protect privacy!)

27 Challenge – paperless E2E
The purpose of E2E systems is primarily to improve election integrity through “end-to-end” verifiability. This doesn’t preclude paper ballots. Indeed, paper ballots for E2E can be very attractive. However, some election officials would prefer election systems not involving paper (ballots). Are there good paperless E2E voting systems?

28 Challenge – remote/mail E2E
Are there good E2E voting systems for Voting by mail? Voting remotely by computer (non-poll-site)? (Assuming that you are willing or forced to put voters in situations where they may be subject to coercion!)

29 Summary End-to-end voting systems provide a qualitatively new level of assurance for election outcomes: every step of the process, from voter’s intent (in her head) to the final tally, is verifiable. Amazing! These systems are still evolving, but are starting to be usable (and used) in practice (Helios, Scantegrity,…)

30 Change is happening…

31 The (other) end of this talk

Download ppt "Perspectives on “End-to-End” Voting Systems"

Similar presentations

Trusting the Vote Ben Adida - Cryptography and Information Security Group MIT Computer Science and Artificial.

Trusting the Vote Ben Adida - Cryptography and Information Security Group MIT Computer Science and Artificial.
Electronic Voting Systems

Electronic Voting Systems
Making every vote count. United States Election Assistance Commission The Technology of Voting Voters in Long-Term Care Facilities October 10, 2008.

Making every vote count. United States Election Assistance Commission The Technology of Voting Voters in Long-Term Care Facilities October 10, 2008.
Talk by Vanessa Teague, University of Melbourne Joint work with Chris Culnane, James Heather & Steve Schneider at University of.

Talk by Vanessa Teague, University of Melbourne Joint work with Chris Culnane, James Heather & Steve Schneider at University of.
Electronic Voting Ronald L. Rivest MIT CSAIL Norway June 14, 2004.

Electronic Voting Ronald L. Rivest MIT CSAIL Norway June 14, 2004.
Civitas Verifiability and Coercion Resistance for Remote Voting University of South Alabama August 15, 2012 Michael Clarkson The George Washington University.

Civitas Verifiability and Coercion Resistance for Remote Voting University of South Alabama August 15, 2012 Michael Clarkson The George Washington University.
ThreeBallot, VAV, and Twin Ronald L. Rivest – MIT CSAIL Warren D. Smith - CRV Talk at EVT’07 (Boston) August 6, 2007 Ballot Box Ballot Mixer Receipt G.

ThreeBallot, VAV, and Twin Ronald L. Rivest – MIT CSAIL Warren D. Smith - CRV Talk at EVT’07 (Boston) August 6, 2007 Ballot Box Ballot Mixer Receipt G.
A technical analysis of the VVSG 2007 Stefan Popoveniuc George Washington University The PunchScan Project.

A technical analysis of the VVSG 2007 Stefan Popoveniuc George Washington University The PunchScan Project.
Lesson 7: The Voting Process. Opening Discussion Have you ever voted for something before? How was the winner decided? Did you think the process was fair?

Lesson 7: The Voting Process. Opening Discussion Have you ever voted for something before? How was the winner decided? Did you think the process was fair?
Cryptographic Voting Protocols: A Systems Perspective Chris Karlof Naveen Sastry David Wagner UC-Berkeley Direct Recording Electronic voting machines (DREs)

Cryptographic Voting Protocols: A Systems Perspective Chris Karlof Naveen Sastry David Wagner UC-Berkeley Direct Recording Electronic voting machines (DREs)
1 Receipt-freedom in voting Pieter van Ede. 2 Important properties of voting  Authority: only authorized persons can vote  One vote  Secrecy: nobody.

1 Receipt-freedom in voting Pieter van Ede. 2 Important properties of voting  Authority: only authorized persons can vote  One vote  Secrecy: nobody.
By Varun Jain. Introduction  Florida 2000 election fiasco, drew conclusion that paper ballots couldn’t be counted  Computerized voting system, DRE (Direct.

By Varun Jain. Introduction  Florida 2000 election fiasco, drew conclusion that paper ballots couldn’t be counted  Computerized voting system, DRE (Direct.
Receipt-Free Universally-Verifiable Voting With Everlasting Privacy Tal Moran Joint work with Moni Naor.

Receipt-Free Universally-Verifiable Voting With Everlasting Privacy Tal Moran Joint work with Moni Naor.
Self-Enforcing E-Voting (SEEV) Feng Hao Newcastle University, UK CryptoForma’13, Egham.

Self-Enforcing E-Voting (SEEV) Feng Hao Newcastle University, UK CryptoForma’13, Egham.
TGDC Meeting, July 2011 Review of VVSG 1.1 Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL

TGDC Meeting, July 2011 Review of VVSG 1.1 Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL
Ronald L. Rivest MIT Laboratory for Computer Science

Ronald L. Rivest MIT Laboratory for Computer Science
Voting Machines Failing the World *Voting machines around the world are failing in Colorado as well as 34 other states. *This could be crucial in the upcoming.

Voting Machines Failing the World *Voting machines around the world are failing in Colorado as well as 34 other states. *This could be crucial in the upcoming.
Kickoff Meeting „E-Voting Seminar“

Kickoff Meeting „E-Voting Seminar“
Electronic Voting (E-Voting) An introduction and review of technology Written By: Larry Brachfeld CS591, December 2010.

Electronic Voting (E-Voting) An introduction and review of technology Written By: Larry Brachfeld CS591, December 2010.
Vote By Mail A County Perspective Dolores Gilmore, Elections Manager

Vote By Mail A County Perspective Dolores Gilmore, Elections Manager

Similar presentations

Ads by Google