Secret Ballot Receipts: True Voter Verifiable Elections Author: David Chaum Published: IEEE Security & Privacy Presenter: Adam Anthony.

Slides:



Advertisements
Similar presentations
Talk by Vanessa Teague, University of Melbourne Joint work with Chris Culnane, James Heather & Steve Schneider at University of.
Advertisements

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.
Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.
ThreeBallot, VAV, and Twin Ronald L. Rivest – MIT CSAIL Warren D. Smith - CRV Talk at EVT’07 (Boston) August 6, 2007 Ballot Box Ballot Mixer Receipt G.
On the Security of Ballot Receipts in E2E Voting Systems Jeremy Clark, Aleks Essex, and Carlisle Adams Presented by Jeremy Clark.
1 Receipt-freedom in voting Pieter van Ede. 2 Important properties of voting  Authority: only authorized persons can vote  One vote  Secrecy: nobody.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Receipt-Free Universally-Verifiable Voting With Everlasting Privacy Tal Moran Joint work with Moni Naor.
Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.
A method for electronic voting with Coercion-free receipt David J. Reynolds (unaffiliated)
The Punchscan Voting System Refinement and System Design Rick Carback Kevin Fisher Sandi Lwin May 8, 2006.
Introduction to Modern Cryptography, Lecture 13 Money Related Issues ($$$) and Odds and Ends.
ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Ben Hosp, Nils Janson, Phillipe Moore, John Rowe, Rahul Simha, Jonathan Stanton, Poorvi Vora {bhosp, simha, jstanton, Dept. of Computer.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
Electronic Voting Schemes and Other stuff. Requirements Only eligible voters can vote (once only) No one can tell how voter voted Publish who voted (?)
Electronic Voting (E-Voting) An introduction and review of technology Written By: Larry Brachfeld CS591, December 2010.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Feb 19, 2002Mårten Trolin1 Previous lecture Practical things about the course. Example of cryptosystem — substitution cipher. Symmetric vs. asymmetric.
Module 8 – Anonymous Digital Cash Blind Signatures DigiCash coins.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Cryptographic Voting Protocols: A Systems Perspective By Chris Karlof, Naveen Sastry, and David Wagner University of California, Berkely Proceedings of.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
Programming Satan’s Computer
Digital Cash By Gaurav Shetty. Agenda Introduction. Introduction. Working. Working. Desired Properties. Desired Properties. Protocols for Digital Cash.
Cong Wang1, Qian Wang1, Kui Ren1 and Wenjing Lou2
Wardens/Moderators & Clerks Training - Please silence all cellular phones and devices. - Remember to sign-in. -Take your books with you to the polling.
How to play ANY mental game
AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.
Masked Ballot Voting for Receipt-Free Online Elections Sam Heinith, David Humphrey, and Maggie Watkins.
Cryptography, Authentication and Digital Signatures
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.
Secret Ballot Receipts True Voter-Verifiable Elections Richard Carback Kevin Fisher Sandi Lwin CMSC 691v April 3, 2005.
6. Esoteric Protocols secure elections and multi-party computation Kim Hyoung-Shick.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Andreas Steffen, , LinuxTag2009.ppt 1 LinuxTag 2009 Berlin Verifiable E-Voting with Open Source Prof. Dr. Andreas Steffen Hochschule für Technik.
Public Key Encryption CS432 – Security in Computing Copyright © 2005, 2008 by Scott Orr and the Trustees of Indiana University.
Electronic Voting: The 2004 Election and Beyond Prof. David L. Dill Department of Computer Science Stanford University
Chapter 16 Security Introduction to CS 1 st Semester, 2012 Sanghyun Park.
12 Developing a Web Site Section 12.1 Discuss the functions of a Web site Compare and contrast style sheets Apply cascading style sheets (CSS) to a Web.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Lifecycle Metadata for Digital Objects October 18, 2004 Transfer / Authenticity Metadata.
Lecture 2: Introduction to Cryptography
Idaho Procedures M100 OPTICAL SCAN PRECINCT TABULATOR.
CRYPTOGRAPHY. WHAT IS PUBLIC-KEY ENCRYPTION? Encryption is the key to information security The main idea- by using only public information, a sender can.
DIGITAL SIGNATURE.
Electronic Voting R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
Software Security Seminar - 1 Chapter 4. Intermediate Protocols 발표자 : 이장원 Applied Cryptography.
Electronic Payment Systems Presented by Rufus Knight Veronica Ogle Chris Sullivan As eCommerce grows, so does our need to understand current methods of.
Secure Remote Electronic Voting CSE-681 Fall 2006 David Foster and Laura Stapleton Laura StapletonLaura Stapleton.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Secure, verifiable online voting 29 th June 2016.
Ronald L. Rivest MIT NASEM Future of Voting Meeting June 12, 2017
Security Outline Encryption Algorithms Authentication Protocols
EVoting 23 October 2006.
J. Miranda University of Ottawa 21 November 2003
Anonize “Large Scale Anonymous System”
ThreeBallot, VAV, and Twin
E-voting …and why it’s good..
ISI Day – 20th Anniversary
eVoting System Proposal
Presentation transcript:

Secret Ballot Receipts: True Voter Verifiable Elections Author: David Chaum Published: IEEE Security & Privacy Presenter: Adam Anthony

Outline Paper Selection Criteria Secret Ballot Discussion Electronic vs. Handwritten ballots Summary of Results Physical Receipt Characteristics Verifying Votes Properties of the system Encoding, decoding, tallying votes Conclusion

Paper Selection Google Scholar: 25 Citations Published in IEEE Security and Privacy 2004 David Chaum: founded the International Association for Cryptographic Research, has filed 25 separate cryptography related patents Referenced directly in Wednesdays paper Scored 1,545,673 out of a possible 1,545,674 points on the Adam Anthony thinks its a really neat paper scale

Secret Ballots Required by free democracies Basic premise: The voter brings nothing out of the polling place that he didnt bring in that would provide information as to who he voted for. Buttons, T-Shirts, etc. allowed Copy of ballot, plaintext ballot materials, not allowed

Trust Issues Handwritten Ballots are the Gold Standard of voting Electronic voting machines are considered insecure

Summary of Results Use visual encryption to produce a zero-information ballot receipt Eliminates the need for proprietary black box systems Setup: A normal computer running openly published, verifiable software A special receipt printer User may take part of the encrypted receipt with him which can be used (personally, or by his party affiliation officials) to verify the correctness of his ballot Additionally, correctness can be verified without revealing who he voted for Tallying of votes is also quickly verifiable

Printer Requirements Printer fundamentally appears to be a simple cash register receipt printer Printer heads are positioned to print on both the front and back of a clear polymer tape The tape is actually 2 laminated pieces of tape The bottom inch contains instructions for separating the tape

Receipts, continued

Encoding a Receipt Generate one pad of random pixel symbols (white sheet) The second pad is created by choosing the correct symbol to either allow transparency or opacity (red sheet) Transparent portions produce the type-set report Swap every other pixel symbol between the two sheets so that either layer can be chosen as the receipt

Verifying Receipts Handheld scanners can be used to verify ballot consistency outside the polling place Digital copies of the receipts are sent to the main server Online: Enter the serial number at the bottom of the receipt and verify the image on record is identical to your own Eventually, all ballots are decrypted and posted online as well, to verify the count

Properties 1.If your receipt is correctly posted, you can be sure (with acceptable probability) that your vote will be included correctly in the tally 2.No one can decode your receipt or otherwise link it to your vote except by breaking the code or decrypting it using all the secret keys, each of which is assigned to a different trustee 3.There are only 3 ways a system could change a voters ballot without direct detection 1.Print an incorrect layer, gambling theyll choose the other layer 2.Use the same serial number for 2 different receipts, hoping the 2 voters choose the same layer 3.Perform a tally process step incorrectly, taking the chance that the step will escape selection during the audit 4.There is a 50/50 chance that any of the above fraud attempts will succeed, per ballot

Meat, Potatoes, Hold the Vegetables Where weve been: System Hardware Specification Encoding Receipts Verifying Receipts Properties of the system Where were going Mathematical model of the voting process Mathematical model of the tallying process Proof of system properties

About Dolls Author uses the Russian Doll analogy to explain the decryption process. A Doll consists of a set of random pads, added together (mod 2) The largest doll is used to create the background sheet There is a set of private keys that opens one of each of the dolls. The output of the decryption yields a partially decrypted message, as well as the value of the next doll Several trustees oversee each phase of decryption, basic key management schemes protect against missing/corrupt trustees

Voting Phase 1.The voter supplies a ballot image B 2.The system responds by providing two 4-tuples - this is the data printed on each separate layer 3.The voter visually verifies that L t L b = B and that q, D t, D b are identical on both layers 4.Voter aborts if there is a problem, or selects x = t or b for his choice of the top or bottom layer

Voting Phase, cont. 5.The system makes two digital signatures, and provides them as a 2-tuple 6.The voter (or a designate) performs a consistency check to ensure that the digital signatures of the 2-tuple check, using agreed public inverses of the systems private signature functions s x and o x,with the unsigned version of the corresponding values of the selected 4- tuple (as printed) on the selected layer, and that s x (q) correctly determines D x and the half of the elements of L x that it should determine

Yet more on the voting phase Remember that each layer contains an equal amount of red bits (the message) and white bits (the sum of dolls) Let R z and W z be matrices representing the set of red and white bits for layer image L z Let h and h be pseudo- random functions of q e i is a public key corresponding to a trustees private key d i L t i,2j - (i mod 2) = R t L t i,2j - (i + 1 mod 2) = W t L b i,2j - (i + 1 mod 2) = R b L b i,2j - (i mod 2) = W b R x W y = B x W z i,j = (d z k d z k-1 … d z 1 ) d z l = h(s z (q),l) d z l = h(d z l ) D z l = e l (d z l … e 2 (d z 2 (e 1 (d z 1 )) The final Doll, D z = D z k

Decryption to Plaintext Input L x and D y, refer to them as B k, D k Compute d l from D k using the proper private key D k-1 = D k / d l Find d l using h Compute B k-1 = B k d l B 0 = B z, the plaintext ballot

More important than decryption

Conclusion Reduces the cost of integrity while raising its level dramatically Voters are able to assure their own vote Voting can be more accessible due to the better handling of provisional ballots Hardware system costs are lower than current black-box systems, cost of printers should be less than the money saved Simpler maintenance, easier upgrade, multiple uses Open code means opposing parties will work hard to assure its integrity, and the government can fund the operation as well The auditing of trustees and system integrity is easily automated, and mathematically sound

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.