© VoteHere, Inc. All rights reserved. November 2004 VHTi Data Demonstration Andrew Berg Director, Engineering

Agenda  What is VHTi and why is it important  How does VHTi fit into an election  Show the detailed steps of VHTi in an election and the data flow of VHTi  This is not a detail look at the math behind VHTi

Protection vs. Detection The worst election nightmare is undetected fraud. Protection alone is just half the solution  No way today to prove election integrity end-to-end.  Standard security tweaks are an arms race versus hackers (real or theoretical).  Insiders may always be suspect. Detection is also needed  Provide indisputable proof of election integrity.  Raise alarms when mistakes or intrusions occur.  Open the process fully to public scrutiny.

VHTi provides Detection VHTi  proves election results are valid end-to-end. VHTi is voter-verified audit technology that works inside any electronic voting machine (DRE) and provides two things: Voter Confidence Private Voter-Verified Receipt Results Confidence Election Transcript  for Independent Audit Receipts are verified against independently audited results

VHTi proves your vote was counted properly Voter ConfidenceResults Confidence Without VHTi, voting machines can alter ballots, destroying voter intent. VHTi provides mechanisms to audit the voting machines to ensure that voter intent is preserved.

Roles with VHTi Election Official  Sign documents  Organize Tabulation Authorities  Publish data for Observer review Tabulation Authority  Decrypt ballots in a way that preserves privacy Voter  Vote, and confirm receipt is properly printed  After election, compare receipt against Verification Statement Observer  Verify all protocol data relationships in published Election Transcript  Could be anyone

Data Demo General Assumptions In order to illustrate VHTi data, this demonstration uses a simple single precinct election.  1 Precinct  1 Voting Machine  5 Voters  1 Ballot Style  1 Question  3 Tabulation Authorities  2 Tabulation Authorities needed to tabulate

Data Demo High-Level Steps The steps can be split into 4 high-level categories

Step 1 - Configure Election First the Election Official will define the basic election configuration. For this demonstration, we use:  Election: 1960 Presidential Election  County: Cook County IL  Precinct Name: Lincoln Park High School  Precinct Number: 123

Step 2 Create Election Official Key Pairs Next the Election Official creates their private / public key pair, used to sign documents. These digital credentials will provide proof of authenticity of documents.  Election Official Private Key (kept secret)  Election Official Public Key (published) This key pair could be replaced with x.509 if desired.

Step 2 - Election Official Key Pairs Data Election Official Public Key Election Official Private Key

Step 3 - Define Election Parameters The Election Official will determine the number of Tabulation Authorities who will be participating in the election. For purposes of this demonstration, a total of three Tabulation Authorities will participate. Of those three, two will be required to complete to tabulate after the election.  N=3  T=2 It is important to have more than 1 Tabulation Authority required to tabulate. That way in order to defraud the election the Tabulation Authorities would have to collude. It is not necessary to have the total number of Tabulation Authorities required to tabulate, incase something happens to one of the Tabulation Authorities.

Step 4 - Set up Tabulation Authorities The Tabulation Authorities need to establish their own key pairs. Additionally, they will meet to complete a step in which they produce the election public key.  Election Public Key  Tabulation Authority Secret Shares (Election Private Key) The Tabulation Authority Secret Shares have to be kept secret by each Tabulation Authority.

Step 4 - Tabulation Authority Data Election Public Key & Support Data

Step 4 - Tabulation Authority Data Tabulation Authority Secret Share (Private)

Step 5 - Create and Sign Blank Ballot Styles Once the Election Official has created and approved the basic ballot styles, the ballot data can be imported into the VHTi system. ElectionNovember 1960 General Election CountyCook County, Illinois PrecinctLincoln Park High SchoolPrecinct Number123  VHTi Ballot Skeleton  VHTi Blank Ballot  VHTi Signed Blank Ballot ContestPresident & Vice-President of the United States InstructionsVote for One John Fitzgerald Kennedy & Lyndon Baines JohnsonDemocrat Richard Milhous Nixon & Henry Cabot LodgeRepublican

Step 5 – Ballot Data Ballot Skeleton Data

Step 5 – Ballot Data Blank Ballot The Signed Blank Ballot is the Blank Ballot plus the Election Official public signature

Step 6 – Voting Machine Preparation Once the ballot data has been formatted for VHTi, the ballot data must be loaded onto the Voting Machines. Additionally, the Voting Machine will be configured with a Private Key / Public Key pair which will enable the Voting Machine to sign the ballots, thereby authenticating the legitimacy of the data.  Voting Machine Private Key  Voting Machine Public Key  Signed Blank Ballot This is in addition to the standard voting machine data being loaded to run the election.

Step 6 – Voting Machine Data Voting Machine Public Key Voting Machine Private Key

Step 7 - Publish Pre-Election Data Prior to the election, the Election Official will publish data for review by any interested observer. This information is made publicly available as a key part of the VHTi protocol, and is key to the transparency of the election. Election Official Public Key Voting Machine Public Key Blank Ballot The Blank Ballot would be signed before being published.

Step 8 – Election Day Voting 5 voters complete ballots, 3 vote for Kennedy, and 2 vote for Nixon. This is a sample of one ballot, which will be used for the data sample. ElectionNovember 1960 General Election CountyCook County, Illinois PrecinctLincoln Park High SchoolPrecinct Number123 ContestPresident & Vice-President of the United States InstructionsVote for One John Fitzgerald Kennedy & Lyndon Baines JohnsonDemocrat Richard Milhous Nixon & Henry Cabot LodgeRepublican

Step 8 – Election Day Voting Data that is used internally by the Voting Machine  VHTi Clear Text Ballot Data  Marked Ballot Data that comes out of the Voting Machine  VHTi Signed Receipt Data  VHTi Printed Receipt Text  Signed Voted Ballot

Step 8 – Voting Data Clear Text Ballot Data Blank Ballot Data

Step 8 – Voting Data Marked Ballot Data

Step 8 – Voting Data Signed Receipt Data

Step 8 – Voting Data Printed Receipt Text

Step 8 – Voting Data Signed Voted Ballot

Begin Tabulation Prep

Step 9 – Collect Data from Voting Machines After the polls close, the results are collected from the voting machines. Signed Ballot Box as it comes from voting machines  Signed Voted Ballots  Very large data set  Voter Verifiable (with a receipt)  Has BSN and can be tracked by a voter Extract Raw Ballot Box  Raw Ballot Box  Many times smaller  Still countable  No BSN, voter cannot track

Step 9 – Raw Election Data Signed Voted Ballot Data Raw Voted Ballot Data

Step 10 - Shuffle The Tabulation Authorities 0 and 2 will participate in the VHTi tabulation process. Tabulation Authority 1 was not involved.

Step 10 - Shuffle The Tabulation Authorities shuffle (mix) the ballot box to make it impossible to link the votes back to the ballot sequence numbers. This protects the privacy of the voters. Tabulation Authority 0  Raw Ballot Box In  Raw Ballot Box Out  Shuffle Proof Tabulation Authority 2  Raw Ballot Box In  Raw Ballot Box Out  Shuffle Proof The Raw Ballot Box In for Tabulation Authority 2 is the same as the Raw Ballot Box Out for Tabulation Authority 0.

Step 10 – Tabulation Authority 0 Shuffle Data Raw Ballot Box In DataRaw Ballot Box Out Data

Step 10 – Tabulation Authority 0 Shuffle Data Shuffle Proof

Step 10 – Tabulation Authority 2 Shuffle Data Raw Ballot Box In DataRaw Ballot Box Out Data

Step 10 – Tabulation Authority 2 Shuffle Data Shuffle Proof

Step 11 - Partial Decrypt Once the ballots are anonymous, it is safe to decrypt and count them. Each authority partially decrypts the shuffled ballots. Tabulation Authority 0  Partial Decrypt Tabulation Authority 2  Partial Decrypt

Step 11 – Partial Decrypt Data Partial Decrypt from Tabulation Authority 0 Partial Decrypt from Tabulation Authority 2

Step 12 - Combine Partial Decrypts The Partial Decrypts from each of the Tabulation Authorities are combined to produce plain text anonymous ballots. Plain Text Ballots Data

Step 13 - Tabulate Results Plain Text Ballot DataBlank Ballot Data Answer ReferenceCandidateNumber of Votes A0John Fitzgerald Kennedy & Lyndon Baines Johnson3 A1Richard Milhous Nixon & Henry Cabot Lodge2 Election Tally

Step 14 - Assemble Transcript The Transcript includes the intermediate data from the shuffle and decrypt process with accompanying mathematical proofs that the ballots were not tampered with. Included in the Transcript  Ballots from Voting Machines  Raw Ballot Box Out for Tabulation Authority 0  Raw Ballot Box Out for Tabulation Authority 2  Shuffle Proofs for Tabulation Authorities  Partial Decrypts from Tabulation Authorities

Step 14 – Transcript Data Election Transcript

Step 15 - Check and Sign Transcript After the Election Transcript has been assembled, the election official will check it for correctness and then sign it. Signed Transcript Data

Step 16 - Create Verification Statement The Election Official will use the receipt data to assemble the Verification Statement for publication. This will be used by voters to compare their receipt information, providing the voter proof that the voting machine cast their ballot as intended.  Receipt Data by BSN  Voted Ballot

Step 16 - Verification Statement Data Receipt Data by BSN

Step 16 - Verification Statement Data Voted Ballot Verification Statement is created from this data.

Step 17 – Publish Data The Election Official will publish the verification statement and transcript for review by independent observers. With this information, voters can be sure that their vote was properly delivered by the voting machine, and observers can check that all data was properly counted and tabulated.  Election Results  Transcript  Verification Statement  Various Public Keys (published in Step 7)  List of precincts and the number of voters who voted at each

Step 17 – Publish Data Election Tally Transcript Data Answer ReferenceCandidateNumber of Votes A0John Fitzgerald Kennedy & Lyndon Baines Johnson3 A1Richard Milhous Nixon & Henry Cabot Lodge2

Step 17 – Publish Data Verification Statement

Step 18 – Observers Check Transcript and Verification Statement Observers can download the Transcript and Verification Statement to confirm that all the ballots were properly counted and tabulated. They can check the Transcript using a Transcript checker created by any party they trust. Independent audits of Election Transcript prove voter intent counted as shown on receipt

Step 19 – Voters Check Receipts Voters check their receipt against the Verification Statement to confirm that the voting machine cast their vote correctly and counted properly. Voter verifies that his receipt is in the election results, proving his vote was counted properly

VHTi proves your vote was counted properly Voter ConfidenceResults Confidence

Resources Data from the Demo Documents & Papers Reference Source Code Implementation

© VoteHere, Inc. All rights reserved. November 2004 Thank You