Presentation is loading. Please wait.

Presentation is loading. Please wait.

Can voters check that their e-vote is cast as they intended and properly included in an accurate count? Vanessa Teague University of Melbourne

Published byMelinda Timmins Modified over 9 years ago

Similar presentations

Presentation on theme: "Can voters check that their e-vote is cast as they intended and properly included in an accurate count? Vanessa Teague University of Melbourne"— Presentation transcript:

1 Can voters check that their e-vote is cast as they intended and properly included in an accurate count? Vanessa Teague University of Melbourne vjteague@unimelb.edu.au CIS department seminar, March ’14

2 Why verifiable voting? What’s wrong with this picture? Electoral Commission server with decryption key Voters PCs Encrypted votes Election outcome RSA

3 The challenge Vote privacy is relatively easy Using standard crypto and a completely trusted decryption & counting system Verifiability is relatively easy If you don’t care about privacy: just make all the votes public The challenge is to do both: verifiably accurate results that preserve privacy

4 Electronic election verification Each voter can check that their vote matches their intention Even if the computer they’re using is compromised Everyone can check that the votes were properly handled after casting Not in this talk Details about privacy Verifying the counting software e.g. Rajeev Goré’s work on EVACS. Other important requirements Usability, robustness, security from outside attack,

5 Outline On the Internet NSW (Everyone Counts) Norway (Gjøsteen, Scytl) Helios (Adida, de Marneffe, Pereira et al.) In the polling place VEC verifiable system based on prêt à voter Electronic ballot markers (WA, Tas, proposed NSW)

6 iVote (NSW) 2011 Voters log in again later to query the system and see if they get the right “verification” number back Verif1 Verif2 Verif3

7 iVote 2015 A new version is proposed for 2015 NSW state election Voter sends vote to server using plain SSL/TLS again Each voter checks their vote (unencrypted) with an “auditor” But don’t worry, the auditor can’t possibly tell who you are just by looking at your IP address Auditor promises to check that they all go properly into the count See draft design at http://www.elections.nsw.gov.au/__data/assets/pdf_file/0 003/125454/iVote_Strategy_for_SGE_2015_amd_1.pdf

8 iVote (proposed NSW) 2015 Plaintext vote check with auditor Auditor TLS Electoral Commission

9 Outline On the Internet NSW (Everyone Counts) Norway (Gjøsteen, Scytl) Helios (Adida, de Marneffe, Pereira et al.) In the polling place VEC verifiable system based on prêt à voter Electronic ballot markers (WA, Tas, proposed NSW)

10 Norway A partially-verifiable Internet voting scheme Used in recent Norwegian local & parliamentary elections Openly-available source code with public docs & papers Uses Norwegian government electronic ID scheme Implemented by Scytl

11 Example 3: Norway Each voter gets a “code sheet” by snail mail Everyone’s code sheet is different Voter’s PC encrypts party name, sends to server Authorities SMS party code to voter’s mobile phone Corrupt PC can’t lie about your vote undetectably Unless it learns the codes Red Green Chequered Fuzzy Cross Yellow 3492 3489 8934 3513 9253 0114

12 Norway An admirable process Public consultation, open source code, academic review, honesty about problems Still some gaps in the protocol But at least they know what they are And some bugs in the implementation But there’s a process for finding and fixing them The open process allows for a scientific discussion based on facts & careful analysis

13 Outline On the Internet NSW (Everyone Counts) Norway (Gjøsteen, Scytl) Helios (Adida, de Marneffe, Pereira et al.) In the polling place VEC verifiable system based on prêt à voter Electronic ballot markers (WA, Tas, proposed NSW)

14 Helios An “end-to-end verifiable” Internet voting scheme By Adida, de Marneffe, Pereira Source code and docs at heliosvoting.org Used by the IACR in their board elections Each voter can verify that their vote is cast as they intended Properly included in the count Anyone can verify that all the included votes are properly decrypted and tallied

15 One-page reminder about public key crypto The receiver generates two keys: a public key e (for encrypting), and a private key d (for decrypting) She publicises the public key e People use this for encrypting messages They also include some randomness r Ciphertext C = Enc e (msg, r) She keeps the private key d secret She uses this for decrypting messages

16 Helios: cast-as-intended verification You don’t trust your PC to encrypt the right thing You do trust your PC for privacy Ask your PC to produce lots of (different) encrypted votes It doesn’t know which one you’re going to use Photograph them, print them, or send them to other devices Ask your PC to ‘open’ all but one of them i.e. to tell you the randomness r it used for encrypting Get the other devices to check the encryption was right They just recompute Enc e (msg, r) Cast the one you didn’t open So your privacy is preserved

17 So why not use Helios for Aus government elections? Difficulty of cast-as-intended protocol Voters need to understand it to get it right Extension to STV ballots with 97 people Computational scalability

18 Internet Voting: summary There is no end-to-end verifiable Internet voting scheme that’s Usable for ordinary voters Adaptable to Australian-style preferential elections And we haven’t even talked about Authenticating the voters Preserving privacy

19 Outline On the Internet NSW (Everyone Counts) Norway (Gjøsteen, Scytl) Helios (Adida, de Marneffe, Pereira et al.) In the polling place Vic verifiable system based on prêt à voter Voting Checking from home that your vote is there Verifying shuffling and decryption Privacy Electronic ballot markers (WA, Tas, proposed NSW)

20 The Victorian Electoral Commission’s polling-place voting system I’ve done a lot of work on this project But am not representing the VEC’s official position in any way Based on the prêt à voter end-to-end verifiable voting scheme (Ryan, Schneider, Chaum) Implemented by a team at U Surrey (Culnane, Heather, Schneider) With some help from the VEC (Burton) This scheme is end-to-end verifiable Except that the point its output is joined in with the rest of the ballots is observable only by scrutineers

21 Victoria polling-place 2014 cont’d Each voter gets a human-readable printout to check The printout is transformed into an encrypted receipt The voter gets evidence that this is the vote they intended Without being able to prove to others how they voted Voter takes their encrypted receipt home checks that it’s in the accepted list The accepted list is shuffled & decrypted with a mathematical proof of correctness Which anyone can check Source code at https://bitbucket.org/vvotehttps://bitbucket.org/vvote

22 Prêt à Voter Uses pre-prepared paper ballot forms that encode the vote in familiar form. The candidate list is randomised for each ballot form. Information defining the candidate list is encrypted in an “onion” value printed on each ballot form. Actually, we print a serial number that points to the encrypted values in a public table Red Green Chequered Fuzzy Cross $rJ9*mn4R&8

23 Ballot auditing Each voter can challenge as many ballots as they like And get a proof that the onion matches the candidate list Then don’t use that ballot Then vote on an unchallenged one So you can’t prove how you voted Red Green Chequered Fuzzy Cross $rJ9*mn4R&8

24 Voting Fill in the boxes as usual Use a computer to help Check its printout Against candidate list Shred candidate list Computer uploads vote Same info as on printout Take printout home It doesn’t reveal the vote $rJ9*mn4R&8 Red Green Chequered Fuzzy Cross $rJ9*mn4R&8 1 2 3 4 5

25 Outline On the Internet NSW (Everyone Counts) Norway (Gjøsteen, Scytl) Helios (Adida, de Marneffe, Pereira et al.) In the polling place Vic verifiable system based on prêt à voter Voting Checking from home that your vote is there Verifying shuffling and decryption Privacy Electronic ballot markers (WA, Tas, proposed NSW)

26 Checking from home that your vote is there There’s a public website listing all the receipts More precisely, there’s a “bulletin board” which is a public website augmented with some evidence that everyone sees the same data Find yours

27 Outline On the Internet NSW (Everyone Counts) Norway (Gjøsteen, Scytl) Helios (Adida, de Marneffe, Pereira et al.) In the polling place Vic verifiable system based on prêt à voter Voting Checking from home that your vote is there Verifying shuffling and decryption Privacy Electronic ballot markers (WA, Tas, proposed NSW)

28 Verifying shuffling and decryption Now we have a list of encrypted votes On a public website Encrypted, and linked to voter’s identities Because each voter still holds their receipt We want to Shuffle the votes To break the link with voter ID Decrypt the votes Prove that this was done correctly

29 What’s public-key cryptography? The receiver generates two keys: a public key e (for encrypting), and a private key d (for decrypting) She publicises the public key e People use this for encrypting messages They also include some randomness She keeps the private key d secret She uses this for decrypting messages

30 Picture of public-key cryptography Sender Receiver RSA

31 Re-randomising encryption Without knowing the secret key, re-do the randomness used in the encryption The message stays the same But the new encryption can’t be linked to the old one

32 Randomised partial checking By Jakobsson, Juels & Rivest Significant improvements by Wikström We can’t (completely) prevent a hacker from breaking in to all the computers and changing the votes, but We can check the process thoroughly enough to be confident that If the checks succeed then The system produced the right output With very high probability

33 Randomised partial checking A pair of mix servers shuffle and rerandomise Choose randomly to prove the link to start or end

34 Provable decryption step Trust me, this can be done Using chaum-pedersen proofs of dlog equality Showing proper decryption of El Gamal ciphertext given El Gamal public key

35 Outline On the Internet NSW (Everyone Counts) Norway (Gjøsteen, Scytl) Helios (Adida, de Marneffe, Pereira et al.) In the polling place Vic verifiable system based on prêt à voter Voting Checking from home that your vote is there Verifying shuffling and decryption Privacy Electronic ballot markers (WA, Tas, proposed NSW)

36 Privacy Whenever you have a computer helping you fill in your vote, that computer is a privacy risk So is the ballot printer There are some clever schemes for verifiable voting that don’t tell your computer how you voted e.g. the “plain” version of prêt à voter in which you fill in the ballot with a pencil But none of them work with 30-candidate STV This scheme does about the best I can imagine at preserving privacy while providing a usable 30- candidate STV vote

37 Summary This provides a rigorous after-the-fact argument that the answer was right (with high probability) To the court we’d say We worked really hard to make sure the software was correct We worked really hard to make the computers secure But even if these were not perfect: The voters & the public could check the integrity of the data directly And the scrutineers can reconcile that with the rest of the count And would have detected a manipulation with high probability

38 Feedback If you’d like to write your own proof checker, verifier, signature checker, etc, for vVote, please come and talk to me, If you think you’ve found a bug, please come and talk to me, If you read the supporting materials and you think you’ve found a bug, please come and talk to me.

39 Outline On the Internet Helios (Adida, de Marneffe, Pereira et al.) NSW (Everyone Counts) Norway (Gjøsteen, Scytl) In the polling place VEC verifiable system based on prêt à voter Electronic ballot markers (WA, Tas, proposed NSW)

40 A human-readable paper record So the voter can check directly that their vote is cast as they intended Electronic ballot marker Vote on a computer, print your vote, put it in a ballot box In use in WA & Tas, proposed in NSW Good for voters who need assistance and also for validity checking for everyone

41 Conclusion Verifiable Internet voting is an unsolved problem Verifiable polling-place voting has several sensible solutions But there are important details in extending them to Australian voting

42 So what happens now? The AEC recently produced a discussion paper on Internet voting http://www.eca.gov.au/media/18-09-13.htm "7.8 As noted in Part 1, the extent to which it can be guaranteed that votes cast on the internet will not be susceptible to interference of one form or another has been a matter of vigorous dispute. This paper takes no stand on that issue,..." "7.17 The need for new transparency mechanisms to replace those associated with the paper ballot remains a matter of fundamental importance, and one which will rise in significance in direct proportion to the number of people actually using internet voting. Elaboration of such mechanisms is beyond the scope of this paper."

Download ppt "Can voters check that their e-vote is cast as they intended and properly included in an accurate count? Vanessa Teague University of Melbourne"

Similar presentations

Receipt-Free Universally-Verifiable Voting With Everlasting Privacy Tal Moran.

Receipt-Free Universally-Verifiable Voting With Everlasting Privacy Tal Moran.
Secret Ballot Receipts: True Voter Verifiable Elections Author: David Chaum Published: IEEE Security & Privacy Presenter: Adam Anthony.

Secret Ballot Receipts: True Voter Verifiable Elections Author: David Chaum Published: IEEE Security & Privacy Presenter: Adam Anthony.
Pretty Good Democracy James Heather, University of Surrey

Pretty Good Democracy James Heather, University of Surrey
RPC Mixing: Making Mix-Nets Robust for Electronic Voting Ron Rivest MIT Markus Jakobsson Ari Juels RSA Laboratories.

RPC Mixing: Making Mix-Nets Robust for Electronic Voting Ron Rivest MIT Markus Jakobsson Ari Juels RSA Laboratories.
Talk by Vanessa Teague, University of Melbourne Joint work with Chris Culnane, James Heather & Steve Schneider at University of.

Talk by Vanessa Teague, University of Melbourne Joint work with Chris Culnane, James Heather & Steve Schneider at University of.
Electronic Voting Ronald L. Rivest MIT CSAIL Norway June 14, 2004.

Electronic Voting Ronald L. Rivest MIT CSAIL Norway June 14, 2004.
Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.

Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.
Civitas Verifiability and Coercion Resistance for Remote Voting University of South Alabama August 15, 2012 Michael Clarkson The George Washington University.

Civitas Verifiability and Coercion Resistance for Remote Voting University of South Alabama August 15, 2012 Michael Clarkson The George Washington University.
Civitas Security and Transparency for Remote Voting Swiss E-Voting Workshop September 6, 2010 Michael Clarkson Cornell University with Stephen Chong (Harvard)

Civitas Security and Transparency for Remote Voting Swiss E-Voting Workshop September 6, 2010 Michael Clarkson Cornell University with Stephen Chong (Harvard)
A Pairing-Based Blind Signature

A Pairing-Based Blind Signature
A Supervised Verifiable Voting Protocol for the Victorian Electoral Commission Craig Burton 1 Chris Culnane 2 James Heather 2 Thea Peacock 3 Peter Y. A.

A Supervised Verifiable Voting Protocol for the Victorian Electoral Commission Craig Burton 1 Chris Culnane 2 James Heather 2 Thea Peacock 3 Peter Y. A.
ThreeBallot, VAV, and Twin Ronald L. Rivest – MIT CSAIL Warren D. Smith - CRV Talk at EVT’07 (Boston) August 6, 2007 Ballot Box Ballot Mixer Receipt G.

ThreeBallot, VAV, and Twin Ronald L. Rivest – MIT CSAIL Warren D. Smith - CRV Talk at EVT’07 (Boston) August 6, 2007 Ballot Box Ballot Mixer Receipt G.
James Heather, University of Surrey Peter Y A Ryan, University of Luxembourg Vanessa Teague, University of Melbourne.

James Heather, University of Surrey Peter Y A Ryan, University of Luxembourg Vanessa Teague, University of Melbourne.
Cryptographic Voting Protocols: A Systems Perspective Chris Karlof Naveen Sastry David Wagner UC-Berkeley Direct Recording Electronic voting machines (DREs)

Cryptographic Voting Protocols: A Systems Perspective Chris Karlof Naveen Sastry David Wagner UC-Berkeley Direct Recording Electronic voting machines (DREs)
1 Receipt-freedom in voting Pieter van Ede. 2 Important properties of voting  Authority: only authorized persons can vote  One vote  Secrecy: nobody.

1 Receipt-freedom in voting Pieter van Ede. 2 Important properties of voting  Authority: only authorized persons can vote  One vote  Secrecy: nobody.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Digital Signatures. Anononymity and the Internet.

Digital Signatures. Anononymity and the Internet.
Receipt-Free Universally-Verifiable Voting With Everlasting Privacy Tal Moran Joint work with Moni Naor.

Receipt-Free Universally-Verifiable Voting With Everlasting Privacy Tal Moran Joint work with Moni Naor.
Vanessa Teague Department of Computer Science and Software Engineering University of Melbourne Australia.

Vanessa Teague Department of Computer Science and Software Engineering University of Melbourne Australia.
Self-Enforcing E-Voting (SEEV) Feng Hao Newcastle University, UK CryptoForma’13, Egham.

Self-Enforcing E-Voting (SEEV) Feng Hao Newcastle University, UK CryptoForma’13, Egham.

Similar presentations

Ads by Google