Verifiable Elections Via Cryptography

An anonymous reader writes, "Cryptographer David Chaum and his research team have invented a new voting protocol which allows voters to verify that their vote has been correctly cast and counted. This is enabled using a surprisingly low-tech technique of cryptographic secret sharing. The secret — your marked ballot — is split into two halves using a hole punch" You take half home and can verify later via a Web interface how your particular ballot was counted.

Re:Start your biding...

[aprilsound]

Actualy if we all went and RTFA first, we would see that they have solved the problem. You can't prove how you voted to someone who didn't see the other half of the ballot you voted with.

This system prevents that problem

[billstewart]

David Chaum [wikipedia.org]'s done a lot of work on the topic of secure voting, and this is a really cool simplification of some of his earlier work. It's nice and low-tech, and still does the job. If you go read the Punchscan.org FAQ [wikipedia.org], the second item is about preventing coercion and verifiable-vote-buying.

Of course, this doesn't prevent traditional vote-tampering methods from working, like

• TV commercials scaring voters about the other parties, or
• politicians making bogus promises, or
• dead people voting (as long as people with their names show up to vote), or
• election departments not providing enough voting machines or ballots at heavily-one-party-dominated precincts, or
• election officials invalidating registrations of people in the wrong party, or
• police harassing motorists in black areas on the way to the polls, etc.

But at least it's better than Diebold.

Everyone has so far completely missed the point!

[X-treme-LLama]

Good lord! How is it that 70% of people have completely missed the point?

This system DOES NOT allow ANYONE to see WHOM you voted for.

That's right. NO ONE short of the people in charge can see who you voted for. You boss can't make you prove it, nor can your spouse, or whoever else.

All the ballot half you keep records is that you voted A, B, B, A. All you can verify online is that your vote was recorded as A, B, B, A. Because the ballot choices are randomized, no one can tell who A was for your particular ballot. Ahh, but I already hear the tin-foil brigade saying: "But the people in charge can check!!" Really, how? The ID # of your ballot isn't recorded next to your name in the voter rolls, I suppose someone who had access to all the decryption keys could fingerprint each and every ballot, but anyone who can get ahold of any of the paper ballots can do that now. Is it no less secure than any traditional method of voting, and superior in a vast number of ways. As long as a few percent of people check that their votes match what they recorded, elections will be a lot closer to tamper-proof.

How did so many people fail to figure all that out?

Re:Start your biding...

[buswolley]

Yeah... This is one reason why we have a SECRET BALLOT. Its hard to sell your vote if you haven't got a receipt.

Re:Start your biding...

[ralphbecket]

If you had read the paper (it isn't complicated) you would know that
- you can only verify that the mark you made was the mark that was recorded, you cannot verify which option you marked
- the auditors (normally the candidates) randomly sample the ballots before and after the election in such a way that they can verify statistically that counting proceeded fairly without violating voter anonymity. The chance of k miscounted votes going undetected is 1/2^k, so just thirty miscounted votes will have less than one in a billion chance of going unnoticed.

What on Earth does this system have to do with touch screens?

Re:Start your biding...

[Anonymous Coward]

Next time RTFA before you post your comment. Then you wont end up looking so stupid. That goes for the parent and grandparent as well.

Re:Start your biding...

[pHatidic]

There is a video on the website that explains how this works [punchscan.org].

Re:Because it is snake oil

[ralphbecket]

But how do I know that the cheating doesn't happen at this stage? It would be very easy for the machine to count all votes as being for George Bush regardless of what the bottom half of the ballot says (because the bottom half of the ballot has been destroyed).

No, because...

It claims to get around this by some auditing process.

If you READ THE POXY PAPER you would understand the auditing process. The candidates can audit 50% of the votes to check that they were counted correctly without violating voter anonymity. A single incorrectly counted vote has a 50/50 chance of being missed. Thirty incorrectly counted votes have a chance of 1/1,000,000,000 of going undetected. The voters themselves verify that it is their votes that are being counted.

Re:Start your biding...

[Fahrenheit 450]

I love it when people talk loudly about things they don't understand. There are a number of information-theoretic secure constructs in cryptography that are unbreakable no matter how much computational might you bring to bear on the problem. One simple example is Shamir secret sharing (and the many variants) where you essentially have a system of equations with fewer equations than unknowns, thus like one time pads, every assignment is equally likely to be the correct solution to the problem.