Verifiable Elections Via Cryptography

An anonymous reader writes, "Cryptographer David Chaum and his research team have invented a new voting protocol which allows voters to verify that their vote has been correctly cast and counted. This is enabled using a surprisingly low-tech technique of cryptographic secret sharing. The secret — your marked ballot — is split into two halves using a hole punch" You take half home and can verify later via a Web interface how your particular ballot was counted.

Re:Start your biding...

[QuantumG]

All employees are required to vote for the boss' favourite party, bring receipts on Monday or find a new job.

Re:Unacceptable.

[mrcaseyj]

I was thinking that it was an important goal that votes not be verifiable by vote buyers or extortionists like bosses and husbands, but then I realized that the current absentee system has no secrecy anyway. In my area I'm not even allowed to vote any other way but absentee. Absentee balots could ruin the election even for people who don't vote absentee.

By the way, why are so few posts getting modded up the last couple of days? In the article about melting arctic ice only 7 out of 250 posts got modded above the noise of the +2 posts and only 2 got modded to +4 or 5.

Re:Start your biding...

[QuantumG]

Nah, see, what's really scary is the people who modded me up to +4 without reading the article. That's democracy.

This needs some clarification.

[khasim]

The entire system depends upon computer voting systems without a verifiable paper trail. I thought that this issue was settled already, but apparently it is not.

In this scheme, your ballot has a part A and a part B. Neither of the parts has a human readable vote on it.

A computer is required and it must have been programmed with the relationship of your particular ballot's part A and part B. That means that on your ballot, the computer knows that selections A, B, C and D relate to John, Paul, George and Ringo, respectively.

Now, this relationship information CANNOT BE MADE PUBLIC because if it was, your vote receipt would be able to be used by anyone to confirm how you voted.

Since the information in the system CANNOT BE MADE PUBLIC, we are right back to the current Diebold situation. All it takes is a minor change in the programming that CANNOT BE MADE PUBLIC and the votes are going to another party. And this is, by design, UNVERIFIABLE by the public.

So, you vote this way, you follow all the instructions ... and you can verify that the machine counted your vote marked in the 4th window on the ballot.

It's up the whomever programmed the computer to decide who your vote will count towards. And, by design, you'll never be able to validate that.

Re:Because it is snake oil

[swillden]

Sure, by opening up the right side of 50% of all votes, and the left side of the other 50% you can verify that the tables are indeed correct.

No, you open up the right side of 100% of the votes and the left side of 100% of the votes -- but you permute the votes so that they can't be lined up. This is why multiple mapping tables are used.

But that still does not mean they are counted correctly.

Yes, it does. All of the tables with the decrypted vote sides opened provide everything you need to tally the results. The only possible way to produce incorrect tallies is to slip some mapping tables in that don't match the ballots in either the right or the left-hand side. But the commitment and verification means that can't be done without the error being revealed (with very high probability).

Because those tables have a published signature, they can't be changed anymore, so I guess that final count is the only place that could be used for fraud. But since that final count is a very simple straightforward operation it could be done several times, on different hardware, with no writable media installed at all (to avoid stealing of the data)

It can be done as many times as you want, by as many people as you want, with whatever sort of hardware you want -- because all of the data needed to do it is published. You yourself could do it, with or without writable media installed. You just download the tables and total up the votes.

How do you know the result is correct?

1. You know the mapping tables contain the real ballot transforms because of the pre-election verification.
2. You know the encrypted votes line up with the partially-decrypted votes because you can verify it in the tables with the encrypted side opened.
3. You know the encrypted votes match the actual voter's ballots because the encrypted vote totals agree with the published encrypted vote table (the one the voters use to verify their receipt), and because voters can verify their encrypted votes.
4. You know the partially-decrypted votes line up with the decrypted votes because you can verify it in the tables with the decrypted side opened.
5. You know that your totals are correct (or at least free from intentional bias) because you wrote software that totalled the decrypted votes (from the tables with the decrypted side opened)

And the real evidence that all of this is done correctly is that anyone and everyone who wants to can perform all of these mapping table verifications, meaning that if there's a problem, someone will scream about it. Just as important, anyone who does complain has all the information needed to be able to prove that there is a problem. If they can't, it's because there isn't one.

The only risk here is that the anonymity of the votes may not be quite as strong as we'd like. The integrity of the tallies is indisputable.