Become a fan of Slashdot on Facebook


Forgot your password?

Verifiable Elections Via Cryptography 409

An anonymous reader writes, "Cryptographer David Chaum and his research team have invented a new voting protocol which allows voters to verify that their vote has been correctly cast and counted. This is enabled using a surprisingly low-tech technique of cryptographic secret sharing. The secret — your marked ballot — is split into two halves using a hole punch" You take half home and can verify later via a Web interface how your particular ballot was counted.
This discussion has been archived. No new comments can be posted.

Verifiable Elections Via Cryptography

Comments Filter:
  • Okay, I've watched the video and read the article.

    I still don't understand it. Why does their video have two different types of hand writing on it? Is the voter supposed to write in all the options when s/he votes?

    What's to stop someone from getting a copy of the form and threatening you unless you vote the way they want you to? Unless every form is different (is this the part why the hand writing is different?), any attempt to match the vote online can be used to verify that you voted the way you were told
  • Doesn't this method require a government willing to hold itself up to scrutiny? I love the fact that people are coming up with excellent ways to ensure a secure vote, but the fact of the matter is, nothing has been done to fix the existing holes that have been found in the voting machines that are being used, even after widespread media coverage. New methods of voting aren't going to solve things, getting the existing government out of power so that we can actually implement these ideas will.

  • Many people here have pointed out the uselessness of this method, not to add the
    social pressures it may cause in communities or groups where things have a
    to happen a certain way if you know what I mean...

    To add to that I can see no place where cryptography is used other than possibly
    trying to determine the probability that on any particular ballot card Party A
    was on the right or the left, thats just simple probability theory nothing else.

    • Cryptography is all about probability, really. When you use hash functions like MD5 and SHA-1, you're counting on the low probability of collision. When you encrypt something, you're counting on the ciphertext being in a way that your probability of guessing the nature of plaintext is the same no matter how you guess it. A ciphertext that simply looks like random noise isn't enough.
  • I mean really... its too easy to be adopted... and you would able to have recounts... no go from the gitgo
  • It looks like they addressed the sticky problem of having a husband/boss/union demanding you vote a certain way then verifying it. Check it out before freaking out over this scenario.

    However they solved the wrong problem. The problem is not that a solution like this did not exist, the problem is that the government does not want it. We cannot even get Diebold to print out a paper trail or get their software certified legally (they sneak around and use uncertified patches at the last minute).

    The real problem
    • If we could just wait a day or so and let paper ballots be counted we would not have these issues. Sure paper ballots could be miscounted but there are more eyeballs, and it would certainly be harder to pull off a massive fraud like what would be trivial with today's Diebold machines.

      Definitely. I've just gone and watched the demo, and read a bit about it. Good on these people for coming up with a system where it's (apparently) impossible to prove to anyone else who you voted for, yet still allows for s

  • by X-treme-LLama ( 178013 ) on Sunday November 05, 2006 @11:22PM (#16730907) Homepage
    Good lord! How is it that 70% of people have completely missed the point?

    This system DOES NOT allow ANYONE to see WHOM you voted for.

    That's right. NO ONE short of the people in charge can see who you voted for. You boss can't make you prove it, nor can your spouse, or whoever else.

    All the ballot half you keep records is that you voted A, B, B, A. All you can verify online is that your vote was recorded as A, B, B, A. Because the ballot choices are randomized, no one can tell who A was for your particular ballot. Ahh, but I already hear the tin-foil brigade saying: "But the people in charge can check!!" Really, how? The ID # of your ballot isn't recorded next to your name in the voter rolls, I suppose someone who had access to all the decryption keys could fingerprint each and every ballot, but anyone who can get ahold of any of the paper ballots can do that now. Is it no less secure than any traditional method of voting, and superior in a vast number of ways. As long as a few percent of people check that their votes match what they recorded, elections will be a lot closer to tamper-proof.

    How did so many people fail to figure all that out?
    • No.
      True, the system doesn't allow people to sell their vote, but it doesn't allow people to actually verify their vote either. As I mentioned in a previous post:

      Basically, the method you describe only lets me verify that the ballot was thrown into some machine with the left side marked or the right side marked. It then counts the vote as being for Al Gore or George Bush based on some machine which matches my ballot (left or right side), with the machine's knowledge of whether left or right means Al Gore or
      • Re: (Score:3, Informative)

        by ralphbecket ( 225429 )

        But how do I know that the cheating doesn't happen at this stage? It would be very easy for the machine to count all votes as being for George Bush regardless of what the bottom half of the ballot says (because the bottom half of the ballot has been destroyed).

        No, because...

        It claims to get around this by some auditing process.

        If you READ THE POXY PAPER you would understand the auditing process. The candidates can audit 50% of the votes to check that they were counted correctly without violating voter anon

    • You're right. However, this system has a more basic issue: A generalized variant of the "Stroop" effect [] as we call it in psychology. People excpect consistency. This system relies on randomization of both "letter" assignment (A. or B. to choice 1 or 2) and randomization of side (A or B is on left or right). This is a clusterfuck in the making. People expect the first choice to correspond to the leftmost option, and that the first choice will be choice A. Always. Furthermore, on a ballot, people expect i
    • How did so many people fail to figure all that out?

      How is it that you've been a Slashdot member since at least July and you're still asking questions like this?

    • Bad assumptions. 1) Ballot Choices in all states are NOT Randomized. Some use National, State, Local and within that alphabetical order, some incumbents first, etc. so for someone to know your vote from the A,B,B, A receipt they just have to know the order. Many states also print up Sample Ballots which could also be used to check up on someone based on the choices on the receipt. 2) Someone else posted that Ohio does associate your ballot number with your name so your secrecy is gone already that way.

      I wou
  • This is the same ancient idea, with the same ancient problems...

    It allows for extortion and buying of votes (others can verify who you really voted for).

    There's no guarantee that the machine verifying your reciept, is acurately reflecting how your vote was really counted, as opposed to counting all votes in reverse.

    It does nothing to stop dead (or phantom) people from voting. They aren't going to complain...
  • I posted this on Slashdot a couple of months ago... How different is the concept? 15828335 []

  • It only seems suitable for first past the post voting. How about those of us with instant runoffs?
  • by kthejoker ( 931838 ) on Monday November 06, 2006 @12:43AM (#16731453)
    My district has roughly 650,000 voters in it.

    Let's assume we have the best turnout in a non-Presidential election in the past 40 years: 54%. That's highly unlikely - no one's really contesting in my district (our guy's an old time shoo-in) - but who knows? People might show up.

    54% of 650,000 = 350,000, give or take a few.

    How long would it take to count 350,000 votes for something?

    Let's assume a person can count 1 vote every 3 seconds. Count it out loud. "1. 2. 3." It's pretty slow, actually, but let's be fair: some of our more civic-minded people are also some of our eldest, and they're a bit slow.

    So 1 vote every 3 seconds, that's 20 votes a minute, which is 1200 votes an hour.

    350,000 / 1200 = 291 man hours.

    In 8 hour shifts, that's 37 people. And considering my district is spread out over 30 towns, that's roughly 1 person per city - 2 for some of the larger ones. Find 37 more people and you've even got redundancy.

    And that's if you want it done in one day.

    How about the Presidential election? 2004 was considered a banner year for turnout. Number of voters? 122,294,978. We'll round it down to 120 million. Again, 1200 votes an hour: that's 100,000 man hours.

    8 hour shifts, that's 12,500 people. Again, that's in 8 hours, reading 1 vote every 3 seconds. If you got it down to 1 vote every 2.5 seconds (and trust me, when things are repetitive, it's easy to speed through), suddenly you only need 10,417 people.

    You've just laid off 2,100 poll workers in half a second.

    There is no reason at all for a backlash against paper balloting. It is quick enough. In fact that should be the motto for all paper balloting:

    PAPER Balloting: It's Quick Enough.(TM)

The primary function of the design engineer is to make things difficult for the fabricator and impossible for the serviceman.