kickoff meeting „ e-voting seminar“

A. Steffen, 17.09.2009, Kickoff.pptx 1

Kickoff Meeting „E-Voting Seminar“

An Introduction toCryptographic Voting

SystemsProf. Andreas Steffen

Hochschule für Technik Rapperswilandreas.steffen@hsr.ch

Cryptographic Voting Systems

• Due to repeated failures and detected vulnerabilities in both electro-mechanical and electronic voting machines, voters have somehow lost faith that the outcome of a poll always represents the true will of the electorate.

• Even more uncertain is electronic voting over the Internet which is potentially prone to coercion and vote-selling (this doesn‘t seem to be an issue in Switzerland).

• Manual counting of paper ballots is not really an option in the21st century and is not free from tampering either.

• Modern cryptographic voting systems allow true end-to-end verification of the complete voting process by any individual voter, without sacrificing secrecy and privacy.

Summary of my talk:

Losing Trust in Electronic Voting Systems

2006 - Princeton study on Diebold DRE:

Hack the vote? No problem2006 - Dutch ES3B voting machines:

Hacked to play chess

2006 - The Morning Call:

Voter smashes DRE inAllentown with metal

March 3 2009 - Germany:

Bundesverfassungsgericht

bans unverifiable E-voting

E-Voting in my home town Schlieren

Hidden PIN

„Internet-based voting does not have tobe more secure as voting per snail mail“Justice Department of the Canton of Zurich

[In]Security Features

Protection fromMan-in-the-Middle

attacks

E-Voting Website

Voter Login

Ballot (PHP Form)

E-Voting in my home town Schlieren

Voter Authentication

Transmission Receipt

Conclusion

So what?„You are not allowed to know. The exact transactionprocessing is kept secret due to security reasons“

Justice Department of the Canton of Zurich

Traditional Chain-of-Custody Security

Tallying

Source: Ben Adida, Ph.D. Thesis 2006

Software VerificationSealing

Verification by proxy only

Desirable: End-to-End Verification by Voter

Secrecy?Privacy?

End-to-End Auditable Voting System (E2E)

• Any voter can verify that his or her ballot is included unmodified in a collection of ballots.

• Any voter (and typically any independent party additionally) can verify [with high probability] that the collection of ballots produces the correct final tally.

• No voter can demonstrate how he or she voted to any third party (thus preventing vote-selling and coercion).

Source: Wikipedia

Solution: Cryptographic Voting Systems

Threshold Decryption

ElGamal / Paillier

HomomorphicTallying

Mixnet

Tamper-ProofBulletin Board

Proposed E2E Systems

• Punchscan by David Chaum.• Prêt à Voter by Peter Ryan.• Scratch & Vote by Ben Adida and Ron Rivest.• ThreeBallot by Ron Rivest (paper-based without

cryptography)• Scantegrity II by David Chaum, Ron Rivest, Peter Ryan et

al.(add-on to optical scan voting systems using Invisible Ink)

• Helios by Ben Adida (http://www.heliosvoting.org/)

Scratch & Vote Ballot

McCainNone

Randomized

candidate list

2D barcode

Scratch surfacer1r2r3

Encryptpk(256, r1)

Encryptpk(20 , r2)

Encryptpk(228, r3)

ElGamal or PaillierPublic Key Encryption

Random Key

Perforation

Homomorphic Counters

One vote for Obama

256 00...01

00...00

One vote for McCain228 00...00

00...01

00...00

One vote for None20 00...00

00...00

00...01

Tallying Counter00...10

00...01

00...00

Multiplication of all encrypted votes with Tallying Counteraccumulates votes in the candidates‘ counters in encrypted

Obama McCain None

Total number of registered U.S. voters < 228 (28 bits)1024 bit Paillier Public Key Cryptosystem could handle 35

candidates

Pre-Voting Verification I

McCain

NoneObama

McCainObama

Valerie the VoterVote Audit

Pre-Voting Verification II

McCain

NoneObama

McCainObama

Valerie the VoterVote Audit

r1 r2 r3

McCainObama

Casting the Ballot I

McCain

NoneObama

Valerie the Voter

Casting the Ballot II

Valerie the Voter

McCain

NoneObama

Ed theElection Official

Casting the Ballot III

Valerie the Voter

OpticalScanner

Keep asa receipt

Ed theElection Official

Post-Voting Verification

Valerie the Voter

Valerie Vanessa VictorWeb Bulletin Board

Tally and Decryption of Final Result

Vanessa VictorWeb Bulletin Board

0101101...11100100011

Homomorphic Addition

Encrypted tallying counter

Valerie00...1

000...0

100...0

Obama McCain None

Democrats

Threshold decryption withshared private key

Republicans

Independents

Conclusion

• Modern Cryptographic Voting Systems allow true end-to-end verification of the whole voting process by anyone while maintaining a very high level of secrecy.

• Due to the advanced mathematical principles they are based on, Cryptographic Voting Systems are not easy to understand and are therefore not readily accepted by authorities and the electorate.

• But let‘s give Cryptographic Voting Systems a chance!They can give democracy a new meaning in the 21st century!

kickoff meeting „ e-voting seminar“

electronic voting systems

evoting website

electronic voting machines

complete voting process

voter source

auditable voting system

individual voter

voter login

Documents

maymester kickoff

kickoff- 8.31.11

mit kickoff

kickoff meeting „ e-voting seminar“

2012 kickoff

seminar report on e – voting - sit.iitkgp.ac.in ·...

online seminar kickoff

seminar report on e â€“ voting - school of information...

kickoff 2012

increasing student engagement caroline clements, ph.d....

seminar presentation:electronic voting

summit kickoff

semantic multimedia - seminar sommersemester 2011 - kickoff

weekly success meeting & guest event seminar year...

multimedia analyse-techniken -- bachelor-seminar 2011,...

semantic media mining seminar - kickoff

seminar report on e – · pdf filee-voting seminar report...

seminar semantic media mining - kickoff

seminar: computational geometry and geometric computing -...

electronic voting and automation cheryl a. yager union...