A Proposal for Election Security

8/6/2019 A Proposal for Election Security

1/25


2/25

A Proposal for Election Security:Easy roadmap to voter confidence

David Chaum


3/25

OUTLINE

VoteMeter

Election System Performance Ratings

Votegrity


4/25

OUTLINE

VoteMeter

$100/DRE, voter-verifiable state control


Votegrity


5/25

VoteMeter & PrinterFace

State-Level controls

(including version #s)

Better blind voterintegrity

Open interface

standard

See VoteMeter.com


6/25

OUTLINE

VoteMeter


Votegrity


7/25

Attributes System

Class

Currenttouch-screenDRE

Votemeter

Cleartextvoter-verifiabletrail

Separateentering &castingstations

Encryptedvoter-verifiablereceipts

1. Integrity (tallied as cast withtransparency, the basis of voterconfidence)

Poor Better (allelectronic)

Better(punch cardlike)

Better(precinctscan like)

Excellent(provable)

1.1 need to trust system provider yes partly partly partly no need

1.2 need to assume no providercollusion

n/a yes n/a yes no need

1.3 need recount of ballot artifact n/a n/a yes yes no need

1.4 voter verifiable end-to-end no no no no yes1.5 protections for audio voting no partly n/a partly n/a

2. Privacy (Secrecy Part I: voterprotected from being linked tovote by system)

Fair Poor Fair Poor Good

2.1 trust additional machineproviders

no required no required no

2.2 privacy of provisional votes no no no no yes

3. Ballot secrecy (Secrecy Part II:voter protected from improperinfluence schemes)

OK OK Un-acceptable

Un-acceptable

OK

3.1 allows voter to sign ballotartifact

n/a n/a yes yes no


8/25

Other aspects for comparison

1. Robustness

2. Accessibility

3. Reliably capturing voter intent

4. Adjudicating which ballots to count


9/25

OUTLINE

VoteMeter


Votegrity

DRE companion printer/viewer

NEW: Optical scan solution


10/25

Privategrity DRE enhancement

Newsweek, March 29, 2004 print edition The Future of Digital Voting by Steven Levy


11/25


12/25

Voter Gets Receipt & Casts

Voter copies ballot(through redacting folder)

Ballot carried in

redacting folder

Voter deposits ballot inballot box (still in folder)

Voter takes foldedballot and redacted copyof cast ballot as receipt

Copy


13/25

DETAILS SIDEBAR


14/25

The Initial Bulletin Board Posting

1st Batch 2nd Batch Empty forms

Envelopes are: Opaque Sealed

Bubbles unfilled Serial numbered(numbers uniqueper batch)


15/25

The Pre-printed Ballots

Candidate listpermutationsare random and

kept hidden


16/25

Folded Ballot Challenge

Everyone can see thatthe envelopes in thechain pointed to bythe folded ballot wereformed correctly.


17/25

Marking First EnvelopesSimple transferfrom the ballotbox to thebulletin board(checked next)


18/25

Marked Envelope Challenge

Voters can checkthat whats postedmatches receipt


19/25

1st Trustee Transfers Marks

1st trustee knowswhats written insideenvelopes of the 1stbatch and can transferthe mark accordingly

Link not

revealed


20/25

2nd Trustee Transfers Marks

2nd trustee knows

whats in 2nd batchenvelopes and uses itto transfer marks


21/25

Public Random Challenge

Coin flip per envelope in the first batch, like a lottery draw

(The cut and choose approach inspired by

Jakobsson, Juels, & Rivest)


22/25

Heads: 1st Envelope Opened

X-Ray View

Transferred markverified consistentwith previously secretcontent of envelope


23/25

Tails: 2nd Envelope Opened

X-Ray View Transfer verifiedconsistent with contentof second envelope


24/25

Conclusion


25/25

A Proposal for Election Security

Documents

Transcript of A Proposal for Election Security