Christian bull eVoting

596 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
596
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Christian bull eVoting

  1. 1. E-voting: An Acceptable Risk? Project CSO Christian Bull
  2. 2. Background
  3. 3. Background…or not. We don’t have time for that!
  4. 4. Remote Voting Over The Internet
  5. 5. Legal requirements for remote e-voting• The secrecy of the ballot can not be compromised!• Secrecy is retained by implementing the following: – Allowing unlimited re-voting – Votes cast in a controlled environment always supersede those cast uncontrolled (paper votes may supersede electronic votes) – An e-voting system that does not reveal or retain any connection between voter and vote – A good authentication mechanism – E-voting only in the advance voting period – Remote voting only as a supplement to paper voting
  6. 6. A quick overview of the solution - Log on - Submit vote E-voting system Receipt codePolling card
  7. 7. How does the system know who I am?
  8. 8. Authentiwhat?• When you turn up at the polling station, you are required to identify yourself.• Only since 2007 have you been required to produce an ID-card.• This is analogous to the process of authentication to a computer system, for instance using an eID.
  9. 9. Important properties of a good eID• It must be obvious to the user that this is an identity document.• A voter should not be tempted to sell his voting credentials. – It must have other uses than just e-voting. – These other uses must be familiar and of value to the voter
  10. 10. The Challenges of Remote e- voting• Auditability / transparency to the lay person• The buying and selling of votes• Coercion / family voting• Home computer security• Anonymity of the vote• Attacks scale
  11. 11. The Challenges of Remote e- voting• Auditability / transparency to the lay person• The buying and selling of votes• Coercion / family voting• Home computer security• Anonymity of the vote
  12. 12. Transparent e-voting?• Complete openness and transparecy in all aspects of the project• Available source code – Unfourtunately cryptography is really, really hard.• Cryptographic proofs of correctness – Even the voter gets one – The good thing about crypto is that it’s all just maths• Logging of all system events
  13. 13. Transparent e-voting?• Obviously open source won’t make the system understandable to ”everyone”• …and extensive use of esoteric cryptography makes things worse…• ..but at least the lay person can choose which expert to trust.• Besides, paper voting really isn’t that easy to understand either!
  14. 14. Communicating the crypto protocol• The cryptographer behind it is working on a conceptual description which should be understandable for anyone with high school maths• Amongst other things, we will try to integrate the protocol into maths education in high school.
  15. 15. The Challenges of Remote e- voting• Auditability / transparency to the lay person• The buying and selling of votes• Coercion / family voting• Home computer security• Anonymity of the vote
  16. 16. Buying and selling of votes• In practice this doesn’t scale• The seller can re-vote – Receipt for all cast votes, not only the final• Votes submitted from a polling station will supersede any vote cast remotely• Buyer would have to control seller’s eID – Would require the voter to give up a lot more than his vote
  17. 17. The Challenges of Remote e- voting• Auditability / transparency to the lay person• The buying and selling of votes• Coercion / family voting• Home computer security• Anonymity of the vote
  18. 18. Coercion/family voting• The coerced can re-vote – Receipt for all cast votes, not only the final• Votes submitted from a polling station will supersede any vote cast remotely• The system will never divulge that a previous vote has allready been recorded• If you accept that bastards are evenly distributed across the political spectrum, this doesn’t scale either.
  19. 19. The Challenges of Remote e- voting• Auditability / transparency to the lay person• The buying and selling of votes• Coercion / family voting• Home computer security• Anonymity of the vote
  20. 20. Encryption and storage of the vote
  21. 21. Conceptual model Distribution of secrets Vote Voting Internet AdministrativeVoter Collection system client Server Return Code Air gap Vote verification Generator Mix and count M of N key shares from parties with competing interests
  22. 22. ”Cleansing service” Counting e-votes Parti A 2 Parti B 1 Decryption service Mixing service

×