Christian bull eVoting

E-voting: An Acceptable Risk?

Project CSO Christian Bull

Background

…or not. We don’t have time for that!

Remote Voting Over The Internet

Legal requirements for remote e-voting
• The secrecy of the ballot can not be compromised!
• Secrecy is retained by implementing the following:
– Allowing unlimited re-voting
– Votes cast in a controlled environment always supersede those
cast uncontrolled (paper votes may supersede electronic votes)
– An e-voting system that does not reveal or retain any
connection between voter and vote
– A good authentication mechanism
– E-voting only in the advance voting period
– Remote voting only as a supplement to paper voting

A quick overview of the solution

- Log on
- Submit vote
E-voting system

Receipt code

Polling card

How does the system know who I am?

Authentiwhat?

• When you turn up at the polling station, you
are required to identify yourself.
• Only since 2007 have you been required to
produce an ID-card.
• This is analogous to the process of
authentication to a computer system, for
instance using an eID.

Important properties of a good eID
• It must be obvious to the user that this is an
identity document.
• A voter should not be tempted to sell his voting
credentials.
– It must have other uses than just e-voting.
– These other uses must be familiar and of value to the
voter

The Challenges of Remote e-
voting
• Auditability / transparency to the lay
person
• The buying and selling of votes
• Coercion / family voting
• Home computer security
• Anonymity of the vote
• Attacks scale

The Challenges of Remote e-
voting
• Auditability / transparency to the
lay person
• The buying and selling of votes
• Coercion / family voting
• Home computer security
• Anonymity of the vote

Transparent e-voting?
• Complete openness and transparecy in
all aspects of the project
• Available source code
– Unfourtunately cryptography is really,
really hard.
• Cryptographic proofs of correctness
– Even the voter gets one
– The good thing about crypto is that it’s all
just maths
• Logging of all system events

Transparent e-voting?
• Obviously open source won’t make
the system understandable to
”everyone”
• …and extensive use of esoteric
cryptography makes things worse…
• ..but at least the lay person can
choose which expert to trust.
• Besides, paper voting really isn’t
that easy to understand either!

Communicating the crypto
protocol
• The cryptographer behind it is working on a
conceptual description which should be
understandable for anyone with high school
maths
• Amongst other things, we will try to integrate the
protocol into maths education in high school.

Buying and selling of votes
• In practice this doesn’t scale
• The seller can re-vote
– Receipt for all cast votes, not only the final
• Votes submitted from a polling station will
supersede any vote cast remotely
• Buyer would have to control seller’s eID
– Would require the voter to give up a lot more
than his vote

Coercion/family voting
• The coerced can re-vote
– Receipt for all cast votes, not only the final
• Votes submitted from a polling station will
supersede any vote cast remotely
• The system will never divulge that a previous
vote has allready been recorded
• If you accept that bastards are evenly distributed
across the political spectrum, this doesn’t scale
either.

Encryption and storage of the vote

Conceptual model
Distribution of secrets

Vote
Voting Internet Administrative
Voter Collection system
client Server

Return Code Air gap
Vote verification Generator

Mix and
count

M of N key shares
from parties with
competing interests

”Cleansing service”

Counting e-votes

Parti A 2
Parti B 1

Decryption service
Mixing service

Christian bull eVoting

More Related Content

Viewers also liked

Similar to Christian bull eVoting

More from Christian Wernberg-Tougaard

Christian bull eVoting