auditability and verifiability of
play

Auditability and Verifiability of Elec4ons Ronald L. Rivest MIT UC - PowerPoint PPT Presentation

Jan 19, 2023 •118 likes •546 views

Auditability and Verifiability of Elec4ons Ronald L. Rivest MIT UC Davis December 1, 2016 Have we made progress since 2000? Hanging chads (2000) >>> Voting Machines at Risk (2015) Nov. 2016 Who Really Won? Hillary or Donald ?

  1. Auditability and Verifiability of Elec4ons Ronald L. Rivest MIT UC Davis December 1, 2016

  2. Have we made progress since 2000? Hanging chads (2000) >>> Voting Machines at Risk (2015)

  3. Nov. 2016 – Who Really Won? Hillary or Donald ?

  4. Evidence-Based Elec4ons An elec4on should not only find out who won , but should also provide convincing evidence that the winner really won. (Stark & Wagner 2012) NO: “Trust me and my soEware” YES: “Mistakes will be made. Find and fix them.” YES: “Trust but verify.”

  5. Outline • Security Requirements • SoTware Independence • Audi4ng of Paper Ballots • Cryptographic Vo4ng Schemes (E2E) • Remote (Internet?) Vo4ng ???

  6. Security Requirements

  7. Security Requirements • Only eligible voters may vote, and each eligible voter votes at most once. • Each cast vote is secret , even if voter wishes otherwise! -- No vote-selling! -- No receipt showing how you voted! • Final outcome is verifiably correct . • No ``trusted par4es’’ – all are suspect ! Vendors, voters, elec4on officials, candidates, spouses, other na4on-states, …

  8. SoTware Independence (Rivest & Wack, 2006)

  9. And Who Do You Hope You Voted For?

  10. SoTware Independence • SoTware is not to be trusted! • A vo4ng system is soEware independent if an undetected error in the so4ware can not cause an undetectable change in the elec7on outcome . • Strongly soEware-independent if it is possible to correct any such outcome error • Example: Paper ballots (with hand recount)

  11. Paper Ballots

  12. 1893 – “Australian” Paper Ballot

  13. What is used now? (Verified Vo4ng) DRE = Direct Recording by Electronics VVPAT = Voter Verified Paper Audit Trail

  14. Elec4on Process (paper ballots) • Print ballots; setup • Vote • Ini4al count (by scanners); ini4al (“reported”) outcome • Sta4s4cal audit (by hand) of paper ballots to confirm/disprove reported outcome

  15. Audi4ng of Paper Ballots

  16. Two audi4ng paradigms • Ballot-polling audits : All you have are the cast paper ballots. (Like ``exit poll’’ of ballots…) • Comparison audits : Uses both paper and electronic records (“cast vote records’’ – CVRs) Paper ballot given an ID when scanned; CVR has same ID. Audit compares paper ballot to its CVR.

  17. General audit structure Cast Votes Sample 1. Draw an ini4al random sample of ballots. 2. Interpret them by hand. 3. Stop if reported outcome is now confirmed to desired confidence level. 4. If all ballots have now been examined, you have done a full recount, and are done. Otherwise increase sample size; return to 2.

  18. Bravo audit [LSY12] • Ballot-polling audit • Risk-limi(ng audit : provides guarantee that chance of accepQng incorrect outcome is at most given risk limit (e.g. α = 0.05). • Uses reported margin-of-victory as input (e.g. accumulate product of A/2 or B/2 where A, B are reported frac4ons of votes for Alice, Bob. • Can needlessly do a full recount if reported margin-of-victory is wrong…

  19. DiffSum audit [ R 15] • No dependence on reported margin-of-victory. • For two-candidate race, stops when ( a – b ) 2 > ( a + b ) Ÿ log 10 ( n ) where a, b = number of votes for Alice, Bob n = total number of votes cast • Risk limit α determined empirically; forthcoming work gives way to make this approach work with rigorous bounds.

  20. Other social choice func4ons

  21. Social choice func4ons • Not all elec4ons are plurality • Some elec4ons are ranked-choice: ballot gives voter’s preferences: A > C > D > B • A specified ``social choice func4on’’ maps collec4ons of ballots to outcomes. • Example: IRV (Instant Runoff Vo4ng) – Keep elimina4ng candidate with fewest first-choice votes un4l some candidate has a majority of first-choice votes. (San Francisco uses IRV.)

  22. Black-box audits • “Black-box audits” only need to – draw random samples – derive variant samples of a random sample – apply the social choice func4on in a “black-box” manner to some samples, to determine the winners of those samples. • Black-box audits thus apply to any voQng system (any social choice funcQon) ! • Three examples: Bayesian, Bootstrap, and T - pile audits.

  23. Bayesian audit [ R S12] • ``Inverse’’ of sampling is Polya’s Urn: Cast Votes Draw sample Polya’s Urn Sample • Place sample in urn. Draw one ballot out at random, put two copies back. Rinse and repeat. • This samples Bayesian posterior distribu4on for collec4on of cast votes. • Can thus measure “Probability that reported outcome is correct” given sample. Stop if > 1 – α.

  24. Bootstrap audit [ R S15] • Create from given Cast Votes sample T (e.g. 100) Draw sample “variant samples” (e.g. Sample by subsampling with replacement) Variant Sample Variant Sample • Stop audit if sample and all variants have same Variant Sample outcome as reported outcome.

  25. T- pile audit • “Deal” sample in round- Cast Votes robin manner into T Draw sample (e.g. T=7) disjoint piles. Sample • Stop audit if sample and all piles have same outcome as reported Pile 1 Pile T Pile 2 outcome. • Provably risk-limi4ng under reasonable assump4on that most likely sample outcome is correct one. • But not as efficient as general bootstrap audit…

  26. Comparison Audits • More efficient (1/margin-of-victory) since you are es4ma4ng error rate in CVRs (near 0) rather than vote shares of candidates (near ½) • Typical audit may only need to audit a few dozens of ballots • Bayesian audit can do comparison audits • Other methods: SOBA [BJLLS11]

  27. End-to-end Verifiable Vo4ng

  28. End-to-End Verifiable Vo4ng • Provides “ end-to-end ” integrity; votes are – “ cast as intended ” ( verified by voter) – “ collected as cast ” ( verified by voter or proxy) – “ counted as collected ” ( verified by anyone) • Paper ballots have only first property; once ballot is cast, integrity depends on “ chain of custody ” of ballots. • End-to-end systems provide soTware independence, verifiable chain of custody, and verifiable tally.

  29. Public Bulle4n Board (PBB) • E2E systems have Public Bulle(n Board : “ public bulleQn board ” <Elec4on> pos4ng elec4on System PK parameters informa4on (including Voter/Vote pairs: encryp4ons of ballots). “Abe_Smith”, E(vote Abe_Smith ) “Ben_Jones”, E(vote Ben_Jones ) • PBB posts “evidence” … that reported winner is Reported winner correct. Proof of correctness </Elec4on>

  30. Ballots are encrypted • Voter given copy of her encrypted ballot as “receipt” • How can she verify that encryp4on was done correctly? Was vote “verifiably cast as intended?” – Answer: voter can arbitrarily decide either to cast encrypted vote, or to audit encryp4on by asking for decryp4on parameters. (Benaloh)

  31. Voter can confirm chain of custody • Voter names and receipts posted on PBB • Voter checks “collected as cast” by verifying that her name/receipt is posted on PBB • If it is missing, she can credibly complain if her receipt is ``authen4c’’ (e.g. hard to forge). • Enough credible complaints è Re-run elec4on!

  32. Anyone can verify tally • System publishes final tally (reported outcome) and NIZK proof that reported outcome is correct. • Decryp4ng individual ballots not necessary with homomorphic tallying : E(v1) E(v2) = E(v1+v2) Product of ciphertexts is ciphertext for sum. Only product of all votes needs to be decrypted. • Another common approach based on mixnets.

  33. E2E deployments in real elec4ons • Scantegrity (Chaum; Takoma Park, MD; 2009 & 2011) • Wombat (Rosen; 3 elec4ons in Israel; 2011 & 2012) • Prêt à Voter (Ryan; New South Wales, Australia; 2014) • StarVote (Aus4n, Texas) (DeBeauvoir; in progress…)

  34. Hybrid paper + electronic • Some systems (like Scantegrity, Wombat, and StarVote) have both a paper ballot AND an electronic E2E subsystem. • Can audit paper ballots as usual. • Can audit electronic records on PBB as usual for E2E system. (That is, voter can verify her vote is there, and anyone can verify tally.)

  35. Scantegrity confirma4on codes Invisible codes solves “receipt authen4city” problem: voter only gets codes for candidates she voted for.

  36. Wombat vo4ng • Printed ballot has plaintext choice and QR code equivalent. • Voter casts paper ballot into ballot box and has QR code scanned for PBB. • Takes QR code receipt home to look up on PBB.

  37. When can I vote on the Internet? (or on my phone?) h€p://voteinyourpajamas.org/

  38. • U.S. Vote Founda4on 2015 Report on Internet Vo4ng: – E2E necessary for IV – But: E2E should first be well-established and understood for in-person vo4ng, and – E2E not sufficient for IV: many problems remain: • Malware • DDOS a€acks • Authen4ca4on • MITM a€acks • Zero-day a€acks on servers • Coercion & vote-selling • …

  39. Helios Vo4ng (Adida) • Prototype E2E internet vo4ng system h€ps://vote.heliosvo4ng.org/ • Uses homomorphic tallying • Used by some professional socie4es… • No protec4on against malware, DDOS, coercion, etc… • Not suitable for real poli4cal elec4ons!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Pnyx.DRE Redundancy, Enhanced Auditability and Voter-Verifiability for DREs Annapolis

Pnyx.DRE Redundancy, Enhanced Auditability and Voter-Verifiability for DREs Annapolis

Pnyx.DRE Redundancy, Enhanced Auditability and Voter-Verifiability for DREs Annapolis (Maryland), March 18 2005 Contents Contents Presenting Scytl DREs: Benefits and Drawbacks Our solution: Pnyx.DRE Conclusions Contents

419 views • 16 slides
Swiss E-Voting Workshop 2010 Verifiability in Remote Voting Systems September 2010 Jordi

Swiss E-Voting Workshop 2010 Verifiability in Remote Voting Systems September 2010 Jordi

Swiss E-Voting Workshop 2010 Verifiability in Remote Voting Systems September 2010 Jordi Puiggali VP Research &amp; Development Jordi.Puiggali@scytl.com Index Auditability in e-voting Types of verifiability Verifiability methods

719 views • 27 slides
Penetration testing auditability Alexandros Tsiridis &amp; Stamatios Maritsas What is the purpose

Penetration testing auditability Alexandros Tsiridis &amp; Stamatios Maritsas What is the purpose

MSc System and Network Engineering Penetration testing auditability Alexandros Tsiridis &amp; Stamatios Maritsas What is the purpose of penetration testing auditability? Research questions What are the sources of penetration testing

554 views • 13 slides
Swiss E-Voting Workshop September 6, 2010 TRANSPARENCY SECURITY 2 VERIFIABILITY PRIVACY 3

Swiss E-Voting Workshop September 6, 2010 TRANSPARENCY SECURITY 2 VERIFIABILITY PRIVACY 3

Michael Clarkson Cornell University with Stephen Chong (Harvard) and Andrew Myers (Cornell) Swiss E-Voting Workshop September 6, 2010 TRANSPARENCY SECURITY 2 VERIFIABILITY PRIVACY 3 VERIFIABILITY PRIVACY Remote 4 KEY PRINCIPLE:

722 views • 44 slides
Evidence for a posteriori security Alexander Hicks, Steven J. Murdoch University College London

Evidence for a posteriori security Alexander Hicks, Steven J. Murdoch University College London

Evidence for a posteriori security Alexander Hicks, Steven J. Murdoch University College London Evidence? Liability Accountability Law Due process Auditability Verifiability Integrity Proof

448 views • 15 slides
Voting Lecture 22 Requirements Requirements Integrity/End-to-End verifiability Requirements

Voting Lecture 22 Requirements Requirements Integrity/End-to-End verifiability Requirements

Voting Lecture 22 Requirements Requirements Integrity/End-to-End verifiability Requirements Integrity/End-to-End verifiability Collected as cast: Each voter should be convinced that their vote was collected correctly Requirements

1.43k views • 129 slides
Scytls voter-verifiability solutions Pnyx.DRE and Pnyx.VVPAT Contents Contents

Scytls voter-verifiability solutions Pnyx.DRE and Pnyx.VVPAT Contents Contents

Scytls voter-verifiability solutions Pnyx.DRE and Pnyx.VVPAT Contents Contents Presenting Scytl DREs: Benefits and Drawbacks Pnyx.DRE: Voter-verifiability through electronic verification modules Pnyx.VVPAT: Providing

399 views • 24 slides
PGC: Decentralized Confjdential Payment System with Auditability Yu Chen Shandong University

PGC: Decentralized Confjdential Payment System with Auditability Yu Chen Shandong University

PGC: Decentralized Confjdential Payment System with Auditability Yu Chen Shandong University Xuecheng Ma SKLOIS, CAS Cong Tang pgc.info Man Ho Au The University of Hong Kong ESORICS 2020 http://eprint.iacr.org/2019/319

871 views • 58 slides
A Framework for Analyzing Verifiability in Traditional and Electronic Exams Jannik Dreier 1 ,

A Framework for Analyzing Verifiability in Traditional and Electronic Exams Jannik Dreier 1 ,

A Framework for Analyzing Verifiability in Traditional and Electronic Exams Jannik Dreier 1 , Rosario Giustolisi 2 , Ali Kassem 3 , Pascal Lafourcade 4 and Gabriele Lenzini 2 1 Institute of Information Security, ETH Zurich 2 SnT/University of

676 views • 30 slides
Security, Auditability, and Threats: The VVSG2007 Security Architecture Presentation for the

Security, Auditability, and Threats: The VVSG2007 Security Architecture Presentation for the

Technical Guidelines Development Committee Meeting December 4 and 5, 2006 Security, Auditability, and Threats: The VVSG2007 Security Architecture Presentation for the Technical Guidelines Development Committee (TGDC) John Kelsey Dec 4/ 5,

292 views • 18 slides
Highlighting Over/Under Votes, and Full Voter Verifiability Alan T. Sherman, Russell A. Fink,

Highlighting Over/Under Votes, and Full Voter Verifiability Alan T. Sherman, Russell A. Fink,

Scantegrity III: Automatic Trustworthy Receipts, Highlighting Over/Under Votes, and Full Voter Verifiability Alan T. Sherman, Russell A. Fink, Richard Carback Cyber Defense Lab University of Maryland, Baltimore County (UMBC) David Chaum

291 views • 26 slides
Lagrangian E-Voting: e-Voting Concept Our contribution Verifiability on Demand and Strong

Lagrangian E-Voting: e-Voting Concept Our contribution Verifiability on Demand and Strong

Lagrangian E-Voting Lagrangian E-Voting: e-Voting Concept Our contribution Verifiability on Demand and Strong Privacy Scheme Description Registration Ballot Structure Casting a Vote ukasz Krzywiecki, Mirosaw Kutyowski Mixing

708 views • 66 slides
Using Form al Techniques for Design for Verifiability Rolf Drechsler University of Brem en DFKI

Using Form al Techniques for Design for Verifiability Rolf Drechsler University of Brem en DFKI

Using Form al Techniques for Design for Verifiability Rolf Drechsler University of Brem en DFKI Gm bH Germ any drechsler@uni-brem en.de Verification It is important Trust me! Very powerful tools in the market Formal

178 views • 14 slides
Election Verifiability or Ballot Privacy Do We Need to Choose? Edouard Cuvelier Thomas Peters

Election Verifiability or Ballot Privacy Do We Need to Choose? Edouard Cuvelier Thomas Peters

Election Verifiability or Ballot Privacy Do We Need to Choose? Edouard Cuvelier Thomas Peters Olivier Pereira Universit e catholique de Louvain ICTEAM Crypto Group SecVote 2012 UCL Crypto Group PPAT - Jul. 2012 1

451 views • 16 slides
Verifiability for Cloud Storage and Computation Melek nen July 5th, 2016 Lorient Joint

Verifiability for Cloud Storage and Computation Melek nen July 5th, 2016 Lorient Joint

Verifiability for Cloud Storage and Computation Melek nen July 5th, 2016 Lorient Joint work with Monir Azraoui, Kaoutar Elkhiyaoui, Refik Molva Cloud Outsourcing Storage and Computation Data storage Data processing [Cloud Security

393 views • 23 slides
Deconstructing MinBFT for Security and Verifiability Vincent Rahli, Francisco Rocha, Marcus V

Deconstructing MinBFT for Security and Verifiability Vincent Rahli, Francisco Rocha, Marcus V

Deconstructing MinBFT for Security and Verifiability Vincent Rahli, Francisco Rocha, Marcus V olp, and Paulo Esteves-Verissimo http://wwwen.uni.lu/snt/research/critix March 15, 2016 Vincent Rahli Deconstructing MinBFT March 15, 2016

335 views • 15 slides
SOBA: Secrecy-preserving Observable Ballot-level Audit Josh Benaloh, Microsoft Research Douglas

SOBA: Secrecy-preserving Observable Ballot-level Audit Josh Benaloh, Microsoft Research Douglas

Background Definitions Goal Guts Step-by-step Missing pieces Proof SOBA: Secrecy-preserving Observable Ballot-level Audit Josh Benaloh, Microsoft Research Douglas Jones, Dept. of Computer Science, Univ. of Iowa Eric L. Lazarus,

952 views • 70 slides
translators and localisers Luca Morado Vzquez Silvia Rodrguez Vzquez University of

translators and localisers Luca Morado Vzquez Silvia Rodrguez Vzquez University of

Teaching XLIFF to translators and localisers Luca Morado Vzquez Silvia Rodrguez Vzquez University of Geneva Contents o Rationale o Previous considerations o Teaching methodology o Module contents o Case study -&gt; Standards seminars at

468 views • 32 slides
Data Munging with R Rob Kabacoff, Ph.D. Topics Single dataset subsetting data sorting

Data Munging with R Rob Kabacoff, Ph.D. Topics Single dataset subsetting data sorting

Data Munging with R Rob Kabacoff, Ph.D. Topics Single dataset subsetting data sorting data creating new variables renaming variables aggregating Multiple datasets merging data Additional topics reshaping

644 views • 37 slides
Lets Fight Air Inequality with Open Data Christa Hasenkopf, PhD Co-Founder &amp; CEO of

Lets Fight Air Inequality with Open Data Christa Hasenkopf, PhD Co-Founder &amp; CEO of

Open Data AQ Workshop Kathmandu, Nepal 13 August 2018 Lets Fight Air Inequality with Open Data Christa Hasenkopf, PhD Co-Founder &amp; CEO of OpenAQ Washington, DC, USA Slides: tinyurl.com/openAQdatanepal2018 christa@openaq.org

177 views • 14 slides
(t s) &amp; ((. I * R?v, eu.., srt fdkr A.t) bft) X tt, Jot. of t r..i u). Jf /tt

(t s) &amp; ((. I * R?v, eu.., srt fdkr A.t) bft) X tt, Jot. of t r..i u). Jf /tt

\ r,,a L3t f h 235 P-G:' /,.,&quot;9o.r dr*f,erar. f,.o,l J/s tf,'..'!J vrr.'7' c'ellt.&quot;eutt covr tcr I llo'.oilv.Po|.l, e*s STsf f. ., a o{cs Re*( , vov- ier&quot;, f, acl e h lrd rsPt por fr*r'fr. t I ,T 5/J f,a!.. 2

682 views • 22 slides
Lecture 31 No computer use today. Reminder: Project 5 is due today. Project 6 has been

Lecture 31 No computer use today. Reminder: Project 5 is due today. Project 6 has been

Lecture 31 No computer use today. Reminder: Project 5 is due today. Project 6 has been posted to the course webpage. No one has indicated a conflict, so Practical Exam 2 is scheduled for next Wednesday, November 10, 5-7pm.

461 views • 19 slides
CS24 FRESHMAN SEMINAR FOR CS SCHOLARS WEEK 1 - INTRODUCTION - LATEX101 U N I V E R S I T Y O F

CS24 FRESHMAN SEMINAR FOR CS SCHOLARS WEEK 1 - INTRODUCTION - LATEX101 U N I V E R S I T Y O F

Spring 2015 - Berkeley, CA CS24 FRESHMAN SEMINAR FOR CS SCHOLARS WEEK 1 - INTRODUCTION - LATEX101 U N I V E R S I T Y O F C A L I F O R N I A - B E R K E L E Y 2 0 J A N U A R Y 2 015 WHO ARE YOU? CESAR TORRES 2nd Year PhD Student

503 views • 14 slides
zsvii..Q.a e . .4 u ! /* 10 1' )I) .41-1Y4. vt I w %I II

zsvii..Q.a e . .4 u ! /* 10 1' )I) .41-1Y4. vt I w %I II

. i VI aSsso a.A1 ~ 1 zsvii..Q.a e . .4 u ! /* 10 1' )I) .41-1Y4. vt I w %I II It . AA I% U4) 1.99)\grnsb .aikv)1/4440 D -_____. reoZ-V e NM Uarri-1-,:+ ell S T!, ca 0 ,I, *14x s *w

430 views • 8 slides

More recommend