WO2003069448A2 - A coercion-free voting scheme - Google Patents
A coercion-free voting scheme Download PDFInfo
- Publication number
- WO2003069448A2 WO2003069448A2 PCT/US2003/004798 US0304798W WO03069448A2 WO 2003069448 A2 WO2003069448 A2 WO 2003069448A2 US 0304798 W US0304798 W US 0304798W WO 03069448 A2 WO03069448 A2 WO 03069448A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- ballot
- voter
- confirmation value
- received
- coercion
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C13/00—Voting apparatus
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
Definitions
- This application is directed to the technical field of security measures for electronically-conducted elections .
- Figure 1 is a block diagram showing a suitable environment for implementing the scheme.
- FIG. 2 is a flow diagram showing steps typically performed in accordance with the scheme.
- the scheme described herein allows the voter to remain in exclusive possession of secret information that is used by a voter to cast a ballot. It allows a voter that has been pushed to reveal secret information to provide a false answer without being discovered. After providing the false answer, the voter can then proceed and cast a "real" vote on his or her own. This is achieved while still maintaining a collection of election audit properties that are characteristic of good electronic election protocols.
- An election scheme is coercion safe if, even in the coercion threat model, its transcript can not be feasibly forged by any collusion of authorities that, together, are unable to compute a tally. Further, in the case of a collusion that is able to compute a tally, the extent of the forgery is limited by the number of voters coerced.
- Voters participate in a secret "voter registration" process in prior to the start of the election. This process must make the voter safe from coercion by standard physical means. In practice, this means the voter must report to a county registration center, where physical privacy is guaranteed. However, the voter need only participate in this registration process once. Thereafter, the method of this invention will protect the voter against coercion through the course of multiple elections.
- each voter selects a secret "confirmation code,” or "confirmation pass phrase.”
- the "confirmation pass phrase" is encrypted by the voter and the encrypted form is publicly registered to that voter. 4.
- each voter In order to cast a ballot, each voter must supply an accompanying (encrypted) pass phrase.
- the accompanying pass phrase does not have any effect on whether the ballot is "accepted” or not - so if the voter is being "supervised” by a coercer, the voter is still free to supply any pass phrase whether it matches the voter's registered pass phrase or not.
- the coercer will not be able to tell the difference.
- the accompanying pass phrase will have an effect on whether the ballot it accompanies is counted or not. The mechanism for this (described next) nevertheless assures that
- the tabulation (counting) of encrypted votes is accomplished roughly by randomly mixing voted ballot - encrypted pass phrase pairs as well as the original registration data. After randomization, the appropriate data is decrypted by election authorities holding shares of the encryption key. Only when a match between a pass phrase in the randomized ballot data matches a pass phrase in the randomized registration data is the ballot counted. The matching is done without ever decrypting either of the pass phrases. Since all the randomization is done by way of a cryptographic verifiable shuffle, the results can still be inspected and verified by anyone for accuracy.
- FIG. 1 and the following discussion provide a brief, general description of a suitable computing environment in which aspects of the invention can be implemented.
- aspects and embodiments of the invention will be described in the general context of computer-executable instructions, such as routines executed by a general-purpose computer, e.g., a server or personal computer.
- a general-purpose computer e.g., a server or personal computer.
- Those skilled in the relevant art will appreciate that the invention can be practiced with other computer system configurations, including Internet appliances, hand-held devices, wearable computers, cellular or mobile phones, multi-processor systems, microprocessor- based or programmable consumer electronics, set-top boxes, network PCs, mini-computers, mainframe computers and the like.
- the invention can be embodied in a special purpose computer or data processor that is specifically programmed, configured or constructed to perform one or more of the computer-executable instructions explained in detail below.
- computer refers to any of the above devices, as well as any data processor.
- the invention can also be practiced in distributed computing environments, where tasks or modules are performed by remote processing devices, which are linked through a communications network, such as a Local Area Network ("LAN” ), Wide Area Network (“WAN” ) or the Internet.
- LAN Local Area Network
- WAN Wide Area Network
- program modules or sub-routines may be located in both local and remote memory storage devices.
- aspects of the invention described below may be stored or distributed on computer-readable media, including magnetic and optically readable and removable computer discs, stored as firmware in chips (e.g., EEPROM chips), as well as distributed electronically over the Internet or over other networks (including wireless networks).
- EEPROM chips electrically erasable programmable read-only memory
- portions of the invention may reside on a server computer, while corresponding portions reside on a client computer. Data structures and transmission of data particular to aspects of the invention are also encompassed within the scope of the invention.
- one embodiment of the invention employs a computer 100, such as a personal computer or workstation, having one or more processors 101 coupled to one or more user input devices 102 and data storage devices 104.
- the computer is also coupled to at least one output device such as a display device 106 and one or more optional additional output devices 108 (e.g., printer, plotter, speakers, tactile or olfactory output devices, etc.).
- the computer may be coupled to external computers, such as via an optional network connection 110, a wireless transceiver 112, or both.
- the input devices 102 may include a keyboard and/or a pointing device such as a mouse. Other input devices are possible such as a microphone, joystick, pen, game pad, scanner, digital camera, video camera, and the like.
- the data storage devices 104 may include any type of computer-readable media that can store data accessible by the computer 100, such as magnetic hard and floppy disk drives, optical disk drives, magnetic cassettes, tape drives, flash memory cards, digital video disks (DVDs), Bernoulli cartridges, RAMs, ROMs, smart cards, etc. Indeed, any medium for storing or transmitting computer-readable instructions and data may be employed, including a connection port to a network such as a local area network (LAN), wide area network (WAN) or the Internet (not shown in Figure 1). Aspects of the invention may also be practiced in a variety of other computing environments.
- LAN local area network
- WAN wide area network
- the Internet not shown in Figure 1
- FIG. 2 is a flow diagram showing steps typically performed in accordance with the scheme. These steps are described in more detail below.
- step 201 voters are registered to add them to the list of registered voters eligible to cast votes, and to provide them with voting credentials.
- the election is initialized to assign ballot choice values to candidates.
- step 203 voters cast their votes by submitting encrypted ballots.
- step 204 the votes cast in step 203 are tabulated, and added to the vote total only if the validity of the received ballot can be verified. After step 204, these steps conclude.
- Definition 1 Henceforth, we call any participant in the election process, or any individual who exerts, or attempts to exert, an influence on the election process a player.
- voters, election officials, and tabulators are all players, but so are all individuals who seek to influence the election outcome even though they may have no official role in it.
- Player i coerces player Pi ⁇ P obtains from Pi any information that the election protocol does not require P 2 to reveal to Pi .
- Identical terminology is used when the coercer is actually a group of players. That is, no aspects of the invention limit its utility to the case were the coercer is a single individual. Therefore, henceforth, we will not endevor to make an explicit distinction between coercion by an individual and coercion by a group of individuals acting together.
- Coercible information is all information whose authenticity can be "verified” by the coercer. If the authenticity can not be verified, then the voter (or individual being coerced) is free to lie about it to the coercer.
- the invention requires something roughly like digital ballot box. At very least, this is a storage device connected to a network, or otherwise openly accessible to voters.
- a standard web server and database application provides an embodiment of such a device. In practice, more security measures would be built into, or around this device in order to protect against damage or destruction caused by either malicious or natural forces.
- the invention also requires that voters be able to translate their choices into a digital representation, and further encrypt that representation by the methods presented in the remainder of this invention.
- a generic PC provides an embodiment of such a device.
- bulletin board Since the transmission and storage of information are the key elements of this invention rather than the particular technologies that facilitate transmission and storage, we will adopt the more generic term bulletin board to denote the openly accessible storage device, and we denote the act of recording information on (or in) the bulletin board as posting. (In the voting context, this corresponds, intuitively, to the act of "casting a ballot” .) Further, we denote the strings, or records of information that are posted to the bulletin board as posts. (In the voting context, these correspond, intuitively, to voted ballots.)
- Posts are always appended to the bulletin board, BB, that is, deletions are not allowed. And posting is an atomic transaction, that is, at any given time, BB will contain exactly k posts, for some non-negative integer k.
- PP-2 Any player may append a post regardless of the state (contents) of BB.
- PP-3 At any given time, a tally can be formed, and it is unique. That is, it is not possible (or at least "overwhelmingly improbable"), that BB is in some state, C(BB) that is "invalid" for tabulation, and the tally, tally(C(BB)) : C ⁇ N is well defined.
- PP-4 A collection of players either can or cannot compute the tally independent of the state of BB.
- C C(BB) be any state of BB (sequence of posts). If p is a post, we denote by C ® p the state of BB after appending the single post p. We also use the notation tc to denote the tally, tally(C).
- a vote function (on BB) is a map characterized by the following vf-1. For all p € P
- P ⁇ A ⁇ ⁇ B tJ ) a (8) independent of the values of i, j, and the state of the bulletin board, C( ⁇ ).
- the protocol admits a vote function. (Note that this does not require that the vote function be computable by any of the players, only that it exist.)
- Theorem 1 If an election protocol has partitionable tabulation, and a coercer contains a collection of players capable of computing a tally, then for any 1 ⁇ i ⁇ I, the value of ⁇ (v t , C(BB)) is coercible.
- the coercer can step through the sequence of ballot box images, at each point computing the tally (see assumption PP-4) and requiring v l to "add a vote" of a particular value. By re-computing the tally with ⁇ t 's post appended, the coercer can determine which posts were added by ⁇ L and their cumulative effect on the tally. Note that this presumes a model in which "after the fact" coercion is allowed. That is, the coercer may interact with the voter after the bulletin board has been closed. However, this assumption can be eliminated with a reasonable assumption on the computing power of voters. In particular, we can show that the coercer is able, by way of a single coercion event, to
- a partitionable election protocol is coercion resistant if, under the assumption that there is no coercer capable of independently computing a tally:
- a partitionable election protocol is coercion safe if, it is coercion resistant and, under all collusion scenarios,
- ⁇ ⁇ chooses a random r t G (g), and a random ⁇ , 6 Z,, and forms
- ⁇ t obtains from A 3 the pair (U tJ , W ⁇ ) given by
- ⁇ x obtains a signature on (U ⁇ , W ⁇ ) from A 3 as a receipt.
- v x knows that one specific authority, Aj, is not a coercer, and fewer than t authorities (the number necessary to compute a tally) are colluding to coerce (though v z may not explicitly know their identities), the value of r t is not coercible. This is because ⁇ x can justify the validity of any r t and a % by lying to the coercer about the value of (U t j, V % j) and presenting a forged (i.e. simulated) Chaum-Pedersen proof. The requirement that ⁇ ⁇ knows a specific honest Aj may be relaxed if we assume that it is acceptable for ⁇ , to be caught lying to the coercer.
- ⁇ ⁇ can pick an J at random, 1 ⁇ J ⁇ n, assume that A j is honest, and then know that the chance of being caught lying is at most (t — l)/n.
- V-2 V-2.
- v ⁇ then chooses random f l2 G Z q , computes s t — r ⁇ / ⁇ ( ⁇ ) and encrypts it as
- E ⁇ ( (A, B t ) , (C t , A) , Q B . Q? D ) (17) V-5.
- ⁇ t would be issued a receipt for E ⁇ .
- T-5 The authorities jointly decrypt all of the pairs (A m , B m ), and ( ⁇ m ⁇ , ⁇ mt ), 1 ⁇ ⁇ ⁇ I, 1 ⁇ m ⁇ M. Let these be, respectively, a m , and x m ⁇ .
- T2-2 The authorities execute a verifiable shuffle of the sequence of ElGamal pairs, ⁇ U l , W ), resulting in output set of ElGamal pairs where ⁇ ⁇ , ⁇ ⁇ G ⁇ g)-
- the properties of this mix are that the set of decrypted values of the output sequence are exactly the same as the set of decrypted values of the input sequence, but in randomly permuted order.
- the protocol, as presented is clearly not coercion safe. If t or more authorities collude, they can decrypt the original voter secrets, r t , and this allows them to impersonate all the voters. The problem can be fixed by adding an anonymous signature requirement to the ballot casting operation. (See aforementioned patent applications for a detailed description of an anonymous signature protocol that is "authority free” .) In this case, even if a malicious agent has access to a secret, r ⁇ , it can not affect the tally without the corresponding private signing key, which can not be obtained without coercion. The reason for this should be clear.
- An authority free, anonymous signature on the voted ballot prevents the authorities (even in collusion) from linking the original encrypted ballot (input to the verifiable shuffle, or mix) to an individual the way they can with a standard digital signature.
- a standard digital signature explicitly links signed data to a registered individual.
- An anonymous signature only links signed data to a member of a set, or group, of individuals.
Abstract
Description
Claims
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP03711100A EP1532556A4 (en) | 2002-02-14 | 2003-02-14 | A coercion-free voting scheme |
KR10-2004-7012617A KR20040078165A (en) | 2002-02-14 | 2003-02-14 | A coercion-free voting scheme |
AU2003215282A AU2003215282A1 (en) | 2002-02-14 | 2003-02-14 | A coercion-free voting scheme |
JP2003568506A JP2005526307A (en) | 2002-02-14 | 2003-02-14 | Non-mandatory voting scheme |
CA002475136A CA2475136C (en) | 2002-02-14 | 2003-02-14 | A coercion-free voting scheme |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US35721002P | 2002-02-14 | 2002-02-14 | |
US60/357,210 | 2002-02-14 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2003069448A2 true WO2003069448A2 (en) | 2003-08-21 |
WO2003069448A3 WO2003069448A3 (en) | 2005-03-24 |
Family
ID=27734736
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2003/004798 WO2003069448A2 (en) | 2002-02-14 | 2003-02-14 | A coercion-free voting scheme |
Country Status (8)
Country | Link |
---|---|
EP (1) | EP1532556A4 (en) |
JP (1) | JP2005526307A (en) |
KR (1) | KR20040078165A (en) |
CN (1) | CN1659554A (en) |
AU (1) | AU2003215282A1 (en) |
CA (1) | CA2475136C (en) |
RU (1) | RU2292082C2 (en) |
WO (1) | WO2003069448A2 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2906058A1 (en) * | 2006-09-14 | 2008-03-21 | Eads Defence And Security Syst | Electronic voting method for e.g. polling station, involves verifying content of virtual ballot box by detecting abnormality if comparison indicates that register contains value different from stored ballot multiplication result |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101727692B (en) * | 2008-10-17 | 2013-01-02 | 中科院成都信息技术有限公司 | Method and system for processing poll information |
RU2452013C2 (en) * | 2010-01-26 | 2012-05-27 | Российская Федерация, от имени которой выступает Федеральная служба по техническому и экспортному контролю (ФСТЭК России) | Method of creating public key certificate |
CN102622572A (en) * | 2012-03-16 | 2012-08-01 | 中科院成都信息技术有限公司 | Anti-counterfeit method for quickly matching and associating votes |
CN102629396B (en) * | 2012-04-09 | 2014-04-02 | 中科院成都信息技术股份有限公司 | Information encryption and quick processing method for alternative candidate-containing electronic votes |
RU2751315C2 (en) * | 2019-11-05 | 2021-07-13 | Публичное Акционерное Общество "Сбербанк России" (Пао Сбербанк) | Universal system of distributed secure remote voting |
US11356267B2 (en) | 2020-05-15 | 2022-06-07 | Op Osuuskunta | Apparatus, method and software for electronic voting during web conference |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6081793A (en) * | 1997-12-30 | 2000-06-27 | International Business Machines Corporation | Method and system for secure computer moderated voting |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6092051A (en) * | 1995-05-19 | 2000-07-18 | Nec Research Institute, Inc. | Secure receipt-free electronic voting |
AU2001233090A1 (en) * | 2000-01-27 | 2001-08-07 | David Chaum | Physical and digital secret ballot systems |
-
2003
- 2003-02-14 KR KR10-2004-7012617A patent/KR20040078165A/en not_active Application Discontinuation
- 2003-02-14 WO PCT/US2003/004798 patent/WO2003069448A2/en active Search and Examination
- 2003-02-14 AU AU2003215282A patent/AU2003215282A1/en not_active Abandoned
- 2003-02-14 EP EP03711100A patent/EP1532556A4/en not_active Withdrawn
- 2003-02-14 CA CA002475136A patent/CA2475136C/en not_active Expired - Fee Related
- 2003-02-14 CN CN038080788A patent/CN1659554A/en active Pending
- 2003-02-14 RU RU2004127443/09A patent/RU2292082C2/en not_active IP Right Cessation
- 2003-02-14 JP JP2003568506A patent/JP2005526307A/en not_active Withdrawn
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6081793A (en) * | 1997-12-30 | 2000-06-27 | International Business Machines Corporation | Method and system for secure computer moderated voting |
Non-Patent Citations (2)
Title |
---|
CRANOR ET AL.: 'Design and implementation of a practical security-conscious electronic polling system' DEPARTMENT OF COMPUTER SCIENCE 23 January 1996, WASHINGTON UNIVERSITY, pages 1 - 16, XP002972496 * |
See also references of EP1532556A2 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2906058A1 (en) * | 2006-09-14 | 2008-03-21 | Eads Defence And Security Syst | Electronic voting method for e.g. polling station, involves verifying content of virtual ballot box by detecting abnormality if comparison indicates that register contains value different from stored ballot multiplication result |
Also Published As
Publication number | Publication date |
---|---|
WO2003069448A3 (en) | 2005-03-24 |
RU2004127443A (en) | 2005-05-27 |
CA2475136C (en) | 2007-04-17 |
AU2003215282A8 (en) | 2003-09-04 |
RU2292082C2 (en) | 2007-01-20 |
KR20040078165A (en) | 2004-09-08 |
EP1532556A4 (en) | 2007-09-19 |
EP1532556A2 (en) | 2005-05-25 |
CA2475136A1 (en) | 2003-08-21 |
AU2003215282A1 (en) | 2003-09-04 |
CN1659554A (en) | 2005-08-24 |
JP2005526307A (en) | 2005-09-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Adiputra et al. | A proposal of blockchain-based electronic voting system | |
US20230216669A1 (en) | Systems and methods for communication, storage and processing of data provided by an entity over a blockchain network | |
Adida | Advances in cryptographic voting systems | |
Karlof et al. | Cryptographic Voting Protocols: A Systems Perspective. | |
Çabuk et al. | A survey on feasibility and suitability of blockchain techniques for the e-voting systems | |
US20190019366A1 (en) | System and method of determining ballots of voters collected with the aid of electronic balloting | |
KR102120882B1 (en) | Block chain based contest system and method for contesting | |
US7389250B2 (en) | Coercion-free voting scheme | |
US20230282052A1 (en) | Blockchain-based voting system | |
EP1532556A2 (en) | A coercion-free voting scheme | |
EP3474241A1 (en) | Electronic balloting | |
Khanpara et al. | Blockchain-based E-Voting Technology: Opportunities and Challenges | |
Vijayalakshmi et al. | Secure online voting system in cloud | |
JP2004192029A (en) | Electronic voting system, voting data generating server, terminal equipment, tabulation server and computer program | |
Chaum et al. | Paperless independently-verifiable voting | |
Nimje et al. | Blockchain based electronic voting system using biometric | |
Lu et al. | Self-tallying e-voting with public traceability based on blockchain | |
Abo-Rizka et al. | A Novel E-voting in Egypt | |
Saeed et al. | Iraqi Paradigm E-Voting System Based on Hyperledger Fabric Blockchain Platform. | |
Paul et al. | The design of a trustworthy voting system | |
McCorry et al. | Removing trusted tallying authorities | |
Krishnamoorthy et al. | A Robust Blockchain Assisted Electronic Voting Mechanism with Enhanced Cyber Norms and Precautions | |
Pasquinucci | Web voting, security and cryptography | |
KR102381028B1 (en) | Electronic vote management system and method using block-chain | |
Liu et al. | A Publicly Verifiable E-Voting System Based on Biometrics |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SC SD SE SG SK SL TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2374/DELNP/2004 Country of ref document: IN Ref document number: 1020047012617 Country of ref document: KR |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2475136 Country of ref document: CA Ref document number: 2003568506 Country of ref document: JP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2003711100 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2004127443 Country of ref document: RU |
|
WWE | Wipo information: entry into national phase |
Ref document number: 20038080788 Country of ref document: CN |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
WWP | Wipo information: published in national office |
Ref document number: 2003711100 Country of ref document: EP |