EP2382606B1 - Verifiable electronic voting method - Google Patents
Verifiable electronic voting method Download PDFInfo
- Publication number
- EP2382606B1 EP2382606B1 EP08875902.2A EP08875902A EP2382606B1 EP 2382606 B1 EP2382606 B1 EP 2382606B1 EP 08875902 A EP08875902 A EP 08875902A EP 2382606 B1 EP2382606 B1 EP 2382606B1
- Authority
- EP
- European Patent Office
- Prior art keywords
- voting
- choices
- random
- voter
- choice
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C13/00—Voting apparatus
Definitions
- the present invention defined in the method of independent claim 1, allows a voter to verify that the votes she cast were properly counted while maintaining vote anonymity. Anonymity and transparency are balanced such that voters have proofs showing the votes they cast are properly counted, but the same proofs are meaningless to the others. In this way, transparency is succeeded without exposing voter privacy. While voters cast their votes, for example in a voting machine, a witness is required to verify that the vote is counted properly. A witness proving voter privacy is implemented by using a voter superiority over the voting system. This strength is used to solve transparency-anonymity problem: Voting system can't guess next step of the voter, and when all steps are revealed, it is not allowed the system to get back.
- Voters present a random choice from a predetermined set of random choices together with each voting choice in the voting process, and she expects an algorithm output as a proof of including voting choices and random choices of the voting choices. After receiving algorithm output, she presents all random choices of each possible choice, and gets the random choices from the voting system as she presents. Because the voting system can not know random choices of the other possible choices, a possible malware code in the system can not dare to change voting choices of the voter. If it dares and the random choices of the not intended voting choices it selects is not as the random choices of the not intended voting choice entered following to receiving the algorithm output by the voter, then this illegal modification is revealed. The possibility of reveal increases exponentially, as the voting system's illegal modified votes increase.
- Algorithm output is an output of a cryptographic algorithm getting inputs that comprises voting choices and random choices of the voting choices and using a secret.
- the voting choices of the voters can't be computed by using the algorithm output without knowing the secret.
- the secret can be an input text, the algorithm, key, or a combination of them. Key is preferably used as a secret because of its strength against brute-force attacks.
- Algorithm output and random choices of possible choices got by voter during the vote casting are also made public for future verification.
- Voter compares her algorithm output and random choices of possible choices with the ones made public, and if they are same she ensures for proper counting of her vote.
- Voting center verifies and evaluates the votes by using public parameters that comprise algorithm output and random choices of possible choices and secret. Illegal processes are revealed by the voting center, if any. Beside the voting center, a trusted third party that gets secrets from the voting center can be used for verification of the voting results.
- the present invention allows a voter to verify that the votes she cast were properly counted while maintaining vote anonymity.
- the system 5 may be implemented as shown in FIG. 1 .
- the system 5 includes voting machines 10 which are located in voting precincts. While there are three voting machines in the FIG. 1 , any number of voting machines can be provided.
- Each voting machine comprises a human-machine interface 15, a processing unit 20, local databases 25 and 30.
- Human-machine interface 15 provides communication and data transfer with the environment.
- Processing unit 20 is generally responsible for running electronic voting method and specifically runs an algorithm which uses secret S.
- Local database 25 holds verification texts of voters.
- Local database 30 holds candidate information which will be displayed in the human-machine interface. Prior to polls, candidate information is loaded to each local database 30 of the voting machines 10 separately from a central database 40 of voting center 35 by a central authority.
- FIG. 2 is a flowchart showing the electronic voting method.
- the method may be implemented in a system 5 shown in the FIG. 1 .
- the method begins at step 100.
- a voter is authorized to cast vote in a voting machine 10.
- step 105 voter faces a user interface for selecting voting choices in the human-machine interface 15.
- the user interface may be implemented as 300 shown in the FIG. 3 .
- all candidates or choices 310 are presented.
- Each candidate or choice has a set of random choices 320 whose number and names are determined by a voting authority.
- voter must have determined random choices of each candidate or choice except random choices of the voting choices. Random choices of the voting choices must have been determined up to this step.
- Random choice determination of the voter may be performed on a paper 400 like in the FIG. 4 .
- the choices 410 are shown in the first column, and the random choices 420 of the choices 410 are shown in rows for each choice.
- the voter's random choices in the FIG. 4 are red, green, green, red, blue, green for mayor choice, and green, blue for yes/no choice, respectively.
- voter selects voting choices together with random choices of the voting choices which are determined prior to that. For example, if she chooses "Mehmet Camlibel" and "Yes" as shown in the FIG.
- voting machine receiving voter's voting choices and random choices of the voter's voting choices, processes a cryptographic algorithm using a secret.
- Algorithm's input comprises voter's voting choices and random choices of the voter's voting choices and the algorithm produces output.
- the number of process/processes may be one or more than one. For example, there may be one process receiving "Mehmet ⁇ amlibel", “green”, “Yes”, “green” or two processes, one of them receiving "Mehmet Camlibel", “green” and the other receiving "Yes", “green”, etc.
- the processes, being more than one may be independent or cascaded to each other as one's output is inputted to the other. In all conditions, it is guaranteed to input all voting choices and random choices of the voting choices and to receive output independent of the number of the process/processes and the output/outputs.
- voting choices and random choices of the voting choices should be able to be guessed or determined by using algorithm output/outputs and the other known input parameters if the secret is known. Beside these, voting choices and random choices can be symbolized with different elements when inputting to the algorithm. For example, enumeration of the voting choices and the random choices can be performed. But the rule of the substitution must be public.
- Algorithm's input can include an id determined by voter, voting machine, or both of them if a user friendly verification process is desired in the verification step. Algorithm's input may also include voting machine id which assures varying algorithm outputs across voting machines. Algorithm's input may include any optional data as long as voter's voting choices and random choices of the voter's voting choices are assured to be in the input parameters.
- the algorithm makes use of a secret in the processing.
- the secret may be a key, a text inputted to the algorithm or the algorithm itself. It is preferably a key because of its strength against brute-force attacks trying to determine voting choices by using algorithm output/outputs and the other known input parameters. The point is that voting choices and random choices of the voting choices can't be determined by using only algorithm, algorithm outputs and the other known parameters, but also a secret is required.
- step 115 the voter receives algorithm output and she makes sure it to be not changed in coming steps.
- step 120 the voter enters all random choices of all possible choices to the voting system. This entrance may be performed by entering an optical paper 400 in FIG. 4 to an optic scanner of the voting machine.
- step 125 the voter receives random choices of all possible choices just entered.
- This receiving together with the algorithm output, received in step 115 can be named verification text of the voter.
- the verification text and the other optional parameters is given to the voter for future verification by the voter. They may be given to the voter on a paper 500 in FIG. 5 .
- FIG. 5 In the FIG.
- step 130 the voter compares entered and received random choices.
- step 135 she approves the voting if they are the same. If they are not the same, she rejects the voting and voting process ends with failure.
- the voter informs the officer for the incompatibility by showing her receiving.
- step 140 if approving realizes, all receiving are recorded to the local database of the voting machine, and vote casting for the voter ends with success.
- the voter also gets all receiving which may be like paper 500 in FIG. 5 .
- step 120 if the random choices of the voting choices are entered again, which is usual in the optical paper implementation, the voting process may be ended with failure or may continue in normal flow depending on the voting authority's decision on method implementation. If the method is implemented as the voting process to end with failure, when the incompatibility happens in step 120, i.e. the random choices of the voting choices entered in the user interface 300 in FIG. 3 in step 105 does not fit into the random choices of the voting choices on the paper 400 in FIG. 4 in step 120, the vote casting ends with failure. If the method is implemented as the voting process to continue, when the incompatibility happens in step 120, i.e. the random choices of the voting choices entered in the user interface 300 in FIG.
- voting interface warns the voter for this incompatibility. If the voter accepts the incompatibility, the vote casting may be still valid, but there must be a sign of incompatibility, but not in detail as which one does not fit to which one, in the verification text which is received by the voter and stored in local database. If she does not accept the incompatibility, the vote casting ends with failure. In failure, all voting process must start from very beginning because of the disclosure of the random choices.
- the local database may be implemented as the table 600 shown in FIG. 6 .
- each row 610 contains information related to one voter.
- the sequence of the voters is preferably random, and the table preferably does not contain voting time and additional information threating voter anonymity if maximum degree of vote-voter anonymity is required.
- the data on the local databases of the voting machines is transferred to the central database 40 of the voting center 35 in FIG. 1 . Transferring of the information can be on-line or off-line. For enhanced security, the data is preferably copied from the local database to a storage in off-line, then the data can be transferred to the voting center in on-line. This ensures of not getting out any intentional or non-intentional information that will threaten vote anonymity from the voting machine.
- Making public of database on each voting machine can be performed by each voting machine locally, by the voting center globally after the transfer, or both locally and globally.
- Evaluation and declaration of results can be performed by the voting center globally, or by both the voting center globally and each voting machine locally.
- Evaluation means determining all voting choices from each voting machine's database which comprises algorithm outputs, random choices of all candidates/choices, and the other known parameters of each voter by using the secret of each voting machine. For the evaluation, the secret is required.
- the voting machine may also count votes simply during the polls, and the counts may be used in the local declaration without evaluation of the results.
- results are not basic, but evaluation of results by the voting center is required for certain results.
- the stored data and the voting results of each voting machine are made public globally by the voting center or globally by the voting center and locally by each voting machine after the polling is closed. The declaration of the stored data and the results of each voting machine is visualized in FIG. 1 .
- the secrets of the algorithms can be generated in the voting machines locally, or they can be generated in voting center, and distributed to each voting machine. In the later case, the secrets are stored in voting center. If the secrets are generated in the voting machines, they are transferred to the voting center prior to evaluation of results. But the confidentiality of the secrets must be guaranteed during the transfer. Voting machines do not expose the secrets, they preferably zeroize the secrets after the polls are closed and the confidentiality of the secrets is realized for the transfer if transfer is required.
- the data collected from the local databases is made public.
- voting center evaluates votes and verifies the proper casting of votes by using data collected from the databases of voting machines. Beside these, a trusted third party can repeat the verification and evaluation of votes by using the secrets received confidentially from the voting center. And finally, the secrets of some or all voting machines may be disclosed for public evaluation and verification of votes.
- the verifications, verification and evaluation by the voting center, verification by the voters and verification by a trusted third party are shown in FIG. 1 .
Description
- It is difficult to provide transparency and anonymity in electronic voting systems. Using paper trails for verification seems to be like paper based classic voting method and it does not solve verification problem completely. Such voting systems are disclosed in prior art document
US 2008/0135632 A1 . Voters want transparent electronic voting systems. But this should not result in vote buying. Electronic voting methods should be also user friendly and easy to understand. Secure, transparent, voter verifiable and anonymity based electronic voting methods are required for future electronic voting systems. - The present invention defined in the method of
independent claim 1, allows a voter to verify that the votes she cast were properly counted while maintaining vote anonymity. Anonymity and transparency are balanced such that voters have proofs showing the votes they cast are properly counted, but the same proofs are meaningless to the others. In this way, transparency is succeeded without exposing voter privacy. While voters cast their votes, for example in a voting machine, a witness is required to verify that the vote is counted properly. A witness proving voter privacy is implemented by using a voter superiority over the voting system. This strength is used to solve transparency-anonymity problem: Voting system can't guess next step of the voter, and when all steps are revealed, it is not allowed the system to get back. Voters present a random choice from a predetermined set of random choices together with each voting choice in the voting process, and she expects an algorithm output as a proof of including voting choices and random choices of the voting choices. After receiving algorithm output, she presents all random choices of each possible choice, and gets the random choices from the voting system as she presents. Because the voting system can not know random choices of the other possible choices, a possible malware code in the system can not dare to change voting choices of the voter. If it dares and the random choices of the not intended voting choices it selects is not as the random choices of the not intended voting choice entered following to receiving the algorithm output by the voter, then this illegal modification is revealed. The possibility of reveal increases exponentially, as the voting system's illegal modified votes increase. Algorithm output is an output of a cryptographic algorithm getting inputs that comprises voting choices and random choices of the voting choices and using a secret. The voting choices of the voters can't be computed by using the algorithm output without knowing the secret. The secret can be an input text, the algorithm, key, or a combination of them. Key is preferably used as a secret because of its strength against brute-force attacks. - Algorithm output and random choices of possible choices got by voter during the vote casting are also made public for future verification. Voter compares her algorithm output and random choices of possible choices with the ones made public, and if they are same she ensures for proper counting of her vote. Voting center verifies and evaluates the votes by using public parameters that comprise algorithm output and random choices of possible choices and secret. Illegal processes are revealed by the voting center, if any. Beside the voting center, a trusted third party that gets secrets from the voting center can be used for verification of the voting results.
-
-
FIG. 1 depicts a block diagram of a voting system that can implement the voting method. -
FIG. 2 depicts the flowchart of the voting method. -
FIG. 3 depicts a user interface on which a voter may enter voting choices and the random choices of the voting choices. -
FIG. 4 depicts an optic paper that may be used for entering random choices of all possible choices to the voting system. -
FIG. 5 depicts a paper that may be received by the voter for voter verification. -
FIG. 6 depicts a look-up table on the voting machine that comprises verification texts of the voters. - The present invention allows a voter to verify that the votes she cast were properly counted while maintaining vote anonymity. The system 5 may be implemented as shown in
FIG. 1 . The system 5 includesvoting machines 10 which are located in voting precincts. While there are three voting machines in theFIG. 1 , any number of voting machines can be provided. Each voting machine comprises a human-machine interface 15, aprocessing unit 20,local databases machine interface 15 provides communication and data transfer with the environment.Processing unit 20 is generally responsible for running electronic voting method and specifically runs an algorithm which uses secret S.Local database 25 holds verification texts of voters.Local database 30 holds candidate information which will be displayed in the human-machine interface. Prior to polls, candidate information is loaded to eachlocal database 30 of thevoting machines 10 separately from a central database 40 ofvoting center 35 by a central authority. -
FIG. 2 is a flowchart showing the electronic voting method. The method may be implemented in a system 5 shown in theFIG. 1 . The method begins atstep 100. A voter is authorized to cast vote in avoting machine 10. Instep 105, voter faces a user interface for selecting voting choices in the human-machine interface 15. The user interface may be implemented as 300 shown in theFIG. 3 . In theuser interface 300, all candidates orchoices 310 are presented. Each candidate or choice has a set ofrandom choices 320 whose number and names are determined by a voting authority. Not later thanstep 120, preferably prior to voting process for convenience, voter must have determined random choices of each candidate or choice except random choices of the voting choices. Random choices of the voting choices must have been determined up to this step. Random choice determination of the voter may be performed on apaper 400 like in theFIG. 4 . In theFIG. 4 , thechoices 410 are shown in the first column, and therandom choices 420 of thechoices 410 are shown in rows for each choice. The voter's random choices in theFIG. 4 ., for example, are red, green, green, red, blue, green for mayor choice, and green, blue for yes/no choice, respectively. In theuser interface 300 in theFIG. 3 , voter selects voting choices together with random choices of the voting choices which are determined prior to that. For example, if she chooses "Mehmet Camlibel" and "Yes" as shown in theFIG. 3 , she also enters "green" for "Mehmet Camlibel" and "green" for "Yes" due to prior determination shown in theFIG. 4 . Following the selection of voting choices and random choices of them, she casts vote. Vote casting may be implemented by a Cast button as shown inFIG. 3 . Instep 110, voting machine, receiving voter's voting choices and random choices of the voter's voting choices, processes a cryptographic algorithm using a secret. - Algorithm's input comprises voter's voting choices and random choices of the voter's voting choices and the algorithm produces output. The number of process/processes may be one or more than one. For example, there may be one process receiving "Mehmet Çamlibel", "green", "Yes", "green" or two processes, one of them receiving "Mehmet Camlibel", "green" and the other receiving "Yes", "green", etc. The processes, being more than one, may be independent or cascaded to each other as one's output is inputted to the other. In all conditions, it is guaranteed to input all voting choices and random choices of the voting choices and to receive output independent of the number of the process/processes and the output/outputs. The point here is that, all voting choices and random choices of the voting choices should be able to be guessed or determined by using algorithm output/outputs and the other known input parameters if the secret is known. Beside these, voting choices and random choices can be symbolized with different elements when inputting to the algorithm. For example, enumeration of the voting choices and the random choices can be performed. But the rule of the substitution must be public.
- Algorithm's input can include an id determined by voter, voting machine, or both of them if a user friendly verification process is desired in the verification step. Algorithm's input may also include voting machine id which assures varying algorithm outputs across voting machines. Algorithm's input may include any optional data as long as voter's voting choices and random choices of the voter's voting choices are assured to be in the input parameters.
- The algorithm makes use of a secret in the processing. The secret may be a key, a text inputted to the algorithm or the algorithm itself. It is preferably a key because of its strength against brute-force attacks trying to determine voting choices by using algorithm output/outputs and the other known input parameters. The point is that voting choices and random choices of the voting choices can't be determined by using only algorithm, algorithm outputs and the other known parameters, but also a secret is required.
- In
step 115, the voter receives algorithm output and she makes sure it to be not changed in coming steps. After receiving algorithm output/outputs, but not before that, instep 120, the voter enters all random choices of all possible choices to the voting system. This entrance may be performed by entering anoptical paper 400 inFIG. 4 to an optic scanner of the voting machine. Then, instep 125, the voter receives random choices of all possible choices just entered. This receiving together with the algorithm output, received instep 115, can be named verification text of the voter. The verification text and the other optional parameters is given to the voter for future verification by the voter. They may be given to the voter on a paper 500 inFIG. 5 . In theFIG. 5 , thealgorithm output 510, therandom choices 520 together with optional parameters, which arevoter id 530 andvoting machine id 540, are shown. Instep 130, the voter compares entered and received random choices. Instep 135, she approves the voting if they are the same. If they are not the same, she rejects the voting and voting process ends with failure. The voter informs the officer for the incompatibility by showing her receiving. Instep 140, if approving realizes, all receiving are recorded to the local database of the voting machine, and vote casting for the voter ends with success. The voter also gets all receiving which may be like paper 500 inFIG. 5 . Beside these, instep 120, if the random choices of the voting choices are entered again, which is usual in the optical paper implementation, the voting process may be ended with failure or may continue in normal flow depending on the voting authority's decision on method implementation. If the method is implemented as the voting process to end with failure, when the incompatibility happens instep 120, i.e. the random choices of the voting choices entered in theuser interface 300 inFIG. 3 instep 105 does not fit into the random choices of the voting choices on thepaper 400 inFIG. 4 instep 120, the vote casting ends with failure. If the method is implemented as the voting process to continue, when the incompatibility happens instep 120, i.e. the random choices of the voting choices entered in theuser interface 300 inFIG. 3 instep 105 does not fit into the random choices of the voting choices on thepaper 400 inFIG. 4 instep 120, voting interface warns the voter for this incompatibility. If the voter accepts the incompatibility, the vote casting may be still valid, but there must be a sign of incompatibility, but not in detail as which one does not fit to which one, in the verification text which is received by the voter and stored in local database. If she does not accept the incompatibility, the vote casting ends with failure. In failure, all voting process must start from very beginning because of the disclosure of the random choices. - This process is repeated for all voters during the polls. After the polls are closed, verification texts and the other optional parameters of all voters are in the
local database 25 inFIG. 1 . The local database may be implemented as the table 600 shown inFIG. 6 . In theFIG. 6 , eachrow 610 contains information related to one voter. The sequence of the voters is preferably random, and the table preferably does not contain voting time and additional information threating voter anonymity if maximum degree of vote-voter anonymity is required. - After the polls are closed, the data on the local databases of the voting machines is transferred to the central database 40 of the
voting center 35 inFIG. 1 . Transferring of the information can be on-line or off-line. For enhanced security, the data is preferably copied from the local database to a storage in off-line, then the data can be transferred to the voting center in on-line. This ensures of not getting out any intentional or non-intentional information that will threaten vote anonymity from the voting machine. Making public of database on each voting machine can be performed by each voting machine locally, by the voting center globally after the transfer, or both locally and globally. - Evaluation and declaration of results can be performed by the voting center globally, or by both the voting center globally and each voting machine locally. Evaluation here means determining all voting choices from each voting machine's database which comprises algorithm outputs, random choices of all candidates/choices, and the other known parameters of each voter by using the secret of each voting machine. For the evaluation, the secret is required. The voting machine may also count votes simply during the polls, and the counts may be used in the local declaration without evaluation of the results. However these results are not basic, but evaluation of results by the voting center is required for certain results. The stored data and the voting results of each voting machine are made public globally by the voting center or globally by the voting center and locally by each voting machine after the polling is closed. The declaration of the stored data and the results of each voting machine is visualized in
FIG. 1 . - The secrets of the algorithms can be generated in the voting machines locally, or they can be generated in voting center, and distributed to each voting machine. In the later case, the secrets are stored in voting center. If the secrets are generated in the voting machines, they are transferred to the voting center prior to evaluation of results. But the confidentiality of the secrets must be guaranteed during the transfer. Voting machines do not expose the secrets, they preferably zeroize the secrets after the polls are closed and the confidentiality of the secrets is realized for the transfer if transfer is required.
- After the polls are closed, the data collected from the local databases is made public. Each voter finds her receiving got from voting machines during the voting process from the data made public. If she finds the receiving as is, she can make sure of proper counting of her vote. On the other hand, voting center evaluates votes and verifies the proper casting of votes by using data collected from the databases of voting machines. Beside these, a trusted third party can repeat the verification and evaluation of votes by using the secrets received confidentially from the voting center. And finally, the secrets of some or all voting machines may be disclosed for public evaluation and verification of votes. The verifications, verification and evaluation by the voting center, verification by the voters and verification by a trusted third party are shown in
FIG. 1 .
Claims (7)
- An electronic voting method comprising:a. Receiving a voting choice related to a supported candidate and a random choice from a set of predetermined random choices, the received random choice being assigned to the received candidate choice, namely the voting choice, via a human-machine interface of a voting machine,b. generating an output of a cryptographic algorithm for performing encryption by the voting machine, wherein
the cryptographic algorithm makes use of a secret,
the inputs to the cryptographic algorithm comprising the voting choice and the random choicec. Printing the algorithm output on a paper receipt,d. Receiving a random choice for each candidate from the set of predetermined random choices assigned to each of the candidates via an optic scanner of the voting machine,e. Printing all of the random choices received in step (d) on the paper receipt,f. Waiting until the received random choices of step (d) are compared with the printed random choices of step (e) by a voter,g. Receiving approval of the voter if the received and printed random choices are the same or,h. Receiving rejection by the voter if the received and printed random choices are not the same and informing an officer of the incompatibility,i. if approved, storing data comprising a voter's verification text that is comprised of the algorithm output of step (b) and the random choices of step (d) in a local database of the voting machine, and providing the paper receipt to the voter,j. after the polls are closed, transferring the data on the local databases of the voting machines to a central database of a voting center and making the transferred data public,k. checking proper counting of the votes when the voters check their verification texts with the data made public,l. assuring proper counting of the votes by the voting center by verifying the proper casting of votes during evaluation of votes from the data collected from the databases of voting machines by using the stored data comprising the algorithm output, the random choices of step (d) and the secret of each voting machine on which a vote is cast. - The electronic voting method according to claim 1, wherein if firstly entered random choice related to the voting choice in step (a) and lastly entered random choice related to the voting choice in step (d) are not the same, the voting process ends with failure or continues in normal flow depending on the voting authority's decision on method implementation.
- The electronic voting method according to claim 1, wherein the voting method is performed in all voting machines.
- The electronic voting method according to claim 1, wherein if a possible malware code in the system dares to change the voting choice of the voter, illegal modification/malware is revealed provided that when the voter enters random choices related to all possible candidate choices and if the random choice entered by the voter as to malware-related candidate choice is not same as the random choice chosen by the malware code and taken as an input for the cryptographic algorithm to produce algorithm output in the prior step to entering random choices related to all possible choices by the voter.
- The electronic voting method according to claim 1, wherein a trusted third party can perform the evaluation and verification of votes in the same way the voting center does by using the data stored in the voting machines containing information as to algorithm output and random choices of all possible choices peculiar to each voter as well as the secrets of the voting machines received confidentially from the voting center.
- The electronic voting method according to claim 5, wherein the voting results obtained in each of the voting machines through the verification of votes performed by both the voting center and the trusted third party are respectively compared with each other in order to ensure that the voting center and the trusted third party arrive at the same voting results in the same voting machines.
- The electronic voting method according to claim 1, wherein the evaluation and verification of votes can be publicly performed on some or all of the voting machines provided that the secrets of these voting machines are made public by the voting center, and the secrets coupled with the data stored in the voting machines comprising the algorithm output and random choices of all possible choices are used for the verification of votes.
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/IB2008/055521 WO2010073065A1 (en) | 2008-12-23 | 2008-12-23 | Verifiable electronic voting method |
Publications (2)
Publication Number | Publication Date |
---|---|
EP2382606A1 EP2382606A1 (en) | 2011-11-02 |
EP2382606B1 true EP2382606B1 (en) | 2019-02-13 |
Family
ID=41059956
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP08875902.2A Active EP2382606B1 (en) | 2008-12-23 | 2008-12-23 | Verifiable electronic voting method |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP2382606B1 (en) |
ES (1) | ES2728313T3 (en) |
WO (1) | WO2010073065A1 (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10504314B2 (en) | 2018-01-29 | 2019-12-10 | Accenture Global Solutions Limited | Blockchain-based anonymized cryptologic voting |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1046139B1 (en) * | 1997-12-22 | 2007-05-23 | Ian Way | Voting system |
US20050035199A1 (en) * | 2002-04-11 | 2005-02-17 | John Goci | Voter interface for electronic voting system for the visually impaired |
US20090144135A1 (en) * | 2004-07-27 | 2009-06-04 | Andreu Riera Jorba | Methods for the management and protection of electoral processes, which are associated with an electronic voting terminal, and operative module used |
FR2895552A1 (en) * | 2005-12-28 | 2007-06-29 | Nicolas Marchal | Voting machine`s authenticated final results obtaining device for use in polling office, has double validation tactile key located on tactile screen of voting machine for permitting voter to ensure conformity of recording of vote |
US7360702B2 (en) * | 2006-02-16 | 2008-04-22 | Pitney Bowes Inc. | Verifiable voting system |
US7516892B2 (en) * | 2006-12-12 | 2009-04-14 | Pitney Bowes Inc. | Electronic voting system and method having confirmation to detect modification of vote count |
-
2008
- 2008-12-23 ES ES08875902T patent/ES2728313T3/en active Active
- 2008-12-23 WO PCT/IB2008/055521 patent/WO2010073065A1/en active Application Filing
- 2008-12-23 EP EP08875902.2A patent/EP2382606B1/en active Active
Non-Patent Citations (1)
Title |
---|
None * |
Also Published As
Publication number | Publication date |
---|---|
ES2728313T3 (en) | 2019-10-23 |
WO2010073065A1 (en) | 2010-07-01 |
EP2382606A1 (en) | 2011-11-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20200219351A1 (en) | Vote authentication server, vote server and electronic voting system | |
KR102120882B1 (en) | Block chain based contest system and method for contesting | |
KR101378285B1 (en) | Electronic voting system and method | |
Khelifi et al. | M-Vote: a reliable and highly secure mobile voting system | |
US11087578B2 (en) | Voting booth, system, and methods of making and using same | |
KR102186029B1 (en) | Electronic voting system using blockchain and electronic voting method using blockchain | |
US20100114674A1 (en) | Auditable method and system for generating a verifiable vote record that is suitable for electronic voting | |
US20200226866A1 (en) | System and method for hybrid model electronic voting | |
Sheela et al. | E-voting system using homomorphic encryption technique | |
EP2382606B1 (en) | Verifiable electronic voting method | |
US20230147564A1 (en) | System And Method For Conducting A Publicly Auditable Election | |
RU2444063C1 (en) | Voting method with high-reliability biometric protection of anonymity of voter | |
Chakraborty et al. | Designing a biometric fingerprint scanner-based, secure and low-cost electronic voting machine for India | |
Salman et al. | Development of Electronic Elections Systems: A Review | |
Salman et al. | Analysis of the traditional voting system and transition to the online voting system in the republic of Iraq | |
Juma et al. | Election results' verification in e-voting systems in Kenya: a review | |
Alvi et al. | Classification of blockchain based voting: challenges and solutions | |
Nagar et al. | Implementation of Blockchain for Fair polling System | |
KR102381028B1 (en) | Electronic vote management system and method using block-chain | |
Averin et al. | Review of e-voting systems based on blockchain technology | |
Krishnamoorthy et al. | A Robust Blockchain Assisted Electronic Voting Mechanism with Enhanced Cyber Norms and Precautions | |
O’Meara | Survey & Analysis of E-Voting Solutions | |
KR102430835B1 (en) | Bolckchain e-voting system and manipulation method | |
Rajeshwari | Role of technology in the development of smart and secure public voting systems–a review of literatures | |
Poddar et al. | Incorporating advancements in voting strategies: A survey |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20110715 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK TR |
|
DAX | Request for extension of the european patent (deleted) | ||
17Q | First examination report despatched |
Effective date: 20140917 |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: GRANT OF PATENT IS INTENDED |
|
INTG | Intention to grant announced |
Effective date: 20180712 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE PATENT HAS BEEN GRANTED |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK TR |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: EP Ref country code: AT Ref legal event code: REF Ref document number: 1096643 Country of ref document: AT Kind code of ref document: T Effective date: 20190215 |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R096 Ref document number: 602008059003 Country of ref document: DE |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: NV Representative=s name: VALIPAT S.A. C/O BOVARD SA NEUCHATEL, CH |
|
REG | Reference to a national code |
Ref country code: LT Ref legal event code: MG4D |
|
REG | Reference to a national code |
Ref country code: NL Ref legal event code: MP Effective date: 20190213 |
|
REG | Reference to a national code |
Ref country code: EE Ref legal event code: FG4A Ref document number: E017509 Country of ref document: EE Effective date: 20190529 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: FI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190213 Ref country code: NO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190513 Ref country code: PT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190613 Ref country code: SE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190213 Ref country code: NL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190213 Ref country code: LT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190213 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: HR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190213 Ref country code: BG Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190513 Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190514 Ref country code: IS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190613 Ref country code: LV Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190213 |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: MK05 Ref document number: 1096643 Country of ref document: AT Kind code of ref document: T Effective date: 20190213 |
|
REG | Reference to a national code |
Ref country code: ES Ref legal event code: FG2A Ref document number: 2728313 Country of ref document: ES Kind code of ref document: T3 Effective date: 20191023 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190213 Ref country code: DK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190213 Ref country code: IT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190213 Ref country code: RO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190213 Ref country code: CZ Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190213 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R097 Ref document number: 602008059003 Country of ref document: DE |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: PL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190213 |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: AT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190213 |
|
26N | No opposition filed |
Effective date: 20191114 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190213 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R119 Ref document number: 602008059003 Country of ref document: DE |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MC Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190213 |
|
GBPC | Gb: european patent ceased through non-payment of renewal fee |
Effective date: 20191223 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: DE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20200701 Ref country code: GB Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20191223 Ref country code: LU Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20191223 Ref country code: FR Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20191231 Ref country code: IE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20191223 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: CY Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190213 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190213 Ref country code: HU Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO Effective date: 20081223 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: TR Payment date: 20221108 Year of fee payment: 15 Ref country code: EE Payment date: 20221124 Year of fee payment: 15 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: BE Payment date: 20221213 Year of fee payment: 15 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: ES Payment date: 20230105 Year of fee payment: 15 Ref country code: CH Payment date: 20221229 Year of fee payment: 15 |