RSS

Open Source

Welcome To the World of Cryptographic Voting

By Dr. Dobb's Journal, November 19, 2009

Ensuring accurate vote counts

In a recent Takoma Park, Md. election, a new cryptographic voting system that ensures accurate vote counts was used for the first time in a real election. Scantegrity II is an open source election verification technology for optical scan voting systems. It uses privacy preserving confirmation numbers to allow each voter to verify her vote is counted. The confirmation numbers also allow anyone to verify that all the votes were counted correctly. The system is a variation on conventional optical-scan voting. But instead of filling in a bubble next to a candidate's name, the voter uses a special pen that exposes a code printed inside the bubble in invisible ink. Voters can write down that code, along with the serial number of their ballot, to later verify the results online.

A voter can't, however, offer a would-be vote buyer proof that they selected a particular candidate, since the code isn't associated with the candidate's name. If enough people confirm their codes -- about 2 percent of voters -- it's almost impossible for vote tampering to go undetected.

The key to the system is that before the election, the election commission prepares a set of tables that link the ballot codes and the candidates' names. Then, it publicly releases a set of digital signatures that cryptographically describe all the entries in the tables without actually revealing them. That way, the tables can't be tampered with after the ballots are cast, but neither do they reveal any information that ballot stuffers could use before the election.

In the Takoma Park election, the election commission used 20 distinct sets of tables, with three tables in each set. In each set, the first table listed the codes printed on each ballot. The codes were listed in a random order to make it impossible to tell which code was associated with which candidate. The third table featured only the candidates' names at the top -- it was simply a grid for recording the votes assigned to each candidate. The second table mapped each code in the first table to a unique slot in the third table. This second table ensured that the slot fell under the right candidate's name, but the mapping was otherwise random to make it impossible to tell from a slot's location which ballot it corresponded to.

After the election, for each of the 20 sets of tables, the election commission web site posted the final tally using the grid in table three. It released the codes in table one that were actually exposed in the voting booth, along with encryption keys that verified their authenticity. And it randomly released half of the information in table two: either the half that pointed backward, to the codes in table one, or the half that pointed forward, to the slots in table three. Finally, it flagged all the entries in table two correlated with recorded votes -- with exposed codes in table one and slots checked in table three.

Exposing only half of table two preserves voter anonymity: There's no way to figure out which ballot went for which candidate. But it also provides enough information that any attempt to tamper with the results can be detected. To change the final tally, a ballot stuffer would have to insert fake votes into table three. But that would entail spuriously flagging the corresponding entry in table two. And that would entail revealing the corresponding code in table one -- which a voter who checked her code online would notice.


Related Reading

News

Most Popular

Commentary

On the Web

Video

Slideshow

More Insights

White Papers

More >>

Reports

More >>

Webcasts

More >>
INFO-LINK




Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

DrDobbs encourages readers to engage in spirited, healthy debate, including taking us to task. However, DrDobbs moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. DrDobbs further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
 

Best of the Web

What the New iPad and iOS 5.1 Mean for Developers

The new display is gorgeous. But local storage for HMTL5 is currently broken on the new iPad and performance of some apps is slower. Here's a deep dive into the issues, including benchmarks and analysis.

Quick Read

Triple Buffering as A Concurrency Mechanism

Triple Buffering is a way of passing data between a producer and a consumer running at different rates. It ensures that the consumer sees only complete data with minimal lag.

Quick Read

Embedding GDB Breakpoints in C Source Code

Have you ever wanted to embed GDB breakpoints in C source code? Something like this:
printf("Hello,\n");
EMBED_BREAKPOINT;
printf("world!\n");

Quick Read

Writing Kernel Exploits

Why attack the kernel? Because it has a huge attack surface with potential for very interesting bugs. This presentation (pdf) takes a code-level dive into recently reported Linux-kernel exploits.

Quick Read


More "Best of the Web" >>

Open Source Recent Articles

Most Popular

Stories Blogs

Video

View All Videos

Featured Reports

Featured Whitepapers

Featured Webcasts

Most Recent Premium Content

Digital Issues

Enabling People and Organizations to Harness the Transformative Power of Technology