EP1532556A2 - Systeme de vote sans contrainte - Google Patents

Systeme de vote sans contrainte

Info

Publication number
EP1532556A2
EP1532556A2 EP03711100A EP03711100A EP1532556A2 EP 1532556 A2 EP1532556 A2 EP 1532556A2 EP 03711100 A EP03711100 A EP 03711100A EP 03711100 A EP03711100 A EP 03711100A EP 1532556 A2 EP1532556 A2 EP 1532556A2
Authority
EP
European Patent Office
Prior art keywords
ballot
voter
confirmation value
received
coercion
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP03711100A
Other languages
German (de)
English (en)
Other versions
EP1532556A4 (fr
Inventor
C. Andrew Neff
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Dategrity Corp
Original Assignee
VoteHere Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by VoteHere Inc filed Critical VoteHere Inc
Publication of EP1532556A2 publication Critical patent/EP1532556A2/fr
Publication of EP1532556A4 publication Critical patent/EP1532556A4/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C13/00Voting apparatus
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • This application is directed to the technical field of security measures for electronically-conducted elections .
  • Figure 1 is a block diagram showing a suitable environment for implementing the scheme.
  • FIG. 2 is a flow diagram showing steps typically performed in accordance with the scheme.
  • the scheme described herein allows the voter to remain in exclusive possession of secret information that is used by a voter to cast a ballot. It allows a voter that has been pushed to reveal secret information to provide a false answer without being discovered. After providing the false answer, the voter can then proceed and cast a "real" vote on his or her own. This is achieved while still maintaining a collection of election audit properties that are characteristic of good electronic election protocols.
  • An election scheme is coercion safe if, even in the coercion threat model, its transcript can not be feasibly forged by any collusion of authorities that, together, are unable to compute a tally. Further, in the case of a collusion that is able to compute a tally, the extent of the forgery is limited by the number of voters coerced.
  • Voters participate in a secret "voter registration" process in prior to the start of the election. This process must make the voter safe from coercion by standard physical means. In practice, this means the voter must report to a county registration center, where physical privacy is guaranteed. However, the voter need only participate in this registration process once. Thereafter, the method of this invention will protect the voter against coercion through the course of multiple elections.
  • each voter selects a secret "confirmation code,” or "confirmation pass phrase.”
  • the "confirmation pass phrase" is encrypted by the voter and the encrypted form is publicly registered to that voter. 4.
  • each voter In order to cast a ballot, each voter must supply an accompanying (encrypted) pass phrase.
  • the accompanying pass phrase does not have any effect on whether the ballot is "accepted” or not - so if the voter is being "supervised” by a coercer, the voter is still free to supply any pass phrase whether it matches the voter's registered pass phrase or not.
  • the coercer will not be able to tell the difference.
  • the accompanying pass phrase will have an effect on whether the ballot it accompanies is counted or not. The mechanism for this (described next) nevertheless assures that
  • the tabulation (counting) of encrypted votes is accomplished roughly by randomly mixing voted ballot - encrypted pass phrase pairs as well as the original registration data. After randomization, the appropriate data is decrypted by election authorities holding shares of the encryption key. Only when a match between a pass phrase in the randomized ballot data matches a pass phrase in the randomized registration data is the ballot counted. The matching is done without ever decrypting either of the pass phrases. Since all the randomization is done by way of a cryptographic verifiable shuffle, the results can still be inspected and verified by anyone for accuracy.
  • FIG. 1 and the following discussion provide a brief, general description of a suitable computing environment in which aspects of the invention can be implemented.
  • aspects and embodiments of the invention will be described in the general context of computer-executable instructions, such as routines executed by a general-purpose computer, e.g., a server or personal computer.
  • a general-purpose computer e.g., a server or personal computer.
  • Those skilled in the relevant art will appreciate that the invention can be practiced with other computer system configurations, including Internet appliances, hand-held devices, wearable computers, cellular or mobile phones, multi-processor systems, microprocessor- based or programmable consumer electronics, set-top boxes, network PCs, mini-computers, mainframe computers and the like.
  • the invention can be embodied in a special purpose computer or data processor that is specifically programmed, configured or constructed to perform one or more of the computer-executable instructions explained in detail below.
  • computer refers to any of the above devices, as well as any data processor.
  • the invention can also be practiced in distributed computing environments, where tasks or modules are performed by remote processing devices, which are linked through a communications network, such as a Local Area Network ("LAN” ), Wide Area Network (“WAN” ) or the Internet.
  • LAN Local Area Network
  • WAN Wide Area Network
  • program modules or sub-routines may be located in both local and remote memory storage devices.
  • aspects of the invention described below may be stored or distributed on computer-readable media, including magnetic and optically readable and removable computer discs, stored as firmware in chips (e.g., EEPROM chips), as well as distributed electronically over the Internet or over other networks (including wireless networks).
  • EEPROM chips electrically erasable programmable read-only memory
  • portions of the invention may reside on a server computer, while corresponding portions reside on a client computer. Data structures and transmission of data particular to aspects of the invention are also encompassed within the scope of the invention.
  • one embodiment of the invention employs a computer 100, such as a personal computer or workstation, having one or more processors 101 coupled to one or more user input devices 102 and data storage devices 104.
  • the computer is also coupled to at least one output device such as a display device 106 and one or more optional additional output devices 108 (e.g., printer, plotter, speakers, tactile or olfactory output devices, etc.).
  • the computer may be coupled to external computers, such as via an optional network connection 110, a wireless transceiver 112, or both.
  • the input devices 102 may include a keyboard and/or a pointing device such as a mouse. Other input devices are possible such as a microphone, joystick, pen, game pad, scanner, digital camera, video camera, and the like.
  • the data storage devices 104 may include any type of computer-readable media that can store data accessible by the computer 100, such as magnetic hard and floppy disk drives, optical disk drives, magnetic cassettes, tape drives, flash memory cards, digital video disks (DVDs), Bernoulli cartridges, RAMs, ROMs, smart cards, etc. Indeed, any medium for storing or transmitting computer-readable instructions and data may be employed, including a connection port to a network such as a local area network (LAN), wide area network (WAN) or the Internet (not shown in Figure 1). Aspects of the invention may also be practiced in a variety of other computing environments.
  • LAN local area network
  • WAN wide area network
  • the Internet not shown in Figure 1
  • FIG. 2 is a flow diagram showing steps typically performed in accordance with the scheme. These steps are described in more detail below.
  • step 201 voters are registered to add them to the list of registered voters eligible to cast votes, and to provide them with voting credentials.
  • the election is initialized to assign ballot choice values to candidates.
  • step 203 voters cast their votes by submitting encrypted ballots.
  • step 204 the votes cast in step 203 are tabulated, and added to the vote total only if the validity of the received ballot can be verified. After step 204, these steps conclude.
  • Definition 1 Henceforth, we call any participant in the election process, or any individual who exerts, or attempts to exert, an influence on the election process a player.
  • voters, election officials, and tabulators are all players, but so are all individuals who seek to influence the election outcome even though they may have no official role in it.
  • Player i coerces player Pi ⁇ P obtains from Pi any information that the election protocol does not require P 2 to reveal to Pi .
  • Identical terminology is used when the coercer is actually a group of players. That is, no aspects of the invention limit its utility to the case were the coercer is a single individual. Therefore, henceforth, we will not endevor to make an explicit distinction between coercion by an individual and coercion by a group of individuals acting together.
  • Coercible information is all information whose authenticity can be "verified” by the coercer. If the authenticity can not be verified, then the voter (or individual being coerced) is free to lie about it to the coercer.
  • the invention requires something roughly like digital ballot box. At very least, this is a storage device connected to a network, or otherwise openly accessible to voters.
  • a standard web server and database application provides an embodiment of such a device. In practice, more security measures would be built into, or around this device in order to protect against damage or destruction caused by either malicious or natural forces.
  • the invention also requires that voters be able to translate their choices into a digital representation, and further encrypt that representation by the methods presented in the remainder of this invention.
  • a generic PC provides an embodiment of such a device.
  • bulletin board Since the transmission and storage of information are the key elements of this invention rather than the particular technologies that facilitate transmission and storage, we will adopt the more generic term bulletin board to denote the openly accessible storage device, and we denote the act of recording information on (or in) the bulletin board as posting. (In the voting context, this corresponds, intuitively, to the act of "casting a ballot” .) Further, we denote the strings, or records of information that are posted to the bulletin board as posts. (In the voting context, these correspond, intuitively, to voted ballots.)
  • Posts are always appended to the bulletin board, BB, that is, deletions are not allowed. And posting is an atomic transaction, that is, at any given time, BB will contain exactly k posts, for some non-negative integer k.
  • PP-2 Any player may append a post regardless of the state (contents) of BB.
  • PP-3 At any given time, a tally can be formed, and it is unique. That is, it is not possible (or at least "overwhelmingly improbable"), that BB is in some state, C(BB) that is "invalid" for tabulation, and the tally, tally(C(BB)) : C ⁇ N is well defined.
  • PP-4 A collection of players either can or cannot compute the tally independent of the state of BB.
  • C C(BB) be any state of BB (sequence of posts). If p is a post, we denote by C ® p the state of BB after appending the single post p. We also use the notation tc to denote the tally, tally(C).
  • a vote function (on BB) is a map characterized by the following vf-1. For all p € P
  • P ⁇ A ⁇ ⁇ B tJ ) a (8) independent of the values of i, j, and the state of the bulletin board, C( ⁇ ).
  • the protocol admits a vote function. (Note that this does not require that the vote function be computable by any of the players, only that it exist.)
  • Theorem 1 If an election protocol has partitionable tabulation, and a coercer contains a collection of players capable of computing a tally, then for any 1 ⁇ i ⁇ I, the value of ⁇ (v t , C(BB)) is coercible.
  • the coercer can step through the sequence of ballot box images, at each point computing the tally (see assumption PP-4) and requiring v l to "add a vote" of a particular value. By re-computing the tally with ⁇ t 's post appended, the coercer can determine which posts were added by ⁇ L and their cumulative effect on the tally. Note that this presumes a model in which "after the fact" coercion is allowed. That is, the coercer may interact with the voter after the bulletin board has been closed. However, this assumption can be eliminated with a reasonable assumption on the computing power of voters. In particular, we can show that the coercer is able, by way of a single coercion event, to
  • a partitionable election protocol is coercion resistant if, under the assumption that there is no coercer capable of independently computing a tally:
  • a partitionable election protocol is coercion safe if, it is coercion resistant and, under all collusion scenarios,
  • ⁇ ⁇ chooses a random r t G (g), and a random ⁇ , 6 Z,, and forms
  • ⁇ t obtains from A 3 the pair (U tJ , W ⁇ ) given by
  • ⁇ x obtains a signature on (U ⁇ , W ⁇ ) from A 3 as a receipt.
  • v x knows that one specific authority, Aj, is not a coercer, and fewer than t authorities (the number necessary to compute a tally) are colluding to coerce (though v z may not explicitly know their identities), the value of r t is not coercible. This is because ⁇ x can justify the validity of any r t and a % by lying to the coercer about the value of (U t j, V % j) and presenting a forged (i.e. simulated) Chaum-Pedersen proof. The requirement that ⁇ ⁇ knows a specific honest Aj may be relaxed if we assume that it is acceptable for ⁇ , to be caught lying to the coercer.
  • ⁇ ⁇ can pick an J at random, 1 ⁇ J ⁇ n, assume that A j is honest, and then know that the chance of being caught lying is at most (t — l)/n.
  • V-2 V-2.
  • v ⁇ then chooses random f l2 G Z q , computes s t — r ⁇ / ⁇ ( ⁇ ) and encrypts it as
  • E ⁇ ( (A, B t ) , (C t , A) , Q B . Q? D ) (17) V-5.
  • ⁇ t would be issued a receipt for E ⁇ .
  • T-5 The authorities jointly decrypt all of the pairs (A m , B m ), and ( ⁇ m ⁇ , ⁇ mt ), 1 ⁇ ⁇ ⁇ I, 1 ⁇ m ⁇ M. Let these be, respectively, a m , and x m ⁇ .
  • T2-2 The authorities execute a verifiable shuffle of the sequence of ElGamal pairs, ⁇ U l , W ), resulting in output set of ElGamal pairs where ⁇ ⁇ , ⁇ ⁇ G ⁇ g)-
  • the properties of this mix are that the set of decrypted values of the output sequence are exactly the same as the set of decrypted values of the input sequence, but in randomly permuted order.
  • the protocol, as presented is clearly not coercion safe. If t or more authorities collude, they can decrypt the original voter secrets, r t , and this allows them to impersonate all the voters. The problem can be fixed by adding an anonymous signature requirement to the ballot casting operation. (See aforementioned patent applications for a detailed description of an anonymous signature protocol that is "authority free” .) In this case, even if a malicious agent has access to a secret, r ⁇ , it can not affect the tally without the corresponding private signing key, which can not be obtained without coercion. The reason for this should be clear.
  • An authority free, anonymous signature on the voted ballot prevents the authorities (even in collusion) from linking the original encrypted ballot (input to the verifiable shuffle, or mix) to an individual the way they can with a standard digital signature.
  • a standard digital signature explicitly links signed data to a registered individual.
  • An anonymous signature only links signed data to a member of a set, or group, of individuals.

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Mathematical Physics (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Time Recorders, Dirve Recorders, Access Control (AREA)

Abstract

L'invention concerne un équipement permettant de réaliser un recueil électronique sans contrainte. Cet équipement reçoit du votant une première valeur de confirmation de votant. Plus tard, l'équipement reçoit du votant un bulletin chiffré et une seconde valeur de confirmation de votant. Sans prendre en compte la valeur de la seconde valeur de confirmation de votant reçue, l'équipement ajoute le bulletin reçu dans une liste publiquement disponible de bulletins déposés. Après cet ajout, les membres du public peuvent vérifier l'ajout du bulletin reçu dans la liste sans être capables de déterminer si le bulletin sera compté. Cet équipement permet de compter le bulletin seulement si la seconde valeur de confirmation de votant reçue avec le bulletin correspond à la première confirmation du votant reçue.
EP03711100A 2002-02-14 2003-02-14 Systeme de vote sans contrainte Withdrawn EP1532556A4 (fr)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US35721002P 2002-02-14 2002-02-14
US357210P 2002-02-14
PCT/US2003/004798 WO2003069448A2 (fr) 2002-02-14 2003-02-14 Systeme de vote sans contrainte

Publications (2)

Publication Number Publication Date
EP1532556A2 true EP1532556A2 (fr) 2005-05-25
EP1532556A4 EP1532556A4 (fr) 2007-09-19

Family

ID=27734736

Family Applications (1)

Application Number Title Priority Date Filing Date
EP03711100A Withdrawn EP1532556A4 (fr) 2002-02-14 2003-02-14 Systeme de vote sans contrainte

Country Status (8)

Country Link
EP (1) EP1532556A4 (fr)
JP (1) JP2005526307A (fr)
KR (1) KR20040078165A (fr)
CN (1) CN1659554A (fr)
AU (1) AU2003215282A1 (fr)
CA (1) CA2475136C (fr)
RU (1) RU2292082C2 (fr)
WO (1) WO2003069448A2 (fr)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2906058B1 (fr) * 2006-09-14 2008-11-21 Eads Defence And Security Syst Procede et serveur de verification du contenu d'une urne virtuelle d'un systeme de vote electronique chiffre par un algorithme homomorphique
CN101727692B (zh) * 2008-10-17 2013-01-02 中科院成都信息技术有限公司 选举投票信息处理方法及***
RU2452013C2 (ru) * 2010-01-26 2012-05-27 Российская Федерация, от имени которой выступает Федеральная служба по техническому и экспортному контролю (ФСТЭК России) Способ формирования сертификата открытого ключа
CN102622572A (zh) * 2012-03-16 2012-08-01 中科院成都信息技术有限公司 选票快速配对和关联防伪方法
CN102629396B (zh) * 2012-04-09 2014-04-02 中科院成都信息技术股份有限公司 含另选人的电子选票信息加密及快速处理方法
RU2751315C2 (ru) * 2019-11-05 2021-07-13 Публичное Акционерное Общество "Сбербанк России" (Пао Сбербанк) Универсальная система распределенного защищенного дистанционного голосования
US11356267B2 (en) 2020-05-15 2022-06-07 Op Osuuskunta Apparatus, method and software for electronic voting during web conference

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6092051A (en) * 1995-05-19 2000-07-18 Nec Research Institute, Inc. Secure receipt-free electronic voting
US20010034640A1 (en) * 2000-01-27 2001-10-25 David Chaum Physical and digital secret ballot systems

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6081793A (en) * 1997-12-30 2000-06-27 International Business Machines Corporation Method and system for secure computer moderated voting

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6092051A (en) * 1995-05-19 2000-07-18 Nec Research Institute, Inc. Secure receipt-free electronic voting
US20010034640A1 (en) * 2000-01-27 2001-10-25 David Chaum Physical and digital secret ballot systems

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of WO03069448A2 *

Also Published As

Publication number Publication date
RU2004127443A (ru) 2005-05-27
EP1532556A4 (fr) 2007-09-19
AU2003215282A1 (en) 2003-09-04
RU2292082C2 (ru) 2007-01-20
KR20040078165A (ko) 2004-09-08
JP2005526307A (ja) 2005-09-02
AU2003215282A8 (en) 2003-09-04
WO2003069448A3 (fr) 2005-03-24
WO2003069448A2 (fr) 2003-08-21
CN1659554A (zh) 2005-08-24
CA2475136C (fr) 2007-04-17
CA2475136A1 (fr) 2003-08-21

Similar Documents

Publication Publication Date Title
Adiputra et al. A proposal of blockchain-based electronic voting system
KR102669763B1 (ko) 블록체인 네트워크를 통해 엔티티에 의해 제공되는 데이터의 통신, 저장 및 처리를 위한 시스템 및 방법
Adida Advances in cryptographic voting systems
Karlof et al. Cryptographic Voting Protocols: A Systems Perspective.
US20190019366A1 (en) System and method of determining ballots of voters collected with the aid of electronic balloting
KR102120882B1 (ko) 블록체인 기반 컨테스트 네트워크 시스템 및 컨테스트 방법
US20220141020A1 (en) Blockchain e-voting system and operating method thereof
US7389250B2 (en) Coercion-free voting scheme
US20230282052A1 (en) Blockchain-based voting system
Jain et al. Towards Developing a Secure and Robust Solution for E-Voting using Blockchain
Lu et al. Self-tallying e-voting with public traceability based on blockchain
EP1532556A2 (fr) Systeme de vote sans contrainte
Khanpara et al. Blockchain-based E-voting technology: opportunities and challenges
EP3474241A1 (fr) Vote électronique
Vijayalakshmi et al. Secure online voting system in cloud
Chaum et al. Paperless independently-verifiable voting
JP2004192029A (ja) 電子投票システム、投票データ生成サーバ、端末装置、及び、集計サーバ、ならびに、コンピュータプログラム
Latif et al. Blockchain based Decentralized Electronic Voting System: A Step towards Transparent Elections
Abo-Rizka et al. A Novel E-voting in Egypt
Liu et al. RETRACTED: A Publicly Verifiable E-Voting System Based on Biometrics
Gupta et al. Improving the End to End Protection in E-voting using BVM-Blockchain based e-Voting Mechanism
Paul et al. The design of a trustworthy voting system
Krishnamoorthy et al. A Robust Blockchain Assisted Electronic Voting Mechanism with Enhanced Cyber Norms and Precautions
Pasquinucci Web voting, security and cryptography
Sarier Efficient and Usable Coercion-Resistant E-Voting on the Blockchain

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20040827

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PT SE SI SK TR

AX Request for extension of the european patent

Extension state: AL LT LV MK RO

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: DATEGRITY CORPORATION

REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 1076524

Country of ref document: HK

A4 Supplementary search report drawn up and despatched

Effective date: 20070822

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20090901

REG Reference to a national code

Ref country code: HK

Ref legal event code: WD

Ref document number: 1076524

Country of ref document: HK