Generation of random numbers is a critical component of existing post-election auditing techniques. Recent work has largely discouraged the use of all pseudo-random number generators, including cryptographically secure pseudorandom number generators (CSPRNGs), for this purpose, instead recommending the sole use of observable physical techniques. In particular, simple dice rolling has received a great deal of positive attention [4, 6, 9]. The typical justification for this recommendation is that those less comfortable with mathematics prefer a simple, observable technique. This paper takes a contrary view. Simple, observable techniques like dice rolling are not necessarily robust against sleight of hand and other forms of fraud, and attempts to harden them against fraud can dramatically increase their complexity. With simple dice rolling, we know of no techniques that provide citizens with a reasonable means of verifying that fraud did not occur during the roll process. CSPRNGs, used properly, can be simple, robust, and verifiable, and they allow for the use of auditing techniques that might otherwise be impractical. While we understand initial skepticism towards this option, we argue that appropriate use of CSPRNGs would strengthen audit security.
[1]
Dan S. Wallach,et al.
Analysis of an electronic voting system
,
2004,
IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.
[2]
R. Rivest.
A “ Sum of Square Roots ” ( SSR ) Pseudorandom Sampling Method For Election Audits
,
2008
.
[3]
D. Dill,et al.
The Role of Dice in Election Audits – Extended Abstract
,
2006
.
[4]
Dirk Fox,et al.
Digital Signature Standard (DSS)
,
2001,
Datenschutz und Datensicherheit.
[5]
Ronald L. Rivest,et al.
On Auditing Elections When Precincts Have Different Sizes
,
2008,
EVT.
[6]
Joseph A. Calandrino.
Machine-Assisted Election Auditing
,
2007,
EVT.
[7]
Ariel J. Feldman,et al.
Security Analysis of the Diebold AccuVote-TS Voting Machine
,
2007,
EVT.