Eperio: Mitigating Technical Complexity in Cryptographic Election Verification

Cryptographic (or end-to-end) election verification is a promising approach to providing transparent elections in an age of electronic voting technology. In terms of execution time and software complexity however, the technical requirements for conducting a cryptographic election audit can be prohibitive. In an effort to reduce these requirements we present Eperio: a new, provably secure construction for providing a tally that can be efficiently verified using only a small set of primitives. We show how common-place utilities, like the use of file encryption, can further simplify the verification process for election auditors. Using Python, verification code can be expressed in 50 lines of code. Compared to other proposed proof-verification methods for end-to-end election audits, Eperio lowers the technical requirements in terms of execution time, data download times, and code size. As an interesting alternative, we explain how verification can be implemented using True-Crypt and the built-in functions of a spreadsheet, making Eperio the first end-to-end system to not require special-purpose verification software.

[1]  Jean-Jacques Quisquater,et al.  Electing a University President Using Open-Audit Voting: Analysis of Real-World Use of Helios , 2009, EVT/WOTE.

[2]  Jeremy Clark,et al.  Punchscan in Practice: An E2E Election Case Study , 2007 .

[3]  Torben P. Pedersen A Threshold Cryptosystem without a Trusted Party (Extended Abstract) , 1991, EUROCRYPT.

[4]  Andrew W. Appel,et al.  The New Jersey Voting-machine Lawsuit and the AVC Advantage DRE Voting Machine , 2009, EVT/WOTE.

[5]  Markus Jakobsson,et al.  Making Mix Nets Robust for Electronic Voting by Randomized Partial Checking , 2002, USENIX Security Symposium.

[6]  Gil Segev,et al.  David and Goliath Commitments: UC Computation for Asymmetric Parties Using Tamper-Proof Hardware , 2008, EUROCRYPT.

[7]  Hongjun Wu The Misuse of RC4 in Microsoft Word and Excel , 2005, IACR Cryptol. ePrint Arch..

[8]  Ronald L. Rivest,et al.  Scratch & vote: self-contained paper-based cryptographic voting , 2006, WPES '06.

[9]  Jonathan Katz,et al.  Universally Composable Multi-party Computation Using Tamper-Proof Hardware , 2007, EUROCRYPT.

[10]  Wolter Pieters,et al.  RIES - Internet Voting in Action , 2005, COMPSAC.

[11]  Josh Benaloh Verifiable secret-ballot elections , 1987 .

[12]  Pavol Cerný,et al.  Security Evaluation of ES&S Voting Machines and Election Management System , 2008, EVT.

[13]  Moni Naor,et al.  Split-ballot voting: Everlasting privacy with distributed trust , 2007, TSEC.

[14]  Ben Adida,et al.  Helios: Web-based Open-Audit Voting , 2008, USENIX Security Symposium.

[15]  Jeremy Clark,et al.  Scantegrity II Municipal Election at Takoma Park: The First E2E Binding Governmental Election with Ballot Privacy , 2010, USENIX Security Symposium.

[16]  Stefan Popoveniuc,et al.  An Introduction to PunchScan , 2010, Towards Trustworthy Elections.

[17]  David Chaum,et al.  Secret-ballot receipts: True voter-verifiable elections , 2004, IEEE Security & Privacy Magazine.

[18]  J. Clark,et al.  Secure and Observable Auditing of Electronic Voting Systems using Stock Indices , 2007, 2007 Canadian Conference on Electrical and Computer Engineering.

[19]  J. A. Halderman Source Code Review of the Diebold Voting System , 2007 .

[20]  C. Andrew Ne,et al.  Practical high certainty intent verification for encrypted votes , 2004 .

[21]  P. Cochat,et al.  Et al , 2008, Archives de pediatrie : organe officiel de la Societe francaise de pediatrie.

[22]  Dan S. Wallach,et al.  VoteBox: A Tamper-evident, Verifiable Electronic Voting System , 2008, USENIX Security Symposium.

[23]  Josh Benaloh,et al.  Receipt-Free Secret-Ballot Elections , 1994, STOC 1994.

[24]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[25]  Jeremy Clark,et al.  Aperio: High Integrity Elections for Developing Countries , 2010, Towards Trustworthy Elections.

[26]  Atsushi Fujioka,et al.  A Practical Secret Voting Scheme for Large Scale Elections , 1992, AUSCRYPT.

[27]  Dan S. Wallach,et al.  Analysis of an electronic voting system , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[28]  Mihir Bellare,et al.  A concrete security treatment of symmet-ric encryption: Analysis of the DES modes of operation , 1997, FOCS 1997.

[29]  Markus Jakobsson,et al.  Coercion-resistant electronic elections , 2005, WPES '05.

[30]  Jeremy Clark,et al.  Scantegrity II: End-to-End Verifiability for Optical Scan Election Systems using Invisible Ink Confirmation Codes , 2008, EVT.

[31]  Micah Sherr,et al.  Source Code Review of the Sequoia Voting System 1 , 2007 .

[32]  Patrick Traynor,et al.  Systemic Issues in the Hart InterCivic and Premier Voting Systems: Reflections on Project EVEREST , 2008, EVT.

[33]  Mihir Bellare,et al.  A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[34]  Jeremy Clark,et al.  On the Use of Financial Data as a Random Beacon , 2010, EVT/WOTE.

[35]  Josh Benaloh,et al.  Simple Verifiable Elections , 2006, EVT.

[36]  Josh Benaloh,et al.  Receipt-free secret-ballot elections (extended abstract) , 1994, STOC '94.

[37]  Michael R. Clarkson,et al.  Civitas: Toward a Secure Voting System , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[38]  Kazue Sako,et al.  Receipt-Free Mix-Type Voting Scheme - A Practical Solution to the Implementation of a Voting Booth , 1995, EUROCRYPT.

[39]  D. Dill,et al.  The Role of Dice in Election Audits – Extended Abstract , 2006 .

[40]  David Chaum,et al.  A Practical Voter-Verifiable Election Scheme , 2005, ESORICS.

[41]  Brent Waters,et al.  New client puzzle outsourcing techniques for DoS resistance , 2004, CCS '04.

[42]  Warren D. Smith Three Voting Protocols: ThreeBallot, VAV, and Twin , 2007, EVT.

[43]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.