New version page

The Promise of Cryptographic Voting Protocols

Upgrade to remove ads

This preview shows page 1 out of 2 pages.

Save
View Full Document
Premium Document
Do you want full access? Go Premium and unlock all 2 pages.
Access to all documents
Download any document
Ad free experience

Upgrade to remove ads
Unformatted text preview:

The Promise of Cryptographic Voting ProtocolsChris Karlof Naveen Sastry David Wagner{ckarlof, nks, daw}@cs.berkeley.eduJune 6, 2005Electronic voting has a credibility gap: many experts have sharply criticized current paperless systems,and this has led many advocates to call for voting systems to provide a paper trail retained by election officials.Meanwhile, two vendors have sprung up to propose an alternative solution that uses cryptography andsophisticated mathematics to give voters a receipt of their vote they can take home. Are these cryptographicschemes secure? Do they fix the integrity problems with today’s paperless e-voting systems? We undertooka detailed investigation to find out. Based on our research, we have the opinion that cryptographic votingschemes hold great promise in the long run—but there is much work to do before they will be ready forprime time.These new schemes are truly innovative. They offer an exciting property not available in any prior DREsystem: voters can verify that their vote has been recorded and counted accurately, without endangeringballot secrecy or permitting voter coercion. At the same time, though, they use some of the most advancedcryptographic ideas around and must be carefully validated by independent experts before being deployed.After the results of our study, we are not yet ready to endorse either of these systems for immediate use.A crucial component of any security analysis is having an entire, complete system to examine. Although Neffand Chaum present fully specified cryptographic protocols, many implementation details—such as humaninterfaces, systems design, and election procedures—are not available for analysis. We found several waysin which their schemes might be at risk, depending upon details of their systems that have not yet beendisclosed. These weaknesses could potentially compromise election integrity, erode voter privacy, and enablevote coercion. Without a complete specification and implementation, we cannot gauge the severity of thesepotential weaknesses. However, we expect that a well designed implementation and deployment may be ableto mitigate or even eliminate the impact of these weaknesses.Despite these uncertainties, we remain optimistic about the long-term potential of cryptographic votingschemes. To help these schemes reach their potential, we have several recommendations:• Security certification: Cryptographic voting systems are based on radically different principlesthan prior systems. Unfortunately, today’s certification process is poorly suited to ensure that thesenew systems are trustworthy. A new framework is needed. We call for states to convene a panelof independent experts to perform a security evaluation of these schemes before they are certified orused in the large. Such a panel should include cryptographers, computer security specialists, electionofficials, human computer interaction specialists, and voting specialists. The panel should evaluate,among other things, whether the system provides appropriate levels of security, integrity, privacy, andtransparency.The evaluation should be structured as a verification project, not a bug-finding effort. Evaluatorsshould attempt to ascertain whether there is convincing evidence that the voting system will meet thepanel’s requirements. The system should only be deployed if this panel concludes the voting system istrustworthy.• Usability evaluation: In addition to gauging the trustworthiness of the voting system with thesecurity evaluation, experts must also assess voters’ comfort with these voting systems. The publicshould not feel that a voting system is confusing or too difficult to use correctly. As part of this1evaluation, human computer interaction specialists ought to perform a usability analysis for eachvoting system.We expect small scale trials to help with this evaluation. Afterwards, voters should be surveyed inorder to evaluate their usability experience with the system. We caution, however, that a successfultrial says little or nothing about the security or trustworthiness of the system, because any seriousadversary would mostly likely wait to attack the real thing, rather than disrupting a trial.• Recoverability: Although these schemes can detect many attacks on the voting system, recoverymay be difficult in some cases. There are several ways that an adversary could disrupt the election inways that are eventually detectable but irrecoverable. If this disruption was targeted in a way thatdisproportionately affects one party or candidate more than its opposition, this might call the resultsof the election into question.One way to ensure that we can recover from election failures is to use a voter verified paper audit trail(VVPAT) in conjunction with these schemes. A VVPAT system produces a paper record verified bythe voter before her electronic ballot is cast. This paper record is cast into a ballot box, retained byelection officials, and used primarily for recounts and auditing. This would make it possible to recountprecincts, counties, or entire states if election fraud is discovered. A VVPAT would also providean independent way to audit that the cryptography is correctly functioning and thus might enhanceconfidence, particularly among those who lack the mathematical training to understand these schemes.• Transparency: Independent evaluation is essential if these schemes are to receive the public’sconfidence. We urge that all of the software, source code, documentation, manuals, training documents,and election procedures for any voting system be publicly disclosed in full, so that independent expertscan evaluate the trustworthiness of these systems. This is particularly important for cryptographicvoting schemes, as the history of cryptography shows that schemes shrouded in secrecy have a highrate of failure. To their credit, VoteHere has released source code for part of their system. Sadly, manyother vendors have so far resisted calls for public disclosure.We laud Neff’s and Chaum’s ambitious goal: developing a coercion free, privacy preserving voter-verifiableelection system. Their systems represent a significant security improvement over current DRE-based paper-less systems. Most notably, these schemes seek to give voters a way to know that their vote has been castand counted correctly, since the receipt allows the voter to detect fraud and other failures. Although thesecryptographic systems are not ready for


Download The Promise of Cryptographic Voting Protocols
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view The Promise of Cryptographic Voting Protocols and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view The Promise of Cryptographic Voting Protocols 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?