Previous | Table of Contents | Next |
Computerized voting will never be used for general elections unless there is a protocol that both maintains individual privacy and prevents cheating. The ideal protocol has, at the very least, these six requirements:
Additionally, some voting schemes may have the following requirement:
Before describing the complicated voting protocols with these characteristics, lets look at some simpler protocols.
Simplistic Voting Protocol #1
This protocol is rife with problems. The CTF has no idea where the votes are from, so it doesnt even know if the votes are coming from eligible voters. It has no idea if eligible voters are voting more than once. On the plus side, no one can change anyone elses vote; but no one would bother trying to modify someone elses vote when it is far easier to vote repeatedly for the result of your choice.
Simplistic Voting Protocol #2
This protocol satisfies properties one and two: Only authorized voters can vote and no one can vote more than oncethe CTF would record votes received in step (3). Each vote is signed with the voters private key, so the CTF knows who voted, who didnt, and how often each voter voted. If a vote comes in that isnt signed by an eligible voter, or if a second vote comes in signed by a voter who has already voted, the facility ignores it. No one can change anyone elses vote either, even if they intercept it in step (3), because of the digital signature.
The problem with this protocol is that the signature is attached to the vote; the CTF knows who voted for whom. Encrypting the votes with the CTFs public key prevents anyone from eavesdropping on the protocol and figuring out who voted for whom, but you have to trust the CTF completely. Its analogous to having an election judge staring over your shoulder in the voting booth.
These two examples show how difficult it is to achieve the first three requirements of a secure voting protocol, let alone the others.
Voting with Blind Signatures
We need to somehow dissociate the vote from the voter, while still maintaining authentication. The blind signature protocol does just that.
A malicious voter, call him Mallory, cannot cheat this system. The blind signature protocol ensures that his votes are unique. If he tries to send in the same vote twice, the CTF will notice the duplicate serial number in step (7) and throw out the second vote. If he tries to get multiple votes signed in step (2), the CTF will discover this in step (3). Mallory cannot generate his own votes because he doesnt know the facilitys private key. He cant intercept and change other peoples votes for the same reason.
The cut-and-choose protocol in step (3) is to ensure that the votes are unique. Without that step, Mallory could create a set of votes that are the same except for the identification number, and have them all validated.
A malicious CTF cannot figure out how individuals voted. Because the blind signature protocol prevents the facility from seeing the serial numbers on the votes before they are cast, the CTF cannot link the blinded vote it signed with the vote eventually cast. Publishing a list of serial numbers and their associated votes allows voters to confirm that their vote was tabulated correctly.
There are still problems. If step (6) is not anonymous and the CTF can record who sent in which vote, then it can figure out who voted for whom. However, if it receives votes in a locked ballot box and then tabulates them later, it cannot. Also, while the CTF may not be able to link votes to individuals, it can generate a large number of signed, valid votes and cheat by submitting those itself. And if Alice discovers that the CTF changed her vote, she has no way to prove it. A similar protocol, which tries to correct these problems, is [1195, 1370].
Voting with Two Central Facilities
One solution is to divide the CTF in two. Neither party would have the power to cheat on its own.
The following protocol uses a Central Legitimization Agency (CLA) to certify voters and a separate CTF to count votes [1373].
Previous | Table of Contents | Next |