Page 34 - Towards Trustworthy Elections New Directions in Electronic Voting by Ed Gerck (auth.), David Chaum, Markus Jakobsson, Ronald L. Rivest, Peter Y. A. Ryan, Josh Benaloh, Miroslaw Kutylowski, Ben Adida ( (z-lib.org (1)
P. 34
E. Gerck
26
The WVS design is transparent. As part of the election setup, the WVS design
invites stakeholders to add their own witnesses and readers, which is critical to
the trustworthiness of the election’s outcome, step (III).
The WVS design is simple, scalable, and auditable. The WVS design uses
multiple, diverse channels to transfer information from each voter to the tally
results, which is promotive of end-to-end auditing and is amenable to end-to-
end arguments (see section 6.5). Consequently, the number of process points
that need to be witnessed is relatively small and the design can be implemented
using parallel elements (e.g., witnesses, readers, tally processing) for simplicity,
scalability and reliable auditing.
The WVS design is robust. For example, in order to satisfy step (III) the
WVS implementation should be transparent in operation to the voters and the
operators. If that does not seem to be the case for some operation in (I), that op-
eration can be redesigned using the considerations in Section 6 and the problem
solved to the satisfaction of both (II) and (III).
The WVS design is extensible. Additional control variables can be added. For
example, a step (IIIa) could be inserted to promote low election cost, while a
step (IIIb) could measure voter feedback to assure accessibility compliance.
8.1 How It Works
With the objective of highlighting the basic concepts used in our approach,
section 2 presented a WVS implementation that was highly simplified and used
intuitive requirements. A more practical WVS implementation is presented here,
following the model presentation and qualified requirements of the previous sec-
tions. Additional WVS implementations are described in [14].
This presentation includes many considerations of our approach. Notably
missing from our implementations, but referenced in [17], we did not provide
examples of voter registration, voter authentication, and ballot authentication,
as well as their use in terms of specifying a “closed-circle” voting process.
Most importantly, the WVS captures what we call the “magic moment”, when
the voter sees and confirms the choices in order to cast the ballot. This is the
primary information that needs to be voter-verified and universally verifiable,
albeit anonymously and without creating a “voter pattern fingerprinting” vul-
nerability (Section 7.1). The WVS will also provide end-to-end verification that
ballots are processed correctly, giving voters and other parties independent ver-
ification capability that the votes are cast, collected, and counted as intended.
Without limitation, we consider that the message selected by a voter (i.e., the
ballot that a voter sees and casts) is transmitted initially to the ballot box, stored
there and later tallied, with totals made public. We further describe how the
influence of errors in the voting process (including fraud, malfunctions, passive
and active attacks) may be corrected to achieve an outcome error that can be
as close to zero as desired (error-free), using ways of transmitting and receiving
the information that are provably optimal in reducing errors.
We will often refer the reader to slides in [14] for visualization. The slides
are available online. Please load or print slide number 13 in [14]. To refer to
