Page 37 - Towards Trustworthy Elections New Directions in Electronic Voting by Ed Gerck (auth.), David Chaum, Markus Jakobsson, Ronald L. Rivest, Peter Y. A. Ryan, Josh Benaloh, Miroslaw Kutylowski, Ben Adida ( (z-lib.org (1)
P. 37
The outcome or election result (236) is calculated according to the election
rules, which also define the recount procedures (238), if any. The recount pro-
cedures (238) may use a different number of witnesses from cartridge A and of
stored votes from cartridge B. The Witness-Voting System 29
As another possibility, the computer (220) in witness (230) stores only the
digital signature of the image data in cartridge B. That is, at the time the
voter (200) authenticates the vote selections, computer (220) is activated, as set
forth above, to record and store in cartridge B only the digital signature of the
image, without the image. If necessary, as in the case of a discrepancy, the data
from cartridge A can be used to recreate the image corresponding to its digital
signature in cartridge B in accordance with techniques which are well known.
Storage of digital signature data has significant advantages over storing ballot
image data. The size of compressed, encrypted ballot image data is on the order
of 500 kilobytes or more, for a single ballot. In contrast, digital signature data
size in on the order of 500 bytes. Thus, digital signature data can require three
orders of magnitude less storage space than compressed image data. For an
application such as electronic voting where large amounts of election data must
be transmitted and stored, storage of digital signature data may provide an
efficient, compact witness for the image data transmitted from cartridge A to
the result (232). Storage of digital signature data may also provide advantages
in terms of increased processing speed and makes more efficient use of memory
and system resources in a typical electronic voting environment.
The use of an optical witness device is not mandatory. Other slides of [14] show
how similar arrangements (in different WVS implementations) can be made for
an electrical witnesses of the electric signal that provides the image, for a display
card witness in the DRE that holds the pixels shown in the screen, instead of or
in addition to one or more optical witnesses.
A significant aspect of this design is that witnesses and readers from each
interested election stakeholder can be used at the same time and place. For
example, witnesses representing political parties A, B and C could be provided
by each party to anonymously watch each ballot as seen and cast by the voter.
Diverse tally modules, as reader objects, can also be provided by parties A, B
and C, where the tally process can be executed in parallel and employ diverse
error-correcting algorithms.
Slide number 16 in [14] shows how the inputs from various witness and readers
can be combined and evaluated, including error-detection, by weighed consensus
to calculate the election outcome at the final tally. Weighed consensus is a well-
known technique to increase fault-tolerance in the presence of interference and is
used here as a non-limiting error-correcting algorithm example to combat faults
and fraud (modeled as interference).
While the WVS may use closed-source components (e.g., EO’s or stakehold-
ers’ witness elements may include proprietary code), open-source elements can
also be used and their outputs openly compared for mutual verification at ev-
ery step of the process, including at the final tally, to assure election outcome
trustworthiness.
