WO2010073065A1 - Verifiable electronic voting method - Google Patents

Verifiable electronic voting method Download PDF

Info

Publication number
WO2010073065A1
WO2010073065A1 PCT/IB2008/055521 IB2008055521W WO2010073065A1 WO 2010073065 A1 WO2010073065 A1 WO 2010073065A1 IB 2008055521 W IB2008055521 W IB 2008055521W WO 2010073065 A1 WO2010073065 A1 WO 2010073065A1
Authority
WO
WIPO (PCT)
Prior art keywords
voting
choices
voter
random
electronic
Prior art date
Application number
PCT/IB2008/055521
Other languages
French (fr)
Inventor
Fatih Tiryakioglu
Original Assignee
Tubitak
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tubitak filed Critical Tubitak
Priority to EP08875902.2A priority Critical patent/EP2382606B1/en
Priority to ES08875902T priority patent/ES2728313T3/en
Priority to PCT/IB2008/055521 priority patent/WO2010073065A1/en
Publication of WO2010073065A1 publication Critical patent/WO2010073065A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C13/00Voting apparatus

Definitions

  • the present invention allows a voter to verify that the votes he cast were properly counted while maintaining vote anonymity. Anonymity and transparency are balanced such that voters have proofs showing the votes they cast are properly counted, but the same proofs are meaningless to the others. In this way, transparency is successes without exposing voter privacy. While voters cast their votes, for example in a voting machine, a witness is required to verify that the vote is counted properly. A witness proving voter privacy is implemented by using a voter superiority over the voting system. This strength is used to solve transparency-anonymity problem: Voting system cannot guess next step of the voter, and when all steps are revealed, it is not allowed the system to get back.
  • Voters present a random choice from a predetermined set of random choices together with each voting choice in the voting process, and he expects an algorithm output as a proof of including voting choices and random choices of the voting choices. After receiving algorithm output and making sure of it not to be changed in the coming steps, he presents all random choices of each possible choice, and gets the random choices from the voting system as he presents. Because, the voting system cannot know random choices of the other possible choices, a possible malware code in the system can not dare to change voting choices of the voter. If it dares and the random choices of the not intended voting choices it selects is not as the random choices of the not intended voting choice entered following to receiving the algorithm output by the voter, then this illegal modification is revealed.
  • Algorithm output is an output of a cryptographic algorithm getting inputs that comprises voting choices and random choices of the voting choices and using a secret.
  • the voting choices of the voters cannot be computed by using the algorithm output without knowing the secret.
  • the secret can be an input text, the algorithm, key, or a combination of them. Key is preferably used as a secret because of its strength against brute-force attack.
  • the present invention allows a voter to verify that the votes he cast were properly counted while maintaining vote anonymity.
  • the system may be implemented as 5 shown in FIG. 1.
  • the system 5 includes voting machines 10 which are located in voting precincts. While there are three voting machines in the FIG. 1, any number of voting machines can be provided.
  • Each voting machine comprises a human-machine interface 15, a processing unit 20, local databases 25 and 30.
  • Human-machine interface 15 provides communication and data transfer with the environment.
  • Processing unit 20 is generally responsible for running electronic voting method and specifically runs an algorithm which uses secret S.
  • Local database 25 holds verification texts of voters.
  • Local database 30 holds candidate information which will be displayed in the human- machine interface. Prior to polls, candidate information is loaded to each local database 30 of the voting machines 15 separately from a central database 40 of voting center 35 by a central authority.
  • FIG. 2 is a flowchart showing the electronic voting method.
  • the method may be implemented in a system 5 shown in the FIG. 1.
  • the method begins at step 100.
  • a voter is authorized to cast vote in a voting machine 10.
  • step 105 voter faces a user interface for selecting voting choices in the human-machine interface 15.
  • the user interface may be implemented as 300 shown in the FIG. 3.
  • all candidates or choices 310 are presented.
  • Each candidate or choice has a set of random choices 320 whose number and names are determined by voting authority.
  • voter must have determined random choices of each candidate or choice except random choices of the voting choices. Random choices of the voting choices must have been determined up to this step.
  • Random choice determination of the voter may be performed on a paper like 400 in the FIG. 4.
  • the choices 410 are shown in the first column, and the random choices 420 of the choices 410 are shown in rows for each choice.
  • the voter's random choices in the FIG. 4. for example, are red, green, green, red, blue, green for mayor choice, and green, blue for yes/no choice, respectively.
  • voter makes choices together with random choices of the selected choices which are determined prior to that. For example, if he choosed 'Mehmet Camlibel' and 'Yes' as shown in the FIG.
  • Vote casting may be implemented by a Cast button as shown in FIG. 3.
  • voting machine receiving voter's choices and random choices of the voter's choices, processes a cryptographic algorithm using a secret.
  • Algorithm's input comprises voter's choices and random choices of the voter's choices and has an output.
  • the number of process/processes may be one or more than one. For example, there may be one process receiving 'Mehmet Camlibel', 'green', 'Yes', 'red' or two processes, one of them receiving 'Mehmet Camlibel', 'green' and the other receiving 'Yes', 'red', etc.
  • the processes, being more than one may be independent or cascaded to each other as one's output is inputted to the other.
  • voting choices and random choices of the voting choices should be able to guessed or determined by using algorithm output/outputs and the other known input parameters if the secret is known. Beside these, voting choices and random choices can be symbolized with different elements when inputting to the algorithm. For example, enumeration of the voting choices and the random choices can be performed. But the rule of the substitution must be public.
  • Algorithm's input can include an id determined by voter, voting machine, or both of them if a user friendly verification process is desired in the verification step. Algorithm's input may also include voter machine id which assures varying algorithm output across voting machines. Algorithm's input may include any optional data as long as voter's choices and random choices of the voter's choices are assured to be in the input parameters.
  • the algorithm makes use of a secret in the processing.
  • the secret may be a key, a text inputted to the algorithm or the algorithm itself. It is preferable a key because of its strength of brute-force attacks trying to determine voting choices by using algorithm output/outputs and the other known input parameters. The point is that voting choices and random choices cannot be determined by using only algorithm, algorithm outputs and the other known parameters, but also secret is required.
  • step 115 the voter receives algorithm output/outputs and he sures it to be not changed in coming steps.
  • step 120 the voter enters all random choices of all possible choices to the voting system. This entrance may be performed by entering an optical paper 400 in FIG. 4 to an optic scanner of the voting machine.
  • step 125 the voter receives random choices of all possible choices just entered.
  • This receiving together with the algorithm output, received in step 115 can be named verification text of the voter.
  • the verification text and the other optional parameters is given to the voter for future verification by the voter. They may be given to the voter on a paper 500 in FIG. 5.
  • FIG. 5 the voter receives algorithm output/outputs and he sures it to be not changed in coming steps.
  • step 130 the voter compares entered and received random choices.
  • step 135 he approves the vote if they are same. If they are not same, he rejects the vote and voting process ends with failure.
  • the voter informs the officer for the incompatibility by showing his receivings.
  • step 140 if approving realizes, all receivings are recorded to the local database of the voting machine, and vote casting for the voter ends with success.
  • the voter also gets all receivings which may be like paper 500 in FIG. 5.
  • step 120 if the random choices of the voting choices are entered again, which is usual in the optical paper implementation, the voting process may be ended with failure or may continue in normal flow depending on the voting authority's decision on method implementation. If the method is implemented as the voting process to end with failure, when the incompatibility happens in step 120, the random choices of the voting choices entered in the user interface 300 in FIG. 3 in step 105 does not fit into the random choices of voting choices on the paper 400 in FIG. 4 in step 120, the vote casting ends with failure. If the method is implemented as the voting process to continue, when the incompatibility happens in step 120, the random choices of the voting choices entered in the user interface 300 in FIG. 3 in step 105 does not fit into the random choices of voting choices on the paper 400 in FIG.
  • voting interface warns the voter for this incompatibility. If the voter accepts the incompatibility, the vote casting may be still valid, but there must be a sign of incompatibility, not in detail as which one does not fit to which one, in the verification text which is received by the voter and stored in local database. If he does not accept the incompatibility, the vote casting ends with failure. In failure, all voting process must start from very beginning because of the disclosure of the random choices.
  • each row 610 contains information related to one voter.
  • the sequence of the voters is preferably random, and the table preferably does not contain voting time and additional information threating voter anonymity if maximum degree of vote- voter anonymity is required.
  • the data on the local databases of the voting machines is transferred to the central database 40 of the voting center 35 in FIG. 1. Transferring of the information can be on-line or off-line. For the enhanced security, the data is preferably copied from the local database to a storage in off-line, then the data can be transferred to the voting center in on-line. This ensures of not getting out any intentional or non-intentional information that will threaten vote anonymity from the voting machine.
  • Making public of database on each voting machine can be performed by each voting machine locally, by the voting center globally after the transfer or both locally and globally.
  • Evaluation and declaration of results can be performed by the voting center globally, or by both the voting center globally and each voting machine locally.
  • Evaluation means determining all voting choices from the each voting machine's database which comprises algorithm outputs, random choices of all candidates/choices, and the other known parameters of each voter by using the secret of each voting machine. For the evaluation the secret is required.
  • the voting machine may also count votes simply during the polls, and the counts may be used in the local declaration without evaluation of the results.
  • results are not basic, but evaluation of results by the voting center is required for certain results.
  • the stored data and the voting results of each voting machine are made public globally by the voting center or globally by the voting center and locally by each voting machine after the pollings are closed. The declaration of the stored data and the results of each voting machine is visualized in FIG. 1.
  • the secrets of the algorithms can be generated in the voting machines locally, or they can be generated in voting center, and distributed to each voting machine. In the later case, the secrets are stored in voting center. If the secrets are generated in the voting machines, they are transferred to the voting center prior to evaluation of results. But the confidentiality of the secrets must be guaranteed during the transfer. Voting machines do not expose the secrets, they preferably zeroize the secrets after the polls are closed and the confidentiality of the secrets is realized for the transfer if required.
  • voting center verifies the proper casting of votes during evaluation of votes from the data collected from the databases of voting machines. Beside these, a trusted third party can repeat the verification and evaluation of votes by using the secrets received confidentially from the voting center. And finally, the secrets of required voting machines may be disclosed for public evaluation of votes for the required voting machines.
  • the verifications, verification and evaluation by the voting center, verification by the voters and verification by a trusted third party are shown in FIG. 1.
  • FIG. 1 depicts a block diagram of a voting system that can implement the voting method.
  • FIG. 2 depicts the flowchart of the voting method.
  • FIG. 3 depicts a user interface on which a voter may enter voting choices and the random choices of the voting choices.
  • FIG. 4 depicts an optic paper that may be used for entering random choices of all possible choices to the voting system.
  • FIG. 5 depicts a paper that may be received by the voter for voter verification.
  • FIG. 6 depicts a look-up table on the voting machine that comprises verification texts of the voters.

Abstract

The present invention allows a voter to verify that the votes he cast were properly counted while maintaining vote anonymity. Anonymity and transparency are balanced such that voters have proofs showing the votes they cast are properly counted, but the same proofs are meaningless to the others. In this way, transparency is successes without exposing voter privacy. While voters cast their votes, for example in a voting machine, a witness is required to verify that the vote is counted properly. A witness proving voter privacy is implemented by using a voter superiority over the voting system. This strength is used to solve transparency-anonymity problem: Voting system cannot guess next step of the voter, and when all steps are revealed, it is not allowed the system to get back. Voters present a random choice from a predetermined set of random choices together with each voting choice in the voting process, and he expects an algorithm output as a proof of including voting choices and random choices of the voting choices. After receiving algorithm output and making sure of it not to be changed in the coming steps, he presents all random choices of each possible choice, and gets the random choices from the voting system as he presents. Because, the voting system can not know random choices of the other possible choices, a possible malware code in the system can not dare to change voting choices of the voter. If it dares and the random choices of the not intended voting choices it selects is not as the random choices of the not intended voting choice entered following to receiving the algorithm output by the voter, then this illegal modification is revealed. The possibility of reveal increases exponentially, as the voting system's illegal modified votes increase. Algorithm output is an output of a cryptographic algorithm getting inputs that comprises voting choices and random choices of the voting choices and using a secret.

Description

Description
VERIFIABLE ELECTRONIC VOTING METHOD
Technical Field
[1] The present invention allows a voter to verify that the votes he cast were properly counted while maintaining vote anonymity. Anonymity and transparency are balanced such that voters have proofs showing the votes they cast are properly counted, but the same proofs are meaningless to the others. In this way, transparency is successes without exposing voter privacy. While voters cast their votes, for example in a voting machine, a witness is required to verify that the vote is counted properly. A witness proving voter privacy is implemented by using a voter superiority over the voting system. This strength is used to solve transparency-anonymity problem: Voting system cannot guess next step of the voter, and when all steps are revealed, it is not allowed the system to get back. Voters present a random choice from a predetermined set of random choices together with each voting choice in the voting process, and he expects an algorithm output as a proof of including voting choices and random choices of the voting choices. After receiving algorithm output and making sure of it not to be changed in the coming steps, he presents all random choices of each possible choice, and gets the random choices from the voting system as he presents. Because, the voting system cannot know random choices of the other possible choices, a possible malware code in the system can not dare to change voting choices of the voter. If it dares and the random choices of the not intended voting choices it selects is not as the random choices of the not intended voting choice entered following to receiving the algorithm output by the voter, then this illegal modification is revealed. The possibility of reveal increases exponentially, as the voting system's illegal modified votes increase. Algorithm output is an output of a cryptographic algorithm getting inputs that comprises voting choices and random choices of the voting choices and using a secret. The voting choices of the voters cannot be computed by using the algorithm output without knowing the secret. The secret can be an input text, the algorithm, key, or a combination of them. Key is preferably used as a secret because of its strength against brute-force attack.
[2] Algorithm output and random choices of possible choices got by voter during the vote casting are also made public for future verification. Voter compares his algorithm output and random choices of possible choices with the ones made public, and if they are same he ensures for proper counting of his vote. Voting center verifies and evaluates the votes by using public parameters that comprise algorithm output and random choices of possible choices and secret. Illegal processes are revealed by the voting center, if any. Beside the voting center, a trusted third party that gets secrets from the voting center can be used for verification of the voting results. Background Art
[3]
Disclosure of Invention Technical Problem
[4] It is difficult to provide transparency and anonymity in electronic voting systems.
Using paper trails for verification seems to be like paper based classic voting method. And it does not solve verification problem completely. Voters want transparent electronic voting systems. But this should not result in vote buying. Electronic voting methods should be also user friendly and easy to understand. Secure, transparent, voter verifiable and anonymity based electronic voting methods are required for future electronic voting systems. Technical Solution
[5] The present invention allows a voter to verify that the votes he cast were properly counted while maintaining vote anonymity. The system may be implemented as 5 shown in FIG. 1. The system 5 includes voting machines 10 which are located in voting precincts. While there are three voting machines in the FIG. 1, any number of voting machines can be provided. Each voting machine comprises a human-machine interface 15, a processing unit 20, local databases 25 and 30. Human-machine interface 15 provides communication and data transfer with the environment. Processing unit 20 is generally responsible for running electronic voting method and specifically runs an algorithm which uses secret S. Local database 25 holds verification texts of voters. Local database 30 holds candidate information which will be displayed in the human- machine interface. Prior to polls, candidate information is loaded to each local database 30 of the voting machines 15 separately from a central database 40 of voting center 35 by a central authority.
[6] FIG. 2 is a flowchart showing the electronic voting method. The method may be implemented in a system 5 shown in the FIG. 1. The method begins at step 100. A voter is authorized to cast vote in a voting machine 10. In step 105, voter faces a user interface for selecting voting choices in the human-machine interface 15. The user interface may be implemented as 300 shown in the FIG. 3. In the user interface 300, all candidates or choices 310 are presented. Each candidate or choice has a set of random choices 320 whose number and names are determined by voting authority. Not later than step 120, preferable prior to voting process for convenience, voter must have determined random choices of each candidate or choice except random choices of the voting choices. Random choices of the voting choices must have been determined up to this step. Random choice determination of the voter may be performed on a paper like 400 in the FIG. 4. In the FIG. 4, the choices 410 are shown in the first column, and the random choices 420 of the choices 410 are shown in rows for each choice. The voter's random choices in the FIG. 4., for example, are red, green, green, red, blue, green for mayor choice, and green, blue for yes/no choice, respectively. In the user interface 300 in the FIG. 3, voter makes choices together with random choices of the selected choices which are determined prior to that. For example, if he choosed 'Mehmet Camlibel' and 'Yes' as shown in the FIG. 3, he also enters 'green' for 'Mehmet Camlibel' and 'red' for 'Yes' due to prior determination shown in the FIG. 4. Following the selection of choices and random choices of them, he casts vote. Vote casting may be implemented by a Cast button as shown in FIG. 3. In step 110, voting machine, receiving voter's choices and random choices of the voter's choices, processes a cryptographic algorithm using a secret.
[7] Algorithm's input comprises voter's choices and random choices of the voter's choices and has an output. The number of process/processes may be one or more than one. For example, there may be one process receiving 'Mehmet Camlibel', 'green', 'Yes', 'red' or two processes, one of them receiving 'Mehmet Camlibel', 'green' and the other receiving 'Yes', 'red', etc. The processes, being more than one, may be independent or cascaded to each other as one's output is inputted to the other. In all conditions, It is guaranteed to input all voting choices and random choices of the voting choices and to receive output independent of the number of the process/ processes and the number of the output/outputs. The point here is that, all voting choices and random choices of the voting choices should be able to guessed or determined by using algorithm output/outputs and the other known input parameters if the secret is known. Beside these, voting choices and random choices can be symbolized with different elements when inputting to the algorithm. For example, enumeration of the voting choices and the random choices can be performed. But the rule of the substitution must be public.
[8] Algorithm's input can include an id determined by voter, voting machine, or both of them if a user friendly verification process is desired in the verification step. Algorithm's input may also include voter machine id which assures varying algorithm output across voting machines. Algorithm's input may include any optional data as long as voter's choices and random choices of the voter's choices are assured to be in the input parameters.
[9] The algorithm makes use of a secret in the processing. The secret may be a key, a text inputted to the algorithm or the algorithm itself. It is preferable a key because of its strength of brute-force attacks trying to determine voting choices by using algorithm output/outputs and the other known input parameters. The point is that voting choices and random choices cannot be determined by using only algorithm, algorithm outputs and the other known parameters, but also secret is required.
[10] In step 115, the voter receives algorithm output/outputs and he sures it to be not changed in coming steps. After receiving algorithm output/outputs, in step 120, the voter enters all random choices of all possible choices to the voting system. This entrance may be performed by entering an optical paper 400 in FIG. 4 to an optic scanner of the voting machine. Then, in step 125, the voter receives random choices of all possible choices just entered. This receiving together with the algorithm output, received in step 115, can be named verification text of the voter. The verification text and the other optional parameters is given to the voter for future verification by the voter. They may be given to the voter on a paper 500 in FIG. 5. In the FIG. 5, the algorithm output 510, the random choices 520 together with optional parameters, which are voter id 530 and voting machine id 540, are shown. In step 130, the voter compares entered and received random choices. In step 135, he approves the vote if they are same. If they are not same, he rejects the vote and voting process ends with failure. The voter informs the officer for the incompatibility by showing his receivings. In step 140, if approving realizes, all receivings are recorded to the local database of the voting machine, and vote casting for the voter ends with success. The voter also gets all receivings which may be like paper 500 in FIG. 5. Beside these, in step 120, if the random choices of the voting choices are entered again, which is usual in the optical paper implementation, the voting process may be ended with failure or may continue in normal flow depending on the voting authority's decision on method implementation. If the method is implemented as the voting process to end with failure, when the incompatibility happens in step 120, the random choices of the voting choices entered in the user interface 300 in FIG. 3 in step 105 does not fit into the random choices of voting choices on the paper 400 in FIG. 4 in step 120, the vote casting ends with failure. If the method is implemented as the voting process to continue, when the incompatibility happens in step 120, the random choices of the voting choices entered in the user interface 300 in FIG. 3 in step 105 does not fit into the random choices of voting choices on the paper 400 in FIG. 4 in step 120, voting interface warns the voter for this incompatibility. If the voter accepts the incompatibility, the vote casting may be still valid, but there must be a sign of incompatibility, not in detail as which one does not fit to which one, in the verification text which is received by the voter and stored in local database. If he does not accept the incompatibility, the vote casting ends with failure. In failure, all voting process must start from very beginning because of the disclosure of the random choices.
[11] This process repeated for all voters during the polls. After the polls are closed, verification texts and the other optional parameters of all voters are in the local database 25 in FIG. 1. The local database may be implemented as the table 600 shown in FIG. 6. In the FIG. 6, each row 610 contains information related to one voter. The sequence of the voters is preferably random, and the table preferably does not contain voting time and additional information threating voter anonymity if maximum degree of vote- voter anonymity is required.
[12] After the polls are closed, the data on the local databases of the voting machines is transferred to the central database 40 of the voting center 35 in FIG. 1. Transferring of the information can be on-line or off-line. For the enhanced security, the data is preferably copied from the local database to a storage in off-line, then the data can be transferred to the voting center in on-line. This ensures of not getting out any intentional or non-intentional information that will threaten vote anonymity from the voting machine. Making public of database on each voting machine can be performed by each voting machine locally, by the voting center globally after the transfer or both locally and globally.
[13] Evaluation and declaration of results can be performed by the voting center globally, or by both the voting center globally and each voting machine locally. Evaluation here means determining all voting choices from the each voting machine's database which comprises algorithm outputs, random choices of all candidates/choices, and the other known parameters of each voter by using the secret of each voting machine. For the evaluation the secret is required. The voting machine may also count votes simply during the polls, and the counts may be used in the local declaration without evaluation of the results. However these results are not basic, but evaluation of results by the voting center is required for certain results. The stored data and the voting results of each voting machine are made public globally by the voting center or globally by the voting center and locally by each voting machine after the pollings are closed. The declaration of the stored data and the results of each voting machine is visualized in FIG. 1.
[14] The secrets of the algorithms can be generated in the voting machines locally, or they can be generated in voting center, and distributed to each voting machine. In the later case, the secrets are stored in voting center. If the secrets are generated in the voting machines, they are transferred to the voting center prior to evaluation of results. But the confidentiality of the secrets must be guaranteed during the transfer. Voting machines do not expose the secrets, they preferably zeroize the secrets after the polls are closed and the confidentiality of the secrets is realized for the transfer if required.
[15] After the polls are closed, the data collected from the local databases is made public.
Each voter finds their receivings got from voting machines during the voting process from the data made public. If he finds the receivings as is, he can make sure of proper counting of his vote. On the other hand, voting center verifies the proper casting of votes during evaluation of votes from the data collected from the databases of voting machines. Beside these, a trusted third party can repeat the verification and evaluation of votes by using the secrets received confidentially from the voting center. And finally, the secrets of required voting machines may be disclosed for public evaluation of votes for the required voting machines. The verifications, verification and evaluation by the voting center, verification by the voters and verification by a trusted third party are shown in FIG. 1.
Advantageous Effects [16]
Description of Drawings [17] FIG. 1 depicts a block diagram of a voting system that can implement the voting method.
[18] FIG. 2 depicts the flowchart of the voting method.
[19] FIG. 3 depicts a user interface on which a voter may enter voting choices and the random choices of the voting choices. [20] FIG. 4 depicts an optic paper that may be used for entering random choices of all possible choices to the voting system.
[21] FIG. 5 depicts a paper that may be received by the voter for voter verification.
[22] FIG. 6 depicts a look-up table on the voting machine that comprises verification texts of the voters.
Best Mode [23]
Mode for Invention [24]
Industrial Applicability [25]
Sequence List Text

Claims

Claims[1] 1. An electronic voting method comprising: a. entering the voting choices and random choices related to voting choices of all races to the voting system by the voter, b. generating an output of a cryptographic algorithm by the voting system, the cryptographic algorithm makes use of a secret, the inputs of the cryptographic algorithm composing voting choices, random choices related to voting choices of all races, c. receiving the algorithm output prior to next step by the voter, and being sure of not changed algorithm output, d. entering random choices related to non-voting choices of all races to the voting system by the voter, e. receiving all entered random choices related to all choices of all races from the voting system by the voter, f. comparison of the entered and received random choices related to all choices of all races by the voter, g. approving the voting process by the voter if the entered and received random choices related to all choices of all races are the same or, h. rejecting the voting process by the voter if the entered and received random choices related to all choices of all races are not the same,
1. if approved, storing the data which comprises the verification text that is algorithm output and random choices related to all choices of all races to the database of the voting system.
2. The electronic voting method of claim 1, wherein if the random choices of the voting choices are also entered again during the entering of all random choices related to non- voting choices of all races, the voting process ends with failure or continues in normal flow depending on the voting authority's decision on method implementation.
3. The electronic voting method of claim 2, wherein if the method is implemented as the voting process to end with failure, when the incompatibility happens, firstly entered random choices related to voting choices of all races and lastly entered random choices related to voting choices of all races are not the same, the voting process ends with failure.
4. The electronic voting method of claim 2, wherein if the method is implemented as the voting process to continue, when the incompatibility happens, firstly entered random choices related to voting choices of all races and lastly entered random choices related to voting choices of all races are not the same, voting interface warns the voter for this incompatibility.
5. The electronic voting method of claim 4, wherein if the voter accepts the incompatibility, the vote casting may be valid, but there must be a sign of incompatibility, not in detail as which one does not fit to which one, in the verification text.
6. The electronic voting method of claim 4, wherein if the voter does not accept the incompatibility, the vote casting is invalid.
7. The electronic voting method of claim 5, wherein lastly entered random choices of the voting choices of all races are received by the voter in the receiving of all random choices related to all choices of all races.
8. The electronic voting method of claim 1, 3 and 6, wherein in failure of voting, all voting process must start from very beginning because of the disclosure of the random choices.
9. The electronic voting method of claim 1, wherein all voting choices and random choices related to voting choices of all races must be able to determined or guessed by using algorithm output and the other known input parameters if the secret is known.
10. The electronic voting method of claim 1, wherein all voting choices and random choices related to voting choices of all races must not be able to determined or guessed without the knowledge of the secret.
11. The electronic voting method of claim 1, wherein the secret may be a key, a text inputted to the algorithm or the algorithm itself.
12. The electronic voting method of claim 1, wherein the secret is preferable a key because of its strength against brute-force attacks trying to find all voting choices.
13. The electronic voting method of claim 1, wherein algorithm's input can include an id determined by voter, voting machine, or both of them if a user friendly verification process is desired in the verification step.
14. The electronic voting method of claim 1, wherein algorithm's input may also include voting machine id, if it is desired to assure varying algorithm output across voting machines.
15. The electronic voting method of claim 1, wherein algorithm's input may include any optional data as long as voter's choices and random choices of the voter's choices are assured to be in the input parameters.
16. The electronic voting method of claim 1, wherein voting choices and random choices can be symbolized with different elements such as enumeration elements when inputting to the algorithm as long as the substitution rule is made public.
17. The electronic voting method of claim 1, wherein the secrets can be generated randomly by the voting center and distributed to all voting machines confidentially prior to polling's are opened, or the secrets can be generated randomly by the voting machines and transferred confidentially to the voting center after the pollings are closed.
18. The electronic voting method of claim 17, wherein if the secrets are generated by the voting center, they are stored in a database in the voting center for future evaluation.
19. The electronic voting method of claim 17, wherein if the secrets are generated by the voting machines, they are zeroized after the pollings are closed and the confidential transfer of them to the voting center is assured.
20. The electronic voting method of claim 17, wherein the secrets are preferably generated as being different for each voting machine.
21. The electronic voting method of claim 1, wherein entering voting choices and random choices related to voting choices is preferably performed by a user friendly interface (optical display, pen etc.) if simplicity is desired.
22. The electronic voting method of claim 1, wherein entering random choices related to non- voting choices of all races to the voting system by the voter is implemented preferably by an optic scanner of the voting machine which scans an optic scanner paper prepared by the voter if simplicity is desired.
23. The electronic voting method of claim 1, wherein receiving of the verification text that comprises algorithm output and random choices related to all choices of all races is implemented by a printer of the voting machine to use for verification by the voters after the polls are closed.
24. The electronic voting method of claim 1, wherein selection of the random choice of a choice may be performed by selecting non of the random choices of the choice.
25. The electronic voting method of claim 1, wherein the data related to each voter is tallied for election results.
26. The electronic voting method of claim 25, wherein the stored data of all voting machines are transferred to a database in the voting center following the pollings are closed.
27. The electronic voting method of claim 26, wherein the stored data of all voting machines are made public by the voting center after the transfer of the stored data of all voting machines.
28. The electronic voting method of claim 26, wherein the stored data of each voting machine may be made public by the voting machines after the pollings are closed.
29. The stored data of claim 26, wherein the voting choices of each voter in each voting machine are estimated by using stored data that comprises algorithm output and random choices of all choices of all races of the voters and the secret of the voting machine on which the vote is cast.
30. The electronic voting method of claim 29, wherein the votes of each voting machine are counted separately and the results of all voting machines are made public.
31. The electronic voting method of claim 25, wherein the voting choices of each voter in the voting machine may be estimated by using the stored data that comprises algorithm output and random choices of all choices of all races of the voters and the secret of the voting machine after the pollings are closed.
32. The electronic voting method of claim 25, wherein the votes of the voting machine may be counted and the results of the voting machine may be made public.
33. The stored data of claim 26, wherein the vote of each voter in each voting machine is verified by using stored data that comprises algorithm output and random choices of all choices of all races of the voters and the secret of the voting machine on which the vote is cast.
34. The electronic voting method of claim 25, wherein the votes of each voter in the voting machine may be verified by using the stored data that comprises algorithm output and random choices of all choices of all races of the voters and the secret of the voting machine after the pollings are closed.
35. The electronic voting method of claim 27, wherein voters check verification text in the printed paper got in the voting process with the ones made public, and if they are same he can be sure most probably that his vote is cast for intended choice(s).
36. The electronic voting method of claim 27, wherein declared stored data of each voting machine can be verified by a trusted third party.
37. The electronic voting method of claim 36, wherein the trusted third party receives the secrets of the voting machines confidentially from the voting center.
38. The electronic voting method of claim 36, wherein the vote of each voter in each voting machine is verified by the trusted third party using stored data that comprises algorithm output and random choices of all choices of all races of the voters and the secret of the voting machine on which the vote is cast.
39. The electronic voting method of claim 36, wherein the voting choices of each voter in each voting machine are estimated by the trusted third party using stored data that comprises algorithm output and random choices of all choices of all races of the voters and the secret of the voting machine on which the vote is cast.
40. The electronic voting method of claim 36, wherein the votes of each voting machine are counted separately by the trusted third party and the voting results of all voting machines are compared with the results of the voting center, and the voting results of all voting machines and the results of the comparisons are made public.
41. The electronic voting method of claim 27, wherein declared stored data of all or selected voting machines may be verified publicly.
42. The electronic voting method of claim 41, wherein the secrets of all or selected voting machines are made public by the voting center for public verification.
43. The electronic voting method of claim 41, wherein the votes of each voter in all or selected voting machines are verified publicly by using stored data that comprises algorithm output and random choices of all choices of all races of the voters and the secret of the voting machine on which the vote is cast.
44. The electronic voting method of claim 41, wherein the voting choices of each voter in all or selected voting machine are estimated publicly by using stored data that comprises algorithm output and random choices of all choices of all races of the voters and the secret of the voting machine on which the vote is cast.
45. The electronic voting method of claim 41, wherein the votes of all or selected voting machines are counted separately and publicly and the voting results of all or selected voting machines are compared with the results of the voting center.
PCT/IB2008/055521 2008-12-23 2008-12-23 Verifiable electronic voting method WO2010073065A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
EP08875902.2A EP2382606B1 (en) 2008-12-23 2008-12-23 Verifiable electronic voting method
ES08875902T ES2728313T3 (en) 2008-12-23 2008-12-23 Verifiable electronic voting method
PCT/IB2008/055521 WO2010073065A1 (en) 2008-12-23 2008-12-23 Verifiable electronic voting method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IB2008/055521 WO2010073065A1 (en) 2008-12-23 2008-12-23 Verifiable electronic voting method

Publications (1)

Publication Number Publication Date
WO2010073065A1 true WO2010073065A1 (en) 2010-07-01

Family

ID=41059956

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2008/055521 WO2010073065A1 (en) 2008-12-23 2008-12-23 Verifiable electronic voting method

Country Status (3)

Country Link
EP (1) EP2382606B1 (en)
ES (1) ES2728313T3 (en)
WO (1) WO2010073065A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10388097B1 (en) 2018-01-29 2019-08-20 Accenture Global Solutions Limited Blockchain-based cryptologic ballot verification

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6457643B1 (en) * 1997-12-22 2002-10-01 Ian Way Voting system
US20050035199A1 (en) * 2002-04-11 2005-02-17 John Goci Voter interface for electronic voting system for the visually impaired
EP1783696A1 (en) * 2004-07-27 2007-05-09 SCYTL Secure Electronic Voting, S.A. Methods for the management and protection of electoral processes, which are associated with an electronic voting terminal, and operative module used
FR2895552A1 (en) * 2005-12-28 2007-06-29 Nicolas Marchal Voting machine`s authenticated final results obtaining device for use in polling office, has double validation tactile key located on tactile screen of voting machine for permitting voter to ensure conformity of recording of vote
US20070187498A1 (en) * 2006-02-16 2007-08-16 Pitney Bowes Incorporated Verifiable voting system
US20080135632A1 (en) * 2006-12-12 2008-06-12 Pitney Bowes Incorporated Electronic voting system and method having confirmation to detect modification of vote count

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6457643B1 (en) * 1997-12-22 2002-10-01 Ian Way Voting system
US20050035199A1 (en) * 2002-04-11 2005-02-17 John Goci Voter interface for electronic voting system for the visually impaired
EP1783696A1 (en) * 2004-07-27 2007-05-09 SCYTL Secure Electronic Voting, S.A. Methods for the management and protection of electoral processes, which are associated with an electronic voting terminal, and operative module used
FR2895552A1 (en) * 2005-12-28 2007-06-29 Nicolas Marchal Voting machine`s authenticated final results obtaining device for use in polling office, has double validation tactile key located on tactile screen of voting machine for permitting voter to ensure conformity of recording of vote
US20070187498A1 (en) * 2006-02-16 2007-08-16 Pitney Bowes Incorporated Verifiable voting system
US20080135632A1 (en) * 2006-12-12 2008-06-12 Pitney Bowes Incorporated Electronic voting system and method having confirmation to detect modification of vote count

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10388097B1 (en) 2018-01-29 2019-08-20 Accenture Global Solutions Limited Blockchain-based cryptologic ballot verification
US10445965B2 (en) 2018-01-29 2019-10-15 Accenture Global Solutions Limited Blockchain-based cryptologic ballot organization
US10504314B2 (en) 2018-01-29 2019-12-10 Accenture Global Solutions Limited Blockchain-based anonymized cryptologic voting
US11074775B2 (en) 2018-01-29 2021-07-27 Accenture Global Solutions Limited Blockchain-based anonymized cryptologic voting
US11721152B2 (en) 2018-01-29 2023-08-08 Accenture Global Solutions Limited Blockchain-based anonymized cryptologic ballot organization

Also Published As

Publication number Publication date
ES2728313T3 (en) 2019-10-23
EP2382606A1 (en) 2011-11-02
EP2382606B1 (en) 2019-02-13

Similar Documents

Publication Publication Date Title
Chaum et al. Scantegrity II: End-to-end verifiability by voters of optical scan elections through confirmation codes
Basin et al. Alethea: A provably secure random sample voting protocol
Khelifi et al. M-Vote: a reliable and highly secure mobile voting system
Demirel et al. Prêt à voter providing everlasting privacy
Jardí-Cedó et al. Study on poll-site voting and verification systems
US11087578B2 (en) Voting booth, system, and methods of making and using same
US20230147564A1 (en) System And Method For Conducting A Publicly Auditable Election
EP2382606B1 (en) Verifiable electronic voting method
Bag et al. E2E verifiable borda count voting system without tallying authorities
Oke et al. Multifactor authentication technique for a secure electronic voting system
Reinhard et al. Compliance of POLYAS with the BSI Protection Profile–Basic Requirements for Remote Electronic Voting Systems
Salman et al. Analysis of the traditional voting system and transition to the online voting system in the republic of Iraq
Juma et al. Election results' verification in e-voting systems in Kenya: a review
Juvonen A framework for comparing the security of voting schemes
Sekar et al. Decentralized e-voting system using Blockchain
Rajeshwari Role of technology in the development of smart and secure public voting systems–a review of literatures
Krishnamoorthy et al. A Robust Blockchain Assisted Electronic Voting Mechanism with Enhanced Cyber Norms and Precautions
Essex Cryptographic End-to-end Verification for Real-world Elections
Averin et al. Review of e-voting systems based on blockchain technology
KR102381028B1 (en) Electronic vote management system and method using block-chain
Wu Apollo: End-to-end Verifiable Internet Voting with Recovery from Vote Manipulation
Bhoyar et al. An assurable e-voting system that ensures voter confidentiality and voting accuracy
Kaladevi et al. Secured Electronic Voting System with Appropriate Authentication Using Blockchain
Seri Blockchain Based e-Voting
Grewal Voting on the internet

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08875902

Country of ref document: EP

Kind code of ref document: A1

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2008875902

Country of ref document: EP