Cryptographic End-to-end Verification for Real-world Elections
MetadataShow full item record
In this dissertation we study the problem of making electronic voting trustworthy through the use of cryptographic end-to-end (E2E) audits. In particular, we present a series of novel proposals for cryptographic election verification with a focus on real-world practicality. We begin by outlining fundamental requirements of E2E election verification, important properties for a real-world settings, and provide a review of previous and concurrent related work. Our research results are then presented across three parts. In the first part we examine how E2E election verification can be made more procedurally familiar to real-world voters and election administrators. We propose and implement an E2E add-on for conventional optical-scan based voting systems, and highlight our experiences running an election using this system in a United States municipality. In the second part we examine how E2E election verification can be made more conceptually and procedurally simple for election verifiers/auditors. We present a non-cryptographic E2E system based on physical document security assumptions as an educational tool. We extend this system to a cryptographic setting to show how the procedures of cryptographic election verification can be completed with relatively tiny software code bases, or by using common-place programs such as a desktop spreadsheet. We then present an approach that allows verifiers to conduct cryptographic audits without having to plan for it prior to an election. In the third part we examine how the methods in the first part can be extended to provide a level of privacy/distribution of trust similar to that of classical cryptographic voting protocols, while maintaining the (comparatively) intuitive optical-scan interface. To that end, we propose a novel paradigm for secure distributed document printing that allows optical-scan ballots to be printed in a way that still lets voters check their ballots have been counted, while keeping their voting preferences secret from election officials and everyone else. Finally we outline how the results obtained in each of the three parts can be combined to create a cryptographically end-to-end verifiable voting system that simultaneously offers a conventional optical-scan ballot, ballot secrecy assured by a distribution of trust, and a simple, cryptographically austere set of audit procedures.