full title

E-voting: A question of trust

Keywords

E-voting, Trust

summary

DIRC has been interested in electronic voting since early in 2003. Our interest initially centered on a protocol proposed by David Chaum, a refined version of which has been published in (Chaum-2004). This protocol is interesting from a security point of view because it provides a novel approach to the problem of electronic voting. It provides voter verifiability, i.e., provides voters with the capability to verify that their vote is accurately included in the tally whilst maintaining ballot secrecy. Furthermore, this is achieved with minimal trust in system components. Such trust is replaced a high degree of transparency that allows close auditing of the vote capture and counting process.

From a socio-technical point of view such schemes are equally interesting. E-voting systems are clearly socio-technical. It is difficult to think of any technical system which must be capable of being used by such a broad spectrum of people. To be viable for large-scale elections, an e-voting system must be acceptable by the entire electorate. In DIRC discussions we kept coming back to the question of trust. For many computer systems it is enough that it has been certified as trustworthy by an appropriately qualified individual or body, but e-voting is very different. It is not enough for an e-voting system to be trustworthy, it must also be trusted.

The DIRC investigations in e-voting schemes have thus addressed the questions of trust and trustworthiness. We began with an analysis of the system, detailed in the Technical Report (Bryans-Ryan-2003). This discusses the technical requirements of voting schemes, and presents a detailed description of the Chaum protocol. Subsequent work falls into three main strands, all of which are ongoing.

1: The development of a number of simplified and enhanced schemes, including Pret a Voter, (Ryan2005) that replaces the visual cryptographic representation of the ballot receipt of the original scheme with a simpler more familiar representation. The new scheme is significantly simpler to understand and implement than the original. We hope that this will lead to a more accessable scheme. Further enhancements, such as the use of re-encryption mixes in place of the original decryption mixes are also being investigated.

2: The Dependability Case Safely-critical systems often require dependability cases before deployment. To this end we have been investigating the challenges in producing a socio-technical dependability case for such e-voting schemes. Could we produce a similar case for the security-critical Chaum evoting system?

3: Recovery mechanisms To move from a technical system to a socio-technical one we need to give mechanisms for handling errors.

4: Investigation of the issues of public trust, (Randell 2005).

We are also preparing a journal paper with David Chaum and others, which will include aspects of the above work.

links

papers

Jeremy Bryans and Peter Y. A. Ryan. A Dependability Analysis of the Chaum Digital Voting Scheme. Technical Report TR-809, School of Computing Science, University of Newcastle, July 2003.

Brian Randell and Peter Y. A. Ryan. Voting technologies and trust. Technical Report TR-911, University of Newcastle, June 2005. (Accepted for publication in IEEE Security and Privacy.)

Peter Y.A. Ryan. A Variant of the Chaum Voter-Verifiable Scheme. Technical Report TR-864, School of Computing Science, University of Newcastle, October 2004.

Other references

David Chaum. Secret-Ballot Receipts: True Voter-Verifiable Elections. IEEE Security and Privacy, 2(1):38--47, Jan/Feb 2004.

authors

Jeremy Bryans, Peter Y A Ryan {Jeremy.Bryans, peter.ryan} <at> newcastle <dot>ac<dot>uk