Pret a Voter
From Wikipedia, the free encyclopedia
 |
This article or section is missing citations and/or footnotes.
This article or section may use words or ideas of other works in its text without citing sources. Using citations to support claims outside the realm of elementary knowledge helps guard against copyright violations and factual inaccuracies. Please improve the article or discuss this issue on the talk page. Help on using footnotes is available. This article has been tagged since March 2007. |
Prêt à Voter is a high assurance, trustworthy voting scheme devised by Peter Ryan of Newcastle University. It aims to provide guarantees of accuracy of the count and ballot privacy that are independent of software, hardware etc. Assurance of accuracy flows from maximal transparency of the process, consistent with maintaining ballot privacy. In particular, Prêt à Voter enables voters to confirm that their vote is accurately included in the count whilst avoiding dangers of coercion or vote buying.
The key idea behind the Prêt à Voter approach is, to encode the vote using a randomised candidate list. Suppose that our voter is called Anne. At the polling station, Anne chooses at random a ballot form sealed in an envelope, and example of such a form is shown in Figure 1.
| Candidates | Mark X |
|---|---|
| Idefix | |
| Asterix | |
| Pamoramix | |
| Obelix | |
| 3994025096 |
In the booth, Anne extracts her ballot form from the envelope and makes her selection in the usual way by placing a cross in the right hand column against the candidate of choice (or, in the case of a Single Transferable Vote (STV) system for example, she marks her ranking against the candidates). For example, a vote for Asterix is given by:
| Candidates | Mark X |
|---|---|
| Idefix | |
| Asterix | X |
| Pamoramix | |
| Obelix | |
| 3994025096 |
Once her selection has been made, she separates the left and right hand strips along a thoughtfully provided perforation and discards the left hand strip. She is left with the right hand strip which now constitutes her \emph{privacy protected receipt}, as shown in Figure 2.
| Mark X |
|---|
| . |
| X |
| . |
| . |
| 3994025096 |
Anne now exits the booth clutching her receipt, registers with an official and casts her receipt. Her receipt is placed over an optical reader or similar device that records the random value at the bottom of the strip and records in which the cell her X is marked. Her original, paper receipt is digitally signed and franked and returned to her to keep.
The randomisation of the candidate list on each ballot form ensures that the receipt does not reveal the way she voted, so ensuring the secrecy of her vote. Incidentally, it also removes any bias towards the top candidate that can occur with a fixed ordering.
The value printed on the bottom of the receipt is the key to extraction of the vote. Buried cryptographically in this value is the information needed to reconstruct the candidate order and so extract the vote encoded on the receipt. This information is encrypted with secret keys shared across a number of tellers. Thus, only the set of tellers acting in together are able to interpret the vote encoded on the receipt.
After the election, voters (or perhaps proxies acting on their behalf) can visit the WBB and confirm their receipts appear correctly. Once this is over, the tellers take over and perform anonymising mixes and decryption of the receipts. All the intermediate stages this is process are posted to the WBB and are audited later.
There are various auditing mechanisms to ensure that all the steps, the creation of the ballot forms, the mixing and decryption etc all performed correctly, but these are carefully designed so as not to impinge on ballot privacy.
An accessible account of Prêt à Voter can be found in "The Computer Ate my Vote", chapter to appear in Formal Methods: State of the Art and New Directions, Ed. Paul Boca, Springer 2007, also available as Newcastle University Technical Report 988 [1]. Further technical details can be found in in Newcastle University Technical Reports 864, 956 and 965. Prêt à Voter was inspired by the earlier, voter-verifiable scheme by Chaum. It replaces the visual cryptographic encoding the voter's choice in Chaum's scheme by the conceptually and technologically simpler the candidate randomisation. Chaum has subsequently adopted the candidate permutation idea of Prêt à Voter and incorporated it in his new PunchScan scheme, see the Wikipedia entry.
