We present a cryptographic protocol that achieves universal verifiability in elections; that is, each voter can determine from the final tally that her vote was properly counted. Furthermore, any member of the public can total the results herself. The voting machines used need not be trustworthy. Using a challenge-response scheme, the voting device is prevented from casting a ballot which is inconsistent with the voter's intent without showing evidence which the voter can easily detect by simple inspection. To prevent vote tampering after ballots have been cast, each voter is given a receipt which can be used to audit the public ballot box. However, because part of the voter's proof of ballot correctness is derived from direct observation in the poll booth of the temporal sequence by which the receipt is formed, the receipt is meaningless to someone else and thus cannot be used to prove to another party how the voter voted. Voters can track their own ballots through the final count and dispute any discrepancy. A commercial implementation of this system is offered by VoteHere (see www.votehere.net).
Gates 4B (opposite 490) Tuesday 11/09/04 1630 hrs