Internet Voting Protocols and System Design at

Andrew Neff

At Stanford University,

Gates Computer Science bldg, Room 498, 4/11/00, 4:15 PM

Just as e-commerce has replaced old methods for consumer purchases in many situations, e-voting is likely to soon arrive as an alternative method for conducting large scale, public elections. The efficiencies that it offers over conventional methods are apparent; but when it comes, Internet Voting will either create a serious crack in the basic democratic infrastructure, or create a better means of protection against election fraud of all kinds than that offered by any system used to date. Which of these effects are seen will depend on some basic properties of the system, or systems, which are eventually adopted.

At VoteHere, we are committed to the principle that any election in which a large amount of power and/or money is at stake must satisfy two basic criteria:

1. Privacy: Each voter must be able to keep his ballot choices secret if he/she wishes.

2. Auditability: The power to assert the validity of the final election tally should never be entrusted to one company, organization, or government body. In fact, it should be distributed as widely as possible. In other words, we should not accept the results of an election just because "company X's computers say so."

The basic e-commerce model does not achieve either of these. While a secure communication protocol such as SSL may keep a ballot private "on the line", its contents are available to the vote collection agency once it is received. Moreover, unless the contents of each voter's ballot is later made public (which would destroy privacy), the vote collection agency is in the position to fabricate the elections results without this fraud being detected.

In the first part of this talk we will discuss the protocol, and underlying mathematics, which have allowed us to create a system that achieves both of these criteria. Our system has the property that it is universally verifiable - any independent organization or individual can inspect our "election transcript" (publication of such is a procedural requirement) and execute a series of well defined mathematical steps on it in order to verify the election results. Privacy is protected because individual ballots are never decrypted. After presenting the protocol, we will discuss some of the system implementation issues that we faced during the task of turning the theoretical concepts into a robust product. Finally, time permitting, we will discuss some of the social implications - both real and perceived - that may shape the course of voting systems in the future.

Gates 498, 4/11/00, 4:15 PM