Of Elections and Electrons
P Y A Ryan,
Digital voting technologies are currently very
topical and hotly debated, especially in the
The first approach is typified by the touch
screen (DRE) machines currently widely used in the
The second approach is exemplified by the cryptographic schemes proposed by, for example, Chaum  or Neff . These strive for complete transparency, up to the constraints imposed by the ballot secrecy requirements, and seek to achieve assurance via detailed monitoring of the process rather than having to place trust in the system components.
In between we find the paper audit trail approach (the “Mercuri method”) that seeks provide the means to check on the performance of DRE machines and recovery mechanisms, [4, 5].
In this talk I discuss the dependability and security requirements of election systems, primarily accuracy and secrecy but also availability and usability. I outline the extent to which these various approaches meet these requirements.
I then discuss in more detail the design philosophy of the Chaum/Neff school and illustrate this with a variant of the Chaum scheme. These schemes support voter verifiability, that is, they provide the voter with a means to verify that their vote has been accurately recorded and counted, whilst at the same time maintaining ballot secrecy. The essence of this scheme is to provide the voter with a receipt that holds their vote in encrypted form. The challenge is to ensure that the decryption of the receipt that the voter sees in the booth is identical to the decryption performed by a sequence of tellers. The scheme combines a cut-and-choose protocol in the booth followed by robust anonymising mixes.
The original scheme uses visual cryptography to generate the encrypted receipts on a pair of transparent sheets. Correctly overlaid in the booth, these sheets reveal the ballot image. Separated they appear just to be random pixels. The voter retains only one of these sheets. The scheme presented here uses a simpler mechanism based on the alignment of symbols on adjacent strips of paper. This appears to be both simpler to explain and understand and to implement.
We also note that the dependability of complex computer based systems depends as much on socio-technical factors as the purely technical details of the design. We briefly describe error handling and recovery strategies for this scheme.
Poorly conceived, implemented and maintained
voting technology poses a serious threat to democracy. Confidence in the
integrity of voting systems appears to be at an all time low in the
 Avi Rubin et al, http://avirubin.com/vote/analysis/index.html
 David Chaum, “Secret-Ballot Receipts: True Voter-Verifiable Elections.
 Andy Neff, www.votehere.com
 Rebecca Mercuri, http://www.notablesoftware.com/evote.html
 David Dill, http://www.verifiedvoting.org/
 Peter Y A Ryan and Jeremy W Bryans, “The Prêt à Voter Scheme” Newcastle Computer Science Tech Report, to appear.