CA2176990C - Secure receipt-free electronic voting - Google Patents

Secure receipt-free electronic voting Download PDF

Info

Publication number
CA2176990C
CA2176990C CA002176990A CA2176990A CA2176990C CA 2176990 C CA2176990 C CA 2176990C CA 002176990 A CA002176990 A CA 002176990A CA 2176990 A CA2176990 A CA 2176990A CA 2176990 C CA2176990 C CA 2176990C
Authority
CA
Canada
Prior art keywords
vote
secure
set forth
shuffling
votes
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CA002176990A
Other languages
French (fr)
Other versions
CA2176990A1 (en
Inventor
Joseph J. Kilian
Kazue Sako
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NEC Corp
Original Assignee
NEC Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NEC Corp filed Critical NEC Corp
Publication of CA2176990A1 publication Critical patent/CA2176990A1/en
Application granted granted Critical
Publication of CA2176990C publication Critical patent/CA2176990C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C13/00Voting apparatus
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/383Anonymous user system

Abstract

A number-theoretic based algorithm provides for secure receipt-free voting. A
vote generating center generates a choice of votes for each voter or vote chooser. The votes are encrypted, shuffled, and conveyed to a vote chooser along with information regarding how the votes were shuffled without being intercepted enroute. The information is preferably sent along secure untappable channels. The method can incorporate validification of generation and shuffling of the votes using chameleon commitment and interactive proofs. The invention can be realized by current-generation personal computers with untappable channels and access to an electronic bulletin board.

Description

_ y 21 76994 The present invention relates to a method and apparatus useful for secure receipt-free electronic voting and specifically, to number-theoretic based algorithms for secure receipt-free electronic voting.
The ultimatE; goal of secure electronic voting is to replace physical voting booths. Achieving i:his goal requires work both on improving the efficiency of current protocols and understanding the security properties that these electronic devices can provide.
Recently, it is observed in an article by J.C. Benaloh et al; entitled "Receipt-free Secret-ballot Election," in STOC 94, pp. 544-553 (1994), that unlike physical voting protocols, nearly all electronic voting protocols give the voters a receipt by which they can prove how they voted. Such receipts provide a ready means by which voters can sell their votes or by which another party can coerce a voter to vote in a certain way.
Benaloh and Tuinstra give the first receipt-free protocol for electronic voting.
In their scheme a trusted center generates for each voter a pair of ballots consisting of a "yes" vote and a "no" vote in random order. Using a trusted beacon and a physical voting booth the center proves to the public that the ballot indeed includes a well-formed (yes/no) or (no/yes) pair and at the same time proves to the verifier which pair it is. The physical apparatus ensures that by the time the verifier is able to .
communicate with an outsider, the verifier can forge a proof that the ballot is (yes/no) and also forge a proof that it is (no/yes). Thus, such a proof ceases to provide either proof as a receipt.
Independently, Niemi and Renvall tried to solve this problem in an article by Niemi et al; entitled "How to prevent buying of votes in computer elections"
in ASIACRYPT'94, pp. 141-148 (1994). They also use a physical voting booth where a voter performs multiparty computation with all the centers.
Both the Benaloh= f uinstra and the Niemi-Renvall protocols illustrate that receipt-free secure voting is possible. However, their physical requirements are fairly cumbersome, and are not unlike those faced by participants in physical elections. An important open qucation is precisely what physical requirements are necessary for achieving receipt-free secure voting.
An object of the present invention is to seek to overcome the deficiencies of the prior art, by providing a method and apparatus for a secure receipt-free voting scheme which utilizes a physically secure untappable private channel.
Accordingly, the present invention provides a method of secure receipt-free voting comprising the steps of:

(a) constructing votes for each vote chooser for posting votes on a bulletin board;
(b) sending private messages to respective vote choosers without being intercepted;
(c) the vote chooser choosing the vote and constructing a message,;
(d) the message from the vote choosey reaching a vote counting center through a secure anonymous channel;
and (e) i:he vote counting center counting the votes.
In the secure: receipt-free voting scheme of the present invention, each voter does not leave evidence of how he/she voted through the use of a physically secure untappable channel. The term "secure untappable channel" refers to a channel in which a message c:an be sent from a center without being accessed or detected by another party. Such an untappable channel is described in an article by C.
Bennett et al; entitled "Quanturn Cryptography" in Scientific American, vol. 267, no. 4, Oct. 1992, pp. 50 to 57. The end result of using an untappable channel is that neither the voter nor another party can show or prove how a vote was cast or what the message was that was sent. Once a message is sent or received, the content may be changed rendering proof of the message impossible. However, if the message is intercepted or detected in route or at the time of reception, the intercepting or detecting party can learn the content of .a message prior to a time when a change was possible.
Moreover, even if a non-secures channel is used, if the message travels along the channel without interruption or detection, by virtue of the protocol used in the present invention, determination of a particular vote after receipt at its destination is not possible. In other words, an untappable channel refers to the transmission of a message without interception or dete~~tion in route.
In the following description, the term 'chameleon commitments' is used. A
chameleon commitment is a message committing and decommitting protocol, where the committee can deco~mmit as the committee committed, while the receiver can decommit in any way, regardlEas of how the committee committed.
In accordance with the method of the present invention, there is a vote generating center, a vote counting center, and shuffling centers to transfer messages ,~ between the various centers and each voter. The method comprises the following '~35 three steps.
The first step is the generation by a vote-generating center of a set of all possible votes for each voter. For simplicity, it will be assumed that the possible votes are two, namely 1-vote and 0-vote. For each voter i, the vote-generating center posts encrypted 1-votes and 0-votes in random order. The committee commits to the ordering using chameleon bi~l commitments. The center proves that the committee constructed the vote-pairs properly. The committee decommits the ordering only to the voter through a secure untappable channel.
The second step is transferring the vote from the vote-generating center to the voter via the shuffling centers. Each shuffling center shuffles the two votes for voter i through a shuffle-net. The committee commits with regard to how the votes are shuffled using chameleon commitments. Each shuffling center proves the correctness of its action. The c:ommitter reveals how the votes were shuffled only to the voter i through a secure untappable channel.
The second step is not mandatory, in which case the vote generating centee may directly send the vote to the voter through an ordinary channel.
The third step is anonymous voting by the voter. By keeping track of the initial ordering of the pair, and how they were shuffled during the second step, each voter knows which vote 'is which. Each voter submits one of the received votes to the counting center through a secure anonymous channel. Then the counting center tallies the votes.
Implementation of a secure anonymous channel can be found in an article by C. Park et al; entitled "Efficient Anonymous Channel and AIIINothing Election Scheme"
in Advances in Cryptology, Eurocrypt '93, 1993, pp. 248 to 259, or in U.S.
Patent No.
5,682,430, dated October 28, 1997 entitled "Secure Anonymous Message Transfer and Voting Scheme" which is assigned to the same assignees as the present invention.
Also, the invention results in a method which reduces the amount of communication and computation necessary to generate, transmit and check the proofs by combining multiple proofs into a single proof.
Embodiments of the invention will now be described, by way of example, with reference to the ac~~ompanying drawings, wherein:
Figure 1 is a block diagram of a preferred embodiment of the present invention;
Figure 2 is a block diagram of message flow;
Figure 3 is a block diagram of a preferred embodiment of the present invention with shuffling centers;
..',. 35 Figure 4 is a block diagram of message flow with shuffling centers;
and ~~~~99Q
Figure 5 is a block diagram of a shuffling center.
A preferred embodiment of a secure receipt-free voting scheme comprising the present invention will now be described with reference to Figures 1 and 2. In accordance with the scheme, the encrypted votes generated by vote-generating center 10 by vote construct: process 26 are posted on an electronic bulletin board 13 or other publicly accessible message means. The encrypted votes are pairs of 1-votes and 0-votes, permuted in random order, for each vote choosey 12(i). Then the vote generating center 10 secretly conveys to the vote choosey 12(i) through an untappable channel 16(i) how the encrypted votes for vote choosey 12(i) are ordered. At the same time, the vote generating center 10 needs to prove to the public that the vote was honestly generated and to the vote choosey that the center 10 had not sent false information in the secret message. These proofs are achieved by following prove process 20 as will be described below.
The vote choosey 12(i) chooses its ballot using the secret message from the vote generating center 10 through a physically untappable channel 16(i). The vote chosen by the vote choosers 12(1 ), 12(2),...12(P) are transferred anonymously through a secure anonymouis channel to a vote counting center 15. The secure anonymous channel can be realized by the mixing centers 14(1 ), 14(2),...14(n), where encrypted votes are successively processed by the mixing centers until the vote counting center 15 provides as its output a randomly, untraceably ordered set of unencrypted votes and the outcome of the tally. Each vote generating center 10, vote choosey 12(i), mixing center 14(i) and vote counting center 15 comprises a computing means, preferably a personal computer but it may also be a workstation or the like.
Having set 'forth an overview of the scheme, the details of vote construct process 26, prove process 20, and the information being transferred securely through untappable channel 16 will now be described.
The vote generating center 10, by executing vote construct process 26, generates an encrypted pair of 0-vote and 1-vote for each vote choosey 12(i).
The center follows the vote construct process for each vote choosey 12(i) with independently chosen random nurnbers.
The encryptESd form of 1-votes and 0-votes needs to be appropriate for input to the anonymous channel. Preferably, the method and apparatus described in U.S.
Patent No. 6,682,430 is used and the encrypted forms of 1-votes and 0-votes are selected to be:
21 7 fi 990 vo = (grit mod p,mo . yri~ mod p) v~I = (gr~2 mod p,m~ . yr'2 mod p) (1) for independent random numbers r~~ and r~2 for vote choosey 12(i) and appropriately chosen common constants p,g,y,mo and m~ for all vote choosers. The vote construct process 26 comprises calculating the above formulas with randomly chosen numbers r~~ and r~2.
The vote-generating center 10 posts on the bulletin board 13 in the order of (v~,v~) with a probability of one half, and (v~,vo) otherwise.
The prove process 20 comprises three algorithms: commitment 21, prove 1-0 22, and decommitment 23. The algorithm commitment 21 is used to calculate and post a chameleon commitment of the above ordering and a random sequence used in the succeeding prove 1-0 22 protocol. The algorithm prove 1-0 22 is executed multiple times to prove that the center 10 generated the votes honestly, and the output is posted on bulletin board 13. The algorithm decommit 23 is used to decommit the chameleon commitment committed in algorithm commit 21, through an untappable secure channel. The specific algorithm of prove 1-0 22 and chameleon commitment 21/decommitment c:3 will be described below.
The vote gE:nerating center sends an output of a decommitter, which is a chameleon decommitment, to the vote choosey 12(i) through the untappable channel 16(i).
The vote choosey 12(i) verifies the correctness of the prove 1-0 22 algorithm and the validity of clecommitments by verification process 24. If the correctness and validity are verified, the vote choosey 12(i) follows selection process 25 and chooses either one of the encrypted votes on the bulletin board 13, which expresses its opinion.
The vote choosey 1;?(i) is able to choose correctly because it knows how the encrypted votes were ordered from the chameleon decommitment.
The vote chosen by the vote choosey 12(i) will be input to a shuffle-net, together with other votes chosen by the other vote choosers.
In the scheme described above, a malicious party who coerces the vote choosey 12(i) to disclose its vote, will not receive a concrete proof of whether the chosen vote was a 1-vote or a 0-vote unless the vote generating center 10 is allowed to disclose the vote or the secure channel 16(i) which it is tapped into.
The algorithms prove 1-0 22 and chameleon commitment 21/decommitment 23 will now be described. The prove 1-0 22 algorithm involves a prover and a verifier.
The prover is the vote generating center 10 in this case. The verifier may be any entity, including vote choosers 12(i). The probabilistic behavior of the algorithm will be determined by an output of a suitable hash function, but it may also be a random beacon.
The algorithm, given a randomly permuted pair of (v°, v~ ) generated and posted as equations (1), shows that they are indeed a pair of 1-vote and 0-vote.
Assuming a random string has been committed using chameleon commitment to the vote chooser, the prove 1-0 algorithm comprises the following steps:
1. The prover uniformly chooses r', r" and calculates E°(v°) _ (grmod p,m° ~ yr mod p) E~(v~) _ (gr~mod p,m~ ~ yr~ mod p) and posts E°(v°), E~(v~) in the order according to the committed string.
2a. With a probability of '/, the prover is asked to reveal r' and r". The verifier checks if E°(v°), or E~(v~) is made consistently.
2b. With a probability of'/z, the prover is asked to reveal s1 = r~~ - r' and s2 = r;2 - r'. The verifier checks that v° and v~ can be indeed generated from E°(v°), E~(v~) using s1, s2, g and y.
The chameleon commitment scheme will now be described. The chameleon commitment scheme involves a sender and a receiver. The sender is the vote generating center 10 in this case. The receivers are the vote choosers 12(i).
The following explanation is in terms of committing a single bit, 0 or 1, but can be easily transformE:d to commit multiple bits and strings. In the scheme, the receiver is assumed to know a satisfying a = ga for public integer a.
Commitment Sender commits 0 by g~ and a - g~ for 1 to the receiver.
Decommitment Sender reveals r. The receiver calculates both g~ and a~g~ and determines what was the committed bit.
In order to rnodify the decommitment, the receiver may claim it received r - a instead of r, which its the case when the sender committed the other value.
A more detailed description of chameleon commitments can be found in article "Minimum Disclosure Proofs of Knowledge" by Brassard, Chaum and Crepeau in JCSS, f" 35 pages 156-189, 1988.
After the vote generating center 10 decommits its random string, the vote choosey 12(i) may follow with invalidation process 27 to invalidate the commitment of the center. T'he invalidation process 27 comprises informing the center of the value a, so that the center al:;o has the ability to provide false information afterwards, or to post the value a on a bulletin board 13.
To make sure that the vote choosey 12(i) has the ability to modify the commitments, that is, the vote choosey knows the exponent a, the interaction may occur between the vote generating center 10 and each vote choosey, before the commitment is applied, or even before the start of voting. For example, the vote choosers may execute a cut-and-choose protocol to pick the constant a so that the vote choosey knows a with high probability.
In order to make the receipt-free property of the present invention more secure, it is possible to incorporate a shuffle net 11 comprising multiple shuffling centers 11 (1 ), 11 (2),...11 (m), as shown in Figures 3 and 4. Each encrypted vote generated by vote generating center 10 for vote choosey 12(i) is passed through shuffle net 11 before reaching the vote clhooser 12(i). As a result, a malicious party would not be able to determine how the vote choosey 12(i) voted unless it colluded with all the shuffling centers and vote generating centers, or wiretapped every secret channel 17(1 ), 17(2)...17(m) between the shuffling centers 11 (m) and the vote choosey 12(i).
Each vote shuffling center comprises a computing means, preferably a personal computer but it may also be a workstation or the like.
The operation of the shuffle net and shuffling centers will now be described.
Shuffling center 11 (rn) processes each message posted by the previous shuffling center 11 (m-1 ) (or the vole generating center 10, when m = 1 ) and posts the results of process shuffle 30 (Figure 5) in permuted order until the last shuffling center 11 (m) posts the result of i:he shuffling. Each shuffling center conveys how the votes were shuffled to the vote: choaser through an untappable secure channel 17(m). Each shuffling center 11 (i) proves it shuffled honestly and did not provide false information to the vote choosey 12(i) in a manner similar to that of the vote generating center 10, which is achieved through executing process prove 31.
Figure 5 illustrates the operation of a shuffling center 11 (i). The shuffling center 11 (i) executes the processes shuffle 30 and prove 31 and posts the outputs.
The process prove 31 comprises an algorithm commitment 32 which chameleon commits the random string of the vote choosey.
The process; prove 31 further comprises three algorithms: commitment 32, prove shuffle 33, and decommitment 34.
In order to describe the process shuffle 30, let the input be encrypted shuffled votes, which are presented as:
X~ _ (A~,A2) X2 = (B1 ~ B2) The algorithm shuffle comprises generating a random number c~ and c2 and shuffling the encrypted votes X~ and X2 as S(X~) _ (A~ ~ g~~ mod p,A2 ~y°' mod p) S(X2) _ (B~ ~ g'2 mod p,B2 ~y'2 mod p) (2) and posting S(X~) and S(X2) in random order.
This order and a random sequence to be used in the algorithm prove shuffle is committed using chameleon commitment and posted on the bulletin board as the output of algorithm commii:ment 32.
The algorithim prove shuffle 33 is used to prove that the shuffling center 11 (i) executed the algorithm shuffle correctly. The prove shuffle algorithm 33 involves a -prover and a verifier. The' prover is the shuffling center in this case. The verifier may be any entity, including a vote choosey. The probabilistic behavior of the algorithm will be determined by an output of a suitable hash function, but it may also be a random beacon. The algorithm comprises a permuted pair of (S(X~),S(X2)), showing that they are indeed generated from inputs X~ and X2 as equations (2). Assuming a random string has been cornmitted using chameleon commitment to the vote choosey, the prove shuffle 33 algorithm comprises:
1. The prover uniformly chooses c',c" and calculates E(X~) _ (A~ ~ gc mod p,A2~yc mod p) E(X2) _ (B~ ~ gc~ mod p,B2~yc~ mod p) (3) post E(X~),E(X2) in the order according to the committed string.
2a. With a probability of 'h, the prover is asked to reveal c' and c". The verifier checks if E(X~),E(X2) is made consistently.
2b. With a probability of'/Z, the prover is asked to reveal t~ = c~ - c' and t2 = c2 - c". The verifier checks that E(X~) and E(X2) can indeed be generated from S(X~),S(XZ) using t~,t2,g and y.
ww 2176990 The encryptE~d votes posted by the vote generating center 10 are successively processed by the shuffling centers 11 (1 ), 11 (2),...11 (m) until the last center provides as its output a random untraceable ordered set of encrypted votes for each vote choosey.
The vote choosey 12(i) chooses its ballot using the secret messages from the vote generating center and shuffling centers through untappable secure channels 16(i), 17(1),17(2),..and 17 (m).
Invalidation of chameleon commitments of shuffling centers can be realized in a similar manner as. invalidated commitments of the vote generating center 10.
Having described a preferred method of the present invention, preferred embodiments of the invention will now be described.
Figure 1 schematically illustrates a preferred embodiment of the invention.
The vote generating center 10, vote choosers 12(1),12(2),...12(P), mixing centers 14(1),14(2),...14(n) and vote counting center 15 use personal computers or workstations connected to a conventional electronic bulletin board 13. There are un#appable secure channels 16(1),16(2)...16(Q) so that the vote generating center 10 can send a secret message to each vote choosey 12(i). All elements (senders, verifiers, centers and the like) comprising the message transfer process interact by posting messages to and receiving messages from the bulletin board 13, except when the vote generating center 10 sends decommitting messages to vote choosers 12(i) via untappable channel 16(i). The vote generating center 10 or vote choosers 12(i) or vote counting center 15 can also serve as mixing centers or vote counting centers.
The personal computers either contain software to perform the method described above or alternatively contain in hardware or software embodiments of the elements described in Figure 2.
Figure 2 illustrates how messages are transferred to achieve receipt-free voting.
For each vote choosey 12(i), vote generating center 10 generates encrypted votes using a vote constructor 26 as described above. The vote generating center 10 then follows process prove 20 which comprises algorithms commitment 21, prove 1-0 22 and decommitment 23. The output of decommitment 23 is sent to vote choosey 12(i) through untappable channel 16(i). Other outputs of the vote generating center 10 are posted on the bulletin board 13. The vote choosey 12(i) follows the processes verification 24 and :;election 25, and outputs selected votes from the encrypted votes on the bulletin board 13. The selected votes of all the vote choosers 12(1 ),12(2)...12(P) are anonymously transferred to vote counter 15 through anonymous channel 14.
Figure 3 schematically illustrates a preferred embodiment of the invention with a shuffle net. The vote generating center 10, vote shuffling centers 11 (1 ),11 (2),...11 (m), vote choosers 12(i), mixing centers 14(1 ),14(2),...14(n) and vote counting center 15 use personal computers or workstations connected to a conventional electi~onic bulletin board 13. There are untappable channels 16(1),16(2)...160) so that the vote generating center 10 can send a secret message to each vote choose~r. There are also untappable channels 17(1),17(2)...17(m) so that the shuffling centers 11 (1 ),11 (2),...11 (m) can send a secret message to vote chooser 12(i). All elements (senders, verifiers, centers and the like) comprising the message transfer process interact by posting messages to and receiving messages from the bulletin board 13, except for the vote generating center 10 or shuffling centers 11 (1 ) to 11 (m) which send decommitting messages to a vote chooser 12(i) via untappable channels 17(i). The vote generating center 10 or vote choosers 12(i) or vote counting center 15 or shuffling centers 11 (m) can also serve as mixing centers or vote counting centers or shuffling centers. The personal computers either contain software to perform the method described above or alternatively contain in hardware or software embodiments the elements described in Figures 4 and 5.
Figure 4 illustrates how messages are transferred to achieve receipt-free voting with a shuffle net. I=or each vote chooser 12(i), vote generating center 10 generates encrypted votes which are posted on the bulletin board 13. Then shuffling center 11 (m) reads encrypted votes from the bulletin board 13 and follows processes shuffle 30 and prove 31, and outputs shuffled votes to the bulletin board 13, while sending a decommitting mes:cage to vote chooser 12(i) through untappable channel 17(m).
Similarly, succeeding shuffling centers read the proceeding center's output from bulletin board 13, and post:; their output to the bulletin board 13 for the next shuffling center, while sending their decommitting message to vote choosey 12(i) through untappable channel 17(i). The last shuffling center's output will be read by the vote choosey 12(i), which follows the processes verification 35 and selection 36, and outputs selected votes from the encrypted votes on the bulletin board 13. The selected votes of all the vote choosers 12(1),12(;?)...12(>') are anonymously transferred to vote counter 15 through anonymous channel 14.
Figure 5 schematically illustrates a shuffling center 11 (i). The shuffling center follows process shuffle 30 and process prove 31. Process prove 31 comprises algorithms commitment 32, prove shuffle 33 and decommitment 34.

Claims (40)

1. A method of secure receipt-free voting comprising the steps of:
(a) constructing votes for each vote chooser for posting votes on a bulletin board;
(b) sending private messages to respective vote choosers without being intercepted;
(c) the vote chooser choosing the vote and constructing a message;
(d) the message from the vote chooser reaching a vote counting center through a secure anonymous channel;
and (e) the vote counting center counting the votes.
2. A method of secure receipt-free voting as set forth in claim 1, where said sending private messages comprises sending messages via secure untappable channels.
3. A method of secure receipt-free voting as set forth in claim 1, further comprising the step of proving the correctness of the vote construction.
4. A method of secure receipt-free voting as set forth in claim 3, where proving the correctness of the vote construction is performed by executing a prove 1-0 algorithm.
5. A method of secure receipt-free voting as set forth in claim 3, further comprising the steps of:
(f) said vote construction includes committing a random string using chameleon commitments;
(g) proving the correctness of the constructed votes by using committed bits; and (h) decommitting through a secure untappable channel.
6. A method of secure receipt-free voting as set forth in claim 5, where proving the correctness is performed by executing a prove 1-0 algorithm.
7. A method of secure receipt-free voting as set forth in claim 5, further comprising the vote chooser invalidating chameleon commitment.
8. A method of secure receipt-free voting as set forth in claim 7, wherein proving the correctness is performed by executing the prove 1-0 algorithm.
9. A method of secure receipt-free voting as set forth in claim 7, wherein the vote chooser invalidating chameleon commitment provides its secret key for constructing votes to the bulletin board.
10. A method of secure receipt-free voting as set forth in claim 1, wherein step (a) further comprises:
(i) shuffling the constructed votes; and (ii) sending a private message about the shuffling to the vote chooser without being intercepted.
11. A method of secure receipt-free voting as set forth in claim 10, wherein said sending a private message comprises sending a message via a secure untappable channel.
12. A method of secure receipt-free voting as set forth in claim 2, wherein step(a) further comprises:
(i) shuffling the constructed votes; and (ii) sending a private message about the shuffling to the vote chooser without being intercepted.
13. A method of secure receipt-free voting as set forth in claim 12, wherein said sending a private message comprises sending via a secure untappable channel.
14. A method of secure receipt-free voting as set forth in claim 5, where step(a) further comprises:
(i) shuffling the constructed votes; and (ii) sending a private message about the shuffling to the vote chooser without being intercepted.
15. A method of secure receipt-free voting as set forth in claim 14, wherein said sending a private message comprises sending via a secure untappable channel.
16. A method of secure receipt-free voting as set forth in claim 7, wherein step (a) further comprises:
(i) shuffling the constructed votes; and (ii) sending a private message about the shuffling to the vote chooser without being intercepted.
17. A method of secure receipt-free voting as set forth in claim 16, wherein said sending a private message comprises sending via a secure untappable channel.
18. A method of secure receipt-free voting as set forth in claim 3, wherein step (a) further comprises:
(i) shuffling the constructed votes; and (ii) sending a private message about the shuffling to the vote chooser without being intercepted.
19. A method of secure receipt-free voting as set forth in claim 18, wherein said sending a private message comprises sending via a secure untappable channel.
20. A method of secure receipt-free voting as set forth in claim 10, further comprising the step of proving the correctness of the shuffled constructed votes.
21. A method of secure receipt-free voting as set forth in claim 20, further comprising the steps of:
(f) committing a random string using chameleon commitments;
(g) proving the correctness of the shuffled constructed votes using committed bits; and (h) decommitting without being intercepted.
22. A method of secure receipt-free voting as set forth in claim 21, wherein said decommitting is through a secure untappable channel.
23. A method of secure receipt-free voting as set forth in claim 20, wherein said proving the correctness is performed by executing a prove shuffle algorithm.
24. A method of secure receipt-free voting as set forth in claim 21, wherein said proving the correctness is performed by executing a prove shuffle algorithm.
25. A method of secure receipt-free voting as set forth in claim 21, further comprising invalidating the chameleon commitment.
26. A method of secure receipt-free voting as set forth in claim 23, further comprising invalidating the chameleon commitment.
27. A method of secure receipt-free voting as set forth in claim 26, wherein invalidating the chameleon commitment includes providing a secret key for said shuffling to the bulletin board.
28. An apparatus for secure receipt-free voting comprising:
a plurality of vote generating centers;
a plurality of vote choosers;
a bulletin board;
a vote counting center;
said vote generating centers constructing votes for each of said vote choosers which votes are posted on said bulletin board and said vote generating centers sending private messages to respective vote choosers without being intercepted;
each of said vote choosers choosing the vote and constructing a message which reaches said vote counting center through a secure anonymous channel; and said vote counting center counting the votes.
29. An apparatus for secure receipt-free voting as set forth in claim 28, wherein said vote generating centers send private messages to said vote choosers via secure untappable channels.
30. An apparatus for secure receipt-free voting as set forth in claim 28, wherein, said vote generating center commits a random string using chameleon commitment; proves the correctness of the vote construction using committed bits; and decommits through a secure untappable channel.
31. An apparatus for secure receipt-free voting as set forth in claim 30, wherein said vote chooser invalidates the chameleon commitment.
32. An apparatus for secure receipt-free voting as set forth in claim 28, further comprising:
a shuffle net of shuffling centers for receiving said constructed votes; and each shuffling center in the shuffle net shuffling the votes and sending a private message to a vote chooser without being intercepted.
33. An apparatus for secure receipt-free voting as set forth in claim 32, wherein each shuffling center sends a private message to a vote chooser via a secure untappable channel.
34. An apparatus for secure receipt-free voting as set forth in claim 30, further comprising:
a shuffle net of shuffling centers for receiving said constructed votes; and each shuffling center in the shuffle net shuffling the votes and sending a private message to a vote chooser without being intercepted.
35. An apparatus for secure receipt-free voting as set forth in claim 34, wherein each shuffling center sends a private message to a vote chooser via a secure untappable channel.
36. An apparatus for secure receipt-free voting as set forth in claim 32, wherein said shuffling centers prove the correctness of their vote construction.
37. An apparatus for secure receipt-free voting as set forth in claim 36, wherein, each shuffling center commits a random string using chameleon commitment and proves the correctness of its vote using committed bits, and decommits without being intercepted.
38. An apparatus for secure receipt-free voting as set forth in claim 37, wherein said decommitting is through a secure untappable channel.
39. An apparatus for secure receipt-free voting as set forth in claim 37, further comprising each vote chooser invalidating the chameleon commitment.
40. An apparatus for secure receipt-free voting as set forth in claim 39, wherein each vote chooser invalidates the chameleon commitment by providing its secret key to said shuffling centers or to said bulletin board.
CA002176990A 1995-05-19 1996-05-21 Secure receipt-free electronic voting Expired - Fee Related CA2176990C (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US08/444,701 US6092051A (en) 1995-05-19 1995-05-19 Secure receipt-free electronic voting
US08/444,701 1995-05-19

Publications (2)

Publication Number Publication Date
CA2176990A1 CA2176990A1 (en) 1996-11-20
CA2176990C true CA2176990C (en) 2000-05-16

Family

ID=23765990

Family Applications (1)

Application Number Title Priority Date Filing Date
CA002176990A Expired - Fee Related CA2176990C (en) 1995-05-19 1996-05-21 Secure receipt-free electronic voting

Country Status (6)

Country Link
US (1) US6092051A (en)
EP (1) EP0743620B1 (en)
JP (1) JP3730700B2 (en)
AU (1) AU702945B2 (en)
CA (1) CA2176990C (en)
DE (1) DE69636886T2 (en)

Families Citing this family (61)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6457643B1 (en) * 1997-12-22 2002-10-01 Ian Way Voting system
US20050049082A1 (en) * 1998-03-18 2005-03-03 Callaway Golf Company Golf ball
JP2001202013A (en) * 2000-01-21 2001-07-27 Nec Corp Anonymous participation authority control system
WO2000021041A1 (en) * 1998-10-06 2000-04-13 Chavez Robert M Digital elections network system with online voting and polling
JP3233119B2 (en) 1998-12-28 2001-11-26 日本電気株式会社 Receipt-free electronic voting method and device
AU5601100A (en) * 1999-06-09 2000-12-28 Donald Dipietro Systems for interactive voting
US20020078358A1 (en) * 1999-08-16 2002-06-20 Neff C. Andrew Electronic voting system
US20050160272A1 (en) * 1999-10-28 2005-07-21 Timecertain, Llc System and method for providing trusted time in content of digital data files
US20010034640A1 (en) * 2000-01-27 2001-10-25 David Chaum Physical and digital secret ballot systems
US7152156B1 (en) * 2000-02-17 2006-12-19 Hart Intercivic, Inc. Secure internet voting system with bootable disk
CN1242617C (en) 2000-03-03 2006-02-15 雅马哈株式会社 Video distribution playback method, device installed on video distribation teminal, device installed on video playback teminal, computer readable medium and film distribution method
JP4181724B2 (en) * 2000-03-03 2008-11-19 日本電気株式会社 Re-encryption shuffle method and apparatus with certificate, re-encryption shuffle verification method and apparatus, input sentence string generation method and apparatus, and recording medium
US6950948B2 (en) * 2000-03-24 2005-09-27 Votehere, Inc. Verifiable, secret shuffles of encrypted data, such as elgamal encrypted data for secure multi-authority elections
US20030028423A1 (en) * 2000-03-24 2003-02-06 Neff C. Andrew Detecting compromised ballots
US7099471B2 (en) * 2000-03-24 2006-08-29 Dategrity Corporation Detecting compromised ballots
US20060085647A1 (en) * 2000-03-24 2006-04-20 Neff C A Detecting compromised ballots
EP1633077A3 (en) * 2000-03-24 2006-06-07 Dategrity Corporation Verifiable, secret shuffles of encrypted data, such as elgamal encrypted data for secure multi-authority elections
US7389250B2 (en) * 2000-03-24 2008-06-17 Demoxi, Inc. Coercion-free voting scheme
EP1148447A1 (en) * 2000-04-21 2001-10-24 Microflight S.r.l. Method and apparatus for collecting and transmitting the results of votes
US20010037234A1 (en) * 2000-05-22 2001-11-01 Parmasad Ravi A. Method and apparatus for determining a voting result using a communications network
US7461787B2 (en) * 2000-11-20 2008-12-09 Avante International Technology, Inc. Electronic voting apparatus, system and method
AU2001297675A1 (en) * 2000-11-20 2002-09-19 Amerasia International Technology, Inc. Electronic voting apparatus, system and method
US7422150B2 (en) * 2000-11-20 2008-09-09 Avante International Technology, Inc. Electronic voting apparatus, system and method
US20030046207A1 (en) * 2000-12-04 2003-03-06 Andrew Torre Participant voting system and method for creating a diversified investment fund
US6968999B2 (en) * 2000-12-28 2005-11-29 Reardon David C Computer enhanced voting system including verifiable, custom printed ballots imprinted to the specifications of each voter
US20060041468A1 (en) * 2000-12-28 2006-02-23 Reardon David C Custom printed, voter verified ballots with fixed range input
SE0100202L (en) * 2001-01-24 2002-07-25 Fredrik Allard Voting System
US7921033B2 (en) * 2001-01-29 2011-04-05 Microsoft Corporation System and method for high-density interactive voting using a computer network
AU2002232794A1 (en) * 2001-02-20 2002-09-04 Votehere, Inc. Detecting compromised ballots
US7729991B2 (en) * 2001-03-20 2010-06-01 Booz-Allen & Hamilton Inc. Method and system for electronic voter registration and electronic voting over a network
CA2441304C (en) * 2001-03-24 2005-05-31 Votehere, Inc. Verifiable secret shuffles and their application to electronic voting
WO2002082255A1 (en) * 2001-04-09 2002-10-17 Maurice Ostroff A voting system and method
JP3901471B2 (en) * 2001-05-18 2007-04-04 日本電気株式会社 Proofed shuffle decryption system, proved shuffle decryption method, and shuffle decryption verification method
US20030006282A1 (en) * 2001-07-06 2003-01-09 Dennis Vadura Systems and methods for electronic voting
US7284700B1 (en) 2003-06-19 2007-10-23 Populex Corp. Advanced voting system and method
US7306148B1 (en) 2001-07-26 2007-12-11 Populex Corp. Advanced voting system and method
US20030055719A1 (en) * 2001-09-20 2003-03-20 Faigle Christopher T. Remote participation and voting in a meeting
US7077313B2 (en) * 2001-10-01 2006-07-18 Avante International Technology, Inc. Electronic voting method for optically scanned ballot
US7635087B1 (en) 2001-10-01 2009-12-22 Avante International Technology, Inc. Method for processing a machine readable ballot and ballot therefor
US7828215B2 (en) * 2001-10-01 2010-11-09 Avante International Technology, Inc. Reader for an optically readable ballot
US6942142B2 (en) * 2001-10-02 2005-09-13 Hewlett-Packard Development Company, L.P. Voting ballot, voting machine, and associated methods
EP1469429B1 (en) * 2001-12-12 2009-03-04 Scytl Secure Electronic Voting, S.A. Secure electronic voting method and the cryptographic protocols and computer programs used
CA2475136C (en) * 2002-02-14 2007-04-17 Votehere, Inc. A coercion-free voting scheme
US20060222180A1 (en) * 2002-10-15 2006-10-05 Elliott Brig B Chip-scale transmitter for quantum cryptography
CA2567727A1 (en) * 2004-06-07 2005-12-22 Dategrity Corporation Cryptographic systems and methods, including practical high certainty intent verification, such as for encrypted votes in an electronic election
DE602005014047D1 (en) * 2004-06-30 2009-06-04 France Telecom Electronic voting system and system in a high security communication network
US7490768B2 (en) * 2004-07-05 2009-02-17 International Business Machines Corporation Election system enabling coercion-free remote voting
US8005211B2 (en) * 2005-02-28 2011-08-23 Nec Corporation Shuffle-decrypting legitimacy certifying apparatus and method, shuffle-decrypting verifying apparatus and method, program, and recording medium
US7497377B2 (en) * 2005-04-26 2009-03-03 David Watson Electronic poll register system for elections
US7387244B2 (en) * 2005-05-27 2008-06-17 Election Systems & Software, Inc. Electronic voting system and method with voter verifiable real-time audit log
JP4771053B2 (en) * 2005-05-27 2011-09-14 日本電気株式会社 Integrated shuffle validity proving device, proof integrating device, integrated shuffle validity verifying device, and mixed net system
US20070130455A1 (en) * 2005-12-06 2007-06-07 Elliott Brig B Series encryption in a quantum cryptographic system
US20070133798A1 (en) * 2005-12-14 2007-06-14 Elliott Brig B Quantum cryptography on a multi-drop optical network
US8082443B2 (en) * 2006-01-09 2011-12-20 Bbnt Solutions Llc. Pedigrees for quantum cryptography
US8061589B2 (en) 2006-10-20 2011-11-22 Barry Cohen Electronic voting system
GB2454030A (en) 2007-10-24 2009-04-29 Plastic Logic Ltd Edgeless display device
US8066184B2 (en) * 2008-04-30 2011-11-29 Avante International Technology, Inc. Optically readable marking sheet and reading apparatus and method therefor
US8261985B2 (en) 2009-04-07 2012-09-11 Avante Corporation Limited Manual recount process using digitally imaged ballots
CA2671269A1 (en) * 2009-07-08 2011-01-08 Ky M. Vu An anti-rigging voting system and its software design
US8261986B2 (en) * 2009-10-21 2012-09-11 Kevin Kwong-Tai Chung System and method for decoding an optically readable markable sheet and markable sheet therefor
US11488433B2 (en) * 2018-01-11 2022-11-01 Mastercard International Incorporated Method and system for public elections on a moderated blockchain

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3947669A (en) * 1974-12-30 1976-03-30 Applied Futures, Inc. Voting machine
US4641241A (en) * 1984-05-08 1987-02-03 R. F. Shoup Corporation Memory cartridge for electronic voting system
US4641240A (en) * 1984-05-18 1987-02-03 R. F. Shoup Corporation Electronic voting machine and system
US4774665A (en) * 1986-04-24 1988-09-27 Data Information Management Systems, Inc. Electronic computerized vote-counting apparatus
US5117358A (en) * 1989-09-25 1992-05-26 Winkler Peter M Electronic trusted party
FI86486C (en) * 1990-08-27 1992-08-25 Tecnomen Oy FOERFARANDE FOER ATT ARRANGERA TELEROESTNINGEN PAO ETT SAEKERT SAETT.
US5218528A (en) * 1990-11-06 1993-06-08 Advanced Technological Systems, Inc. Automated voting system
US5189288A (en) * 1991-01-14 1993-02-23 Texas Instruments Incorporated Method and system for automated voting
US5278753A (en) * 1991-08-16 1994-01-11 Graft Iii Charles V Electronic voting system
JP2747171B2 (en) * 1992-07-06 1998-05-06 株式会社 政治広報センター Election terminal device and voting confirmation method
US5400248A (en) * 1993-09-15 1995-03-21 John D. Chisholm Computer network based conditional voting system
US5412727A (en) * 1994-01-14 1995-05-02 Drexler Technology Corporation Anti-fraud voter registration and voting system using a data card
US5583329A (en) * 1994-08-01 1996-12-10 Election Products, Inc. Direct recording electronic voting machine and voting process
US5495532A (en) * 1994-08-19 1996-02-27 Nec Research Institute, Inc. Secure electronic voting using partially compatible homomorphisms
US5682430A (en) * 1995-01-23 1997-10-28 Nec Research Institute, Inc. Secure anonymous message transfer and voting scheme

Also Published As

Publication number Publication date
US6092051A (en) 2000-07-18
CA2176990A1 (en) 1996-11-20
DE69636886T2 (en) 2007-12-06
DE69636886D1 (en) 2007-03-22
EP0743620A2 (en) 1996-11-20
EP0743620B1 (en) 2007-02-07
JP3730700B2 (en) 2006-01-05
AU5235196A (en) 1996-11-28
JPH08315053A (en) 1996-11-29
EP0743620A3 (en) 2000-07-19
AU702945B2 (en) 1999-03-11

Similar Documents

Publication Publication Date Title
CA2176990C (en) Secure receipt-free electronic voting
Sako et al. Receipt-free mix-type voting scheme: A practical solution to the implementation of a voting booth
Fujioka et al. A practical secret voting scheme for large scale elections
Cramer et al. Multi-authority secret-ballot elections with linear work
Michels et al. Some remarks on a receipt-free and universally verifiable mix-type voting scheme
US5682430A (en) Secure anonymous message transfer and voting scheme
Liaw A secure electronic voting protocol for general elections
US20070192607A1 (en) Electronic voting process using fair blind signatures
Weber et al. On coercion-resistant electronic elections with linear work
Rjašková Electronic voting schemes
Zou et al. Assurable, transparent, and mutual restraining e-voting involving multiple conflicting parties
Qu et al. A electronic voting protocol based on blockchain and homomorphic signcryption
Juang et al. A collision-free secret ballot protocol for computerized general elections
Schoenmakers Fully auditable electronic secret-ballot elections
WO2001020562A2 (en) Multiway election method and apparatus
Fan et al. An efficient multi-receipt mechanism for uncoercible anonymous electronic voting
Carroll et al. A secure and efficient voter-controlled anonymous election scheme
Carroll et al. A secure and anonymous voter-controlled election scheme
Sarier Efficient and Usable Coercion-Resistant E-Voting on the Blockchain
Kim et al. A new universally verifiable and receipt-free electronic voting scheme using one-way untappable channels
CN109544772B (en) Safe and efficient electronic voting method
Goh et al. Event driven private counters
Sınak et al. End-2-end verifiable internet voting protocol based on homomorphic encryption
Song et al. A practical electronic voting protocol based upon oblivious signature scheme
Niemi et al. Efficient voting with no selling of votes

Legal Events

Date Code Title Description
EEER Examination request
MKLA Lapsed