CA2176990C - Secure receipt-free electronic voting - Google Patents
Secure receipt-free electronic voting Download PDFInfo
- Publication number
- CA2176990C CA2176990C CA002176990A CA2176990A CA2176990C CA 2176990 C CA2176990 C CA 2176990C CA 002176990 A CA002176990 A CA 002176990A CA 2176990 A CA2176990 A CA 2176990A CA 2176990 C CA2176990 C CA 2176990C
- Authority
- CA
- Canada
- Prior art keywords
- vote
- secure
- set forth
- shuffling
- votes
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C13/00—Voting apparatus
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/383—Anonymous user system
Abstract
A number-theoretic based algorithm provides for secure receipt-free voting. A
vote generating center generates a choice of votes for each voter or vote chooser. The votes are encrypted, shuffled, and conveyed to a vote chooser along with information regarding how the votes were shuffled without being intercepted enroute. The information is preferably sent along secure untappable channels. The method can incorporate validification of generation and shuffling of the votes using chameleon commitment and interactive proofs. The invention can be realized by current-generation personal computers with untappable channels and access to an electronic bulletin board.
vote generating center generates a choice of votes for each voter or vote chooser. The votes are encrypted, shuffled, and conveyed to a vote chooser along with information regarding how the votes were shuffled without being intercepted enroute. The information is preferably sent along secure untappable channels. The method can incorporate validification of generation and shuffling of the votes using chameleon commitment and interactive proofs. The invention can be realized by current-generation personal computers with untappable channels and access to an electronic bulletin board.
Description
_ y 21 76994 The present invention relates to a method and apparatus useful for secure receipt-free electronic voting and specifically, to number-theoretic based algorithms for secure receipt-free electronic voting.
The ultimatE; goal of secure electronic voting is to replace physical voting booths. Achieving i:his goal requires work both on improving the efficiency of current protocols and understanding the security properties that these electronic devices can provide.
Recently, it is observed in an article by J.C. Benaloh et al; entitled "Receipt-free Secret-ballot Election," in STOC 94, pp. 544-553 (1994), that unlike physical voting protocols, nearly all electronic voting protocols give the voters a receipt by which they can prove how they voted. Such receipts provide a ready means by which voters can sell their votes or by which another party can coerce a voter to vote in a certain way.
Benaloh and Tuinstra give the first receipt-free protocol for electronic voting.
In their scheme a trusted center generates for each voter a pair of ballots consisting of a "yes" vote and a "no" vote in random order. Using a trusted beacon and a physical voting booth the center proves to the public that the ballot indeed includes a well-formed (yes/no) or (no/yes) pair and at the same time proves to the verifier which pair it is. The physical apparatus ensures that by the time the verifier is able to .
communicate with an outsider, the verifier can forge a proof that the ballot is (yes/no) and also forge a proof that it is (no/yes). Thus, such a proof ceases to provide either proof as a receipt.
Independently, Niemi and Renvall tried to solve this problem in an article by Niemi et al; entitled "How to prevent buying of votes in computer elections"
in ASIACRYPT'94, pp. 141-148 (1994). They also use a physical voting booth where a voter performs multiparty computation with all the centers.
Both the Benaloh= f uinstra and the Niemi-Renvall protocols illustrate that receipt-free secure voting is possible. However, their physical requirements are fairly cumbersome, and are not unlike those faced by participants in physical elections. An important open qucation is precisely what physical requirements are necessary for achieving receipt-free secure voting.
An object of the present invention is to seek to overcome the deficiencies of the prior art, by providing a method and apparatus for a secure receipt-free voting scheme which utilizes a physically secure untappable private channel.
Accordingly, the present invention provides a method of secure receipt-free voting comprising the steps of:
(a) constructing votes for each vote chooser for posting votes on a bulletin board;
(b) sending private messages to respective vote choosers without being intercepted;
(c) the vote chooser choosing the vote and constructing a message,;
(d) the message from the vote choosey reaching a vote counting center through a secure anonymous channel;
and (e) i:he vote counting center counting the votes.
In the secure: receipt-free voting scheme of the present invention, each voter does not leave evidence of how he/she voted through the use of a physically secure untappable channel. The term "secure untappable channel" refers to a channel in which a message c:an be sent from a center without being accessed or detected by another party. Such an untappable channel is described in an article by C.
Bennett et al; entitled "Quanturn Cryptography" in Scientific American, vol. 267, no. 4, Oct. 1992, pp. 50 to 57. The end result of using an untappable channel is that neither the voter nor another party can show or prove how a vote was cast or what the message was that was sent. Once a message is sent or received, the content may be changed rendering proof of the message impossible. However, if the message is intercepted or detected in route or at the time of reception, the intercepting or detecting party can learn the content of .a message prior to a time when a change was possible.
Moreover, even if a non-secures channel is used, if the message travels along the channel without interruption or detection, by virtue of the protocol used in the present invention, determination of a particular vote after receipt at its destination is not possible. In other words, an untappable channel refers to the transmission of a message without interception or dete~~tion in route.
In the following description, the term 'chameleon commitments' is used. A
chameleon commitment is a message committing and decommitting protocol, where the committee can deco~mmit as the committee committed, while the receiver can decommit in any way, regardlEas of how the committee committed.
In accordance with the method of the present invention, there is a vote generating center, a vote counting center, and shuffling centers to transfer messages ,~ between the various centers and each voter. The method comprises the following '~35 three steps.
The ultimatE; goal of secure electronic voting is to replace physical voting booths. Achieving i:his goal requires work both on improving the efficiency of current protocols and understanding the security properties that these electronic devices can provide.
Recently, it is observed in an article by J.C. Benaloh et al; entitled "Receipt-free Secret-ballot Election," in STOC 94, pp. 544-553 (1994), that unlike physical voting protocols, nearly all electronic voting protocols give the voters a receipt by which they can prove how they voted. Such receipts provide a ready means by which voters can sell their votes or by which another party can coerce a voter to vote in a certain way.
Benaloh and Tuinstra give the first receipt-free protocol for electronic voting.
In their scheme a trusted center generates for each voter a pair of ballots consisting of a "yes" vote and a "no" vote in random order. Using a trusted beacon and a physical voting booth the center proves to the public that the ballot indeed includes a well-formed (yes/no) or (no/yes) pair and at the same time proves to the verifier which pair it is. The physical apparatus ensures that by the time the verifier is able to .
communicate with an outsider, the verifier can forge a proof that the ballot is (yes/no) and also forge a proof that it is (no/yes). Thus, such a proof ceases to provide either proof as a receipt.
Independently, Niemi and Renvall tried to solve this problem in an article by Niemi et al; entitled "How to prevent buying of votes in computer elections"
in ASIACRYPT'94, pp. 141-148 (1994). They also use a physical voting booth where a voter performs multiparty computation with all the centers.
Both the Benaloh= f uinstra and the Niemi-Renvall protocols illustrate that receipt-free secure voting is possible. However, their physical requirements are fairly cumbersome, and are not unlike those faced by participants in physical elections. An important open qucation is precisely what physical requirements are necessary for achieving receipt-free secure voting.
An object of the present invention is to seek to overcome the deficiencies of the prior art, by providing a method and apparatus for a secure receipt-free voting scheme which utilizes a physically secure untappable private channel.
Accordingly, the present invention provides a method of secure receipt-free voting comprising the steps of:
(a) constructing votes for each vote chooser for posting votes on a bulletin board;
(b) sending private messages to respective vote choosers without being intercepted;
(c) the vote chooser choosing the vote and constructing a message,;
(d) the message from the vote choosey reaching a vote counting center through a secure anonymous channel;
and (e) i:he vote counting center counting the votes.
In the secure: receipt-free voting scheme of the present invention, each voter does not leave evidence of how he/she voted through the use of a physically secure untappable channel. The term "secure untappable channel" refers to a channel in which a message c:an be sent from a center without being accessed or detected by another party. Such an untappable channel is described in an article by C.
Bennett et al; entitled "Quanturn Cryptography" in Scientific American, vol. 267, no. 4, Oct. 1992, pp. 50 to 57. The end result of using an untappable channel is that neither the voter nor another party can show or prove how a vote was cast or what the message was that was sent. Once a message is sent or received, the content may be changed rendering proof of the message impossible. However, if the message is intercepted or detected in route or at the time of reception, the intercepting or detecting party can learn the content of .a message prior to a time when a change was possible.
Moreover, even if a non-secures channel is used, if the message travels along the channel without interruption or detection, by virtue of the protocol used in the present invention, determination of a particular vote after receipt at its destination is not possible. In other words, an untappable channel refers to the transmission of a message without interception or dete~~tion in route.
In the following description, the term 'chameleon commitments' is used. A
chameleon commitment is a message committing and decommitting protocol, where the committee can deco~mmit as the committee committed, while the receiver can decommit in any way, regardlEas of how the committee committed.
In accordance with the method of the present invention, there is a vote generating center, a vote counting center, and shuffling centers to transfer messages ,~ between the various centers and each voter. The method comprises the following '~35 three steps.
The first step is the generation by a vote-generating center of a set of all possible votes for each voter. For simplicity, it will be assumed that the possible votes are two, namely 1-vote and 0-vote. For each voter i, the vote-generating center posts encrypted 1-votes and 0-votes in random order. The committee commits to the ordering using chameleon bi~l commitments. The center proves that the committee constructed the vote-pairs properly. The committee decommits the ordering only to the voter through a secure untappable channel.
The second step is transferring the vote from the vote-generating center to the voter via the shuffling centers. Each shuffling center shuffles the two votes for voter i through a shuffle-net. The committee commits with regard to how the votes are shuffled using chameleon commitments. Each shuffling center proves the correctness of its action. The c:ommitter reveals how the votes were shuffled only to the voter i through a secure untappable channel.
The second step is not mandatory, in which case the vote generating centee may directly send the vote to the voter through an ordinary channel.
The third step is anonymous voting by the voter. By keeping track of the initial ordering of the pair, and how they were shuffled during the second step, each voter knows which vote 'is which. Each voter submits one of the received votes to the counting center through a secure anonymous channel. Then the counting center tallies the votes.
Implementation of a secure anonymous channel can be found in an article by C. Park et al; entitled "Efficient Anonymous Channel and AIIINothing Election Scheme"
in Advances in Cryptology, Eurocrypt '93, 1993, pp. 248 to 259, or in U.S.
Patent No.
5,682,430, dated October 28, 1997 entitled "Secure Anonymous Message Transfer and Voting Scheme" which is assigned to the same assignees as the present invention.
Also, the invention results in a method which reduces the amount of communication and computation necessary to generate, transmit and check the proofs by combining multiple proofs into a single proof.
Embodiments of the invention will now be described, by way of example, with reference to the ac~~ompanying drawings, wherein:
Figure 1 is a block diagram of a preferred embodiment of the present invention;
Figure 2 is a block diagram of message flow;
Figure 3 is a block diagram of a preferred embodiment of the present invention with shuffling centers;
..',. 35 Figure 4 is a block diagram of message flow with shuffling centers;
and ~~~~99Q
Figure 5 is a block diagram of a shuffling center.
A preferred embodiment of a secure receipt-free voting scheme comprising the present invention will now be described with reference to Figures 1 and 2. In accordance with the scheme, the encrypted votes generated by vote-generating center 10 by vote construct: process 26 are posted on an electronic bulletin board 13 or other publicly accessible message means. The encrypted votes are pairs of 1-votes and 0-votes, permuted in random order, for each vote choosey 12(i). Then the vote generating center 10 secretly conveys to the vote choosey 12(i) through an untappable channel 16(i) how the encrypted votes for vote choosey 12(i) are ordered. At the same time, the vote generating center 10 needs to prove to the public that the vote was honestly generated and to the vote choosey that the center 10 had not sent false information in the secret message. These proofs are achieved by following prove process 20 as will be described below.
The vote choosey 12(i) chooses its ballot using the secret message from the vote generating center 10 through a physically untappable channel 16(i). The vote chosen by the vote choosers 12(1 ), 12(2),...12(P) are transferred anonymously through a secure anonymouis channel to a vote counting center 15. The secure anonymous channel can be realized by the mixing centers 14(1 ), 14(2),...14(n), where encrypted votes are successively processed by the mixing centers until the vote counting center 15 provides as its output a randomly, untraceably ordered set of unencrypted votes and the outcome of the tally. Each vote generating center 10, vote choosey 12(i), mixing center 14(i) and vote counting center 15 comprises a computing means, preferably a personal computer but it may also be a workstation or the like.
Having set 'forth an overview of the scheme, the details of vote construct process 26, prove process 20, and the information being transferred securely through untappable channel 16 will now be described.
The vote generating center 10, by executing vote construct process 26, generates an encrypted pair of 0-vote and 1-vote for each vote choosey 12(i).
The center follows the vote construct process for each vote choosey 12(i) with independently chosen random nurnbers.
The encryptESd form of 1-votes and 0-votes needs to be appropriate for input to the anonymous channel. Preferably, the method and apparatus described in U.S.
Patent No. 6,682,430 is used and the encrypted forms of 1-votes and 0-votes are selected to be:
The second step is transferring the vote from the vote-generating center to the voter via the shuffling centers. Each shuffling center shuffles the two votes for voter i through a shuffle-net. The committee commits with regard to how the votes are shuffled using chameleon commitments. Each shuffling center proves the correctness of its action. The c:ommitter reveals how the votes were shuffled only to the voter i through a secure untappable channel.
The second step is not mandatory, in which case the vote generating centee may directly send the vote to the voter through an ordinary channel.
The third step is anonymous voting by the voter. By keeping track of the initial ordering of the pair, and how they were shuffled during the second step, each voter knows which vote 'is which. Each voter submits one of the received votes to the counting center through a secure anonymous channel. Then the counting center tallies the votes.
Implementation of a secure anonymous channel can be found in an article by C. Park et al; entitled "Efficient Anonymous Channel and AIIINothing Election Scheme"
in Advances in Cryptology, Eurocrypt '93, 1993, pp. 248 to 259, or in U.S.
Patent No.
5,682,430, dated October 28, 1997 entitled "Secure Anonymous Message Transfer and Voting Scheme" which is assigned to the same assignees as the present invention.
Also, the invention results in a method which reduces the amount of communication and computation necessary to generate, transmit and check the proofs by combining multiple proofs into a single proof.
Embodiments of the invention will now be described, by way of example, with reference to the ac~~ompanying drawings, wherein:
Figure 1 is a block diagram of a preferred embodiment of the present invention;
Figure 2 is a block diagram of message flow;
Figure 3 is a block diagram of a preferred embodiment of the present invention with shuffling centers;
..',. 35 Figure 4 is a block diagram of message flow with shuffling centers;
and ~~~~99Q
Figure 5 is a block diagram of a shuffling center.
A preferred embodiment of a secure receipt-free voting scheme comprising the present invention will now be described with reference to Figures 1 and 2. In accordance with the scheme, the encrypted votes generated by vote-generating center 10 by vote construct: process 26 are posted on an electronic bulletin board 13 or other publicly accessible message means. The encrypted votes are pairs of 1-votes and 0-votes, permuted in random order, for each vote choosey 12(i). Then the vote generating center 10 secretly conveys to the vote choosey 12(i) through an untappable channel 16(i) how the encrypted votes for vote choosey 12(i) are ordered. At the same time, the vote generating center 10 needs to prove to the public that the vote was honestly generated and to the vote choosey that the center 10 had not sent false information in the secret message. These proofs are achieved by following prove process 20 as will be described below.
The vote choosey 12(i) chooses its ballot using the secret message from the vote generating center 10 through a physically untappable channel 16(i). The vote chosen by the vote choosers 12(1 ), 12(2),...12(P) are transferred anonymously through a secure anonymouis channel to a vote counting center 15. The secure anonymous channel can be realized by the mixing centers 14(1 ), 14(2),...14(n), where encrypted votes are successively processed by the mixing centers until the vote counting center 15 provides as its output a randomly, untraceably ordered set of unencrypted votes and the outcome of the tally. Each vote generating center 10, vote choosey 12(i), mixing center 14(i) and vote counting center 15 comprises a computing means, preferably a personal computer but it may also be a workstation or the like.
Having set 'forth an overview of the scheme, the details of vote construct process 26, prove process 20, and the information being transferred securely through untappable channel 16 will now be described.
The vote generating center 10, by executing vote construct process 26, generates an encrypted pair of 0-vote and 1-vote for each vote choosey 12(i).
The center follows the vote construct process for each vote choosey 12(i) with independently chosen random nurnbers.
The encryptESd form of 1-votes and 0-votes needs to be appropriate for input to the anonymous channel. Preferably, the method and apparatus described in U.S.
Patent No. 6,682,430 is used and the encrypted forms of 1-votes and 0-votes are selected to be:
21 7 fi 990 vo = (grit mod p,mo . yri~ mod p) v~I = (gr~2 mod p,m~ . yr'2 mod p) (1) for independent random numbers r~~ and r~2 for vote choosey 12(i) and appropriately chosen common constants p,g,y,mo and m~ for all vote choosers. The vote construct process 26 comprises calculating the above formulas with randomly chosen numbers r~~ and r~2.
The vote-generating center 10 posts on the bulletin board 13 in the order of (v~,v~) with a probability of one half, and (v~,vo) otherwise.
The prove process 20 comprises three algorithms: commitment 21, prove 1-0 22, and decommitment 23. The algorithm commitment 21 is used to calculate and post a chameleon commitment of the above ordering and a random sequence used in the succeeding prove 1-0 22 protocol. The algorithm prove 1-0 22 is executed multiple times to prove that the center 10 generated the votes honestly, and the output is posted on bulletin board 13. The algorithm decommit 23 is used to decommit the chameleon commitment committed in algorithm commit 21, through an untappable secure channel. The specific algorithm of prove 1-0 22 and chameleon commitment 21/decommitment c:3 will be described below.
The vote gE:nerating center sends an output of a decommitter, which is a chameleon decommitment, to the vote choosey 12(i) through the untappable channel 16(i).
The vote choosey 12(i) verifies the correctness of the prove 1-0 22 algorithm and the validity of clecommitments by verification process 24. If the correctness and validity are verified, the vote choosey 12(i) follows selection process 25 and chooses either one of the encrypted votes on the bulletin board 13, which expresses its opinion.
The vote choosey 1;?(i) is able to choose correctly because it knows how the encrypted votes were ordered from the chameleon decommitment.
The vote chosen by the vote choosey 12(i) will be input to a shuffle-net, together with other votes chosen by the other vote choosers.
In the scheme described above, a malicious party who coerces the vote choosey 12(i) to disclose its vote, will not receive a concrete proof of whether the chosen vote was a 1-vote or a 0-vote unless the vote generating center 10 is allowed to disclose the vote or the secure channel 16(i) which it is tapped into.
The vote-generating center 10 posts on the bulletin board 13 in the order of (v~,v~) with a probability of one half, and (v~,vo) otherwise.
The prove process 20 comprises three algorithms: commitment 21, prove 1-0 22, and decommitment 23. The algorithm commitment 21 is used to calculate and post a chameleon commitment of the above ordering and a random sequence used in the succeeding prove 1-0 22 protocol. The algorithm prove 1-0 22 is executed multiple times to prove that the center 10 generated the votes honestly, and the output is posted on bulletin board 13. The algorithm decommit 23 is used to decommit the chameleon commitment committed in algorithm commit 21, through an untappable secure channel. The specific algorithm of prove 1-0 22 and chameleon commitment 21/decommitment c:3 will be described below.
The vote gE:nerating center sends an output of a decommitter, which is a chameleon decommitment, to the vote choosey 12(i) through the untappable channel 16(i).
The vote choosey 12(i) verifies the correctness of the prove 1-0 22 algorithm and the validity of clecommitments by verification process 24. If the correctness and validity are verified, the vote choosey 12(i) follows selection process 25 and chooses either one of the encrypted votes on the bulletin board 13, which expresses its opinion.
The vote choosey 1;?(i) is able to choose correctly because it knows how the encrypted votes were ordered from the chameleon decommitment.
The vote chosen by the vote choosey 12(i) will be input to a shuffle-net, together with other votes chosen by the other vote choosers.
In the scheme described above, a malicious party who coerces the vote choosey 12(i) to disclose its vote, will not receive a concrete proof of whether the chosen vote was a 1-vote or a 0-vote unless the vote generating center 10 is allowed to disclose the vote or the secure channel 16(i) which it is tapped into.
The algorithms prove 1-0 22 and chameleon commitment 21/decommitment 23 will now be described. The prove 1-0 22 algorithm involves a prover and a verifier.
The prover is the vote generating center 10 in this case. The verifier may be any entity, including vote choosers 12(i). The probabilistic behavior of the algorithm will be determined by an output of a suitable hash function, but it may also be a random beacon.
The algorithm, given a randomly permuted pair of (v°, v~ ) generated and posted as equations (1), shows that they are indeed a pair of 1-vote and 0-vote.
Assuming a random string has been committed using chameleon commitment to the vote chooser, the prove 1-0 algorithm comprises the following steps:
1. The prover uniformly chooses r', r" and calculates E°(v°) _ (grmod p,m° ~ yr mod p) E~(v~) _ (gr~mod p,m~ ~ yr~ mod p) and posts E°(v°), E~(v~) in the order according to the committed string.
2a. With a probability of '/, the prover is asked to reveal r' and r". The verifier checks if E°(v°), or E~(v~) is made consistently.
2b. With a probability of'/z, the prover is asked to reveal s1 = r~~ - r' and s2 = r;2 - r'. The verifier checks that v° and v~ can be indeed generated from E°(v°), E~(v~) using s1, s2, g and y.
The chameleon commitment scheme will now be described. The chameleon commitment scheme involves a sender and a receiver. The sender is the vote generating center 10 in this case. The receivers are the vote choosers 12(i).
The following explanation is in terms of committing a single bit, 0 or 1, but can be easily transformE:d to commit multiple bits and strings. In the scheme, the receiver is assumed to know a satisfying a = ga for public integer a.
Commitment Sender commits 0 by g~ and a - g~ for 1 to the receiver.
Decommitment Sender reveals r. The receiver calculates both g~ and a~g~ and determines what was the committed bit.
In order to rnodify the decommitment, the receiver may claim it received r - a instead of r, which its the case when the sender committed the other value.
A more detailed description of chameleon commitments can be found in article "Minimum Disclosure Proofs of Knowledge" by Brassard, Chaum and Crepeau in JCSS, f" 35 pages 156-189, 1988.
The prover is the vote generating center 10 in this case. The verifier may be any entity, including vote choosers 12(i). The probabilistic behavior of the algorithm will be determined by an output of a suitable hash function, but it may also be a random beacon.
The algorithm, given a randomly permuted pair of (v°, v~ ) generated and posted as equations (1), shows that they are indeed a pair of 1-vote and 0-vote.
Assuming a random string has been committed using chameleon commitment to the vote chooser, the prove 1-0 algorithm comprises the following steps:
1. The prover uniformly chooses r', r" and calculates E°(v°) _ (grmod p,m° ~ yr mod p) E~(v~) _ (gr~mod p,m~ ~ yr~ mod p) and posts E°(v°), E~(v~) in the order according to the committed string.
2a. With a probability of '/, the prover is asked to reveal r' and r". The verifier checks if E°(v°), or E~(v~) is made consistently.
2b. With a probability of'/z, the prover is asked to reveal s1 = r~~ - r' and s2 = r;2 - r'. The verifier checks that v° and v~ can be indeed generated from E°(v°), E~(v~) using s1, s2, g and y.
The chameleon commitment scheme will now be described. The chameleon commitment scheme involves a sender and a receiver. The sender is the vote generating center 10 in this case. The receivers are the vote choosers 12(i).
The following explanation is in terms of committing a single bit, 0 or 1, but can be easily transformE:d to commit multiple bits and strings. In the scheme, the receiver is assumed to know a satisfying a = ga for public integer a.
Commitment Sender commits 0 by g~ and a - g~ for 1 to the receiver.
Decommitment Sender reveals r. The receiver calculates both g~ and a~g~ and determines what was the committed bit.
In order to rnodify the decommitment, the receiver may claim it received r - a instead of r, which its the case when the sender committed the other value.
A more detailed description of chameleon commitments can be found in article "Minimum Disclosure Proofs of Knowledge" by Brassard, Chaum and Crepeau in JCSS, f" 35 pages 156-189, 1988.
After the vote generating center 10 decommits its random string, the vote choosey 12(i) may follow with invalidation process 27 to invalidate the commitment of the center. T'he invalidation process 27 comprises informing the center of the value a, so that the center al:;o has the ability to provide false information afterwards, or to post the value a on a bulletin board 13.
To make sure that the vote choosey 12(i) has the ability to modify the commitments, that is, the vote choosey knows the exponent a, the interaction may occur between the vote generating center 10 and each vote choosey, before the commitment is applied, or even before the start of voting. For example, the vote choosers may execute a cut-and-choose protocol to pick the constant a so that the vote choosey knows a with high probability.
In order to make the receipt-free property of the present invention more secure, it is possible to incorporate a shuffle net 11 comprising multiple shuffling centers 11 (1 ), 11 (2),...11 (m), as shown in Figures 3 and 4. Each encrypted vote generated by vote generating center 10 for vote choosey 12(i) is passed through shuffle net 11 before reaching the vote clhooser 12(i). As a result, a malicious party would not be able to determine how the vote choosey 12(i) voted unless it colluded with all the shuffling centers and vote generating centers, or wiretapped every secret channel 17(1 ), 17(2)...17(m) between the shuffling centers 11 (m) and the vote choosey 12(i).
Each vote shuffling center comprises a computing means, preferably a personal computer but it may also be a workstation or the like.
The operation of the shuffle net and shuffling centers will now be described.
Shuffling center 11 (rn) processes each message posted by the previous shuffling center 11 (m-1 ) (or the vole generating center 10, when m = 1 ) and posts the results of process shuffle 30 (Figure 5) in permuted order until the last shuffling center 11 (m) posts the result of i:he shuffling. Each shuffling center conveys how the votes were shuffled to the vote: choaser through an untappable secure channel 17(m). Each shuffling center 11 (i) proves it shuffled honestly and did not provide false information to the vote choosey 12(i) in a manner similar to that of the vote generating center 10, which is achieved through executing process prove 31.
Figure 5 illustrates the operation of a shuffling center 11 (i). The shuffling center 11 (i) executes the processes shuffle 30 and prove 31 and posts the outputs.
The process prove 31 comprises an algorithm commitment 32 which chameleon commits the random string of the vote choosey.
To make sure that the vote choosey 12(i) has the ability to modify the commitments, that is, the vote choosey knows the exponent a, the interaction may occur between the vote generating center 10 and each vote choosey, before the commitment is applied, or even before the start of voting. For example, the vote choosers may execute a cut-and-choose protocol to pick the constant a so that the vote choosey knows a with high probability.
In order to make the receipt-free property of the present invention more secure, it is possible to incorporate a shuffle net 11 comprising multiple shuffling centers 11 (1 ), 11 (2),...11 (m), as shown in Figures 3 and 4. Each encrypted vote generated by vote generating center 10 for vote choosey 12(i) is passed through shuffle net 11 before reaching the vote clhooser 12(i). As a result, a malicious party would not be able to determine how the vote choosey 12(i) voted unless it colluded with all the shuffling centers and vote generating centers, or wiretapped every secret channel 17(1 ), 17(2)...17(m) between the shuffling centers 11 (m) and the vote choosey 12(i).
Each vote shuffling center comprises a computing means, preferably a personal computer but it may also be a workstation or the like.
The operation of the shuffle net and shuffling centers will now be described.
Shuffling center 11 (rn) processes each message posted by the previous shuffling center 11 (m-1 ) (or the vole generating center 10, when m = 1 ) and posts the results of process shuffle 30 (Figure 5) in permuted order until the last shuffling center 11 (m) posts the result of i:he shuffling. Each shuffling center conveys how the votes were shuffled to the vote: choaser through an untappable secure channel 17(m). Each shuffling center 11 (i) proves it shuffled honestly and did not provide false information to the vote choosey 12(i) in a manner similar to that of the vote generating center 10, which is achieved through executing process prove 31.
Figure 5 illustrates the operation of a shuffling center 11 (i). The shuffling center 11 (i) executes the processes shuffle 30 and prove 31 and posts the outputs.
The process prove 31 comprises an algorithm commitment 32 which chameleon commits the random string of the vote choosey.
The process; prove 31 further comprises three algorithms: commitment 32, prove shuffle 33, and decommitment 34.
In order to describe the process shuffle 30, let the input be encrypted shuffled votes, which are presented as:
X~ _ (A~,A2) X2 = (B1 ~ B2) The algorithm shuffle comprises generating a random number c~ and c2 and shuffling the encrypted votes X~ and X2 as S(X~) _ (A~ ~ g~~ mod p,A2 ~y°' mod p) S(X2) _ (B~ ~ g'2 mod p,B2 ~y'2 mod p) (2) and posting S(X~) and S(X2) in random order.
This order and a random sequence to be used in the algorithm prove shuffle is committed using chameleon commitment and posted on the bulletin board as the output of algorithm commii:ment 32.
The algorithim prove shuffle 33 is used to prove that the shuffling center 11 (i) executed the algorithm shuffle correctly. The prove shuffle algorithm 33 involves a -prover and a verifier. The' prover is the shuffling center in this case. The verifier may be any entity, including a vote choosey. The probabilistic behavior of the algorithm will be determined by an output of a suitable hash function, but it may also be a random beacon. The algorithm comprises a permuted pair of (S(X~),S(X2)), showing that they are indeed generated from inputs X~ and X2 as equations (2). Assuming a random string has been cornmitted using chameleon commitment to the vote choosey, the prove shuffle 33 algorithm comprises:
1. The prover uniformly chooses c',c" and calculates E(X~) _ (A~ ~ gc mod p,A2~yc mod p) E(X2) _ (B~ ~ gc~ mod p,B2~yc~ mod p) (3) post E(X~),E(X2) in the order according to the committed string.
2a. With a probability of 'h, the prover is asked to reveal c' and c". The verifier checks if E(X~),E(X2) is made consistently.
2b. With a probability of'/Z, the prover is asked to reveal t~ = c~ - c' and t2 = c2 - c". The verifier checks that E(X~) and E(X2) can indeed be generated from S(X~),S(XZ) using t~,t2,g and y.
In order to describe the process shuffle 30, let the input be encrypted shuffled votes, which are presented as:
X~ _ (A~,A2) X2 = (B1 ~ B2) The algorithm shuffle comprises generating a random number c~ and c2 and shuffling the encrypted votes X~ and X2 as S(X~) _ (A~ ~ g~~ mod p,A2 ~y°' mod p) S(X2) _ (B~ ~ g'2 mod p,B2 ~y'2 mod p) (2) and posting S(X~) and S(X2) in random order.
This order and a random sequence to be used in the algorithm prove shuffle is committed using chameleon commitment and posted on the bulletin board as the output of algorithm commii:ment 32.
The algorithim prove shuffle 33 is used to prove that the shuffling center 11 (i) executed the algorithm shuffle correctly. The prove shuffle algorithm 33 involves a -prover and a verifier. The' prover is the shuffling center in this case. The verifier may be any entity, including a vote choosey. The probabilistic behavior of the algorithm will be determined by an output of a suitable hash function, but it may also be a random beacon. The algorithm comprises a permuted pair of (S(X~),S(X2)), showing that they are indeed generated from inputs X~ and X2 as equations (2). Assuming a random string has been cornmitted using chameleon commitment to the vote choosey, the prove shuffle 33 algorithm comprises:
1. The prover uniformly chooses c',c" and calculates E(X~) _ (A~ ~ gc mod p,A2~yc mod p) E(X2) _ (B~ ~ gc~ mod p,B2~yc~ mod p) (3) post E(X~),E(X2) in the order according to the committed string.
2a. With a probability of 'h, the prover is asked to reveal c' and c". The verifier checks if E(X~),E(X2) is made consistently.
2b. With a probability of'/Z, the prover is asked to reveal t~ = c~ - c' and t2 = c2 - c". The verifier checks that E(X~) and E(X2) can indeed be generated from S(X~),S(XZ) using t~,t2,g and y.
ww 2176990 The encryptE~d votes posted by the vote generating center 10 are successively processed by the shuffling centers 11 (1 ), 11 (2),...11 (m) until the last center provides as its output a random untraceable ordered set of encrypted votes for each vote choosey.
The vote choosey 12(i) chooses its ballot using the secret messages from the vote generating center and shuffling centers through untappable secure channels 16(i), 17(1),17(2),..and 17 (m).
Invalidation of chameleon commitments of shuffling centers can be realized in a similar manner as. invalidated commitments of the vote generating center 10.
Having described a preferred method of the present invention, preferred embodiments of the invention will now be described.
Figure 1 schematically illustrates a preferred embodiment of the invention.
The vote generating center 10, vote choosers 12(1),12(2),...12(P), mixing centers 14(1),14(2),...14(n) and vote counting center 15 use personal computers or workstations connected to a conventional electronic bulletin board 13. There are un#appable secure channels 16(1),16(2)...16(Q) so that the vote generating center 10 can send a secret message to each vote choosey 12(i). All elements (senders, verifiers, centers and the like) comprising the message transfer process interact by posting messages to and receiving messages from the bulletin board 13, except when the vote generating center 10 sends decommitting messages to vote choosers 12(i) via untappable channel 16(i). The vote generating center 10 or vote choosers 12(i) or vote counting center 15 can also serve as mixing centers or vote counting centers.
The personal computers either contain software to perform the method described above or alternatively contain in hardware or software embodiments of the elements described in Figure 2.
Figure 2 illustrates how messages are transferred to achieve receipt-free voting.
For each vote choosey 12(i), vote generating center 10 generates encrypted votes using a vote constructor 26 as described above. The vote generating center 10 then follows process prove 20 which comprises algorithms commitment 21, prove 1-0 22 and decommitment 23. The output of decommitment 23 is sent to vote choosey 12(i) through untappable channel 16(i). Other outputs of the vote generating center 10 are posted on the bulletin board 13. The vote choosey 12(i) follows the processes verification 24 and :;election 25, and outputs selected votes from the encrypted votes on the bulletin board 13. The selected votes of all the vote choosers 12(1 ),12(2)...12(P) are anonymously transferred to vote counter 15 through anonymous channel 14.
The vote choosey 12(i) chooses its ballot using the secret messages from the vote generating center and shuffling centers through untappable secure channels 16(i), 17(1),17(2),..and 17 (m).
Invalidation of chameleon commitments of shuffling centers can be realized in a similar manner as. invalidated commitments of the vote generating center 10.
Having described a preferred method of the present invention, preferred embodiments of the invention will now be described.
Figure 1 schematically illustrates a preferred embodiment of the invention.
The vote generating center 10, vote choosers 12(1),12(2),...12(P), mixing centers 14(1),14(2),...14(n) and vote counting center 15 use personal computers or workstations connected to a conventional electronic bulletin board 13. There are un#appable secure channels 16(1),16(2)...16(Q) so that the vote generating center 10 can send a secret message to each vote choosey 12(i). All elements (senders, verifiers, centers and the like) comprising the message transfer process interact by posting messages to and receiving messages from the bulletin board 13, except when the vote generating center 10 sends decommitting messages to vote choosers 12(i) via untappable channel 16(i). The vote generating center 10 or vote choosers 12(i) or vote counting center 15 can also serve as mixing centers or vote counting centers.
The personal computers either contain software to perform the method described above or alternatively contain in hardware or software embodiments of the elements described in Figure 2.
Figure 2 illustrates how messages are transferred to achieve receipt-free voting.
For each vote choosey 12(i), vote generating center 10 generates encrypted votes using a vote constructor 26 as described above. The vote generating center 10 then follows process prove 20 which comprises algorithms commitment 21, prove 1-0 22 and decommitment 23. The output of decommitment 23 is sent to vote choosey 12(i) through untappable channel 16(i). Other outputs of the vote generating center 10 are posted on the bulletin board 13. The vote choosey 12(i) follows the processes verification 24 and :;election 25, and outputs selected votes from the encrypted votes on the bulletin board 13. The selected votes of all the vote choosers 12(1 ),12(2)...12(P) are anonymously transferred to vote counter 15 through anonymous channel 14.
Figure 3 schematically illustrates a preferred embodiment of the invention with a shuffle net. The vote generating center 10, vote shuffling centers 11 (1 ),11 (2),...11 (m), vote choosers 12(i), mixing centers 14(1 ),14(2),...14(n) and vote counting center 15 use personal computers or workstations connected to a conventional electi~onic bulletin board 13. There are untappable channels 16(1),16(2)...160) so that the vote generating center 10 can send a secret message to each vote choose~r. There are also untappable channels 17(1),17(2)...17(m) so that the shuffling centers 11 (1 ),11 (2),...11 (m) can send a secret message to vote chooser 12(i). All elements (senders, verifiers, centers and the like) comprising the message transfer process interact by posting messages to and receiving messages from the bulletin board 13, except for the vote generating center 10 or shuffling centers 11 (1 ) to 11 (m) which send decommitting messages to a vote chooser 12(i) via untappable channels 17(i). The vote generating center 10 or vote choosers 12(i) or vote counting center 15 or shuffling centers 11 (m) can also serve as mixing centers or vote counting centers or shuffling centers. The personal computers either contain software to perform the method described above or alternatively contain in hardware or software embodiments the elements described in Figures 4 and 5.
Figure 4 illustrates how messages are transferred to achieve receipt-free voting with a shuffle net. I=or each vote chooser 12(i), vote generating center 10 generates encrypted votes which are posted on the bulletin board 13. Then shuffling center 11 (m) reads encrypted votes from the bulletin board 13 and follows processes shuffle 30 and prove 31, and outputs shuffled votes to the bulletin board 13, while sending a decommitting mes:cage to vote chooser 12(i) through untappable channel 17(m).
Similarly, succeeding shuffling centers read the proceeding center's output from bulletin board 13, and post:; their output to the bulletin board 13 for the next shuffling center, while sending their decommitting message to vote choosey 12(i) through untappable channel 17(i). The last shuffling center's output will be read by the vote choosey 12(i), which follows the processes verification 35 and selection 36, and outputs selected votes from the encrypted votes on the bulletin board 13. The selected votes of all the vote choosers 12(1),12(;?)...12(>') are anonymously transferred to vote counter 15 through anonymous channel 14.
Figure 5 schematically illustrates a shuffling center 11 (i). The shuffling center follows process shuffle 30 and process prove 31. Process prove 31 comprises algorithms commitment 32, prove shuffle 33 and decommitment 34.
Figure 4 illustrates how messages are transferred to achieve receipt-free voting with a shuffle net. I=or each vote chooser 12(i), vote generating center 10 generates encrypted votes which are posted on the bulletin board 13. Then shuffling center 11 (m) reads encrypted votes from the bulletin board 13 and follows processes shuffle 30 and prove 31, and outputs shuffled votes to the bulletin board 13, while sending a decommitting mes:cage to vote chooser 12(i) through untappable channel 17(m).
Similarly, succeeding shuffling centers read the proceeding center's output from bulletin board 13, and post:; their output to the bulletin board 13 for the next shuffling center, while sending their decommitting message to vote choosey 12(i) through untappable channel 17(i). The last shuffling center's output will be read by the vote choosey 12(i), which follows the processes verification 35 and selection 36, and outputs selected votes from the encrypted votes on the bulletin board 13. The selected votes of all the vote choosers 12(1),12(;?)...12(>') are anonymously transferred to vote counter 15 through anonymous channel 14.
Figure 5 schematically illustrates a shuffling center 11 (i). The shuffling center follows process shuffle 30 and process prove 31. Process prove 31 comprises algorithms commitment 32, prove shuffle 33 and decommitment 34.
Claims (40)
1. A method of secure receipt-free voting comprising the steps of:
(a) constructing votes for each vote chooser for posting votes on a bulletin board;
(b) sending private messages to respective vote choosers without being intercepted;
(c) the vote chooser choosing the vote and constructing a message;
(d) the message from the vote chooser reaching a vote counting center through a secure anonymous channel;
and (e) the vote counting center counting the votes.
(a) constructing votes for each vote chooser for posting votes on a bulletin board;
(b) sending private messages to respective vote choosers without being intercepted;
(c) the vote chooser choosing the vote and constructing a message;
(d) the message from the vote chooser reaching a vote counting center through a secure anonymous channel;
and (e) the vote counting center counting the votes.
2. A method of secure receipt-free voting as set forth in claim 1, where said sending private messages comprises sending messages via secure untappable channels.
3. A method of secure receipt-free voting as set forth in claim 1, further comprising the step of proving the correctness of the vote construction.
4. A method of secure receipt-free voting as set forth in claim 3, where proving the correctness of the vote construction is performed by executing a prove 1-0 algorithm.
5. A method of secure receipt-free voting as set forth in claim 3, further comprising the steps of:
(f) said vote construction includes committing a random string using chameleon commitments;
(g) proving the correctness of the constructed votes by using committed bits; and (h) decommitting through a secure untappable channel.
(f) said vote construction includes committing a random string using chameleon commitments;
(g) proving the correctness of the constructed votes by using committed bits; and (h) decommitting through a secure untappable channel.
6. A method of secure receipt-free voting as set forth in claim 5, where proving the correctness is performed by executing a prove 1-0 algorithm.
7. A method of secure receipt-free voting as set forth in claim 5, further comprising the vote chooser invalidating chameleon commitment.
8. A method of secure receipt-free voting as set forth in claim 7, wherein proving the correctness is performed by executing the prove 1-0 algorithm.
9. A method of secure receipt-free voting as set forth in claim 7, wherein the vote chooser invalidating chameleon commitment provides its secret key for constructing votes to the bulletin board.
10. A method of secure receipt-free voting as set forth in claim 1, wherein step (a) further comprises:
(i) shuffling the constructed votes; and (ii) sending a private message about the shuffling to the vote chooser without being intercepted.
(i) shuffling the constructed votes; and (ii) sending a private message about the shuffling to the vote chooser without being intercepted.
11. A method of secure receipt-free voting as set forth in claim 10, wherein said sending a private message comprises sending a message via a secure untappable channel.
12. A method of secure receipt-free voting as set forth in claim 2, wherein step(a) further comprises:
(i) shuffling the constructed votes; and (ii) sending a private message about the shuffling to the vote chooser without being intercepted.
(i) shuffling the constructed votes; and (ii) sending a private message about the shuffling to the vote chooser without being intercepted.
13. A method of secure receipt-free voting as set forth in claim 12, wherein said sending a private message comprises sending via a secure untappable channel.
14. A method of secure receipt-free voting as set forth in claim 5, where step(a) further comprises:
(i) shuffling the constructed votes; and (ii) sending a private message about the shuffling to the vote chooser without being intercepted.
(i) shuffling the constructed votes; and (ii) sending a private message about the shuffling to the vote chooser without being intercepted.
15. A method of secure receipt-free voting as set forth in claim 14, wherein said sending a private message comprises sending via a secure untappable channel.
16. A method of secure receipt-free voting as set forth in claim 7, wherein step (a) further comprises:
(i) shuffling the constructed votes; and (ii) sending a private message about the shuffling to the vote chooser without being intercepted.
(i) shuffling the constructed votes; and (ii) sending a private message about the shuffling to the vote chooser without being intercepted.
17. A method of secure receipt-free voting as set forth in claim 16, wherein said sending a private message comprises sending via a secure untappable channel.
18. A method of secure receipt-free voting as set forth in claim 3, wherein step (a) further comprises:
(i) shuffling the constructed votes; and (ii) sending a private message about the shuffling to the vote chooser without being intercepted.
(i) shuffling the constructed votes; and (ii) sending a private message about the shuffling to the vote chooser without being intercepted.
19. A method of secure receipt-free voting as set forth in claim 18, wherein said sending a private message comprises sending via a secure untappable channel.
20. A method of secure receipt-free voting as set forth in claim 10, further comprising the step of proving the correctness of the shuffled constructed votes.
21. A method of secure receipt-free voting as set forth in claim 20, further comprising the steps of:
(f) committing a random string using chameleon commitments;
(g) proving the correctness of the shuffled constructed votes using committed bits; and (h) decommitting without being intercepted.
(f) committing a random string using chameleon commitments;
(g) proving the correctness of the shuffled constructed votes using committed bits; and (h) decommitting without being intercepted.
22. A method of secure receipt-free voting as set forth in claim 21, wherein said decommitting is through a secure untappable channel.
23. A method of secure receipt-free voting as set forth in claim 20, wherein said proving the correctness is performed by executing a prove shuffle algorithm.
24. A method of secure receipt-free voting as set forth in claim 21, wherein said proving the correctness is performed by executing a prove shuffle algorithm.
25. A method of secure receipt-free voting as set forth in claim 21, further comprising invalidating the chameleon commitment.
26. A method of secure receipt-free voting as set forth in claim 23, further comprising invalidating the chameleon commitment.
27. A method of secure receipt-free voting as set forth in claim 26, wherein invalidating the chameleon commitment includes providing a secret key for said shuffling to the bulletin board.
28. An apparatus for secure receipt-free voting comprising:
a plurality of vote generating centers;
a plurality of vote choosers;
a bulletin board;
a vote counting center;
said vote generating centers constructing votes for each of said vote choosers which votes are posted on said bulletin board and said vote generating centers sending private messages to respective vote choosers without being intercepted;
each of said vote choosers choosing the vote and constructing a message which reaches said vote counting center through a secure anonymous channel; and said vote counting center counting the votes.
a plurality of vote generating centers;
a plurality of vote choosers;
a bulletin board;
a vote counting center;
said vote generating centers constructing votes for each of said vote choosers which votes are posted on said bulletin board and said vote generating centers sending private messages to respective vote choosers without being intercepted;
each of said vote choosers choosing the vote and constructing a message which reaches said vote counting center through a secure anonymous channel; and said vote counting center counting the votes.
29. An apparatus for secure receipt-free voting as set forth in claim 28, wherein said vote generating centers send private messages to said vote choosers via secure untappable channels.
30. An apparatus for secure receipt-free voting as set forth in claim 28, wherein, said vote generating center commits a random string using chameleon commitment; proves the correctness of the vote construction using committed bits; and decommits through a secure untappable channel.
31. An apparatus for secure receipt-free voting as set forth in claim 30, wherein said vote chooser invalidates the chameleon commitment.
32. An apparatus for secure receipt-free voting as set forth in claim 28, further comprising:
a shuffle net of shuffling centers for receiving said constructed votes; and each shuffling center in the shuffle net shuffling the votes and sending a private message to a vote chooser without being intercepted.
a shuffle net of shuffling centers for receiving said constructed votes; and each shuffling center in the shuffle net shuffling the votes and sending a private message to a vote chooser without being intercepted.
33. An apparatus for secure receipt-free voting as set forth in claim 32, wherein each shuffling center sends a private message to a vote chooser via a secure untappable channel.
34. An apparatus for secure receipt-free voting as set forth in claim 30, further comprising:
a shuffle net of shuffling centers for receiving said constructed votes; and each shuffling center in the shuffle net shuffling the votes and sending a private message to a vote chooser without being intercepted.
a shuffle net of shuffling centers for receiving said constructed votes; and each shuffling center in the shuffle net shuffling the votes and sending a private message to a vote chooser without being intercepted.
35. An apparatus for secure receipt-free voting as set forth in claim 34, wherein each shuffling center sends a private message to a vote chooser via a secure untappable channel.
36. An apparatus for secure receipt-free voting as set forth in claim 32, wherein said shuffling centers prove the correctness of their vote construction.
37. An apparatus for secure receipt-free voting as set forth in claim 36, wherein, each shuffling center commits a random string using chameleon commitment and proves the correctness of its vote using committed bits, and decommits without being intercepted.
38. An apparatus for secure receipt-free voting as set forth in claim 37, wherein said decommitting is through a secure untappable channel.
39. An apparatus for secure receipt-free voting as set forth in claim 37, further comprising each vote chooser invalidating the chameleon commitment.
40. An apparatus for secure receipt-free voting as set forth in claim 39, wherein each vote chooser invalidates the chameleon commitment by providing its secret key to said shuffling centers or to said bulletin board.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US08/444,701 US6092051A (en) | 1995-05-19 | 1995-05-19 | Secure receipt-free electronic voting |
US08/444,701 | 1995-05-19 |
Publications (2)
Publication Number | Publication Date |
---|---|
CA2176990A1 CA2176990A1 (en) | 1996-11-20 |
CA2176990C true CA2176990C (en) | 2000-05-16 |
Family
ID=23765990
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA002176990A Expired - Fee Related CA2176990C (en) | 1995-05-19 | 1996-05-21 | Secure receipt-free electronic voting |
Country Status (6)
Country | Link |
---|---|
US (1) | US6092051A (en) |
EP (1) | EP0743620B1 (en) |
JP (1) | JP3730700B2 (en) |
AU (1) | AU702945B2 (en) |
CA (1) | CA2176990C (en) |
DE (1) | DE69636886T2 (en) |
Families Citing this family (61)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6457643B1 (en) * | 1997-12-22 | 2002-10-01 | Ian Way | Voting system |
US20050049082A1 (en) * | 1998-03-18 | 2005-03-03 | Callaway Golf Company | Golf ball |
JP2001202013A (en) * | 2000-01-21 | 2001-07-27 | Nec Corp | Anonymous participation authority control system |
WO2000021041A1 (en) * | 1998-10-06 | 2000-04-13 | Chavez Robert M | Digital elections network system with online voting and polling |
JP3233119B2 (en) | 1998-12-28 | 2001-11-26 | 日本電気株式会社 | Receipt-free electronic voting method and device |
AU5601100A (en) * | 1999-06-09 | 2000-12-28 | Donald Dipietro | Systems for interactive voting |
US20020078358A1 (en) * | 1999-08-16 | 2002-06-20 | Neff C. Andrew | Electronic voting system |
US20050160272A1 (en) * | 1999-10-28 | 2005-07-21 | Timecertain, Llc | System and method for providing trusted time in content of digital data files |
US20010034640A1 (en) * | 2000-01-27 | 2001-10-25 | David Chaum | Physical and digital secret ballot systems |
US7152156B1 (en) * | 2000-02-17 | 2006-12-19 | Hart Intercivic, Inc. | Secure internet voting system with bootable disk |
CN1242617C (en) | 2000-03-03 | 2006-02-15 | 雅马哈株式会社 | Video distribution playback method, device installed on video distribation teminal, device installed on video playback teminal, computer readable medium and film distribution method |
JP4181724B2 (en) * | 2000-03-03 | 2008-11-19 | 日本電気株式会社 | Re-encryption shuffle method and apparatus with certificate, re-encryption shuffle verification method and apparatus, input sentence string generation method and apparatus, and recording medium |
US6950948B2 (en) * | 2000-03-24 | 2005-09-27 | Votehere, Inc. | Verifiable, secret shuffles of encrypted data, such as elgamal encrypted data for secure multi-authority elections |
US20030028423A1 (en) * | 2000-03-24 | 2003-02-06 | Neff C. Andrew | Detecting compromised ballots |
US7099471B2 (en) * | 2000-03-24 | 2006-08-29 | Dategrity Corporation | Detecting compromised ballots |
US20060085647A1 (en) * | 2000-03-24 | 2006-04-20 | Neff C A | Detecting compromised ballots |
EP1633077A3 (en) * | 2000-03-24 | 2006-06-07 | Dategrity Corporation | Verifiable, secret shuffles of encrypted data, such as elgamal encrypted data for secure multi-authority elections |
US7389250B2 (en) * | 2000-03-24 | 2008-06-17 | Demoxi, Inc. | Coercion-free voting scheme |
EP1148447A1 (en) * | 2000-04-21 | 2001-10-24 | Microflight S.r.l. | Method and apparatus for collecting and transmitting the results of votes |
US20010037234A1 (en) * | 2000-05-22 | 2001-11-01 | Parmasad Ravi A. | Method and apparatus for determining a voting result using a communications network |
US7461787B2 (en) * | 2000-11-20 | 2008-12-09 | Avante International Technology, Inc. | Electronic voting apparatus, system and method |
AU2001297675A1 (en) * | 2000-11-20 | 2002-09-19 | Amerasia International Technology, Inc. | Electronic voting apparatus, system and method |
US7422150B2 (en) * | 2000-11-20 | 2008-09-09 | Avante International Technology, Inc. | Electronic voting apparatus, system and method |
US20030046207A1 (en) * | 2000-12-04 | 2003-03-06 | Andrew Torre | Participant voting system and method for creating a diversified investment fund |
US6968999B2 (en) * | 2000-12-28 | 2005-11-29 | Reardon David C | Computer enhanced voting system including verifiable, custom printed ballots imprinted to the specifications of each voter |
US20060041468A1 (en) * | 2000-12-28 | 2006-02-23 | Reardon David C | Custom printed, voter verified ballots with fixed range input |
SE0100202L (en) * | 2001-01-24 | 2002-07-25 | Fredrik Allard | Voting System |
US7921033B2 (en) * | 2001-01-29 | 2011-04-05 | Microsoft Corporation | System and method for high-density interactive voting using a computer network |
AU2002232794A1 (en) * | 2001-02-20 | 2002-09-04 | Votehere, Inc. | Detecting compromised ballots |
US7729991B2 (en) * | 2001-03-20 | 2010-06-01 | Booz-Allen & Hamilton Inc. | Method and system for electronic voter registration and electronic voting over a network |
CA2441304C (en) * | 2001-03-24 | 2005-05-31 | Votehere, Inc. | Verifiable secret shuffles and their application to electronic voting |
WO2002082255A1 (en) * | 2001-04-09 | 2002-10-17 | Maurice Ostroff | A voting system and method |
JP3901471B2 (en) * | 2001-05-18 | 2007-04-04 | 日本電気株式会社 | Proofed shuffle decryption system, proved shuffle decryption method, and shuffle decryption verification method |
US20030006282A1 (en) * | 2001-07-06 | 2003-01-09 | Dennis Vadura | Systems and methods for electronic voting |
US7284700B1 (en) | 2003-06-19 | 2007-10-23 | Populex Corp. | Advanced voting system and method |
US7306148B1 (en) | 2001-07-26 | 2007-12-11 | Populex Corp. | Advanced voting system and method |
US20030055719A1 (en) * | 2001-09-20 | 2003-03-20 | Faigle Christopher T. | Remote participation and voting in a meeting |
US7077313B2 (en) * | 2001-10-01 | 2006-07-18 | Avante International Technology, Inc. | Electronic voting method for optically scanned ballot |
US7635087B1 (en) | 2001-10-01 | 2009-12-22 | Avante International Technology, Inc. | Method for processing a machine readable ballot and ballot therefor |
US7828215B2 (en) * | 2001-10-01 | 2010-11-09 | Avante International Technology, Inc. | Reader for an optically readable ballot |
US6942142B2 (en) * | 2001-10-02 | 2005-09-13 | Hewlett-Packard Development Company, L.P. | Voting ballot, voting machine, and associated methods |
EP1469429B1 (en) * | 2001-12-12 | 2009-03-04 | Scytl Secure Electronic Voting, S.A. | Secure electronic voting method and the cryptographic protocols and computer programs used |
CA2475136C (en) * | 2002-02-14 | 2007-04-17 | Votehere, Inc. | A coercion-free voting scheme |
US20060222180A1 (en) * | 2002-10-15 | 2006-10-05 | Elliott Brig B | Chip-scale transmitter for quantum cryptography |
CA2567727A1 (en) * | 2004-06-07 | 2005-12-22 | Dategrity Corporation | Cryptographic systems and methods, including practical high certainty intent verification, such as for encrypted votes in an electronic election |
DE602005014047D1 (en) * | 2004-06-30 | 2009-06-04 | France Telecom | Electronic voting system and system in a high security communication network |
US7490768B2 (en) * | 2004-07-05 | 2009-02-17 | International Business Machines Corporation | Election system enabling coercion-free remote voting |
US8005211B2 (en) * | 2005-02-28 | 2011-08-23 | Nec Corporation | Shuffle-decrypting legitimacy certifying apparatus and method, shuffle-decrypting verifying apparatus and method, program, and recording medium |
US7497377B2 (en) * | 2005-04-26 | 2009-03-03 | David Watson | Electronic poll register system for elections |
US7387244B2 (en) * | 2005-05-27 | 2008-06-17 | Election Systems & Software, Inc. | Electronic voting system and method with voter verifiable real-time audit log |
JP4771053B2 (en) * | 2005-05-27 | 2011-09-14 | 日本電気株式会社 | Integrated shuffle validity proving device, proof integrating device, integrated shuffle validity verifying device, and mixed net system |
US20070130455A1 (en) * | 2005-12-06 | 2007-06-07 | Elliott Brig B | Series encryption in a quantum cryptographic system |
US20070133798A1 (en) * | 2005-12-14 | 2007-06-14 | Elliott Brig B | Quantum cryptography on a multi-drop optical network |
US8082443B2 (en) * | 2006-01-09 | 2011-12-20 | Bbnt Solutions Llc. | Pedigrees for quantum cryptography |
US8061589B2 (en) | 2006-10-20 | 2011-11-22 | Barry Cohen | Electronic voting system |
GB2454030A (en) | 2007-10-24 | 2009-04-29 | Plastic Logic Ltd | Edgeless display device |
US8066184B2 (en) * | 2008-04-30 | 2011-11-29 | Avante International Technology, Inc. | Optically readable marking sheet and reading apparatus and method therefor |
US8261985B2 (en) | 2009-04-07 | 2012-09-11 | Avante Corporation Limited | Manual recount process using digitally imaged ballots |
CA2671269A1 (en) * | 2009-07-08 | 2011-01-08 | Ky M. Vu | An anti-rigging voting system and its software design |
US8261986B2 (en) * | 2009-10-21 | 2012-09-11 | Kevin Kwong-Tai Chung | System and method for decoding an optically readable markable sheet and markable sheet therefor |
US11488433B2 (en) * | 2018-01-11 | 2022-11-01 | Mastercard International Incorporated | Method and system for public elections on a moderated blockchain |
Family Cites Families (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US3947669A (en) * | 1974-12-30 | 1976-03-30 | Applied Futures, Inc. | Voting machine |
US4641241A (en) * | 1984-05-08 | 1987-02-03 | R. F. Shoup Corporation | Memory cartridge for electronic voting system |
US4641240A (en) * | 1984-05-18 | 1987-02-03 | R. F. Shoup Corporation | Electronic voting machine and system |
US4774665A (en) * | 1986-04-24 | 1988-09-27 | Data Information Management Systems, Inc. | Electronic computerized vote-counting apparatus |
US5117358A (en) * | 1989-09-25 | 1992-05-26 | Winkler Peter M | Electronic trusted party |
FI86486C (en) * | 1990-08-27 | 1992-08-25 | Tecnomen Oy | FOERFARANDE FOER ATT ARRANGERA TELEROESTNINGEN PAO ETT SAEKERT SAETT. |
US5218528A (en) * | 1990-11-06 | 1993-06-08 | Advanced Technological Systems, Inc. | Automated voting system |
US5189288A (en) * | 1991-01-14 | 1993-02-23 | Texas Instruments Incorporated | Method and system for automated voting |
US5278753A (en) * | 1991-08-16 | 1994-01-11 | Graft Iii Charles V | Electronic voting system |
JP2747171B2 (en) * | 1992-07-06 | 1998-05-06 | 株式会社 政治広報センター | Election terminal device and voting confirmation method |
US5400248A (en) * | 1993-09-15 | 1995-03-21 | John D. Chisholm | Computer network based conditional voting system |
US5412727A (en) * | 1994-01-14 | 1995-05-02 | Drexler Technology Corporation | Anti-fraud voter registration and voting system using a data card |
US5583329A (en) * | 1994-08-01 | 1996-12-10 | Election Products, Inc. | Direct recording electronic voting machine and voting process |
US5495532A (en) * | 1994-08-19 | 1996-02-27 | Nec Research Institute, Inc. | Secure electronic voting using partially compatible homomorphisms |
US5682430A (en) * | 1995-01-23 | 1997-10-28 | Nec Research Institute, Inc. | Secure anonymous message transfer and voting scheme |
-
1995
- 1995-05-19 US US08/444,701 patent/US6092051A/en not_active Expired - Fee Related
-
1996
- 1996-02-15 JP JP2777596A patent/JP3730700B2/en not_active Expired - Fee Related
- 1996-05-17 AU AU52351/96A patent/AU702945B2/en not_active Ceased
- 1996-05-20 EP EP96108028A patent/EP0743620B1/en not_active Expired - Lifetime
- 1996-05-20 DE DE69636886T patent/DE69636886T2/en not_active Expired - Fee Related
- 1996-05-21 CA CA002176990A patent/CA2176990C/en not_active Expired - Fee Related
Also Published As
Publication number | Publication date |
---|---|
US6092051A (en) | 2000-07-18 |
CA2176990A1 (en) | 1996-11-20 |
DE69636886T2 (en) | 2007-12-06 |
DE69636886D1 (en) | 2007-03-22 |
EP0743620A2 (en) | 1996-11-20 |
EP0743620B1 (en) | 2007-02-07 |
JP3730700B2 (en) | 2006-01-05 |
AU5235196A (en) | 1996-11-28 |
JPH08315053A (en) | 1996-11-29 |
EP0743620A3 (en) | 2000-07-19 |
AU702945B2 (en) | 1999-03-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CA2176990C (en) | Secure receipt-free electronic voting | |
Sako et al. | Receipt-free mix-type voting scheme: A practical solution to the implementation of a voting booth | |
Fujioka et al. | A practical secret voting scheme for large scale elections | |
Cramer et al. | Multi-authority secret-ballot elections with linear work | |
Michels et al. | Some remarks on a receipt-free and universally verifiable mix-type voting scheme | |
US5682430A (en) | Secure anonymous message transfer and voting scheme | |
Liaw | A secure electronic voting protocol for general elections | |
US20070192607A1 (en) | Electronic voting process using fair blind signatures | |
Weber et al. | On coercion-resistant electronic elections with linear work | |
Rjašková | Electronic voting schemes | |
Zou et al. | Assurable, transparent, and mutual restraining e-voting involving multiple conflicting parties | |
Qu et al. | A electronic voting protocol based on blockchain and homomorphic signcryption | |
Juang et al. | A collision-free secret ballot protocol for computerized general elections | |
Schoenmakers | Fully auditable electronic secret-ballot elections | |
WO2001020562A2 (en) | Multiway election method and apparatus | |
Fan et al. | An efficient multi-receipt mechanism for uncoercible anonymous electronic voting | |
Carroll et al. | A secure and efficient voter-controlled anonymous election scheme | |
Carroll et al. | A secure and anonymous voter-controlled election scheme | |
Sarier | Efficient and Usable Coercion-Resistant E-Voting on the Blockchain | |
Kim et al. | A new universally verifiable and receipt-free electronic voting scheme using one-way untappable channels | |
CN109544772B (en) | Safe and efficient electronic voting method | |
Goh et al. | Event driven private counters | |
Sınak et al. | End-2-end verifiable internet voting protocol based on homomorphic encryption | |
Song et al. | A practical electronic voting protocol based upon oblivious signature scheme | |
Niemi et al. | Efficient voting with no selling of votes |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
EEER | Examination request | ||
MKLA | Lapsed |