Control químico

Malkhi et al, who first proposed the notion of pollsterless voting schemes, suggested the use of advanced check vectors as a computational basis for their implementation. The technique employs the use of two two vectorsV andB each held by a different participant, per secret s, known by both, for which V B = s. One participant may prove to the other that it knowssby revealing the vector it possesses.

An outline of the scheme is provided below, although the original paper is recommended for a fuller description [85]. The scheme proceeds in the three phases common for voting schemes; initiation, voting and tallying. The system assumes the prior establishment of

secure, anonymous channels between voters and the election authorities.

The following definitions are introduced:

• The protocol participants: Dealer, Intermediary, and a Receiver. The Dealer is re- sponsible for initialising the election by distributing credentials consisting of pairs of check vectors for each option. The Intermediaries act as voters by casting votes using credentials. Finally, the Receiver act as a Tallier of cast votes.

• A security parameterb, which specifies the lengths of Vectors employed in the pro- tocol.

• A set ofsmeanings, denotedS, one for each candidate in an election. Letndenote the number of choices in the election.

• Pairs of voting vectorsV0andV1 both with meanings, in whichsrefers to a voter’s choice. Each voter is issued with a pair of vectors for each option available for the proposal.

• Pairs of check vectors, denotedB0andB1.

Figure 4.2 illustrates the three phases of the protocol between the Dealer, Intermediary and Receiver.

4.2.1

Initiation

The Dealer delivers sets of pairs of vectors, ∀1≤k≤n{Vk,0, Vk,1}, to each intermediary to- gether withn secret meaningss (one for each vector pair). The Dealer also sends sets of pairs of check vectors∀1≤k≤n{Bk,0, Bk,1}to the Receiver, together withnsecret meanings s(one for each vector pair).

The work also provided the details of a scheme by which the setup may be conducted via an anonymous multi-party computation (AMPC), in whichm dealers each only know an additive share of each of the coordinates of a generated vectorV. Themdealers collaborate in the AMPC to simulate initiation as in the single dealer case, except that a single dealer cannot know the value of a completeV value.

4.2.2

Pre-Voting Verification

Prior to the voting phase, the voter sends one of their voting vectors (chosen at random from the set of pairs of vectors for the election) to the Receiver. The Receiver then returns to the voter the Check Vector of the neighbouring vector to that sent. The voter then confirms that the product of the neighbouring vector and the check vector is equal tos. The revealed voting vector is then invalid for voting. The purpose of this check is to confirm that the Receiver is the appropriate entity to send a real vote vector to.

4.2.3

Voting and Tallying

In order to cast a vote, the Intermediary (the Voter) sends a Vector V to a Receiver (the Tallier). The Receiver computesV B = s, using the appropriateB vector for the received V vector.

Protocol Initiation:

Dealer

Dealer IntermediateIntermediate ReceiverReceiverii

V,|V| ≥b+ 1 s∈S ∀1≤k≤n{Vk,0, Vk,1, s} - ∀1≤k≤n{Bk,0, Bk,1, s} - Pre-Voting Verification: Intermediate

Intermediate ReceiverReceiverii

Vk,j - Vk,jBk,j=s? Bk,((j+1)mod2) Vk,((j+1)mod 2)Bk,((j+1)mod 2)=s?

Voting (assuming for same candidate as tested during verification):

Intermediate

Intermediate ReceiverReceiverii

Vk,j

-

Vk,((j+1)mod 2)Bk,((j+1)mod 2)=s?

Figure 4.2: Initiation, pre-voting verification and voting of the Malkhi et al pollsterless scheme. A

Dealer distributes vectors to Intermediates (Voters) and to a Receiver (the Tallier). The Intermediate

may perform pre-voting verification using the spare credentials provided by the Dealer. Finally, the

4.2.4

Comment

Whilst the scheme reduces the computational load for voters, there is still a considerable amount of computation for the voter to perform in order to verify that a vote has been correctly tallied. Commentary on the scheme within the published paper notes that the voter is required to perform a considerable amount of manual computation, even with the aid of a pocket calculator and that further refinements would be required prior to the scheme’s practical use. In addition, the scheme cannot be argued to be truly voter verifiable, since the mechanism described provides a mechanism for the voter to determine authenticate the remote Tallier, but not to ensure that the Tallier is not corrupt.

Disputes, disruptions or delays may arise when voters are unable to perform the vector computation accurately, even though the correct check vector has been received. Pieters has suggested (based on pilots of another voting scheme implementation) that voter veri- fication activity that result in a voter incorrectly perceiving an election authority as having cheated can reduce voter confidence in the result [110]. In this sense, voter verifiable voting schemes may in fact reduce voter confidence in the result of an election, if the verification process is complex and prone to error. The high occurrence of false positives during er- ror detection suggests to external observers that the system is under sustained attack or is attempting to cheat at least a proportion of voters.