Prêt à Voter is an
E2E voting system devised by Peter Ryan of the
University of Luxembourg
The University of Luxembourg ( French: ''Université du Luxembourg''; German: ''Universität Luxemburg''; Luxembourgish: ''Universitéit Lëtzebuerg'') is a public research university in Luxembourg.
History
The University of Luxembourg was foun ...
. It aims to provide guarantees of accuracy of the count and ballot privacy that are independent of software, hardware etc. Assurance of accuracy flows from maximal transparency of the process, consistent with maintaining ballot privacy. In particular, Prêt à Voter enables voters to confirm that their vote is accurately included in the count whilst avoiding dangers of coercion or vote buying.
The key idea behind the Prêt à Voter approach is to encode the vote using a
randomized
In common usage, randomness is the apparent or actual lack of pattern or predictability in events. A random sequence of events, symbols or steps often has no order and does not follow an intelligible pattern or combination. Individual rand ...
candidate list. The randomisation of the candidate list on each ballot form ensures the secrecy of each vote. Incidentally, it also removes any bias towards the top candidate that can occur with a fixed ordering.
The value printed on the bottom of the receipt is the key to extraction of the vote. Buried
cryptographically
Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or '' -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adv ...
in this value is the information needed to reconstruct the candidate order and so extract the vote encoded on the receipt. This information is encrypted with
secret key
A key in cryptography is a piece of information, usually a string of numbers or letters that are stored in a file, which, when processed through a cryptographic algorithm, can encode or decode cryptographic data. Based on the used method, the key c ...
s shared across a number of
tellers. Thus, only the set of tellers acting together are able to interpret the vote encoded on the receipt. No individual agent or machine involved in the election should ever be able to tie a particular voter to a particular decrypted vote.
After the election, voters (or perhaps proxies acting on their behalf) can visit the Web Bulletin Board (WBB) and confirm their receipts appear correctly. Once this is over, the tellers take over and perform anonymising mixes and decryption of the receipts. All the intermediate stages of this process are posted to the WBB and are audited later.
There are various auditing mechanisms to ensure that all the steps, the creation of the ballot forms, the mixing and decryption and so on were all performed correctly, but these are carefully designed so as not to impinge on ballot privacy.
Example
Suppose that our voter is called Anne. At the polling station, Anne chooses, at random, a ballot form sealed in an envelope. An example of such a form is shown below:
In the booth, Anne extracts her ballot form from the envelope and makes her selection in the usual way by placing a cross in the right-hand column against the candidate of choice (or, in the case of a
Single Transferable Vote
Single transferable vote (STV) is a multi-winner electoral system in which voters cast a single vote in the form of a ranked-choice ballot. Voters have the option to rank candidates, and their vote may be transferred according to alternate p ...
(STV) system for example, she marks her ranking against the candidates). For example, a vote for Asterix is given by:
Once her selection has been made, she separates the left and right hand strips along a perforation and discards the left hand strip. She is left with the right hand strip which now constitutes her privacy protected receipt, as shown in Table 3.
Anne now exits the booth clutching her receipt, registers with an official, and casts her receipt. Her receipt is placed over an optical reader or similar device that records the random value at the bottom of the strip and records in which cell her "X" is marked. Her original paper receipt is digitally signed and
franked, and returned to her to keep.
Note that because the candidate list is removed before scanning, the machine that reads the ballot paper never learns the content of the vote. This prevents (intentional or unintentional) violation of vote privacy by the scanning equipment.
Origin
Prêt à Voter was inspired by the earlier, voter-verifiable scheme by
David Chaum
David Lee Chaum (born 1955) is an American computer scientist, cryptographer, and inventor. He is known as a pioneer in cryptography and privacy-preserving technologies, and widely recognized as the inventor of digital cash. His 1982 dissertatio ...
. It replaces the visual cryptographic encoding the voter's choice in Chaum's scheme by the conceptually and technologically simpler candidate randomization. The Prêt à Voter idea of encoding the vote through permutations has subsequently been incorporated in Chaum's
Punchscan
Punchscan is an optical scan vote counting system invented by cryptographer David Chaum. Punchscan is designed to offer integrity, privacy, and transparency. The system is voter-verifiable, provides an end-to-end (E2E) audit mechanism, and issu ...
scheme. However Punchscan uses a permutation of indirection symbols instead of candidate names allowing it to comply with voting laws that require a specific ordering of candidates. The first implementation of Prêt à Voter, by a team led by the
University of Surrey
The University of Surrey is a public research university in Guildford, Surrey, England. The university received its royal charter in 1966, along with a number of other institutions following recommendations in the Robbins Report. The institut ...
, won Best Design, and overall second place at the 2007
University Voting Systems Competition The University Voting Systems Competition, or VoComp is an annual competition in which teams of students design, implement, and demonstrate open-source election systems. The systems are presented to a panel of security expert judges. The winners ar ...
, after the winning team, Punchscan, uncovered a security flaw in the random number generator portion of the Prêt à Voter source code
.
Past development
An
EPSRC
The Engineering and Physical Sciences Research Council (EPSRC) is a British Research Council that provides government funding for grants to undertake research and postgraduate degrees in engineering and the physical sciences, mainly to universi ...
-funded project
Trustworthy Voting Systems ran from April 2009 to April 2014, and aimed to enhance the design of Prêt à Voter in various ways, to build a full prototype implementation, and to produce mathematical proofs of the claimed security properties of Prêt à Voter. The project was run by James Heather and Steve Schneider at the
University of Surrey
The University of Surrey is a public research university in Guildford, Surrey, England. The university received its royal charter in 1966, along with a number of other institutions following recommendations in the Robbins Report. The institut ...
, and Mark Ryan at the
University of Birmingham
, mottoeng = Through efforts to heights
, established = 1825 – Birmingham School of Medicine and Surgery1836 – Birmingham Royal School of Medicine and Surgery1843 – Queen's College1875 – Mason Science College1898 – Mason Univers ...
; it was a close collaboration with the FNR-funded SerTVS project run by Peter Ryan at the
University of Luxembourg
The University of Luxembourg ( French: ''Université du Luxembourg''; German: ''Universität Luxemburg''; Luxembourgish: ''Universitéit Lëtzebuerg'') is a public research university in Luxembourg.
History
The University of Luxembourg was foun ...
.
Current development
There appears to have been no development since 2014. Their domains have expired as of 2015.
Security Analysis
There were a few different studies done, mostly concluding that the system was secure and "remarkably robust", despite a few possible attack vectors.
References
External links
* An accessible account of Prêt à Voter can be found in "The Computer Ate my Vote", chapter to appear in ''Formal Methods: State of the Art and New Directions'', Ed. Paul Boca, Springer 2007, also available as Newcastle University Technical Report 98
* Further technical details can be found in Newcastle University Technical Reports 864, 880, 929, 956 and 965, and on th
Prêt à Voter web site.
{{DEFAULTSORT:Pret A Voter
Election technology
Applications of cryptography