18271
>> Josh Benaloh: Not knowing when enough is enough, I'm going to reconvene quickly because
a few people suggested it. And we've got a couple of quick topics, but we'll make it quick so we
can wrap up and move over.
So a few people did ask that I just say a little bit about some alternatives. So let me just show a
couple of other systems that I think are interesting, and I won't go into too much detail. But one
thing that I think is particularly interesting is the [indiscernible] ballot. And Ben did mention this
quickly this morning, but this is a very clever idea and one of the things I liked most about it is you
can explain it pretty in one sentence to most voters. The basic idea is how do you get the voter
verification.
Well, here's a ballot, and the only interesting feature about it is that the candidates are
randomized differently on each ballot. Well, not on every ballot, but every ballot independently
randomizes all the candidates. So voters task here is pretty much to pick the preferred
candidate, put an X there, and take advantage of the prescored tear, tear off the left half, throw it
away, and this is what's left. This is the receipt.
Now, what you do with it is, well, this ID down here, you can explain to a voter this is an
encryption of the order of the candidates. So from this value down here, you can actually tell
what this vote is and you go through the cryptographic back-end processes.
The verification can be very simple. A voter can pick up three ballots and say, okay, open these
two. These two open properly. Okay. Now I believe the third one is good, I'll vote on it. Done.
Everything works well.
It's a very nice system. Also you can do auditing beforehand. Make way more ballots than you
need and use some random process to decide to open half the ballots beforehand to do some
preauditing, and any leftover ballots at the end, you open them and audit them, too.
You have a lot of possibility for auditing this. Another thing, it's a little bit more complicated to go
through, but it's a really nice possibility. We kept talking around Mark Pledge a little bit. So I'm
going to describe it. This is Andy Neff's track. What this does, unlike any of the other things we
talked about, is this allows auditing of the ballot that you actually cast. Instead of the cut and
choose types of systems where, okay, those ballots look good so I believe my ballot looks good
also, this is your own ballot you can check.
And the basic approach is this is a legitimate mark pledge ballot with a vote for David. And the
way you know it's a vote for David is all the numbers next to David are the same.
Doesn't matter what they are, they're all the same. So you as a voter would interact with the
voting booth. This would be done electronically. You tell the voting device I want to cast a vote
for David and a ballot would be prepared in this form.
So random except for all constant in one realm. That ballot would be prepared. It will then be
encrypted and committed to. You'll get an encryption and a hash of that encryption.
And then you as a voter get to see the commitment that goes further than that that says that your
candidate number is. This is not printed. It's just displayed for you. Your candidate number is
863 or something like that and your challenge as a voter you interact, the voter, basically pick a
column, pick a random number, the random number corresponds to the column. The voter
challenge is decrypt column number five. Column number five is opened and all the opening is
committed to and can be checked off line later. Column number five is open, and you can check
that the commitment really does match your candidate at that point. And that way you have some
confidence that this ballot does really represent your intentions.
Later on, this ballot is going to be fully opened. Not with exactly these numbers. It goes through
homomorphic type processes where all the numbers are changed, but the numbers that start out
the same end up the same. So it will still be the case that David's row will be constant and you'll
look for David.
So that's pretty much that there. I guess I'll mention PunchScan quickly. Basically there are a
few different -- you've got two pages. And you have a couple of different possibilities here. So
the top page might say X is Bob is Y and Alice and bottom page might switch X and Y or the top
page might be switched.
What you do as a voter you take one of these big bingo daubers and you mark right through and
then these things get separated. If you have the two together, you can tell what that's a vote for.
But just one serves as a receipt doesn't reveal your vote and goes through a process very similar
to this Scantegrity process on the back end. Again I won't go through the details. This is a little
bit more cumbersome. This is something that David Jom did a few generations ago. It had some
interesting uses. But nothing more.
Scantegrity. I can go right past. Free ballot is one of Ron's innovations. Just this is a proof of
concept kind of thing, showing you could do this with no cryptography at all. It's not a perfect
system by any means. But the idea is roughly you've got three identical ballots. You mark once
for the candidates you're not voting for, twice for candidates you are voting for. And so this is
over here top of vote for Bob. And down here is a vote for David.
When these things are all counted, you get all the right differentials. You just sort of add up the
total number of votes and everything works out. If you want you can subtract off one from every
candidate and you'll get exactly the right numbers.
But the key thing is you can keep one of these as a receipt and one of these things doesn't show
how you voted. And there doesn't have to be any cryptography in it. There is some how do you
enforce you really did put one or two marks in a row and other such issues. But it's getting at the
basic idea.
So I don't even have to go through that with verifiability. I just wanted to show a few front ends.
And the other thing that has come up Ron was raising the issue of looking at what we can do with
remote voting, mail-in voting, especially.
We live in a remote voting state. Most of us do. And are there ways that we can get verifiability,
get protection from coercion, and still have this mail-in kind of election. And we were bouncing
around a few ideas. I don't know, many people are probably aware of this medical anonymization
trick, where you're asked a question like: Do you or are you HIV positive, and people would be
reluctant to answer, perhaps.
So the instructions are, instead, flip a coin at random, if it comes up heads, say yes, I'm HIV
positive. If it says no, answer truthfully. If it's tails answer truthfully. You know, one, B, E,
whatever.
And this is a way that people can answer truthfully and still not risk or not risk nearly as much but
revealing their information because if they marked yes I'm HIV positive, they can always say
whoa it's just because the coin came up heads that I made that mark. But statistically then you
can get a lot of information.
Maybe we can do something like that with mail-in voting, where you have access to your votes
and your votes might be coerced or you might be able to see how you voted or show somebody
else how you voted, but half the votes are randomized and statistically you still get the right count.
Probably statistics don't work so much in voting, but maybe there's some cryptographic
processes to actually take that out, show that it was done where deterministically exactly half the
votes were changed in a very precise way so that it didn't change the results. But you can still
show all the pieces were right.
Not even a quarter baked at this point. But some thoughts and some things we might want to
think about. So anyway, that's sort of to open discussion, we can do it informally or whatever and
break up and go around the corner, whatever works.
Okay. Anybody want to add anything at the at the end of the day?
>>: Yes, I think we should thank Josh.
[applause].
>> Josh Benaloh: Thank you, but Seny did a lot of the work.
[applause].
>> Josh Benaloh: Okay. Well, we'll sort of officially adjourn. There's food around here. There's
apparently food over at Larry's talk and we can keep on talking. Thanks, everyone.