When people speak of electronic voting, I think they imagine a simple program that counts up presses upon one button or another, and inscrutably tallies the total. “It’s insecure,” they say, and they’re right. How do you know your vote was counted, or for the candidate you wanted? How do you know extra votes were not simply added, or taken away, or substituted? How can you possibly check the result, with no physical evidence afterwards, to see that the election was fair?
It seems impossible. But I am going to talk about another sort of electronic vote. It doesn’t have to be done in that simplistic way above - indeed it is probably the most stupid possible way you could do it – there is, fortunately, an alternative.
This method uses cryptology, the science of codes and ciphers, and encrypts your votes in such a way that the result can be checked, and even crooked election organisers cannot rig the vote, or determine who you voted for. There are conditions that must be met, and certain practical limitations that prevent it being used on the largest scales, but it is not without use. I think it is useful for people to know that it exists.
The essential tool to build such a scheme is the blind signature. I shall spare you the mathematics (unless you really ask for it) but the essential properties are quite easily understandable. It is a type of secret code with some unusual properties.
First, I need to explain the digital signature. This is a code with two keys, one secret, and one public that everybody knows. Using one can be thought of as locking the box, and the other as unlocking it. We do this the unexpected way round – I arrange matters so that only I can lock boxes (encrypt) with my secret key, but anybody in the world can unlock them, using the public one. A cipher that anybody can read sounds like a strange idea, but it has its uses.
So I write my contract, and then I lock a copy of it in a box that only I have the locking-key to. Anybody else can unlock the box and know that the contract they find is the one I put there, and only I could have done so. (So long as my secret key is still secret.) It acts like a signature. It acts as a proof that only a person knowing the secret could have affixed the signature. Except that instead of only having to mechanically reproduce a squiggle of ink (something that can be easily done with practice) it instead requires you to surpass the world’s best mathematicians at their own game.
Now a blind signature is a way of getting another person to sign something they cannot read. We lock our message in our own box, send it to the signer, who locks it in the “signature” box and sends it back, whereupon we magically unlock the original box inside the signature. We now have the original message, but signed by the signer.
The signer does not know what he just signed, because it was locked in your own box. It was encrypted. And under the normal implementation of this scheme, this encryption is absolutely impossible to break. (There is such a code. It has certain practical difficulties that limit its use, but it works fine here.)
So the way you use it is you write down your vote, together with a large random number, get the electoral authority to first check your identity and tick your entry in the electoral register before applying a blind signature, remove the blind, and then publish the vote anonymously on a public website.
You can even use signatures to perform this identity check, too. The electoral register simply asks you to sign the registry entry with your own digital signature, which acts as the “tick”. Now they have a record of your vote and a proof of your identity that even they cannot forge all in one.
Now everybody can see and count up all the votes. Everybody can check their own vote is reported correctly; they can recognise it by the random number they attached. They can check the signature on each, to be sure the electoral authority authorised it. They can check the total number of votes matches the number of ticks in the electoral register, so no votes can have been added. And if everybody does the same, and nobody squeals that their vote is missing, they can be sure none have been taken away or substituted. And they can themselves check the ticks in the register to ensure they have not been faked by the electoral authority or anybody else.
Everything is out in the open. Nobody has to trust the honesty of officials. The anonymity of your vote is protected. It sounds good.
But you know there has to be a catch. And there is. While the vote itself is secure, the electoral register is not. This is a flaw in any electoral system, including all our current ones, so I’m not too worried about bringing it up. But we need to know that every record on the electoral register, listing the elector’s public signature key, corresponds to a unique person. If the electorate is small enough that everybody knows everybody else, this isn’t a problem. But with a large enough electorate the electoral roll can be stuffed with imaginary people. But this is a problem not with the cryptology, but with the difficult and fundamentally inevitable problem of linking the digital world with the real one.
Perhaps rather more seriously, it has the flaw that it requires that the electoral roll be complete and accurate (with respect to voters), which could make it equivalent to a national ID database. There are plenty of things it doesn’t need to know. But it needs enough to connect you the flesh-and-blood person to an electronic record (in case you lose your key and need to change it). Crime and electoral fraud are the inevitable price of true anonymity.
And for your next trick PA, how’s about quantum cryptography?
Nick,
No problem. I shall add it to the list. Although there are a few other bits of cryptography that are of even greater interest that I shall probably do first. I’ve been wanting to explain how digital cash works for some time. I have my own little variant…
And I haven’t forgotten about all the other subjects people have asked questions about, especially on the greenhouse effect physics. I shall get around to it all, in good time. But if I blog it all in the first month, what ever will I do after that?
PA,
If you even attempt that on uch a time-scale I shall be around with the kryponite.
You mean that rot13 isn’t good enough?
There is of course a way of having a completely secure voter roll in which there is only a distributed database, to which no-one can get (well, unless they hack the encoded data on the actual servers, but then, how would they know which server to hack? Voters hold all their own data wherever they like.
This is a genius idea which may take a while to get one’s head round because it is so very simple and so brilliant.
Disclaimer: I know the guys behind it.
Despite that, I am still convinced it is genius.
“You mean that rot13 isn’t good enough?”
Use rot26. It’s twice as strong.
An excellent proposal. One thing I think we should consider is the ability to actually participate in votes from home on a more regular basis. This system could easily be changed to allow that.
Sam, Good one!
You are perhaps overlooking one aspect.
The current system of placing ballots in a secure box. The box is taken to a counting station, and counted. The whole process is simple and can be validated by witnesses.
In contrast, any electronic system has an element of the black box. Now I understand PGP and know it is secure and I understand how I can go through a process to confirm what I vote. However, can I be sure that the other votes are counted correctly?
It’s not sufficient to know that my vote is recorded accurately unless everyone checks. In the absence of that we don’t know who placed the other votes. Thus the system’s complexity may give a false sense of security. We have the Wizard of Oz hiding behind the curtain and looking very impressive.
Let me clear here. I am not arguing that the system is technically faulty. It is the practice where things will go adrift.
TDK,
How do you know the box is secure? Do you trust the counters? Do you trust the witnesses?
With this scheme, everybody can count the votes, and witness the total.
It is true that if people don’t check, and the electoral authority knows that they won’t in advance, then those other people’s votes could be substituted. But that’s their choice. If they don’t care enough to check their vote was recorded, they presumably don’t care about somebody changing it. Anyway, it would almost certainly all be done by (open source) computer programs, and checking would be part of the protocol.
By the way, there are some complexities I’ve left out, intended to prevent some more obscure methods of breaking the system. The idea was to explain the concept, rather than design a complete implementation. But compared to the usual business of putting it in a box that somebody working for the government takes away and then later tells you what the count was, it’s a vast improvement.
Like I said, I understand the technical aspects. My degree is in Maths.
However a lifetime experience of implementing technology tells me to be wary of perfect systems. The test is not how an ideal government would implement this but how a real one would. That’s my point about the black box.
Oh, no system is perfect. I didn’t intend to claim this one was. All I was saying was that it was in many ways much better, and worth considering.
And I wouldn’t let the government implement it, either.
[...] am going to be using blind signatures again, which I’ve discussed before, and it may be useful to review what I said then. (This post is a bit technical, so those who are [...]