Privacy Preserving and Trusted Voting

Privacy Preserving and Trusted Voting

There is, of course, much more to creating a trustworthy democratic infrastructure, but I thought I’d introduce a few basic concepts here.

Our existing voting methods are often unfit for the 21st Century. In the UK we still receive a piece of paper with our name on it and then go along to the polling station and receive a ballot paper. Our name is then scored off a list with a pen. We next go into a booth and mark a cross, and then fold the paper up and put it into the ballot box. This box is then carried in a van to a counting office, and humans then manually count the vote (and often get different results in a recount). This process feels like it is something out of the 19th Century. I often tell the story of the time I went to vote, and couldn’t, because someone had matched my identity to my son’s identity, and placed me in another part of the city.

So what’s the problem? Well, the problem is that there are two things here. The first is human trust — making sure that the voters really do trust the election process — and digital trust — making sure that the underlying methods are secure, robust and trustworthy. I will not address the human side, but will look at how we can create trustworthy systems which can respect privacy, while being trustworthy and robust.

First let’s create three voters: Bob, Alice, and Carol. We now have a voting agent — Trent — and who is trusted by all involved in the election, and the vote counter- Victor.

Trent is responsible for distributing the voting registrations to Bob, Alice and Carol, and who can then cast their vote to Victor in a trustworthy and private way. Initially, Victor creates a private key (k) which will be used in the election, and which is not shared with anyone.

First the voting agent — Trent — asks Bob, Carol, and Alice to register their interest in voting. Bob, Carol, and Alice then creates a random value (x) and a blinding value (b). And so Bob creates xB and bB, Alice creates xA and bA, and Carol created xC and bC:

Next Bob matches his random value to a point on an elliptic curve (XB) and multiplies it with his blinding value (bB) to create b XB. Bob then passes this to Trent, and who passes it to Victor:

Next Victor multiplies the value received by Bob (b XB) with his private key (k) to get a new elliptic curve point (k b XB), and passes it back to Trent who will then pass it to Bob. Now Bob will use the value he received to now vote in an anonymous and trustworthy way.

When ready to vote, Bob divides the elliptic curve point he received with his blinding value (b), and then adds this value (k XB) and XB to his voting intention and sends it anonymously to Victor:

Victor — who is the only one who knows k — will then take Bob k XB value and compare it with the multiplication of k and XB. If they are the same, then Victor has validated the vote. There is no way that Victor can identity Bob from the vote, but Victor will know it has came from a credible source. If an election auditor comes in, Bob can reveal his blinding factor (bB) to prove that he was the one who registered the vote.

The method we have described here is EC-VOPRF (Elliptic Curve Verifiable Oblivious Pseudo-Random Function). A demonstration of the method is defined here:

And here is an outline presentation:

Conclusions

Let 2019 be the year that we truly invested in democracy and in changing our ways in respecting the basic fundamental rights to privacy and consent. The democrat processes that we have built are often untrustworthy. Our governments, too, are often stuck in another century in their ways — but there area better way, and it involves engaging with citizens, and understand their concerns.

The chaos of the UK House of Commons at the present perhaps highlights that we need a new world of democracy. To have elections every few years is perhaps not the best thing in creating a world which respects the thoughts of every single individual. The Internet has given everyone a voice, and governments of the future will need to listen.