SlideShare uma empresa Scribd logo

Election security

David Mertz
David Mertz

Keynote talk at PyCon India 2012

Tecnologia
1 de 37
Baixar para ler offline
PyCon India 2012 Opening Keynote David Mertz What shall I talk about today? The first part of this talk is largely administrative – letting this audience know a bit about the Python Software Foundation, its mission, and accomplishments. The larger, latter, section of this talk shall delve into a technical topic that I find interesting: making a secure, anonymous, and verifiable voting system (in Python).
PyCon India 2012 David Mertz Who am I? A Director of the Python Software Foundation (one of eleven). Chair of PSF Trademarks Committee. Chair of PSF Outreach and Education Committee. Creator of the election system used by the PSF (segue coming to topic of the main talk).
PyCon India 2012 David Mertz More about me: I used to be well known as author of the IBM developerWorks column Charming Python and Addison-Wesley book Text Processing in Python. Now I work at a research lab called D. E. Shaw Research who have built the world's fastest supercomputer for doing molecular dynamics. My academic publications include a number in voting technologies (segue coming). Plus a doctorate in Political Philosophy along the way. DESRES has an office in Hyderabad, and we are hiring!
PyCon India 2012 David Mertz The Python Software Foundation (PSF) is a non- profit membership organization devoted to advancing open source technology related to the Python programming language. It qualifies under the US Internal Revenue Code as a tax-exempt 501(c)(3) scientific and educational public charity, and conducts its business according to the rules for such organizations. http://www.python.org/psf/ http://www.python.org/psf/mission/ Let's start dry and factual
PyCon India 2012 David Mertz The mission of the Python Software Foundation is to promote, protect, and advance the Python programming language, and to support and facilitate the growth of a diverse and international community of Python programmers. The PSF is composed of a membership elected by prior members, who in turn elect a Board of Directors to conduct the daily business of the Foundation.
PyCon India 2012 David Mertz PSF Finances PyCon US 2012 Revenue: US$1395K (~75M Rs) Profit: US$277K st Balances (as of May 31 2012) Total equity: US$700K (~38M Rs) Receivables: US$121K Payables: US$27K Net income: US$309K The biggest PSF revenue source, by far, is PyCon US
PyCon India 2012 David Mertz Things the PSF Does: Protects the Intellectual Property in Python (trademarks and copyrights). Funds conferences & sprints (including a contribution to PyCon India 2012). Funds Python related projects (targeted development; filling gaps in module coverage; education and outreach efforts, etc). Runs PSF projects (brochure; website redesign; speed.python.org; sprints; awards; etc).
PyCon India 2012 David Mertz Things the PSF Does Hereby: We are honored to grant the Python Software Foundation Community Service Award to Kenneth Gonsalves, posthumously. The Indian Python Software Society is establishing a Kenneth Gonsalves Memorial Award to be given to Python students. The PSF is likewise pleased to provide seed funding of US$3500 (~190K Rs) to IPSS for this award. Certificate for family of Kenneth Gonsalves, if they are available
PyCon India 2012 A verifiable election system David Mertz Segue time: The rest of this talk is about voting systems. It doesn't have anything to do with the PSF per se, although the PSF has used the described method. This talk doesn't really have much to do with Python either. The systems presented and implemented were written in Python, but you could do it in a different programming language. ... for that matter, you could do most of it with pencils and paper.
PyCon India 2012 A verifiable election system David Mertz From time to time, the PSF conducts elections to elect members, a Board of Directors, and to pass motions of the membership. There is a key property that we can rely on, that makes it possible to provide some interesting (theoretical) guarantees for these elections. Namely, the identity – and email address – of every eligible voter is known in advance and centrally maintained.
PyCon India 2012 A verifiable election system David Mertz What I do NOT advocate: I hasten to observe that I do not support using a system like the one I describe for public/ governmental elections. It is outside the scope of this talk fully to explain why, but the constraints and properties public elections need cannot be fit into the model given in this talk without compromising principles of democracy.
PyCon India 2012 A verifiable election system David Mertz What can we (almost) guarantee? (part 1) 1. An election should be anonymous. No one should be able to determine how any voter voted (other than a voter herself). Our system allows a notable weakening of this condition by allowing a single, trusted Election Administrator who can puncture anonymity. This person is, therefore, required to be a disinterested party. This weakening is much of why our approach does not work for public elections – no one can be trusted to be sufficiently disinterested. (continued ...)
PyCon India 2012 A verifiable election system David Mertz What can we (almost) guarantee? (part 2) 2. An election should be collectively verifiable. That is, every observer should be able to determine that the tabulation is accurate, and that no ineligible votes are included. Moreover, each individual voter should be able to determine that her own vote (or non-vote) is accurately included in the collection of ballots. (continued ...)
PyCon India 2012 A verifiable election system David Mertz What can we (almost) guarantee? (part 3) 3. An election should be secure against tampering. No malicious action by any voter should be able to alter an election. Ideally, no malicious action by an outside hacker should be able to change anything either. A crucial element here is that even the Election Administrator cannot tamper with an election in a way that is not detectable by observers and/or eligible voters.
PyCon India 2012 A verifiable election system David Mertz Things we do not guarantee: The system described makes no effort to prevent vote buying/coercion. For PSF elections we assume that voters act free of undue influence. The identity of eligible voters is a matter of public record; again, this fits the PSF membership model (but the count of voters would suffice). In the event of a challenge to results or to the conduct of an election, a challenger would need to abandon anonymity, at least to auditors. (All reasons why this doesn't match public elections)
PyCon India 2012 A verifiable election system David Mertz The simplicity of how it works: The basic concept is that each voter is assigned a random ballot-id associated with her ballot, and the mapping from eligible voters is known only to the Election Administrator. When an election is completed, the set of cast ballots – each identified only by ballot-id – is published. The code actually used in the last PSF election is at: http://gnosis.cx/psf/
PyCon India 2012 A verifiable election system David Mertz Suppose that we have a list of eligible voters, e.g.: Anand Chittipothu, anandology@gmail.com Massimo DiPierro, massimo.dipierro@gmail.com Jacob Kaplan-Moss, jacob@jacobian.org David Mertz, mertz@gnosis.cx Anand Pillai, abpillai@gmail.com Vasudev Ram, vasudevram@gmail.com Prabhu Ramachandran, prabhu@aero.iitb.ac.in Guido van Rossum, guido@python.org We know the identity of all the voters, and that they number 8 total (the second fact can be inferred from the first, of course). (These happen to be PSF members either mentioned or likely in audience)
PyCon India 2012 A verifiable election system David Mertz Generating ballot-id's is a very simple script: #!/usr/bin/env python3 from random import randint, choice from string import ascii_uppercase as uppercase from time import asctime, strftime out=open('Ballot-Map-'+strftime('%Y-%m-%d'),'w') for person in open('Address_List.members'): ballotID = choice(uppercase)+ choice(uppercase)+ "%0.3d" % randint(0,1000) print(ballotID,"t",person, file=out) (Finally some Python code!)
PyCon India 2012 A verifiable election system David Mertz We have produced an annotated list of eligible voters with random ballot-id's. Remember, this mapping is maintained confidentially by the Election Administrator and given to no one else: QG996 Anand Chittipothu, anandology@gmail.com VW195 Massimo DiPierro, massimo.dipierro@gmail.com VE237 Jacob Kaplan-Moss, jacob@jacobian.org TQ084 David Mertz, mertz@gnosis.cx IN792 Anand Pillai, abpillai@gmail.com SW003 Vasudev Ram, vasudevram@gmail.com ZG441 Prabhu Ramachandran, prabhu@aero.iitb.ac.in XD724 Guido van Rossum, guido@python.org
PyCon India 2012 A verifiable election system David Mertz Another script, send-ballot-ids, was used to process the generated file, e.g. Ballot-Map-2012-09-19, and send ballots to voters; another step that may not be obvious is important to prevent tampering. Remember our concern to prevent tampering, even by the Election Administrator? To address this, the administrator commits to the exact set of ballot-id's used, but doesn't actually reveal what they are. E.g. she can publish this: % cut -c-5 Ballot-Map-2012-09-26 | sort | shasum b7f1ada5057273482db97eafecf4476c5b3fb6c7 - (The 'sort' in there is no accident)
PyCon India 2012 A verifiable election system David Mertz This “commitment” to ballot-id's is nuanced. The full set of (purported) ballot-id's is published at the end of the election (along with the full ballots). If the Election Administrator had not published this “commitment,” she could stuff the ballot at the end with newly invented ballot-id's having the votes she desired. With the commitment, eligible voters – who either do or do not cast a ballot – can verify their vote against the eventually published archive of ballots, leaving no room for stuffed ballots.
PyCon India 2012 A verifiable election system David Mertz The Election Administrator sends a personalized ballot to each eligible voter that incorporates a voter's ballot-id. Within the voting period, some or all of the eligible voters vote by sending back their ballot (with ballot-id) to the Election Administrator (more is better, but we cannot mandate 100% participation by PSF members).
PyCon India 2012 A verifiable election system David Mertz Email is a likely way to handle sending and receiving personalized ballots, but it could be physical papers or other internet protocols without affecting the guarantees. The system described does not address message-level or transport-level security. It would be nice if every voter installed GPG and published a public key, but we could not count on that within the PSF.
PyCon India 2012 A verifiable election system David Mertz Note that the voting procedure and publication is neutral as to the tabulation and voting rules used. Ballots are just documents, and whether an organization wants “first pass the post” or “ranked preference” voting – and similar tabulation choices – is open within this framework.
PyCon India 2012 A verifiable election system David Mertz Collective Verification: Every actual voter can verify that the ballot matching their ballot-id contains the votes they intended. Every eligible but non-voter can also verify that their ballot-id is excluded from the published archive. Every observer can verify that the ballot archive contains a subset of the committed ballot-id's. Every observer can check the tabulation of the ballot archive independently.
PyCon India 2012 A verifiable election system David Mertz The last several PSF elections were conducted using the method described. Following the most recent election, some voters expressed a preference for using a web interface rather than sending text files over email. My colleague Massimo DiPierro developed such a web interface with my assistance. His code is on github and a live test version of it is at web2py. ● https://github.com/mdipierro/evote/ ● http://tests.web2py.com/evote ●
PyCon India 2012 A verifiable election system David Mertz Massimo's E-Vote uses the same general principles as the system I have described thus far, but allows creation of elections and casting votes purely within web interfaces. The code to implement E-Vote requires scaffolding for an MVC web framework, and therefore uses more code than the <100 lines in the PSF system (of which <50 lines are essential), but E-Vote is still quite compact and simple. E-Vote is a bit more automated than the PSF system, but it also offers slightly improved guarantees.
PyCon India 2012 A verifiable election system David Mertz Anyone may create an election at the demo URL for E-Vote; sign-in uses OpenID. An administrator creates a ballot using a markup format and enters the email addresses of all eligible voters. Voters are each sent a custom link incorporating a UUID associated with their individual ballot: To: david.mertz@gmail.com Subject: Simple Election Date: Fri, 21 Sep 2012 16:12:21 +0000 Link to vote: https://tests.web2py.com/evote/default/vote/21/ voter-B110C66787DC459BA72BA74D422684FE
PyCon India 2012 A verifiable election system David Mertz After voting at the prior link:
PyCon India 2012 A verifiable election system David Mertz While these ballots use ballot-id's, as with the previous code, in E-Vote the mapping between the UUID/URL for voting and the stored ballot-id is not retained after the URL is used. What a ballot-id still does, however, is make each ballot unique, even if it contains the same vote(s) as another ballot. Discarding the UUID/ballot-id association obscures voter identity. While a malicious Election Administrator who controlled the code could still covertly store the mapping, if a trusted third party hosts the code, the Election Administrator cannot access that mapping.
PyCon India 2012 A verifiable election system David Mertz The most interesting thing on a completed E-vote ballot is probably its signature. This is generated using RSA public-key cryptography: # Pure-Python RSA module: http://stuvel.eu/rsa import rsa, base64 def sign(text, privk_pem): privkey = rsa.PrivateKey.load_pkcs1(privk_pem) signature = base64.b16encode( rsa.sign(text,privkey,'SHA-1')) return signature
PyCon India 2012 A verifiable election system David Mertz The public key that may be used to verify a signature is published. In fact, it is contained in the “Ballot Verification Code” link on the ballot: % cat ballot-verification.py # This program allows you to verify your ballot # using the RSA algorithm. import base64, rsa # this is the ballot to verify ballot = """<h2>Simple Election</h2> <input checked="checked" value="1"/>yes <input value="2"/>no <input value="3"/>abstain <pre>ballot-21-000001</pre> """.strip() (continued...)
PyCon India 2012 A verifiable election system David Mertz Continuing the verification code... # this is the ballot RSA signature signature = base64.b16decode("5E5CD5...2330B4") # this is the election public key pk_pem = """-----BEGIN RSA PUBLIC KEY----- MIGJAoGBAIlKHjsPqghsAvQhqGY8DZxoGIyRUkk6OlEhJUoDqCmF2rpeR9u4u3z+ MMNaWIO4iVsPQnO1JFYJr5Zim1TokLyvz+1HglYRlwW9yLMZjz/tUOFhTPu8zvq4 dHBXF47rIS5Cv4ravS5sB0zG7fQN6znWrHOO961yJSiL1KWtL/jfAgMBAAE= -----END RSA PUBLIC KEY----- """ # this is the code that verifies the signature public_key = rsa.PublicKey.load_pkcs1(pk_pem) if rsa.verify(ballot,signature,public_key)==None: print 'valid' else: print 'invalid'
PyCon India 2012 A verifiable election system David Mertz Putting a signature on each ballot “commits” the Election Admin (who is code, really) more strongly than did the commitment of the ballot-id list. A voter can save her signed ballot (and/or the verification script above) which prevents the Election Administrator from being able to deny receiving the ballot. Only the election private-key could have signed the ballot, and only the Election Administrator (via the software) has that key. This model doesn't work in email, since it is a completed ballot that gets signed, not the blank.
PyCon India 2012 A verifiable election system David Mertz Each voter can make sure her own ballot is included, as before. As well, every observer can independently verify the signatures on each ballot. E-Vote handles non-voters by generating a “blank” ballot for each eligible voter who did not participate, and sends them a notice that is similar to that received by voters when they vote.
PyCon India 2012 A verifiable election system David Mertz A picture of my cat: Every technical talk needs a cute kitten, right? (Python pose?)
PyCon India 2012 A verifiable election system David Mertz Wrap-up / Questions? ● This talk describe two variations on a voting system that enforces properties of Anonymity, Collective Verifiability, and Security Against Tampering. ● There are other properties that one might hope for, but these strike me as more-or-less the right ones for an online, explicit-membership organization like the PSF. ● If we have time, I'd love feedback on my ideas (or catch me in the hallways).

Recomendados

Group discussions pass with flying
Group discussions pass with flyingGroup discussions pass with flying
Group discussions pass with flyingJYOTI RANJAN PAL
 
Cia&lt;3
Cia&lt;3Cia&lt;3
Cia&lt;3vonstroke
 
my Health Research Project
my Health Research Projectmy Health Research Project
my Health Research Projectgllgsangie
 
P&g youtube final to anne 21.10.11
P&g youtube final to anne 21.10.11P&g youtube final to anne 21.10.11
P&g youtube final to anne 21.10.11nyoundou_a
 
makanan halal serta perancangan jahat yahudi
makanan halal serta perancangan jahat yahudimakanan halal serta perancangan jahat yahudi
makanan halal serta perancangan jahat yahudiMuttaqien Jamaludin
 
How to break into mobile app development
How to break into mobile app developmentHow to break into mobile app development
How to break into mobile app developmentLStevens-Huffman
 
Me, inc how to create and market your personal brand
Me, inc how to create and market your personal brandMe, inc how to create and market your personal brand
Me, inc how to create and market your personal brandLStevens-Huffman
 
Artificial intelligence
Artificial intelligenceArtificial intelligence
Artificial intelligenceyelit22
 

Recomendados

Group discussions pass with flying
Group discussions pass with flyingGroup discussions pass with flying
Group discussions pass with flyingJYOTI RANJAN PAL
 
Cia&lt;3
Cia&lt;3Cia&lt;3
Cia&lt;3vonstroke
 
my Health Research Project
my Health Research Projectmy Health Research Project
my Health Research Projectgllgsangie
 
P&g youtube final to anne 21.10.11
P&g youtube final to anne 21.10.11P&g youtube final to anne 21.10.11
P&g youtube final to anne 21.10.11nyoundou_a
 
makanan halal serta perancangan jahat yahudi
makanan halal serta perancangan jahat yahudimakanan halal serta perancangan jahat yahudi
makanan halal serta perancangan jahat yahudiMuttaqien Jamaludin
 
How to break into mobile app development
How to break into mobile app developmentHow to break into mobile app development
How to break into mobile app developmentLStevens-Huffman
 
Me, inc how to create and market your personal brand
Me, inc how to create and market your personal brandMe, inc how to create and market your personal brand
Me, inc how to create and market your personal brandLStevens-Huffman
 
Artificial intelligence
Artificial intelligenceArtificial intelligence
Artificial intelligenceyelit22
 
Pragmatic use of artificial intelligence in smart cities 03262018
Pragmatic use of artificial intelligence in smart cities 03262018Pragmatic use of artificial intelligence in smart cities 03262018
Pragmatic use of artificial intelligence in smart cities 03262018ThomasCook16
 
The Smartest Smart Cities Will Benefit from the Confluence of AI and Big Data...
The Smartest Smart Cities Will Benefit from the Confluence of AI and Big Data...The Smartest Smart Cities Will Benefit from the Confluence of AI and Big Data...
The Smartest Smart Cities Will Benefit from the Confluence of AI and Big Data...Echelon Corporation
 
Introduction to Software Products Industry & iSPIRT
Introduction to Software Products Industry & iSPIRT Introduction to Software Products Industry & iSPIRT
Introduction to Software Products Industry & iSPIRT ProductNation/iSPIRT
 
F1802024245
F1802024245F1802024245
F1802024245IOSR Journals
 
IRJET - Secured Smart Voting System using Aadhar
IRJET - Secured Smart Voting System using AadharIRJET - Secured Smart Voting System using Aadhar
IRJET - Secured Smart Voting System using AadharIRJET Journal
 
Auto Response System for Legal Consultation
Auto Response System for Legal ConsultationAuto Response System for Legal Consultation
Auto Response System for Legal Consultationijtsrd
 
Online Voting System
Online Voting SystemOnline Voting System
Online Voting SystemIRJET Journal
 
Reaching its Potential: Making Government Developed OSS a Major Player
Reaching its Potential: Making Government Developed OSS a Major PlayerReaching its Potential: Making Government Developed OSS a Major Player
Reaching its Potential: Making Government Developed OSS a Major PlayerDelta3D
 
Reaching It's Potential: How to Make Government-Developed OSS A Major Player
Reaching It's Potential: How to Make Government-Developed OSS A Major PlayerReaching It's Potential: How to Make Government-Developed OSS A Major Player
Reaching It's Potential: How to Make Government-Developed OSS A Major PlayerJoshua L. Davis
 
Thomas Vavra | New Ways of Handling Old Data
Thomas Vavra | New Ways of Handling Old DataThomas Vavra | New Ways of Handling Old Data
Thomas Vavra | New Ways of Handling Old Datasemanticsconference
 
Pinduoduo-2-Autosaved.pptx
Pinduoduo-2-Autosaved.pptxPinduoduo-2-Autosaved.pptx
Pinduoduo-2-Autosaved.pptxTasin Chowdhury
 
IRJET- Portable Biometric E-Voting System
IRJET- Portable Biometric E-Voting SystemIRJET- Portable Biometric E-Voting System
IRJET- Portable Biometric E-Voting SystemIRJET Journal
 
Learn How-To Build Your IoT Project
Learn How-To Build Your IoT ProjectLearn How-To Build Your IoT Project
Learn How-To Build Your IoT ProjectDr. Mazlan Abbas
 
Copy of State of AI Report 2023 - ONLINE.pptx
Copy of State of AI Report 2023 - ONLINE.pptxCopy of State of AI Report 2023 - ONLINE.pptx
Copy of State of AI Report 2023 - ONLINE.pptxmpower4ru
 
State of AI Report 2023 - ONLINE presentation
State of AI Report 2023 - ONLINE presentationState of AI Report 2023 - ONLINE presentation
State of AI Report 2023 - ONLINE presentationssuser2750ef
 
Multi purpose national identity card (mnic)
Multi purpose national identity card (mnic)Multi purpose national identity card (mnic)
Multi purpose national identity card (mnic)Arpit Sharma
 
Trustable Tech Mark / Magic Monday at Casa Jasmina Torino
Trustable Tech Mark / Magic Monday at Casa Jasmina TorinoTrustable Tech Mark / Magic Monday at Casa Jasmina Torino
Trustable Tech Mark / Magic Monday at Casa Jasmina TorinoPeter Bihr
 
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]Interset
 
Bhadale group of companies ai assisted living
Bhadale group of companies ai assisted livingBhadale group of companies ai assisted living
Bhadale group of companies ai assisted livingVijayananda Mohire
 
08_-_Masamichi_Tanaka_-_Bigdata_and_AI_in_IOT.pdf
08_-_Masamichi_Tanaka_-_Bigdata_and_AI_in_IOT.pdf08_-_Masamichi_Tanaka_-_Bigdata_and_AI_in_IOT.pdf
08_-_Masamichi_Tanaka_-_Bigdata_and_AI_in_IOT.pdfDrAdeelAkram2
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Mais conteúdo relacionado

Semelhante a Election security

Pragmatic use of artificial intelligence in smart cities 03262018
Pragmatic use of artificial intelligence in smart cities 03262018Pragmatic use of artificial intelligence in smart cities 03262018
Pragmatic use of artificial intelligence in smart cities 03262018ThomasCook16
 
The Smartest Smart Cities Will Benefit from the Confluence of AI and Big Data...
The Smartest Smart Cities Will Benefit from the Confluence of AI and Big Data...The Smartest Smart Cities Will Benefit from the Confluence of AI and Big Data...
The Smartest Smart Cities Will Benefit from the Confluence of AI and Big Data...Echelon Corporation
 
Introduction to Software Products Industry & iSPIRT
Introduction to Software Products Industry & iSPIRT Introduction to Software Products Industry & iSPIRT
Introduction to Software Products Industry & iSPIRT ProductNation/iSPIRT
 
IRJET - Secured Smart Voting System using Aadhar
IRJET - Secured Smart Voting System using AadharIRJET - Secured Smart Voting System using Aadhar
IRJET - Secured Smart Voting System using AadharIRJET Journal
 
Auto Response System for Legal Consultation
Auto Response System for Legal ConsultationAuto Response System for Legal Consultation
Auto Response System for Legal Consultationijtsrd
 
Online Voting System
Online Voting SystemOnline Voting System
Online Voting SystemIRJET Journal
 
Reaching its Potential: Making Government Developed OSS a Major Player
Reaching its Potential: Making Government Developed OSS a Major PlayerReaching its Potential: Making Government Developed OSS a Major Player
Reaching its Potential: Making Government Developed OSS a Major PlayerDelta3D
 
Reaching It's Potential: How to Make Government-Developed OSS A Major Player
Reaching It's Potential: How to Make Government-Developed OSS A Major PlayerReaching It's Potential: How to Make Government-Developed OSS A Major Player
Reaching It's Potential: How to Make Government-Developed OSS A Major PlayerJoshua L. Davis
 
Thomas Vavra | New Ways of Handling Old Data
Thomas Vavra | New Ways of Handling Old DataThomas Vavra | New Ways of Handling Old Data
Thomas Vavra | New Ways of Handling Old Datasemanticsconference
 
Pinduoduo-2-Autosaved.pptx
Pinduoduo-2-Autosaved.pptxPinduoduo-2-Autosaved.pptx
Pinduoduo-2-Autosaved.pptxTasin Chowdhury
 
IRJET- Portable Biometric E-Voting System
IRJET- Portable Biometric E-Voting SystemIRJET- Portable Biometric E-Voting System
IRJET- Portable Biometric E-Voting SystemIRJET Journal
 
Learn How-To Build Your IoT Project
Learn How-To Build Your IoT ProjectLearn How-To Build Your IoT Project
Learn How-To Build Your IoT ProjectDr. Mazlan Abbas
 
Copy of State of AI Report 2023 - ONLINE.pptx
Copy of State of AI Report 2023 - ONLINE.pptxCopy of State of AI Report 2023 - ONLINE.pptx
Copy of State of AI Report 2023 - ONLINE.pptxmpower4ru
 
State of AI Report 2023 - ONLINE presentation
State of AI Report 2023 - ONLINE presentationState of AI Report 2023 - ONLINE presentation
State of AI Report 2023 - ONLINE presentationssuser2750ef
 
Multi purpose national identity card (mnic)
Multi purpose national identity card (mnic)Multi purpose national identity card (mnic)
Multi purpose national identity card (mnic)Arpit Sharma
 
Trustable Tech Mark / Magic Monday at Casa Jasmina Torino
Trustable Tech Mark / Magic Monday at Casa Jasmina TorinoTrustable Tech Mark / Magic Monday at Casa Jasmina Torino
Trustable Tech Mark / Magic Monday at Casa Jasmina TorinoPeter Bihr
 
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]Interset
 
Bhadale group of companies ai assisted living
Bhadale group of companies ai assisted livingBhadale group of companies ai assisted living
Bhadale group of companies ai assisted livingVijayananda Mohire
 
08_-_Masamichi_Tanaka_-_Bigdata_and_AI_in_IOT.pdf
08_-_Masamichi_Tanaka_-_Bigdata_and_AI_in_IOT.pdf08_-_Masamichi_Tanaka_-_Bigdata_and_AI_in_IOT.pdf
08_-_Masamichi_Tanaka_-_Bigdata_and_AI_in_IOT.pdfDrAdeelAkram2
 

Semelhante a Election security (20)

Pragmatic use of artificial intelligence in smart cities 03262018
Pragmatic use of artificial intelligence in smart cities 03262018Pragmatic use of artificial intelligence in smart cities 03262018
Pragmatic use of artificial intelligence in smart cities 03262018
 
The Smartest Smart Cities Will Benefit from the Confluence of AI and Big Data...
The Smartest Smart Cities Will Benefit from the Confluence of AI and Big Data...The Smartest Smart Cities Will Benefit from the Confluence of AI and Big Data...
The Smartest Smart Cities Will Benefit from the Confluence of AI and Big Data...
 
Introduction to Software Products Industry & iSPIRT
Introduction to Software Products Industry & iSPIRT Introduction to Software Products Industry & iSPIRT
Introduction to Software Products Industry & iSPIRT
 
F1802024245
F1802024245F1802024245
F1802024245
 
IRJET - Secured Smart Voting System using Aadhar
IRJET - Secured Smart Voting System using AadharIRJET - Secured Smart Voting System using Aadhar
IRJET - Secured Smart Voting System using Aadhar
 
Auto Response System for Legal Consultation
Auto Response System for Legal ConsultationAuto Response System for Legal Consultation
Auto Response System for Legal Consultation
 
Online Voting System
Online Voting SystemOnline Voting System
Online Voting System
 
Reaching its Potential: Making Government Developed OSS a Major Player
Reaching its Potential: Making Government Developed OSS a Major PlayerReaching its Potential: Making Government Developed OSS a Major Player
Reaching its Potential: Making Government Developed OSS a Major Player
 
Reaching It's Potential: How to Make Government-Developed OSS A Major Player
Reaching It's Potential: How to Make Government-Developed OSS A Major PlayerReaching It's Potential: How to Make Government-Developed OSS A Major Player
Reaching It's Potential: How to Make Government-Developed OSS A Major Player
 
Thomas Vavra | New Ways of Handling Old Data
Thomas Vavra | New Ways of Handling Old DataThomas Vavra | New Ways of Handling Old Data
Thomas Vavra | New Ways of Handling Old Data
 
Pinduoduo-2-Autosaved.pptx
Pinduoduo-2-Autosaved.pptxPinduoduo-2-Autosaved.pptx
Pinduoduo-2-Autosaved.pptx
 
IRJET- Portable Biometric E-Voting System
IRJET- Portable Biometric E-Voting SystemIRJET- Portable Biometric E-Voting System
IRJET- Portable Biometric E-Voting System
 
Learn How-To Build Your IoT Project
Learn How-To Build Your IoT ProjectLearn How-To Build Your IoT Project
Learn How-To Build Your IoT Project
 
Copy of State of AI Report 2023 - ONLINE.pptx
Copy of State of AI Report 2023 - ONLINE.pptxCopy of State of AI Report 2023 - ONLINE.pptx
Copy of State of AI Report 2023 - ONLINE.pptx
 
State of AI Report 2023 - ONLINE presentation
State of AI Report 2023 - ONLINE presentationState of AI Report 2023 - ONLINE presentation
State of AI Report 2023 - ONLINE presentation
 
Multi purpose national identity card (mnic)
Multi purpose national identity card (mnic)Multi purpose national identity card (mnic)
Multi purpose national identity card (mnic)
 
Trustable Tech Mark / Magic Monday at Casa Jasmina Torino
Trustable Tech Mark / Magic Monday at Casa Jasmina TorinoTrustable Tech Mark / Magic Monday at Casa Jasmina Torino
Trustable Tech Mark / Magic Monday at Casa Jasmina Torino
 
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
 
Bhadale group of companies ai assisted living
Bhadale group of companies ai assisted livingBhadale group of companies ai assisted living
Bhadale group of companies ai assisted living
 
08_-_Masamichi_Tanaka_-_Bigdata_and_AI_in_IOT.pdf
08_-_Masamichi_Tanaka_-_Bigdata_and_AI_in_IOT.pdf08_-_Masamichi_Tanaka_-_Bigdata_and_AI_in_IOT.pdf
08_-_Masamichi_Tanaka_-_Bigdata_and_AI_in_IOT.pdf
 

Último

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 

Último (20)

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 

Election security

  • 1. PyCon India 2012 Opening Keynote David Mertz What shall I talk about today? The first part of this talk is largely administrative – letting this audience know a bit about the Python Software Foundation, its mission, and accomplishments. The larger, latter, section of this talk shall delve into a technical topic that I find interesting: making a secure, anonymous, and verifiable voting system (in Python).
  • 2. PyCon India 2012 David Mertz Who am I? A Director of the Python Software Foundation (one of eleven). Chair of PSF Trademarks Committee. Chair of PSF Outreach and Education Committee. Creator of the election system used by the PSF (segue coming to topic of the main talk).
  • 3. PyCon India 2012 David Mertz More about me: I used to be well known as author of the IBM developerWorks column Charming Python and Addison-Wesley book Text Processing in Python. Now I work at a research lab called D. E. Shaw Research who have built the world's fastest supercomputer for doing molecular dynamics. My academic publications include a number in voting technologies (segue coming). Plus a doctorate in Political Philosophy along the way. DESRES has an office in Hyderabad, and we are hiring!
  • 4. PyCon India 2012 David Mertz The Python Software Foundation (PSF) is a non- profit membership organization devoted to advancing open source technology related to the Python programming language. It qualifies under the US Internal Revenue Code as a tax-exempt 501(c)(3) scientific and educational public charity, and conducts its business according to the rules for such organizations. http://www.python.org/psf/ http://www.python.org/psf/mission/ Let's start dry and factual
  • 5. PyCon India 2012 David Mertz The mission of the Python Software Foundation is to promote, protect, and advance the Python programming language, and to support and facilitate the growth of a diverse and international community of Python programmers. The PSF is composed of a membership elected by prior members, who in turn elect a Board of Directors to conduct the daily business of the Foundation.
  • 6. PyCon India 2012 David Mertz PSF Finances PyCon US 2012 Revenue: US$1395K (~75M Rs) Profit: US$277K st Balances (as of May 31 2012) Total equity: US$700K (~38M Rs) Receivables: US$121K Payables: US$27K Net income: US$309K The biggest PSF revenue source, by far, is PyCon US
  • 7. PyCon India 2012 David Mertz Things the PSF Does: Protects the Intellectual Property in Python (trademarks and copyrights). Funds conferences & sprints (including a contribution to PyCon India 2012). Funds Python related projects (targeted development; filling gaps in module coverage; education and outreach efforts, etc). Runs PSF projects (brochure; website redesign; speed.python.org; sprints; awards; etc).
  • 8. PyCon India 2012 David Mertz Things the PSF Does Hereby: We are honored to grant the Python Software Foundation Community Service Award to Kenneth Gonsalves, posthumously. The Indian Python Software Society is establishing a Kenneth Gonsalves Memorial Award to be given to Python students. The PSF is likewise pleased to provide seed funding of US$3500 (~190K Rs) to IPSS for this award. Certificate for family of Kenneth Gonsalves, if they are available
  • 9. PyCon India 2012 A verifiable election system David Mertz Segue time: The rest of this talk is about voting systems. It doesn't have anything to do with the PSF per se, although the PSF has used the described method. This talk doesn't really have much to do with Python either. The systems presented and implemented were written in Python, but you could do it in a different programming language. ... for that matter, you could do most of it with pencils and paper.
  • 10. PyCon India 2012 A verifiable election system David Mertz From time to time, the PSF conducts elections to elect members, a Board of Directors, and to pass motions of the membership. There is a key property that we can rely on, that makes it possible to provide some interesting (theoretical) guarantees for these elections. Namely, the identity – and email address – of every eligible voter is known in advance and centrally maintained.
  • 11. PyCon India 2012 A verifiable election system David Mertz What I do NOT advocate: I hasten to observe that I do not support using a system like the one I describe for public/ governmental elections. It is outside the scope of this talk fully to explain why, but the constraints and properties public elections need cannot be fit into the model given in this talk without compromising principles of democracy.
  • 12. PyCon India 2012 A verifiable election system David Mertz What can we (almost) guarantee? (part 1) 1. An election should be anonymous. No one should be able to determine how any voter voted (other than a voter herself). Our system allows a notable weakening of this condition by allowing a single, trusted Election Administrator who can puncture anonymity. This person is, therefore, required to be a disinterested party. This weakening is much of why our approach does not work for public elections – no one can be trusted to be sufficiently disinterested. (continued ...)
  • 13. PyCon India 2012 A verifiable election system David Mertz What can we (almost) guarantee? (part 2) 2. An election should be collectively verifiable. That is, every observer should be able to determine that the tabulation is accurate, and that no ineligible votes are included. Moreover, each individual voter should be able to determine that her own vote (or non-vote) is accurately included in the collection of ballots. (continued ...)
  • 14. PyCon India 2012 A verifiable election system David Mertz What can we (almost) guarantee? (part 3) 3. An election should be secure against tampering. No malicious action by any voter should be able to alter an election. Ideally, no malicious action by an outside hacker should be able to change anything either. A crucial element here is that even the Election Administrator cannot tamper with an election in a way that is not detectable by observers and/or eligible voters.
  • 15. PyCon India 2012 A verifiable election system David Mertz Things we do not guarantee: The system described makes no effort to prevent vote buying/coercion. For PSF elections we assume that voters act free of undue influence. The identity of eligible voters is a matter of public record; again, this fits the PSF membership model (but the count of voters would suffice). In the event of a challenge to results or to the conduct of an election, a challenger would need to abandon anonymity, at least to auditors. (All reasons why this doesn't match public elections)
  • 16. PyCon India 2012 A verifiable election system David Mertz The simplicity of how it works: The basic concept is that each voter is assigned a random ballot-id associated with her ballot, and the mapping from eligible voters is known only to the Election Administrator. When an election is completed, the set of cast ballots – each identified only by ballot-id – is published. The code actually used in the last PSF election is at: http://gnosis.cx/psf/
  • 17. PyCon India 2012 A verifiable election system David Mertz Suppose that we have a list of eligible voters, e.g.: Anand Chittipothu, anandology@gmail.com Massimo DiPierro, massimo.dipierro@gmail.com Jacob Kaplan-Moss, jacob@jacobian.org David Mertz, mertz@gnosis.cx Anand Pillai, abpillai@gmail.com Vasudev Ram, vasudevram@gmail.com Prabhu Ramachandran, prabhu@aero.iitb.ac.in Guido van Rossum, guido@python.org We know the identity of all the voters, and that they number 8 total (the second fact can be inferred from the first, of course). (These happen to be PSF members either mentioned or likely in audience)
  • 18. PyCon India 2012 A verifiable election system David Mertz Generating ballot-id's is a very simple script: #!/usr/bin/env python3 from random import randint, choice from string import ascii_uppercase as uppercase from time import asctime, strftime out=open('Ballot-Map-'+strftime('%Y-%m-%d'),'w') for person in open('Address_List.members'): ballotID = choice(uppercase)+ choice(uppercase)+ "%0.3d" % randint(0,1000) print(ballotID,"t",person, file=out) (Finally some Python code!)
  • 19. PyCon India 2012 A verifiable election system David Mertz We have produced an annotated list of eligible voters with random ballot-id's. Remember, this mapping is maintained confidentially by the Election Administrator and given to no one else: QG996 Anand Chittipothu, anandology@gmail.com VW195 Massimo DiPierro, massimo.dipierro@gmail.com VE237 Jacob Kaplan-Moss, jacob@jacobian.org TQ084 David Mertz, mertz@gnosis.cx IN792 Anand Pillai, abpillai@gmail.com SW003 Vasudev Ram, vasudevram@gmail.com ZG441 Prabhu Ramachandran, prabhu@aero.iitb.ac.in XD724 Guido van Rossum, guido@python.org
  • 20. PyCon India 2012 A verifiable election system David Mertz Another script, send-ballot-ids, was used to process the generated file, e.g. Ballot-Map-2012-09-19, and send ballots to voters; another step that may not be obvious is important to prevent tampering. Remember our concern to prevent tampering, even by the Election Administrator? To address this, the administrator commits to the exact set of ballot-id's used, but doesn't actually reveal what they are. E.g. she can publish this: % cut -c-5 Ballot-Map-2012-09-26 | sort | shasum b7f1ada5057273482db97eafecf4476c5b3fb6c7 - (The 'sort' in there is no accident)
  • 21. PyCon India 2012 A verifiable election system David Mertz This “commitment” to ballot-id's is nuanced. The full set of (purported) ballot-id's is published at the end of the election (along with the full ballots). If the Election Administrator had not published this “commitment,” she could stuff the ballot at the end with newly invented ballot-id's having the votes she desired. With the commitment, eligible voters – who either do or do not cast a ballot – can verify their vote against the eventually published archive of ballots, leaving no room for stuffed ballots.
  • 22. PyCon India 2012 A verifiable election system David Mertz The Election Administrator sends a personalized ballot to each eligible voter that incorporates a voter's ballot-id. Within the voting period, some or all of the eligible voters vote by sending back their ballot (with ballot-id) to the Election Administrator (more is better, but we cannot mandate 100% participation by PSF members).
  • 23. PyCon India 2012 A verifiable election system David Mertz Email is a likely way to handle sending and receiving personalized ballots, but it could be physical papers or other internet protocols without affecting the guarantees. The system described does not address message-level or transport-level security. It would be nice if every voter installed GPG and published a public key, but we could not count on that within the PSF.
  • 24. PyCon India 2012 A verifiable election system David Mertz Note that the voting procedure and publication is neutral as to the tabulation and voting rules used. Ballots are just documents, and whether an organization wants “first pass the post” or “ranked preference” voting – and similar tabulation choices – is open within this framework.
  • 25. PyCon India 2012 A verifiable election system David Mertz Collective Verification: Every actual voter can verify that the ballot matching their ballot-id contains the votes they intended. Every eligible but non-voter can also verify that their ballot-id is excluded from the published archive. Every observer can verify that the ballot archive contains a subset of the committed ballot-id's. Every observer can check the tabulation of the ballot archive independently.
  • 26. PyCon India 2012 A verifiable election system David Mertz The last several PSF elections were conducted using the method described. Following the most recent election, some voters expressed a preference for using a web interface rather than sending text files over email. My colleague Massimo DiPierro developed such a web interface with my assistance. His code is on github and a live test version of it is at web2py. ● https://github.com/mdipierro/evote/ ● http://tests.web2py.com/evote ●
  • 27. PyCon India 2012 A verifiable election system David Mertz Massimo's E-Vote uses the same general principles as the system I have described thus far, but allows creation of elections and casting votes purely within web interfaces. The code to implement E-Vote requires scaffolding for an MVC web framework, and therefore uses more code than the <100 lines in the PSF system (of which <50 lines are essential), but E-Vote is still quite compact and simple. E-Vote is a bit more automated than the PSF system, but it also offers slightly improved guarantees.
  • 28. PyCon India 2012 A verifiable election system David Mertz Anyone may create an election at the demo URL for E-Vote; sign-in uses OpenID. An administrator creates a ballot using a markup format and enters the email addresses of all eligible voters. Voters are each sent a custom link incorporating a UUID associated with their individual ballot: To: david.mertz@gmail.com Subject: Simple Election Date: Fri, 21 Sep 2012 16:12:21 +0000 Link to vote: https://tests.web2py.com/evote/default/vote/21/ voter-B110C66787DC459BA72BA74D422684FE
  • 29. PyCon India 2012 A verifiable election system David Mertz After voting at the prior link:
  • 30. PyCon India 2012 A verifiable election system David Mertz While these ballots use ballot-id's, as with the previous code, in E-Vote the mapping between the UUID/URL for voting and the stored ballot-id is not retained after the URL is used. What a ballot-id still does, however, is make each ballot unique, even if it contains the same vote(s) as another ballot. Discarding the UUID/ballot-id association obscures voter identity. While a malicious Election Administrator who controlled the code could still covertly store the mapping, if a trusted third party hosts the code, the Election Administrator cannot access that mapping.
  • 31. PyCon India 2012 A verifiable election system David Mertz The most interesting thing on a completed E-vote ballot is probably its signature. This is generated using RSA public-key cryptography: # Pure-Python RSA module: http://stuvel.eu/rsa import rsa, base64 def sign(text, privk_pem): privkey = rsa.PrivateKey.load_pkcs1(privk_pem) signature = base64.b16encode( rsa.sign(text,privkey,'SHA-1')) return signature
  • 32. PyCon India 2012 A verifiable election system David Mertz The public key that may be used to verify a signature is published. In fact, it is contained in the “Ballot Verification Code” link on the ballot: % cat ballot-verification.py # This program allows you to verify your ballot # using the RSA algorithm. import base64, rsa # this is the ballot to verify ballot = """<h2>Simple Election</h2> <input checked="checked" value="1"/>yes <input value="2"/>no <input value="3"/>abstain <pre>ballot-21-000001</pre> """.strip() (continued...)
  • 33. PyCon India 2012 A verifiable election system David Mertz Continuing the verification code... # this is the ballot RSA signature signature = base64.b16decode("5E5CD5...2330B4") # this is the election public key pk_pem = """-----BEGIN RSA PUBLIC KEY----- MIGJAoGBAIlKHjsPqghsAvQhqGY8DZxoGIyRUkk6OlEhJUoDqCmF2rpeR9u4u3z+ MMNaWIO4iVsPQnO1JFYJr5Zim1TokLyvz+1HglYRlwW9yLMZjz/tUOFhTPu8zvq4 dHBXF47rIS5Cv4ravS5sB0zG7fQN6znWrHOO961yJSiL1KWtL/jfAgMBAAE= -----END RSA PUBLIC KEY----- """ # this is the code that verifies the signature public_key = rsa.PublicKey.load_pkcs1(pk_pem) if rsa.verify(ballot,signature,public_key)==None: print 'valid' else: print 'invalid'
  • 34. PyCon India 2012 A verifiable election system David Mertz Putting a signature on each ballot “commits” the Election Admin (who is code, really) more strongly than did the commitment of the ballot-id list. A voter can save her signed ballot (and/or the verification script above) which prevents the Election Administrator from being able to deny receiving the ballot. Only the election private-key could have signed the ballot, and only the Election Administrator (via the software) has that key. This model doesn't work in email, since it is a completed ballot that gets signed, not the blank.
  • 35. PyCon India 2012 A verifiable election system David Mertz Each voter can make sure her own ballot is included, as before. As well, every observer can independently verify the signatures on each ballot. E-Vote handles non-voters by generating a “blank” ballot for each eligible voter who did not participate, and sends them a notice that is similar to that received by voters when they vote.
  • 36. PyCon India 2012 A verifiable election system David Mertz A picture of my cat: Every technical talk needs a cute kitten, right? (Python pose?)
  • 37. PyCon India 2012 A verifiable election system David Mertz Wrap-up / Questions? ● This talk describe two variations on a voting system that enforces properties of Anonymity, Collective Verifiability, and Security Against Tampering. ● There are other properties that one might hope for, but these strike me as more-or-less the right ones for an online, explicit-membership organization like the PSF. ● If we have time, I'd love feedback on my ideas (or catch me in the hallways).