End-to-end verifiable voting schemes typically involve voters
handling an encrypted ballot in order to confirm that their
vote is accurately included in the tally.
While this may be technically valid, many voters may not really understand the
purpose of the encrypted ballot and the various checks that
they can perform.
Selene seeks to bridge the gap by providing a user friendly protocol, allowing for voters to participate in an election with end to end verifiability.
SELENE
Bulletin Board
Candidate | Tracker |
---|---|
A | 123854532 |
B | 123854532 |
C | 123854532 |
D | 123854532 |
E | 123854532 |
Before an election commences, the election authority generates a set of unique tracking codes. These tracking codes are then hidden (via encryption) and the set is mixed. For each registered voter, an encrypted tracking code is randomly assigned, and as this code is encrypted, no one can determine which tracking code is assigned to any particular voter. Besides, the secret data required to reveal the tracking code is computed and kept hidden by the authorities. All calculations are verified by external auditors. It is important to perform these steps before an election begins, in order to ensure that each voter has been assigned a unique tracking code.
When an election begins, you may access the voting page and choose a candidate. After you confirm your choice, your vote is first encrypted before being sent over the network to the election server. From there, the encrypted vote is tied to your account in the database, and to its encrypted tracking code.
When the election ends, the tallying process can commence. The election authority retrieves all encrypted pairs consisting of trackers and their respective votes. The election authority then decrypts and reveals the trackers and the votes that correspond to them. These pairs are displayed in the clear. Again, these calculations are audited in order to ensure that they were carried out correctly. At this point, no one knows his\her tracking code. The voter is now faced with two options as explained below.
After all votes have been published with their tracking codes, the election authority needs to give you the secret data computed in step 1, to let you retrieve your tracking code. As a reminder, before the election starts, the secret information required to open the tracker on your side was computed and kept hidden. This information can now be sent over to you. This data can only be used by you to compute your own unique tracking code. You can now compute this code and check if your vote has been recorded correctly.
If someone is asking you to reveal your vote for any reason (coercion, vote buying), it is possible for you to deny your vote. Indeed, as the list of trackers and votes are available after the tallying process, you may choose any tracking code that will please the coercer and ask to be notified with this tracking code instead of your code. Selene will compute fake secret data which will open to the tracking code of your choice.
We care about your privacy. As explained above:
Selene was devised at the APSIA research group of the SnT interdisciplinary center at the University of Luxembourg.