Writing a Verifier
To write a basic verifier there are two main parts:
1. Ballot Verifier
2. Decryption Verifier
To build a complete verifier consists of verifying the integrity of every ballot cast in an election and verifying that the aggregate ballot (formed by combining each of he individual cast ballots) and that all of the spoiled ballots have been correctly decrypted.
The steps provided by Dr. Josh Benaloh himself are listed here:
π Building a Verifier
π Verifier Construction
This example verifier was completed by a set of Josh Benaloh's students at University of Washington:
π Example Verifier by Rainbow Huang
The Ask
We'd love to see any part of a verifier.
- Grab our sample data
- Code your verifier
Note: Any language and any verifier counts. Verify just a single step or write a Ballot Verifier, Decryption Verifier, or complete Election Verifier.
- Push it to GitHub
- Create a PR to add your name and repo to the verifier list.
Ballot Verifier
Note: All steps reference Verifier Construction Document
Ballot verification consists of steps 3 and 4.
- Step 3 serves to verify that each encryption (corresponding to a selection made by a voter) is either an encryption of one (indicating that the voter selected this option) or an encryption of zero (indicating that the voter did not select this option). When the ballots are aggregated, each component will consist of an encryption of the number of times that option was selected β i.e., the tally. A malicious voting device could β possibly in collusion with a willing voter β encrypt a value other than one or zero and thereby compromise the integrity of the tally. Successful verification of the step 3 equations ensures that ballots are correctly formed.
- Step 4 serves to verify that the number of options selected for a contest to not exceed a pre-assigned limit (usually one). For instance, in most elections, a ballot should not be allowed to cast a vote for more than one option. This step can be omitted for yes/no referenda (voting both yes and no is equivalent to voting for neither) and for approval votes in which voters are permitted to vote for as many options s they wish.
Decryption Verifier
Note: All steps reference Verifier Construction Document
A decryption verifier serves to verify the correct decryption of a ballot and is normally applied to either an individual spoiled ballot (consisting entirely of encryptions of ones and zeros) or an aggregate ballot (consisting of encryptions of the election tallies). The decryption verification consists of steps 6 through 9 β although steps 7 and 8 can be omitted when all guardians have completed their election tasks.
- Step 6 begins with two equations that confirm that all individual cast ballots have been correctly aggregated. (This is omitted when applied to a single spoil ballot.) The remaining equations verify that the partial decryptions done by each guardian are correct.
- Steps 7 and 8 (Optional) confirm that any decryption data which one or more guardians has failed to provide have been correctly substituted for by a quorum of other guardians.
- Step 9 confirms that the partial decryptions provided by the guardians have been correctly combined to form a full decryption.
Above and Beyond
Note: All steps reference Verifier Construction Document
If you want more verification goodness, there are a few remaining steps to full verification of an election that are described here for completeness.
- Step 1 serves to verify the suitability of the parameters used in an election.
- Step 2 serves to verify the integrity of the public keys published by the election guardians. Although public verification of this step is desirable, it would suffice to have the guardians simply take responsibility for checking each other.
- Step 5 serves to verify that the ballots in an election have been correctly linked. This makes it more difficult for an election administrator to simply discard ballots in hopes that no one will notice.
- Step 10 is implicitly included within the description of the decryption verifier.
Stuck?
Post questions here or send them to [email protected]