Selene: Voter-Friendly, Receipt-Free Verification

If it takes a 56 page PDF to explain, and an explanation on encryption... it&#x27;s too complex.<p>Just do it with paper, have multiple observers, never count to more than 10 (10 slips = 1 bundle, then count 10 bundles and make 1 large bundle, etc).<p>Basically, I like the UK way. It&#x27;s not even slow, the whole country gets the results before they wake up the next morning.<p>The whole thing can be verified, and it can be reverified easily later.

I don&#x27;t think looking at this as a replacement for the existing ballot system is the right way to look at it. For the kinds of elections that are currently conducted, the current ballot systems may be sufficient, and even preferable, as other posters have argued.<p>In my opinion, research into new, more technical voting systems are not about our existing elections, but about new types of &#x27;assessments of opinion&#x27; (AOO) differentiated from the current understanding of an &#x27;election&#x27;.<p>For example, current systems assume that &#x27;elections&#x27; occur relatively infrequently, are restricted to a certain number of choices, and that the person voting is sharing only their own opinion.<p>However, if we wanted to implement a system in which legislative decisions (proposing and passing laws, let&#x27;s say) were made by the population as a whole, possibly several times per day, in a geographically distributed manner and supporting both direct and indirect delegation, any system that is intrinsically based on a paper ballot is not a feasible solution. Perhaps we&#x27;d also want to support conditional delegation as well; for example, this person receives my vote for topics localized to a 30 mile radius, while person B receives my vote for topics related to privacy protections, and so on (with additional rules for preemption&#x2F;disambiguation, etc).<p>It wouldn&#x27;t even necessarily have to be used for traditional governance - it could scale to be used for voting with a group of friends, a business, a shared-interest group, etc.<p>This is obviously a very tricky problem to solve, particularly if you add (optionally?) other requirements such as verifiability, secrecy, and so on. I haven&#x27;t read the full PDF posted by the author, but I think it&#x27;s likely that the proposed system solves only a portion of the problems described above, given the complexity of the requirements.<p>That being said, I certainly don&#x27;t think saying &quot;paper is always the way to go, because it&#x27;s the simplest&quot; or &quot;these kinds of developments are solutions in search of a problem&quot; are constructive. Addressing the weaknesses of a specific solution is one thing, but saying that the existing ballot system is optimal (particularly given the audience of HN) is a surprising sentiment to see here. Sufficiently long-standing problems (are capitols necessary?) may not be immediately visible to us, but that doesn&#x27;t mean they aren&#x27;t there, and we should strive to be open-minded - even towards imperfect solutions.<p>Just my 3 cents.

The gist of the method of verification, from the linked slide deck:<p><pre><code> Typically, voters get a “protected receipt”, i.e. an encrypted&#x2F;encoded version of their vote. Cast receipts are posted to a secure web bulletin board. Voters can verify that their receipt is correctly posted. A (universally) verifiable, anonymising tabulation is performed on the posted receipts.</code></pre>

buro9 hit the nail on the head. The most important, often neglected, issue is that voters will understand and trust it. I&#x27;ve been digging through voting schemes for a while trying to find this one requirement. Fortunately, I did find one in a discussion on Schneier&#x27;s blog:<p>Scantegrity voting scheme <a href="https:&#x2F;&#x2F;web.archive.org&#x2F;web&#x2F;20110324052432&#x2F;http:&#x2F;&#x2F;www.scantegrity.org&#x2F;" rel="nofollow">https:&#x2F;&#x2F;web.archive.org&#x2F;web&#x2F;20110324052432&#x2F;http:&#x2F;&#x2F;www.scante...</a><p><a href="https:&#x2F;&#x2F;web.archive.org&#x2F;web&#x2F;20110728002210&#x2F;http:&#x2F;&#x2F;www.scantegrity.org&#x2F;learnmore.php" rel="nofollow">https:&#x2F;&#x2F;web.archive.org&#x2F;web&#x2F;20110728002210&#x2F;http:&#x2F;&#x2F;www.scante...</a><p>I&#x27;d still like to see experts in cryptography and voting architecture do a thorough evaluation of its security. However, the process is simple enough that about any location should be able to implement it and about any person use it. I mean, there might be modifications for accessibility reasons. Second link has the papers.<p>Anyway, what do you all think about Scantegrity in general and as a default recommendation for secure voting?

Did you know btw that in the UK your vote is not really private: there is a serial number on the ballot that is noted down against your name in the register?!

As the author of the Selene scheme and the talk i should add some clarifications:<p>Selene is explicitly <i>not</i> intended for high-stakes, binding votes to elections. It amy be suitable for some forms of election, e.g. of officials of professional bodies, student societies etc., in the way that say Helios has been used. I want to stress that I, like many, in the verifiable voting domain do not advocate internet voting for serious elections. we currently know of no scheme that provides sufficient levels of verifiability, coercion resistance and usability.<p>A primary goal of Selene is to make the verifiability step as simple and understandable as possible. In contrast to most existing E2E verifiable schemes voters do not have to handle encrypted ballots to perform the verification, they simply look up their vote in the clear on the WBB using their private tracker. Of course, making the verification so transparent, as opposed to the usual practice of checking the presence of an encrypted ballot, has its costs in terms of receipt-freeness and coercion resistance, but we have tried as far as possible to mitigate these.<p>The scheme does use some fairly sophisticated crypto but as far as possible this is all under the bonnet as far as the voter is concerned. Of course, to understand the arguments for the security claims would require at least some superficial understanding of the crypto, but my guess is that most voters will not be that interested, or will be happy to accept the evaluation of experts.<p>I don&#x27;t believe that it takes 59 or whatever slides to explain the key features of the system:<p>there are constructions, transparent to the voter but verifiable by expert, interested parties to guarantee<p>that no two voters get the same tracker.<p>There is a mechanism to notify voters of their tracker after the trackers and votes have been posted in the clear.<p>The fact that voters learnt their tracker only after the posting of this information helps mitigate the obvious coercion strategy: ask the voter to reveal her tracker.<p>The notification is set up in such a way that a coercer voter can fake it to appear to reveal an alternative tracker, pouting to the coercer&#x27;s vote.<p>verifying your vote is simple: look up your tracker and check that the vote alongside it is correct. and this is of course in any case optional, voters can just vote and go.<p>much of the content of the slides is just discussing the background, contrast with other E2E schemes etc.<p>A paper describing the scheme in detail will be available shortly. I welcome feedback.

the scheme does not require 56 pages or whatever to explain. there is some crypto under the bonnet that is designed to guarantee essentially the following:<p>1 every vote will get a unique tracker number<p>2 the voter is notified of his or her tracker after the votes&#x2F;trackers have been posted to the Web Bulletin Board. This is to give a coerced voter the chance to identify a tracker number that points to the coercer&#x27;s required vote.<p>3 each voter is notified of her&#x2F;his tracker in a way that allows them to deny it and claim another tracker that points to the vote demanded by the coercer (which they identified in 2).

Can this system be understood and verified by a 5 year old?