![Page 1: The Current State of Cryptographic Election Protocols Josh Benaloh Microsoft Research](https://reader030.vdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2f309/html5/thumbnails/1.jpg)
The Current StateThe Current Stateof Cryptographicof Cryptographic
Election ProtocolsElection Protocols
Josh BenalohMicrosoft Research
![Page 2: The Current State of Cryptographic Election Protocols Josh Benaloh Microsoft Research](https://reader030.vdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2f309/html5/thumbnails/2.jpg)
So, you want to hold an election …
![Page 3: The Current State of Cryptographic Election Protocols Josh Benaloh Microsoft Research](https://reader030.vdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2f309/html5/thumbnails/3.jpg)
Fundamental Decision
You have essentially two paradigms to choose from …
• Anonymized Ballots
• Ballotless Tallying
![Page 4: The Current State of Cryptographic Election Protocols Josh Benaloh Microsoft Research](https://reader030.vdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2f309/html5/thumbnails/4.jpg)
Anonymized Ballots
![Page 5: The Current State of Cryptographic Election Protocols Josh Benaloh Microsoft Research](https://reader030.vdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2f309/html5/thumbnails/5.jpg)
Ballotless Tallying
![Page 6: The Current State of Cryptographic Election Protocols Josh Benaloh Microsoft Research](https://reader030.vdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2f309/html5/thumbnails/6.jpg)
A Fundamental Trade-Off
• Ballots simplify write-ins and other “non-standard” options.
• Non-standard options can compromise privacy.
![Page 7: The Current State of Cryptographic Election Protocols Josh Benaloh Microsoft Research](https://reader030.vdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2f309/html5/thumbnails/7.jpg)
The Mix-Net Paradigm
Chaum (1981) …
![Page 8: The Current State of Cryptographic Election Protocols Josh Benaloh Microsoft Research](https://reader030.vdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2f309/html5/thumbnails/8.jpg)
The Mix-Net Paradigm
![Page 9: The Current State of Cryptographic Election Protocols Josh Benaloh Microsoft Research](https://reader030.vdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2f309/html5/thumbnails/9.jpg)
The Mix-Net Paradigm
MIX
Vote
Vote
Vote
Vote
![Page 10: The Current State of Cryptographic Election Protocols Josh Benaloh Microsoft Research](https://reader030.vdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2f309/html5/thumbnails/10.jpg)
The Mix-Net Paradigm
MIX
Vote
Vote
Vote
Vote
![Page 11: The Current State of Cryptographic Election Protocols Josh Benaloh Microsoft Research](https://reader030.vdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2f309/html5/thumbnails/11.jpg)
The Mix-Net Paradigm
MIX
Vote
Vote
Vote
Vote
MIX
![Page 12: The Current State of Cryptographic Election Protocols Josh Benaloh Microsoft Research](https://reader030.vdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2f309/html5/thumbnails/12.jpg)
The Homomorphic Paradigm
Benaloh (Cohen), Fischer (1985) …
![Page 13: The Current State of Cryptographic Election Protocols Josh Benaloh Microsoft Research](https://reader030.vdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2f309/html5/thumbnails/13.jpg)
The Homomorphic Paradigm
Tally
![Page 14: The Current State of Cryptographic Election Protocols Josh Benaloh Microsoft Research](https://reader030.vdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2f309/html5/thumbnails/14.jpg)
The Homomorphic Paradigm
Tally
![Page 15: The Current State of Cryptographic Election Protocols Josh Benaloh Microsoft Research](https://reader030.vdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2f309/html5/thumbnails/15.jpg)
Some Principles of Election Protocols
• Privacy
• Verifiability
• Robustness
• Coercibility
![Page 16: The Current State of Cryptographic Election Protocols Josh Benaloh Microsoft Research](https://reader030.vdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2f309/html5/thumbnails/16.jpg)
Privacy
• Only one voter?
• A unanimous tally?
• Unanimous less one?
• Copy cats?
• Free-form ballots?
![Page 17: The Current State of Cryptographic Election Protocols Josh Benaloh Microsoft Research](https://reader030.vdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2f309/html5/thumbnails/17.jpg)
Verifiability
• By single trusted party?
• By trusted committee?
• By each voter?
• By observers?
![Page 18: The Current State of Cryptographic Election Protocols Josh Benaloh Microsoft Research](https://reader030.vdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2f309/html5/thumbnails/18.jpg)
Robustness
• Against faulty/malicious voter?
• Against faulty/malicious trustee?
• At what cost to privacy?
![Page 19: The Current State of Cryptographic Election Protocols Josh Benaloh Microsoft Research](https://reader030.vdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2f309/html5/thumbnails/19.jpg)
Coercibility
• Before the vote?
• During the vote?
• After the vote?
• By trustee, voter, or observer?
• Free-form ballots?
![Page 20: The Current State of Cryptographic Election Protocols Josh Benaloh Microsoft Research](https://reader030.vdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2f309/html5/thumbnails/20.jpg)
Some of the Authors
• Mix-Net: Chaum, Fujioka, Okamoto, Ohta, Pfitzmann, Waidner, Park, Itoh, Kurosawa, Michels, Horster, Sako, Kilian, Abe, Hirt, Jakobsson, Juels, Rivest, Furukawa, Neff, Golle, Zhong, Boneh
• Homomorphic: Benaloh, Fischer, Yung, Tuinstra, Sako, Kilian, Franklin, Cramer, Gennaro, Schoenmakers, Hirt, Kiayias
![Page 21: The Current State of Cryptographic Election Protocols Josh Benaloh Microsoft Research](https://reader030.vdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2f309/html5/thumbnails/21.jpg)
And the winner is …
The new robust mix-net protocols are practical and offer the most flexibility.
Much recent work has concentrated on efficiency improvements.
Issues remain concerning receipts and coercion.
Practical concerns focus on authentication and system integrity.