About the SA Blog Network

Guest Blog

Guest Blog

Commentary invited by editors of Scientific American
Guest Blog HomeAboutContact

Assuring the Integrity of Voting Using Cryptography

The views expressed are those of the author and are not necessarily those of Scientific American.

Email   PrintPrint

American voters have no way of knowing that our votes have been counted, or counted correctly. We go to the polls and we punch buttons on a screen or fill out paper ballots and put them in a box, but we don’t know if the electronic voting machine works correctly, if the ballot box made it to the election office, or if the ballots have been accurately tallied. The rise of electronic voting machines with secret, proprietary software has only made these problems worse.

Ron Rivest. Image by Julie Rehmeyer

Ron Rivest. Image by Julie Rehmeyer

On Monday, laureate Ron Rivest, one of the inventors of the RSA cryptography algorithm that underlies most secure internet transactions, described the work he and others have done to use cryptography to solve these problems.

The starting place for his work is simple, though not an acceptable solution in itself: Imagine that when a vote was recorded, it was registered on a website for everyone to see. Then voters could go home, check the website, and know that their vote was accurately recorded. Furthermore, since all the data would be publicly available, anyone interested could count up the results and check the election officials’ work.

The problem with this is that people often don’t want other people to be able to see whom they voted for. Furthermore, such a system would raise the prospect of vote selling, since anyone could prove whom they voted for (even now, that’s a problem with voting by mail, and that’s one of the central reasons that Rivest strongly opposes the idea of internet voting).

So in Rivest’s plan, when a voter is given a record of his vote, it’s encrypted. If the voter wants, he can have the machine decrypt it on the spot to check it and then re-encrypt it, assuring himself of its accuracy. He can then take the encrypted version home and check that it’s been recorded — though at home, he can’t decrypt it to see whom he voted for, and hence can’t prove to anyone else whom he voted for.

The next step is to tally up the votes, while assuring everyone that you’re doing so accurately. Essentially, this can be done by decoupling the votes from the names of the voters, decrypting them, and then making the full list of votes public. Then anyone inclined to can perform the tally themselves.

The details of this kind of scheme quickly get very complex, because you have can’t trust anyone in the process and have to design the system to be both transparent and fully resistant to malfeasance. But this is the basic outline.

A number of systems along these lines have been created, including one that Rivest was involved in called Scantegrity, which Tacoma Park, Maryland used for both its 2009 and 2011 elections. The problem, Rivest says, is that Scantegrity was developed by academics and doesn’t have a big marketing team to push it. Change in voting systems tends to happen slowly, because the decisions are made county by county, and election officials are beholden to many different constituencies. He’s currently most encouraged by an effort spearheaded by a county election official in Austin, Texas, who decided that none of the current systems are adequate for her needs, so she’s gotten the help of academics and others to design a new system from scratch incorporating these methods. Another election official in Los Angeles is leading a similar effort.

“I’m optimistic,” Rivest says. “I think the concerns of the academics are beginning to have an impact.”


This blog post originates from the official blog of the 1st Heidelberg Laureate Forum (HLF) which takes place September 22 – 27, 2013 in Heidelberg, Germany. 40 Abel, Fields, and Turing Laureates will gather to meet a select group of 200 young researchers. Julie Rehmeyer is a member of the HLF blog team. Please find all her postings on the HLF blog.

Julie Rehmeyer About the Author: Julie Rehmeyer is a freelance math and science writer who writes the Math Trek column at Science News. She also writes frequently for Discover Magazine and Wired. She studied algebraic topology at the Massachusetts Institute of Technology. Follow on Twitter @julierehmeyer.

The views expressed are those of the author and are not necessarily those of Scientific American.

Comments 2 Comments

Add Comment
  1. 1. OgreMk5 9:17 am 09/27/2013

    I was asked to be a “civilian” representative at a vote count. I had no idea how unsecure these systems were. I don’t remember which brand of voting machines were used, but each machine stored the votes in a txt file. That file was uploaded to a USB drive and driven to the central polling place where the USB drive was stuck into a computer and uploaded.

    Anyone with a laptop could have reviewed (and potentially changed) the files on the drive over to the polling place.

    I asked the vendor’s representative about encryption and he said that it was too complex when there are hundreds of voting machines.

    I refused to sign the “voting security” form that the viewers of the process were asked to sign. It stated that the voting process was secure and that no tampering had taken place.

    Link to this
  2. 2. dburress 6:30 pm 10/25/2013

    This plan has a fatal flaw: the voter has no way know that the decrypted version he sees accurately represents his recorded vote. To help avoid that defect, the decryption machine must be unconnected to the vote recording machine. But if it is a stand alone machine then there are multiple machines able to decrypt. And if so one such machine might be used to facilitate sales of votes.
    Another possible flaw is that many voters will not bother to check. An insider observer who notes who checked could later arrange to change the recorded vote for that voter.
    There already exists a much simpler system: machine printed ballots. after the voter votes, he sees his vote printed out on paper which is then deposited as the official record in case of recount. This is considerably more transparent than encryption. The extra paper costs are worth the security.
    David Burress
    Kansas Progress Institute

    Link to this

Add a Comment
You must sign in or register as a member to submit a comment.

More from Scientific American

Email this Article