Bingo voting
Encyclopedia
Bingo voting is a cryptographic protocol for transparent, secure end-to-end auditable
electronic voting. It was introduced in 2008 by German researchers.
The following is a simplified description of the process.
Before the election, the process begins by generating as many large random numbers for each candidate as there are voters. This results in a set of "dummy" random numbers for each candidate, which is published publicly. This is the "commitment" phase of the election.
Then, at the voting booth, each voter is issued a fresh random number. To ensure that everyone has confidence in the true randomness of these numbers, it is suggested that a simple, transparent random number generator be placed in the voting booth, such as a mechanical "bingo" number generator, the kind with numbered balls inside a spinning cage. The voter places this fresh random number on the (virtual) ballot next to their chosen candidate. The other candidates get "dummy" random numbers from their pool. Each dummy random number is used on only one ballot.
A single "ballot" then consists of one random number for each candidate. All of these will be numbers from the dummy list, except for the voter's choice which will be different and not on any of the published lists. All ballots are published publicly—without, of course any identifying information. The voter gets a receipt for their own personal random ballot, but no one else knows it.
The votes for each candidate are tallied by counting the number of numbers marked next to their name on all ballots which do not appear on their previously published dummy list. Anyone can view the published ballots and verify the count, and any single voter can search the list for their own private random number to ensure that their vote was counted exactly once, and for the correct candidate.
As described, this scheme does not ensure against coercion and vote buying, because the receipt can be used to prove that the voter cast their ballot for a specific candidate. A real version of the protocol hides the dummy votes using cryptographic commitments
-- this is akin to placing the dummy votes in "sealed envelopes." After the election, only the unused dummy vote numbers are revealed; the number of votes for each candidate can be determined by subtracting the number of unused dummy votes from the number of voters. In this way, a ballot receipt does not show who the voter selected, because the dummy votes for the other choices are still hidden (in "unopened" commitments) and are thus not distinguishable from the non-dummy random number issued in the voting booth.
Finally, the correctness of the election—the fact that each cast ballot contains exactly one non-dummy vote—is proven through a zero knowledge proof that still does not reveal who each ballot was cast for.
End-to-end auditable voting systems
End-to-end auditable or end-to-end voter verifiable systems are voting systems with stringent integrity properties and strong tamper-resistance. E2E systems often employ cryptographic methods to craft receipts that allow voters to verify that their votes were not modified, without revealing which...
electronic voting. It was introduced in 2008 by German researchers.
The following is a simplified description of the process.
Before the election, the process begins by generating as many large random numbers for each candidate as there are voters. This results in a set of "dummy" random numbers for each candidate, which is published publicly. This is the "commitment" phase of the election.
Then, at the voting booth, each voter is issued a fresh random number. To ensure that everyone has confidence in the true randomness of these numbers, it is suggested that a simple, transparent random number generator be placed in the voting booth, such as a mechanical "bingo" number generator, the kind with numbered balls inside a spinning cage. The voter places this fresh random number on the (virtual) ballot next to their chosen candidate. The other candidates get "dummy" random numbers from their pool. Each dummy random number is used on only one ballot.
A single "ballot" then consists of one random number for each candidate. All of these will be numbers from the dummy list, except for the voter's choice which will be different and not on any of the published lists. All ballots are published publicly—without, of course any identifying information. The voter gets a receipt for their own personal random ballot, but no one else knows it.
The votes for each candidate are tallied by counting the number of numbers marked next to their name on all ballots which do not appear on their previously published dummy list. Anyone can view the published ballots and verify the count, and any single voter can search the list for their own private random number to ensure that their vote was counted exactly once, and for the correct candidate.
As described, this scheme does not ensure against coercion and vote buying, because the receipt can be used to prove that the voter cast their ballot for a specific candidate. A real version of the protocol hides the dummy votes using cryptographic commitments
Commitment scheme
In cryptography, a commitment scheme allows one to commit to a value while keeping it hidden, with the ability to reveal the committed value later. Commitments are used to bind a party to a value so that they cannot adapt to other messages in order to gain some kind of inappropriate advantage...
-- this is akin to placing the dummy votes in "sealed envelopes." After the election, only the unused dummy vote numbers are revealed; the number of votes for each candidate can be determined by subtracting the number of unused dummy votes from the number of voters. In this way, a ballot receipt does not show who the voter selected, because the dummy votes for the other choices are still hidden (in "unopened" commitments) and are thus not distinguishable from the non-dummy random number issued in the voting booth.
Finally, the correctness of the election—the fact that each cast ballot contains exactly one non-dummy vote—is proven through a zero knowledge proof that still does not reveal who each ballot was cast for.
See also
- End-to-end auditable voting systemsEnd-to-end auditable voting systemsEnd-to-end auditable or end-to-end voter verifiable systems are voting systems with stringent integrity properties and strong tamper-resistance. E2E systems often employ cryptographic methods to craft receipts that allow voters to verify that their votes were not modified, without revealing which...
- Electronic VotingElectronic votingElectronic voting is a term encompassing several different types of voting, embracing both electronic means of casting a vote and electronic means of counting votes....
- PunchscanPunchscanPunchscan is an optical scan vote counting system invented by cryptographer David Chaum. Punchscan is designed to offer integrity, privacy, and transparency. The system is voter-verifiable, provides an end-to-end audit mechanism, and issues a ballot receipt to each voter...
- ScantegrityScantegrityScantegrity is a security enhancement for optical scan voting systems, providing such systems with end-to-end verifiability of election results. It uses confirmation codes to allow a voter to prove to themselves that their ballot is included unmodified in the final tally. The codes are...
- ThreeBallotThreeBallotThreeBallot is a voting protocol invented by Ron Rivest.ThreeBallot is an end-to-end auditable voting system that can in principle be implemented on paper. The goal in its design was to provide some of the benefits of a cryptographic voting system without using cryptography.A vote cannot be both...
- FarnelFarnelFarnel—this word means basket in Portuguese—is a paper based voting protocol conceived by Ricardo Felipe Custódio in 2001. His master student Augusto Jun Devegili was responsible for the name and for the first electronic version of the protocol. Roberto Araujo takes Farnel and has proposed severals...