Publicly-verifiable elections

[MUSIC]  

[MUSIC FADES INTO SWEEPING SOUND]

JOSH BENALOH: Hello. I’m Josh Benaloh, senior cryptographer at Microsoft Research in Redmond.

We have a crisis of confidence in elections today. Both in the US and elsewhere, there are millions of voters who simply don’t believe the results of recent elections.

Now regardless of where you stand on the issues, we should all be able to acknowledge that elections in the US or anywhere in the world look pretty much the same, regardless of how much integrity they have. From the voter perspective, voters cast their votes, go home, wait for the results to be reported by the government, and are asked to simply trust the process.

We can do better than this.

We have technologies available that allow voters to confirm for themselves that their votes have been accurately recorded and counted in an election without having to trust any election software, any election hardware, even any election personnel.

Microsoft has built free, open-source tools which allow voters to do this kind of confirmation, and these tools can be integrated into new and existing systems so that elections can be made verifiable.

In partnership with the nonprofit Election Technology Initiative, Microsoft is deploying tools which have been used in at least five states thus far in public elections to achieve exactly this kind of verifiability in elections. I’m going to describe one such application of these tools, but they’re flexible and can be used in a variety of ways.

What I’m showing here is a precinct scanner produced by one of the major voting equipment companies in the US, Hart InterCivic. Voters can use this device by marking a paper ballot either by hand or with an assistive device. They then take their paper ballot, put it into the scanner, and the scanner will display for them the contents of the ballot. Voters are able to review these contents. If they like them, they can cast the ballot. If they don’t, they can ask that the ballot be canceled and continue.

At the same time, the ElectionGuard code is called by the device, which encrypts the ballot and produces a confirmation code which is given to a voter, the voter can use to see that their vote has been correctly recorded and eventually that it’s been correctly counted.

The way the counting is done is using homomorphic encryption. Homomorphic encryption allows the encrypted ballots to be combined into an encrypted tally without ever being individually decrypted, and the encrypted tally—and only the tally—is then decrypted to show what the results are without compromising the privacy of voters.

Voters are able to independently assess and confirm that the steps done have all been correct, that the homomorphic tallying is correct, that their votes have been properly recorded, and all on their own or by proxying to other people that they choose to trust. One of the major differences with this technology is voters are not forced to trust certain people or processes. They can choose where to place their trust or do everything on their own.

New research that’s taking place here at Microsoft is actually improving this process further by removing the encryptions and replacing encryptions by what are called cryptographic commitments. These commitments allow us to dispense with all of the cryptographic keys and all of the associated management. They make the process much, much simpler for election officials without encumbering voters in any way.

We very much look forward to building this and deploying this and trying to get more out into the real world. And if you’d like to learn more, please visit https://www.electionguard.vote/ or contact me.

Thank you very much.