Detecting compromised ballots
First Claim
1. A method in a data processing system for discerning corruption of an electronic ballot, comprising:
- in a voter computer system;
receiving a ballot choice selected by a voter from among a set of valid ballot choices;
encoding the received ballot choice in a ballot;
encrypting the ballot;
constructing a validity proof proving that the encrypted ballot corresponds to a valid ballot choice;
sending the encrypted ballot and the validity proof to a vote collection center computer system;
in the vote collection center computer system;
receiving the encrypted ballot and validity proof;
verifying the validity proof;
only if the validity proof is successfully verified;
without decrypting the encrypted ballot, generating an encrypted vote confirmation of the encrypted ballot;
sending the encrypted vote confirmation to the voter computer system;
in the voter computer system;
receiving the encrypted vote confirmation;
decrypting the encrypted vote confirmation to obtain a vote confirmation;
displaying the obtained vote confirmation; and
if a confirmation dictionary in the user'"'"'s possession does not translate the displayed vote confirmation to the ballot choice selected by the voter, determining that the ballot has been corrupted.
5 Assignments
0 Petitions
Accused Products
Abstract
A facility for discerning corruption of an electronic ballot is described. The facility sends from a first computer system to a second computer system an encrypted ballot that reflects a ballot choice selected by a voter. The facility then sends a confirmation from the second computer system to the first computer system, which serves to convey the decrypted contents of the encrypted ballot as received at the second computer system, and which is generated without decrypting the encrypted ballot. In the first computer system, the facility uses the confirmation to determine whether the decrypted contents of the encrypted ballot as received at the second computer system match the ballot choice selected by the voter.
-
Citations
50 Claims
-
1. A method in a data processing system for discerning corruption of an electronic ballot, comprising:
-
in a voter computer system;
receiving a ballot choice selected by a voter from among a set of valid ballot choices;
encoding the received ballot choice in a ballot;
encrypting the ballot;
constructing a validity proof proving that the encrypted ballot corresponds to a valid ballot choice;
sending the encrypted ballot and the validity proof to a vote collection center computer system;
in the vote collection center computer system;
receiving the encrypted ballot and validity proof;
verifying the validity proof;
only if the validity proof is successfully verified;
without decrypting the encrypted ballot, generating an encrypted vote confirmation of the encrypted ballot;
sending the encrypted vote confirmation to the voter computer system;
in the voter computer system;
receiving the encrypted vote confirmation;
decrypting the encrypted vote confirmation to obtain a vote confirmation;
displaying the obtained vote confirmation; and
if a confirmation dictionary in the user'"'"'s possession does not translate the displayed vote confirmation to the ballot choice selected by the voter, determining that the ballot has been corrupted. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 16, 17, 18, 19, 20)
-
-
12. A computer-readable medium whose content cause a data processing system to discern corruption of an electronic ballot by:
-
in a voter computer system;
receiving a ballot choice selected by a voter from among a set of valid ballot choices;
encoding the received ballot choice in a ballot;
encrypting the ballot;
constructing a validity proof proving that the encrypted ballot corresponds to a valid ballot choice;
sending the encrypted ballot and the validity proof to a vote collection center computer system;
in the vote collection center computer system;
receiving the encrypted ballot and validity proof;
verifying the validity proof;
only if the validity proof is successfully verified;
without decrypting the encrypted ballot, generating an encrypted vote confirmation of the encrypted ballot;
sending the encrypted vote confirmation to the voter computer system;
in the voter computer system;
receiving the encrypted vote confirmation;
decrypting the encrypted vote confirmation;
displaying the decrypted vote confirmation; and
if a confirmation dictionary in the user'"'"'s possession does not translate the displayed decrypted vote confirmation to the ballot choice selected by the voter, determining that the ballot has been corrupted.
-
-
13. A method in a data processing system for discerning corruption of an electronic ballot, comprising, in a voting node:
-
using a secret maintained in the voting node to encrypt a ballot value selected by a voter;
sending the encrypted ballot value to a vote collection point;
receiving, in response to sending the encrypted ballot, an encrypted vote confirmation;
using the secret maintained in the voting node to decrypt the encrypted vote confirmation; and
displaying the decrypted vote confirmation, such that the displayed vote confirmation may be compared to an expected vote confirmation for the ballot value selected by the voter to determine whether the electronic ballot has been corrupted.
-
-
21. A computer-readable medium whose contents cause a voting node to discern corruption of an electronic ballot by:
-
using a secret maintained in the voting node to encrypt a ballot value selected by a voter;
sending the encrypted ballot value to a vote collection point;
receiving, in response to sending the encrypted ballot, an encrypted vote confirmation; and
applying the secret maintained in the voting node to the encrypted vote confirmation to determine whether the secret value confirmation reflects receipt of the ballot value selected by the voter at the vote collection point. - View Dependent Claims (22, 23, 26, 27, 28, 30, 31, 32)
-
-
24. One or more computer memories collectively containing a voter security data structure, the data structure containing one or more secrets usable both (a) to encrypt an encoded ballot for transmission to a ballot collection point, and (b) to decrypt an encrypted ballot confirmation received from the ballot collection point, which indicates the contents of the ballot as received at the ballot collection point.
-
25. One or more computer memories collectively containing a ballot data structure, the ballot data structure comprising:
-
an encrypted ballot choice formed by encrypting one of a plurality of valid ballot choices selected by a voter in a voter computer system;
a proof of validity that demonstrates that the encrypted ballot choice constitutes an encryption of one of the plurality of valid ballot choices without indicating which of the plurality of valid ballot choices the encrypted ballot choice constitutes an encryption of; and
an encrypted ballot confirmation generated in response to the receipt in a ballot collection center computer system of the encrypted ballot choice and proof of validity.
-
-
29. A method in a data processing system for discerning corruption of an electronic ballot, comprising, in a ballot receiving node:
-
receiving an encrypted ballot value from a ballot sending node, the encrypted ballot value being encrypted from a ballot value based on a voter selection using a secret not available in the ballot receiving node;
generating from the encrypted ballot value an encrypted secret value confirmation that indicates to those in possession of the secret used to encrypt the encrypted ballot value the ballot value to which the received encrypted ballot value corresponds; and
sending the encrypted secret value confirmation to the ballot sending node, such that the encrypted secret value confirmation may be used in the ballot sending node to determine if the encrypted ballot value received at the ballot receiving node corresponds to the ballot selection made by the voter.
-
-
33. A ballot receiving node for discerning corruption of an electronic ballot, comprising:
-
a receiver that receives an encrypted ballot value from a ballot sending node, the encrypted ballot value being encrypted from a ballot value derived from a selection made by a voter using a secret not available in the ballot receiving node;
a confirmation generation subsystem that generates from the encrypted ballot value an encrypted secret value confirmation that indicates to those in possession of the secret used to encrypt the encrypted ballot value the ballot value to which the received encrypted ballot value corresponds; and
a transmitter that sends the encrypted secret value confirmation to the ballot sending node. - View Dependent Claims (35, 36, 38, 39, 40, 41)
-
-
34. One or more generated data signals collectively conveying a ballot response data structure containing an encrypted ballot confirmation generated in response to the receipt at a ballot collection point of a ballot cast by a voter, the encrypted ballot confirmation, when decrypted on behalf of the voter, indicating a voting selection made by the voter in the cast ballot as received at the ballot collection point.
-
37. A method in a data processing system for discerning corruption of an electronic ballot, comprising:
-
sending an encrypted ballot from a first computer system to a second computer system, the encrypted ballot reflecting a ballot choice selected by a voter;
sending a confirmation from the second computer system to the first computer system, the confirmation serving to convey the decrypted contents of the encrypted ballot as received at the second computer system, the confirmation being generated without decrypting the encrypted ballot; and
in the first computer system, displaying the confirmation, so that the voter can determine whether the decrypted contents of the encrypted ballot as received at the second computer system match the ballot choice selected by the voter.
-
-
42. A computer-readable medium whose contents cause a data processing system to discern corruption of an electronic ballot by:
-
sending an encrypted ballot from a first computer system to a second computer system, the encrypted ballot reflecting a ballot choice selected by a voter;
sending a confirmation from the second computer system to the first computer system, the confirmation serving to convey the decrypted contents of the encrypted ballot as received at the second computer system, the confirmation being generated without decrypting the encrypted ballot; and
in the first computer system, displaying the confirmation, so that the voter can determine whether the decrypted contents of the encrypted ballot as received at the second computer system match the ballot choice selected by the voter. - View Dependent Claims (43, 44, 48, 49)
-
-
45. A method in a voting computing system for detecting the compromise of an electronic ballot sent to a ballot collection point, comprising:
-
receiving from the ballot collection point an encrypted confirmation of the contents of an encrypted ballot received at the ballot collection point; and
using a secret maintained on the voting computer system to decrypt and display the confirmation to the voter, such that the voter may compare the displayed confirmation to a confirmation expected by the voter based on a ballot choice selected by the voter to determine whether the electronic ballot was compromised.
-
-
46. A computer-readable medium whose contents cause a voting computing system to detect the compromise of an electronic ballot sent to a ballot collection point by:
-
receiving from the ballot collection point an encrypted confirmation of the contents of an encrypted ballot received at the ballot collection point; and
using a secret maintained on the voting computer system to decrypt and display the confirmation to the voter, such that the voter may compare the displayed confirmation to a confirmation expected by the voter based on a ballot choice selected by the voter to determine whether the electronic ballot was compromised.
-
-
47. A method in a ballot collection computer system for detecting the compromise of an electronic ballot, comprising:
-
receiving the electronic ballot, the electronic ballot containing an encrypted ballot choice;
determining that the received encrypted ballot choice is not accompanied by a valid validity proof that proves that the encrypted ballot choice constitutes the encryption of one of a plurality of permissible ballot choices; and
in response to so determining, determining that the generated first ballot has been compromised.
-
-
50. A ballot collection computer system for detecting the compromise of an electronic ballot, comprising:
-
means for receiving the electronic ballot, the electronic ballot containing an encrypted ballot choice;
means for determining that the received encrypted ballot choice is not accompanied by a valid validity proof that proves that the encrypted ballot choice constitutes the encryption of one of a plurality of permissible ballot choices; and
means for, in response to so determining, determining that the generated first ballot has been compromised.
-
Specification