Detecting compromised ballots
First Claim
1. A method in a computing system for confirming receipt of a ballot choice selected by a voter, comprising:
- receiving a first confirmation message from a first party, the content of the first confirmation message confirming the identity of a ballot choice received for the voter by a vote collection authority; and
receiving a second confirmation message from a second party that is independent of the first party, the content of the second confirmation message independently confirming the identity of the ballot choice received for the voter by the vote collection authority.
5 Assignments
0 Petitions
Accused Products
Abstract
A facility for transmitting a ballot choice selected by a voter is described. The facility encrypts the ballot choice with a first secret known only to the client to generate a first encrypted ballot component. The facility also encrypts the ballot choice with a second secret known only to the client, the second secret chosen independently of the first secret, to generate a second encrypted ballot component. The facility then generates a proof demonstrating that the first and second encrypted ballot components are encrypted from the same ballot choice. The facility sends the first and second encrypted ballot components and the proof to a vote collection computer system.
-
Citations
36 Claims
-
1. A method in a computing system for confirming receipt of a ballot choice selected by a voter, comprising:
-
receiving a first confirmation message from a first party, the content of the first confirmation message confirming the identity of a ballot choice received for the voter by a vote collection authority; and
receiving a second confirmation message from a second party that is independent of the first party, the content of the second confirmation message independently confirming the identity of the ballot choice received for the voter by the vote collection authority. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-readable medium whose contents cause a computing system to confirm receipt of a ballot choice selected by a voter by:
-
receiving a first confirmation message from a first party, the content of the first confirmation message confirming the identity of a ballot choice received for the voter by a vote collection authority; and
receiving a second confirmation message from a second party that is independent of the first party, the content of the second confirmation message independently confirming the identity of the ballot choice received for the voter by the vote collection authority.
-
-
10. A computing system for confirming receipt of a ballot choice selected by a voter, comprising:
a confirmation receipt subsystem that receives both a first confirmation message from a first party and a second confirmation message from a second party, the second party being distinct from the first party, the content of the first and second confirmation message each independently confirming the identity of a ballot choice received for the voter by a vote collection authority.
-
11. A computer memory device under the control of a voter containing a data structure for confirming receipt of a ballot choice selected by a voter, comprising:
-
a first confirmation message received from a first party, the content of the first confirmation message confirming the identity of a ballot choice received for the voter by a vote collection authority; and
a second confirmation message received from a second party that is independent of the first party, the content of the second confirmation message independently confirming the identity of the ballot choice received for the voter by the vote collection authority.
-
-
12. A method in a computing system for confirming receipt of a ballot choice selected by a voter, comprising:
-
sending to a first recipient via a first communications channel a confirmation dictionary for a first voter containing a list of ballot choice confirmation messages ordered in a first order; and
sending to the first recipient via a second communications channel that is distinct from the first communications channel a confirmation dictionary guide for the first voter indicating, for each of a plurality of valid ballot choices, a position in the first order containing a ballot choice confirmation message corresponding to the valid ballot choice, such that the first recipient may use the identity of the ballot choice selected by the first voter together with the confirmation dictionary guide to identify in the confirmation dictionary the ballot choice confirmation message corresponding to the ballot choice selected by the voter. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 21)
-
-
20. A computer-readable medium whose contents cause a computing system to confirm receipt of a ballot choice selected by a voter by:
-
sending to a recipient via a first communications channel a confirmation dictionary containing a list of ballot choice confirmation messages ordered in a first order; and
sending to the recipient via a second communications channel that is distinct from the first communications channel a confirmation dictionary guide indicating, for each of a plurality of valid ballot choices, a position in the first order containing a ballot choice confirmation message corresponding to that valid ballot choice, such that the recipient may use the identity of the ballot choice selected by the voter together with the confirmation dictionary guide to identify in the confirmation dictionary the ballot choice confirmation message corresponding to the ballot choice selected by the voter.
-
-
22. A computing system for confirming receipt of a ballot choice selected by a voter, comprising:
-
a first transmission system coupled to a first communications channel that sends to a recipient a confirmation dictionary containing a list of ballot choice confirmation messages ordered in a first order; and
a second transmission system coupled to a second communications channel that is distinct from the first communications channel that sends to the recipient a confirmation dictionary guide indicating, for each of a plurality of valid ballot choices, a position in the first order containing a ballot choice confirmation message corresponding to the valid ballot choice, such that the recipient may use the identity of the ballot choice selected by the voter together with the confirmation dictionary guide to identify in the confirmation dictionary the ballot choice confirmation message corresponding to the ballot choice selected by the voter. - View Dependent Claims (23, 24)
-
- 25. One or more generated data signals that collectively convey a randomized confirmation dictionary data structure, comprising a sequence of ballot confirmation strings, a subset of the ballot confirmation strings each corresponding to a different valid ballot choice, the order in which the ballot strings occur in the sequence being randomly selected, such that it cannot be determined without a separate confirmation dictionary guide which of the ballot confirmation strings in the sequence correspond to which valid ballot choices.
-
27. A method in a computing system for delivering a ballot choice selected by a voter, comprising:
-
in a client computer system;
encrypting the ballot choice with a first secret known only to the client to generate a first encrypted ballot component;
encrypting the ballot choice with a second secret known only to the client, the second secret chosen independently of the first secret, to generate a second encrypted ballot component;
generating a proof demonstrating that the first and second encrypted ballot components are encrypted from the same ballot choice; and
sending the first and second ballot components and the proof to a vote collection computer system;
in the vote collection computer system;
determining whether the proof demonstrates that the first and second encrypted ballot components are encrypted from the same ballot choice; and
only if the proof demonstrates that the first and second encrypted ballot components are encrypted from the same ballot choice, accepting the ballot choice. - View Dependent Claims (28, 29, 31)
-
-
30. The method of claim 29, further comprising generating the ballot confirmation by evaluating the expression
Vl=Kl{overscore (h)}β -
l(α
l+{overscore (α
)}l)m(d+1)β
lWhere p is prime;
g∈
Zp, which has prime multiplicative order q, with the property that q is a multiplicity 1 divisor of p−
1;
h∈
g;
{overscore (h)}∈
is h raised to the power d which is maintained as a secret;
α
∈
Zq and {overscore (α
∈
Z)}q are chosen randomly and independently at the voting node;
Ki∈
g;
β
i∈
Zq; and
m is the ballot choice, and by evaluating the expression{overscore (h)}β
land wherein these two evaluated expressions are sent to the client computer system as the ballot confirmation.
-
l(α
-
30-1. A method in a computing system for receiving a ballot choice selected by a voter, comprising:
-
receiving from a client computer system;
a first encrypted ballot choice encrypted with a first secret known only to the client to generate a first encrypted ballot component, a second encrypted ballot choice encrypted with a second secret known only to the client, the second secret chosen independently of the first secret, and a proof, and only where the proof demonstrates that the first and second encrypted ballot choices are encryptions of the same ballot choice, accepting the ballot choice.
-
-
32. A method in a computing system for transmitting a ballot choice selected by a voter, comprising:
-
encrypting the ballot choice with a first secret known only to the client to generate a first encrypted ballot component;
encrypting the ballot choice with a second secret known only to the client, the second secret chosen independently of the first secret, to generate a second encrypted ballot component;
generating a proof demonstrating that the first and second encrypted ballot components are encryptions of the same ballot choice; and
sending the first and second encrypted ballot components and the proof to a vote collection computer system.
-
-
33. A computer-readable medium whose contents cause a computing system to submit a ballot choice selected by a voter by:
-
encrypting the ballot choice with a first secret known only to the client to generate a first encrypted ballot component;
encrypting the ballot choice with a second secret known only to the client, the second secret chosen independently of the first secret, to generate a second encrypted ballot component;
generating a proof demonstrating that the first and second encrypted ballot components are encryptions of the same ballot choice; and
sending the first and second ballot components and the proof to a vote collection computer system.
-
-
34. One or more generated data signals together conveying an encrypted ballot data structure, comprising:
-
a first encrypted ballot choice encrypted with a first secret known only to a client computer system to generate a first encrypted ballot component, a second encrypted ballot choice encrypted with a second secret known only to the client computer system, the second secret chosen independently of the first secret, and a proof, and such that the ballot represented by the encrypted ballot data structure may be counted only where the proof demonstrates that the first and second encrypted ballot choices are encryptions of the same ballot choice.
-
-
36. A computer-readable medium whose contents cause a computing system to receive a ballot choice selected by a voter by:
-
receiving from a client computer system;
a first encrypted ballot choice encrypted with a first secret known only to the client to generate a first encrypted ballot component, a second encrypted ballot choice encrypted with a second secret known only to the client, the second secret chosen independently of the first secret, and a proof, and only where the proof demonstrates that the first and second encrypted ballot choices are encryptions of the same ballot choice, accepting the ballot choice.
-
Specification