Detecting compromised ballots
First Claim
1. A method in a data processing system for discerning corruption of an electronic ballot, comprising:
- in a voter computer system;
receiving a ballot choice selected by a voter from among a set of valid ballot choices;
encoding the received ballot choice in a ballot;
encrypting the ballot;
constructing a validity proof proving that the encrypted ballot corresponds to a valid ballot choice;
sending the encrypted ballot and the validity proof to a vote collection center computer system;
in the vote collection center computer system;
receiving the encrypted ballot and validity proof;
verifying the validity proof;
only if the validity proof is successfully verified;
without decrypting the encrypted ballot, generating an encrypted vote confirmation of the encrypted ballot;
sending the encrypted vote confirmation to the voter computer system;
in the voter computer system;
receiving the encrypted vote confirmation;
decrypting the encrypted vote confirmation to obtain a vote confirmation;
displaying the obtained vote confirmation; and
if a confirmation dictionary in the user'"'"'s possession does not translate the displayed vote confirmation to the ballot choice selected by the voter, determining that the ballot has been corrupted.
5 Assignments
0 Petitions
Accused Products
Abstract
A facility for discerning corruption of an electronic ballot is described. The facility sends from a first computer system to a second computer system an encrypted ballot that reflects a ballot choice selected by a voter. The facility then sends a confirmation from the second computer system to the first computer system, which serves to convey the decrypted contents of the encrypted ballot as received at the second computer system, and which is generated without decrypting the encrypted ballot. In the first computer system, the facility uses the confirmation to determine whether the decrypted contents of the encrypted ballot as received at the second computer system match the ballot choice selected by the voter.
-
Citations
15 Claims
-
1. A method in a data processing system for discerning corruption of an electronic ballot, comprising:
-
in a voter computer system; receiving a ballot choice selected by a voter from among a set of valid ballot choices; encoding the received ballot choice in a ballot; encrypting the ballot; constructing a validity proof proving that the encrypted ballot corresponds to a valid ballot choice; sending the encrypted ballot and the validity proof to a vote collection center computer system; in the vote collection center computer system; receiving the encrypted ballot and validity proof; verifying the validity proof; only if the validity proof is successfully verified; without decrypting the encrypted ballot, generating an encrypted vote confirmation of the encrypted ballot; sending the encrypted vote confirmation to the voter computer system; in the voter computer system; receiving the encrypted vote confirmation; decrypting the encrypted vote confirmation to obtain a vote confirmation; displaying the obtained vote confirmation; and if a confirmation dictionary in the user'"'"'s possession does not translate the displayed vote confirmation to the ballot choice selected by the voter, determining that the ballot has been corrupted. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer-readable medium whose content cause a data processing system to discern corruption of an electronic ballot by:
-
in a voter computer system; receiving a ballot choice selected by a voter from among a set of valid ballot choices; encoding the received ballot choice in a ballot; encrypting the ballot; constructing a validity proof proving that the encrypted ballot corresponds to a valid ballot choice; sending the encrypted ballot and the validity proof to a vote collection center computer system; in the vote collection center computer system; receiving the encrypted ballot and validity proof; verifying the validity proof; only if the validity proof is successfully verified; without decrypting the encrypted ballot, generating an encrypted vote confirmation of the encrypted ballot; sending the encrypted vote confirmation to the voter computer system; in the voter computer system; receiving the encrypted vote confirmation; decrypting the encrypted vote confirmation; displaying the decrypted vote confirmation; and if a confirmation dictionary in the user'"'"'s possession does not translate the displayed decrypted vote confirmation to the ballot choice selected by the voter, determining that the ballot has been corrupted.
-
-
13. A method in a data processing system for discerning corruption of an electronic ballot, comprising, in a ballot receiving node:
-
receiving an encrypted ballot value from a ballot sending node, the encrypted ballot value being encrypted from a ballot value based on a voter selection using a secret not available in the ballot receiving node; generating from the encrypted ballot value an encrypted secret value confirmation that indicates to those in possession of the secret used to encrypt the encrypted ballot value the ballot value to which the received encrypted ballot value corresponds; and sending the encrypted secret value confirmation to the ballot sending node, such that the encrypted secret value confirmation may be used in the ballot sending node to determine if the encrypted ballot value received at the ballot receiving node corresponds to the ballot selection made by the voter, wherein the secret value confirmation is sent to the ballot sending node via a first communication channel, further comprising sending to the ballot sending node a confirmation dictionary via a second communication channel distinct from the first communication channel, the confirmation dictionary translating from various possible secret value confirmations to the ballot values to which they correspond. - View Dependent Claims (14, 15)
-
Specification