About Prêt à Voter
Prêt à Voter is a voting system that provides verification of the ballot. It allows voters to verify that their votes have been included in the count while ensuring their vote remains secret. It also assures the integrity of the election - that the final result corresponds to the votes cast - and allows independent verification of the count. Prêt à Voter provides voters with a familiar voting experience, integrated with an electronic system to process the votes and to provide the security guarantees. The system supports elections involving selection of a single candidate, selection of multiple candidates, lists of preferences, and multiple races on a single ballot.
Voting with Prêt à Voter
Voters mark their selection on a paper ballot form in the usual way against the candidates available. The key novelty is that the candidates are listed in a random order, which varies from ballot to ballot.
When the vote has been written on the ballot paper, the candidate list is detached and destroyed. The result is a marked voting slip which indicates the position of the vote, but not who it is for. The voting slip is read into the system, and a receipt is returned to the voter. The receipt records the position of the marked vote and the voter retains the receipt for later confirmation of the vote.
After the poll, the system publishes on a public web bulletin board the receipts of all the votes it has accepted. Any voter can confirm that their vote has been included in the ballot, by looking up their receipt and checking that their receipt matches what is published. This also provides protection against fraud: if votes are not included, then voters can use their receipts to challenge the process.
The system works the same way if there are multiple votes or preferences to be cast.
How it works
To be able to process the votes after they have been cast, the voting slip includes a code (included as a 2-D bar code) containing the candidate list in encrypted form. The encryption means that the list cannot be extracted without a threshold number of decryption keys, and each of these keys is held by a different trusted party within the system.
A ballot form can be randomly audited and its code decrypted to confirm that the candidate list has been printed correctly.
Once the votes have been cast, the system shuffles them together and decrypts them using the decryption keys to identify the choices indicated on the marked voting slips. The votes can then be tallied to obtain the election result.
The shuffling of all the votes means that no individual voting slip or receipt can be linked to any particular reconstructed vote. This protects the secrecy of the vote even with the receipt.
As well as publishing the accepted voting slips, the bulletin board also lists all of the decrypted votes. The shuffling and decryption is done in a verifiable way: independent parties can confirm that the published list of decrypted votes corresponds to the published list of received voting slips. This means that the votes to be counted are exactly the votes that were cast. However, independent parties cannot link any particular voting slip to any particular vote.
Once all the reconstructed votes are published, then anyone can check that the counting has been done correctly.
The system provides the same level of ballot secrecy as systems currently in real use. Even though a receipt is provided, it does not leak any information about the voter's choice of candidate.
- The marked position on the receipt does not leak information The receipt only contains the marked position of the vote, and not who the vote was for. The fact that the list of candidates was random means that the marked position could correspond to any choice, and so the chosen candidate cannot be identified from the position of the vote cast.
- The encrypted candidate order does not leak Although the candidate order is included on the ballot slip to allow the vote to be reconstructed, this is strongly encrypted, and cannot be decrypted without all of the decryption keys. These are distributed to trusted parties across the election system, and no-one has more than one key.
- The bulletin board does not leak information The shuffling of the votes before decryption ensures that the receipt cannot be associated with its decrypted version. An external party only knows that the receipt corresponds to some decrypted vote on the list, but cannot know which.
These measures together ensure that the vote associated with a receipt cannot leak. The system provides ballot secrecy.
Integrity: end-to-end verifiability
The Prêt à Voter system provides transparent assurance that the final result reflects the votes cast.
Each stage that the votes go through in the system, from vote casting, through to the election result itself, can be independently verified.
- All cast votes are included Voters themselves confirm that their votes have been included in the tally, by checking their receipts on the web bulletin board.
- All included votes are correctly decrypted Checking that the shuffling and decryption have been done properly can be carried out by independent parties. The way the cryptography is used means that as well as decrypting the votes, the system also publishes mathematical proofs that the decrypted votes correspond to the collection of votes that were included. These proofs can be independently verified by anyone.
- The decrypted votes are correctly counted Since the decrypted votes are made public, anyone can independently carry out the count and check the official result.
Once all the reconstructed votes are published, then anyone can check that the counting has been done correctly. The integrity of the election is ensured by these checks, and does not need to rely on trust in the voting equipment or the election officials.