Permalink
Browse files

Edit documentation to say that we plan to use Helios Voting for the

secure e-voting backend.
  • Loading branch information...
henrikingo committed Jan 22, 2013
1 parent fcef6ef commit f33409f81a3231c7d23ffd46d8b1cda003bcd8d1
Showing with 112 additions and 80 deletions.
  1. +54 −42 README.md
  2. +31 −20 TODO.md
  3. +27 −18 docs/FAQ.md
View
@@ -1,23 +1,20 @@
Solon Voting
============
-A cryptographically secure voting system.
+A cryptographically secure voting system for direct democracy platforms.
Introduction
------------
Solon is a system that provides cryptographically secure electronic voting
-(e-voting). In particular, it implements the so called [Acquisti] algorithm. See
-"Reading list" below for a list of academic articles on cryptographically
-secure voting.
-
-[acquisti]: http://www.heinz.cmu.edu/~acquisti/papers/acquisti-electronic_voting.pdf
+(e-voting), particularly focusing on direct democracy platforms instead of
+replicating the functionality of a classic representative democracy election.
Solon is designed to be used together with burgeoning direct democracy and
delegated democracy systems. These typically have requirements that go beyond
-your average government elections. In particular, the voting algorithm needs
-to support the possibility to flexibly delegate (and un-delegate) your vote,
-and it must be possible to use more advanced vote counting, such as Schulze
-method and other preferential voting methods.
+your average parliamentary elections. In particular, the voting algorithm needs
+to support the possibility to flexibly delegate (and un-delegate) your vote at
+any time, and it must be possible to use more advanced vote counting, such as
+Schulze method and other preferential voting methods.
Currently, we focus on providing a cryptographically secure voting facility
that connects with [Liquid Feedback]. However, the code is modular in this
@@ -26,13 +23,16 @@ See "Direct democracy platforms" for other systems we like to keep an eye on.
[liquid feedback]: http://liquidfeedback.org/
-When ready, Solon could also be used to implement e-voting for traditional
-elections or referendums. As far as we know, none of the e-voting systems
-being sold for such purposes implement a cryptographically secure voting
-algorithm (despite what their marketing might claim), so even if this is not
-the primary motivation behind Solon, it would be an improvement over the
-systems currently used.
+After starting Solon we have become aware of an open source implementation of
+a so-called homomorphic e-voting algorithm: [Helios Voting]. The current focus
+is on using Helios as the secure voting backend for Solon. Essentially this
+means Solon acts as integration and orchestration layer between Liquid Feedback
+and Helios. New issues to vote on are discovered in the Liquid Feedback
+workflow, the data is then copied into Solon and a Helios ballot is created.
+Users will then vote securely using Helios, after which Solon will copy the
+results back into Liquid Feedback.
+[helios voting]: http://heliosvoting.org/
Status
------
@@ -42,8 +42,8 @@ Solon is currently in active development, and it is not ready to be used yet.
The current code is merely a mockup that is able to connect with a Liquid
Feedback system, extract issues to vote on and return results back. It is just
a mockup that demonstrates the data flows. The actual code for any cryptographic
-functionality is completely missing - implementing this is where our focus is
-next.
+functionality is completely missing. Integrating with the Helios project is the
+next step and proof of concept work for this is now in progress.
If you want to contribute to development, join us on [Github]! The Solon
developers think it's an exciting prospect to take representative democracy to
@@ -133,8 +133,10 @@ If you are exited about the prospect of taking representative democracy to the
next level, then you might be interested in joining us. Check out the code at
https://github.com/henrikingo/solon-voting
-Solon might be especially interesting if you are into cryptography or math, as
-we need to implement a few novel cryptographic functions along the way. But the
+Solon might be especially interesting if you are into cryptography or math. Even
+if we can use a lot of the functionality directly from Helios (thanks to the
+wonders of open source!) in the long term we will have to extend it to make it
+more robust for large scale, "important", voting. But the
project isn't exclusive to math geeks! There are a number of skills from Python,
HTTP, JSON and automated testing where your help is welcome.
@@ -157,45 +159,55 @@ http://openlife.cc/category/topic/solon
Reading list
------------
+If you are interested in the concept of delegated democracy, here are a few
+links:
+
+ * http://en.wikipedia.org/wiki/Delegative_democracy
+ * http://liquidfeedback.org/mission/
+ * http://openlife.cc/DirectDemocracy
+
+As for crypto and e-voting algorithms, it makes sense to start by reading the
+[Helios Voting paper].
+
+[helios voting paper]: http://www.usenix.org/events/sec08/tech/full_papers/adida/adida.pdf
+
Note: Unless you enjoy reading papers stuffed with university level math, some
of these links may not be for you. It is still possible to contribute to Solon
even if you don't want to torture your brain cells with the actual cryptography.
If you do enjoy university level math, brace yourself, because the good stuff
-is about to begin:
+has just begun!
-Solon will implement the Acquisti e-voting scheme. It is described in the
-[paper by Acquisti].
+The next paper is a good overview of the field of cryptographic e-voting
+protocols and the requirements such a protocol should meet. Even if you don't
+want to read about the math involved, I recommend you read at least the
+beginning of this paper. The introduction in this paper is useful to everyone
+who want to get an overview of e-voting protocols:
+[Sampigethaya et.al.]
-[paper by Acquisti]: http://www.heinz.cmu.edu/~acquisti/papers/acquisti-electronic_voting.pdf "Receipt-free Homomorphic Elections and Write-in Ballots, Alessandro Acquisti. Technical Report 2004/105, International Association for Cryptologic Research, May 2, 2004."
+[Sampigethaya et.al.]: http://www.ee.washington.edu/research/nsl/papers/JCS-05.pdf "A framework and taxonomy for comparison of electronic voting schemes, K Sampigethaya, R Poovendran, Computers & Security, Elsevier 2006."
-As it happens, it has been implemented in software once already. The process is
-described in [Goulet et.al.]:
-[Goulet et.al.]: http://www.seas.upenn.edu/~cse400/CSE400_2004_2005/34writeup.pdf "Surveying and Improving Electronic Voting Schemes, Jonathan D. Goulet, Jeffrey S. Zitelli, Sampath Kannan, 2005."
+The Sampigethaya paper concludes that one [Acquisti protocol] is the most
+complete solution (at the time of its writing, of course). Before finding the
+Helios project we were planning to implement Acquisti in Solon. You may still be
+interested to read about it as it is a concise and well written paper. (But
+now this is only for math geeks :-)
-This paper is a good overview of the field of cryptographic e-voting protocols
-and the requirements such a protocol should meet. It concludes that the Acquisti
-protocol is the most complete solution (at the time of its writing, of course).
-Even if you don't want to read about the math involved, I recommend you read at
-least the beginning of this paper. The introduction in this paper is useful to
-everyone who want to get an overview of e-voting protocols:
-[Sampigethaya et.al.]
+[Acquisti]: http://www.heinz.cmu.edu/~acquisti/papers/acquisti-electronic_voting.pdf "Receipt-free Homomorphic Elections and Write-in Ballots, Alessandro Acquisti. Technical Report 2004/105, International Association for Cryptologic Research, May 2, 2004."
-[Sampigethaya et.al.]: http://www.ee.washington.edu/research/nsl/papers/JCS-05.pdf "A framework and taxonomy for comparison of electronic voting schemes, K Sampigethaya, R Poovendran, Computers & Security, Elsevier 2006."
+The following papers are commentaries on Acquisti:
+
+[Goulet et.al.] implemented Aquisti in software, graduated, didn't keep any
+copies and didn't publish it as open source:
+
+[Goulet et.al.]: http://www.seas.upenn.edu/~cse400/CSE400_2004_2005/34writeup.pdf "Surveying and Improving Electronic Voting Schemes, Jonathan D. Goulet, Jeffrey S. Zitelli, Sampath Kannan, 2005."
The following papers reference the Acquisti paper and provide some critique. I
have not yet read them in detail myself: [Meng], [Meng2]
[Meng]: http://people.scs.carleton.ca/~clark/biblio/coercion/Meng%202010.pdf "A Receipt-free Coercion-resistant Remote Internet Voting Protocol without Physical Assumptions through Deniable Encryption and Trapdoor Commitment Scheme, Bo Meng, Zimao Li and Jun Qin. JOURNAL OF SOFTWARE, VOL. 5, NO. 9, SEPTEMBER 2010."
[Meng2]: http://www.academypublisher.com/proc/iscsct10/papers/iscsct10p148.pdf "Automatic Verification of Acquisti Voting Protocol in Formal Model, Bo Meng, Wei Huang, and Dejun Wang. Proceedings of the Third International Symposium on Computer Science and Computational Technology(ISCSCT ’10) Jiaozuo, P. R. China, 14-15,August 2010, pp. 148-150."
-Btw, if you are interested in the concept of delegated democracy, here are a few
-links:
-
- * http://en.wikipedia.org/wiki/Delegative_democracy
- * http://liquidfeedback.org/mission/
- * http://openlife.cc/DirectDemocracy
-
Direct democracy platforms
--------------------------
View
51 TODO.md
@@ -53,24 +53,48 @@ Clients of course need to be under full control of their end users / voters -
this is the same as for using any other crypto. Hence the client cannot simply
be a web page, it needs to be some form of app/executable run on the client side.
+Helios Voting
+-------------
+
+After launching Solon, we became aware of a an open source project by Ben Adida
+that implements a simple homomorphic e-voting algorithm:
+http://heliosvoting.org.
+
+The next step for Solon will now be to integrate Helios as an e-voting backend
+(instead of the current dummy backend). No work on this has started yet.
+
+To read up on Helios, it makes sense to start with the original 2008 paper:
+http://www.usenix.org/events/sec08/tech/full_papers/adida/adida.pdf
+
+Then download the code, get it running, and figure out how to create a ballot
+and vote via Solon.
+
The Non-erasable Public Bulletin Board
--------------------------------------
-The Acquisti paper relies on an abstract device know as a *non-erasable public
-bulletin board*.
+Homomorphic e-voting algorithms typically rely on an abstract device known a
+*non-erasable public bulletin board*. The Helios Voting software is a
+simplified approach and ignores this requirement. (They focus on guaranteeing
+voter verifiability, while knowingly compromising a little bit on voter
+anonymity / security in order to keep things simple.) While we intend to focus
+on Helios integration first, eventually we expect to also build an
+implementation of such a *non-erasable public bulletin board*:
Chaum [Cha81] introduced the concept of a bulletin board, a public broadcast
channel with memory where a party may write information that any party may
read. Since then, bulletin boards have been often used in election schemes.
All communications with the bulletin board are public and therefore can be
- monitored. In the application we consider, no party can erase any data.
+ monitored. In the application we consider, no party can erase any data.
+ ([Acquisti])
+
+[Acquisti]: http://www.heinz.cmu.edu/~acquisti/papers/acquisti-electronic_voting.pdf "Receipt-free Homomorphic Elections and Write-in Ballots, Alessandro Acquisti. Technical Report 2004/105, International Association for Cryptologic Research, May 2, 2004."
While such an element has been commonly used in cryptography for over 30 years
now, papers typically leave undefined how to actually implement such a magic
-bulleting board.
+bulletin board.
-Since the rest of the Acquisti algorithm is based on threshold cryptography
+Since homomorphic e-voting commonly is based on threshold cryptography
among a group of independent voting authorities, it seems like an obvious idea
to also implement the non-erasable board as some form of distributed storage
among a cluster of servers, each of which is run by one of the authorities. This
@@ -79,24 +103,11 @@ communication library:
* Allowed operations are insert and read. Update and delete are specifically
*not* allowed.
- * A message is received by the bulleting board when a majority/threshold of
+ * A message is received by the bulletin board when a majority/threshold of
the nodes in the cluster acknowledge receipt of it.
* Clients probably need to read from multiple / majority of nodes to verify
that they get the correct message on read. In fact they also need to verify
that an inserted message was correctly inserted.
-Implementing this bulletin board is a nice non-trivial task that doesn't yet
+Implementing this bulletin board is a nice non-trivial task that still doesn't
include any cryptography.
-
-Crypto
-------
-
-The Acquisti algorithm reuses many well known cryptographic functions as steps
-in the protocol. For example RSA/PGP and El-gamal can be used as building
-blocks. Otoh there is also a need to implement some functionality from scratch,
-using biginteger math (which python seems to support out of the box?).
-
-The individual steps are not listed here, you need to read the [paper] and
-go from there.
-
-[paper]: http://www.heinz.cmu.edu/~acquisti/papers/acquisti-electronic_voting.pdf "Receipt-free Homomorphic Elections and Write-in Ballots, Alessandro Acquisti. Technical Report 2004/105, International Association for Cryptologic Research, May 2, 2004."
View
@@ -38,18 +38,22 @@ You can read more about delegated democracy at these links:
Q: Can Solon be used for just normal, traditional elections?
------------------------------------------------------------
-A: Yes. With Solon we are primarily motivated by the rise of various delegated
-democracy platforms. But it is worth pointing out Solon could also be used to
-provide a cryptographically secure voting algorithm for traditional elections
-that wish to use e-voting instead of paper ballots. (Sadly, the current vendors
-of such systems seem to be completely ignorant of existing academic research in
-this area, in fact we are not aware of any system currently existing that
-would be even close to secure or fit for purpose.)
-
-As a bonus, we will implement Solon in a way that it will also be possible to
-use more modern voting methods, such as various variants of preferential voting.
-This requirement comes from the fact that Liquid Feedback uses one such
-method: Schulze ranking.
+A: With Solon we are primarily motivated by the rise of various delegated
+democracy platforms. As far as we know, nobody is even thinking about, let
+alone implementing secure e-voting that would meet the needs of a delegated
+democracy platform.
+
+We are aware of one simple and promising e-voting solution that was designed
+for use in traditional elections: [Helios Voting]. If you are interested in
+secure e-voting for traditional elections, you should probably look into it.
+
+[helios voting]: http://heliosvoting.org/
+
+The current plan is to use Helios as a backend for Solon, with Solon providing
+features needed by delegated democracy use case. For example, we will implement
+Solon in a way that it will also be possible to use more modern voting methods,
+such as various variants of preferential voting. This requirement comes from the
+fact that Liquid Feedback uses one such method: Schulze ranking.
Q: I'm against e-voting / e-voting doesn't work / etc...?
---------------------------------------------------------
@@ -64,19 +68,24 @@ this purpose but offer some terribly naive, unfit-for-purpose solutions.
The other problem is simply that paper ballot elections work well, and trying to
replace them with a complex and expensive computer system is just not very smart
(even in the case that such a system would actually implement some secure voting
-protocol, which to date has not even happened.)
+protocol, which to date has not even happened. Note that while Helios Voting
+does implement proper, albeit simple, crypto, it hasn't actually been used for
+government elections.)
+
+[helios voting]: http://heliosvoting.org/
-Solon was not created to be used in traditional elections. (But it could be used
-also for such e-voting systems if you are in that business.) The motivation
+Solon was not created to be used in traditional elections. The motivation
behind Solon is to enable secure voting for the burgeoning delegated democracy
movement. Here the arguments for and against e-voting have a slightly different
-balance.
+balance:
Delegated democracy is only practical using computers and the internet - an
active participant might want to vote and propose amendments every day. If you
believe that delegated democracy is preferable over traditional representative
-democracy, then you are already using computers and hence e-voting. In that
-case the only question is, how can we make it as secure and trusted as possible.
+democracy, then you are already using computers and hence e-voting. In the real
+world this is already happening in Central Europe, where the Liquid Feedback
+platform is used. In that case the only question is, how can we make it as
+secure and trusted as possible, since people are already doing it anyway.
Q: Can I use Solon in production?

0 comments on commit f33409f

Please sign in to comment.