Workshop Program

This paper presents a novel unifying framework for electronic voting in the universal composability model that includes a property which is new to universal composability but well-known to voting systems: universal verifiability. Additionally, we propose three new techniques for secure electronic voting and prove their security and universal verifiability in the universal composability framework. 1. A tally-hiding voting system, in which the tally that is released consists of only the winner without the vote count. Our proposal builds on a novel solution to the millionaire problem which is of independent interest. 2. A self-tallying vote, in which the tally can be calculated by any observer as soon as the last vote has been cast — but before this happens, no information about the tally is leaked. 3. Authentication of voting credentials, which is a new approach for electronic voting systems based on anonymous credentials. In this approach, the vote authenticates the credential so that it cannot afterwards be used for any other purpose but to cast that vote. We propose a practical voting system that instantiates this high-level concept.

We provide Risk Limiting Audits for proportional representation election systems such as D'Hondt and Sainte-Laguë. These techniques could be used to produce evidence of correct (electronic) election outcomes in Denmark, Luxembourg, Estonia, Norway, and many other countries.

The aim of this paper is to identify user errors, and the related potential design deficiencies, that contributed to participants failing to vote cast and vote verify across three end-to-end voting systems: Helios, Prêt à Voter, and Scantegrity II. To understand why voters could not cast a vote 42% of the time and verify that their ballots were cast and counted with the tested e2e systems 53% of the time, we reviewed data collected during a system usability study. An analysis of the findings revealed subjects were most often not able to vote with Helios because they did not log in after encrypting their ballot but before casting it. For both Prêt à Voter and Scantegrity II, failing to vote was most frequently attributed to not scanning the completed ballot. Across all three systems, the most common reason participants did not verify their vote was due to not casting a ballot in the first place. While there were numerous usability failures identified in the study, these errors can likely be designed out of the systems. This formative information can be used to avoid making the same types of mistakes in the next generation of voting systems—ultimately resulting in more usable e2e methods.

Matthew Masterson was nominated by President Barack H. Obama and confirmed by unanimous consent of the United States Senate on December 16, 2014 to serve on the U.S. Election Assistance Commission (EAC). His term of service extends through December 12, 2017.

Prior to his appointment with EAC, Commissioner Masterson served as Interim Chief of Staff for the Ohio Secretary of State, a position he held since November 2014, he previously served as Deputy Chief of Staff and Chief Information Officer from 2013 to 2014, as well as Deputy Director of Elections from 2011 to 2013. In these roles Mr. Masterson was responsible for voting system certification efforts by the Secretary of State’s office including being the liaison to the Ohio Board of Voting Machine Examiners. Additionally, Mr. Masterson was in charge of Ohio’s effort to develop an online voter registration database and online ballot delivery for military and overseas voters. He is widely regarded as an expert on elections administration throughout Ohio and the country.

Prior to joining the Ohio Secretary of State’s Office, Mr. Masterson held multiple roles at the Election Assistance Commission from 2006 to 2011. Mr. Masterson was Deputy Director for the EAC’s Voting System Testing and Certification Program. In this role Mr. Masterson’s primary responsibility was the creation of the next iteration of the Voluntary Voting System Guidelines (VVSG). Mr. Masterson worked with the EAC’s Technical Guidelines Development Committee (TGDC) and the National Institute of Standards and Technology (NIST) in the creation of the TGDC’s recommended Voluntary Voting System Guidelines. In addition to these responsibilities, Mr. Masterson managed the day to day business of the EAC’s laboratory accreditation program including the creation of the EAC’s Voting System Test Laboratory Program Manual. Prior to this position Mr. Masterson joined the EAC in 2006 as a Special Assistant/Counsel to Chairman Paul DeGregorio.

Mr. Masterson was admitted to practice law in the State of Ohio in November of 2006. Mr. Masterson graduated from The University of Dayton School of Law in May 2006. At the University of Dayton Mr. Masterson served as the Chief Justice of the Moot Court program and Student Bar Association Vice President. Prior to law school Mr. Masterson received BS and BA degrees from Miami University in Oxford, OH.