In the last week, the 59th United States Presidential Election took place amidst allegations of electoral fraud by the incumbent President. In this article, I will share two security concepts that will reduce the tendency of electoral fraud.
CIA Triad in Information Security
Before explaining any information security concepts, it is important to introduce the CIA Triad. CIA is an acronym for Confidentiality, Integrity and Availability.
Confidentiality means that information is kept confidential and private, privy only to those authorised to access such information. Integrity means the information or data is not manipulated while in transit and/or by anyone not authorised to make changes to the data. Lastly, Availability refers to the actual availability of data where systems critical to accessing data must be available for use when needed.
With reference to electoral systems in this article, votes must:
- be kept confidential such that only the voter knows the choice made
- have integrity, such that no one can make changes to the vote after it has been cast
- be available for counting and not lost by transportation or via other means.
Current Electoral Systems
Most democratic electoral systems around the world rely heavily on the use of paper ballots. Voters, either in-person or via mail, make a choice on a voting slip and put their slip into a ballot box which is later opened by election officals for counting.
While election processes such as those in Singapore keep votes secret, it theoretically possible to identify voters from their ballot slips through matching serial numbers to the electoral register. Also, conventional electoral systems assume that the security of votes in ballot boxes is guaranteed, with no additions or removals made to the ballot box outside voting hours. This is where homomorphic encryption and zero-knowledge protocols comes in to strengthen current electoral systems.
Homomorphic Encryption (HE) is a method in which data can be processed while in an encrypted state. As explained by Dr. Craig Gentry, HE can be imagined as manipulating data within a locked, enclosed box without ever seeing the actual data.
In electoral systems, HE ensures confidentiality and integrity of voters choices as the vote itself is not known to anyone except the voter himself, even as the vote is being counted. This is done because the voter’s choice is immediately encrypted after the vote is cast, and the vote itself will and can never be decrypted without the private key held by the voter. The election authority will be able to count the total number of votes without decrypting individual votes.
A Zero-Knowledge Protocol (ZKP) is a method by which one party (the prover) can prove to another party (the verifier) that they know a secret, without conveying any information apart from the fact that they know the secret. ZKP ensures confidentiality and integrity of votes while ensuring that election rules are not broken, as homomorphic encryption itself is unable to do that.
In systems using HE, vote must be valid (i.e. voters did not cast votes for more than 1 candidate, or the vote is not spoilt) in order to prevent double or missed counting. This is assumed as it is impossible for election authorities to open the vote and check the validity of the vote. By using ZKP, voters can prove that their vote is valid without needing to reveal their vote choice.
To further understand ZKP, I recommend this video from Computerphile.
According to this article in WIRED magazine, electoral reforms using these new computing technologies is not new. The question that begs to be answered is why haven’t these technologies been integrated and used in current elections? There could be many reasons, including the need for readily available computer solutions and the cost of implementing it.
Homomorphic Encryption and Zero-Knowledge Protocols are not new technologies, but they are increasingly relevant to today’s society, especially as we live in a world so interconnected to each other over the internet. These information security concepts and protocols, amongst others, help ensure that our data remains confidential, integrous and available to us always.
While I may have just provided a quick overview of HE and ZKP today, I may write another blog post going into specific details on both in the future.