* 1. Introduction

* 2. Problems involved in voting systems telematics

* 3. Generic description of system VOTESCRIPT

* 4. Detailed Description

* 5. Review of results of vote

* 6. VOTESCRIPT project contributions to traditional voting

* 7. Conclusions

* 8. References

*

 

ABSTRACT

This document provides an overview of the telematics voting scenario designed by the research group they belong to the authors, focusing on the verification of voting results. It justifies the use of cryptographic mechanisms to facilitate such verification of compliance also characteristic of any system of voting.

 

1. Introduction

Today there are several products on the market that allow any organization to conduct polls or voting so that voters cast their votes through a remote device (personal computer, mobile phone, PDA, etc..) Connected to an urn or set of polls through a computer network.

The vast majority of the voting systems currently on the market telematics implemented security safeguards appropriate to provide the most basic functions of any system of voting: ensure the anonymity of the voter, that there is identity theft and prevent a single voter may vote more than once. Furthermore, since the voter is voting through telematic networks, voting systems include encryption procedures that prevent the vote cast by the voter can be altered or examined during transmission to the ballot box. Arrival counting phase, eliminating the protections that have ensured that the vote has not been modified and is applicable to the scrutiny and publication of results.

However, there is another serious threat to telematic voting systems, which is often neglected or underestimated their risk. This is the alteration of the results of the vote from within the system, ie the results are published do not match the votes cast. This threat becomes more real the more critical are the results of the vote. Importantly, this threat is not specific voting systems telematics and therefore is not a new requirement to be satisfied by these systems but is inherent in any voting system (this is the famous rigging).

This paper presents the solutions that have been implemented within the VOTESCRIPT (1) (developed jointly by the research group of the Department of Telematics Engineering of the Polytechnic University of Madrid, in which the authors belong, and another group of the Department of Political Science and Administration III of the Universidad Complutense de Madrid) that allow auditors to demonstrate to voters and the results published by the system correspond to the votes actually cast.

 

2. Problems involved in voting systems telematics

2.1. Common solutions to basic problems

The first challenge in developing these systems is to get the proper identification of voters at the time in which cast their ballots, meaning that there is no impersonation, since here there is no person who satisfies the identity of voters, as occurs in conventional voting members of the Electoral Board. The way to solve this situation is, in all cases, the existence of a prior off-line where it was distributed to specific voters voting credentials, so the fact of having a certain card identifies its holder . These credentials are presented in many different forms ranging from the simplest such as a secret password to more sophisticated as it could be a certificate.

The second challenge we must meet voting systems telematics is to ensure the anonymity of voters, so that it can not associate the credential from which the voter cast his vote (and thus his identity) to the vote cast . The most commonly used to solve this problem is to divide the voting process into two phases: authentication of the voter and the voting process itself, so that they are separate entities and unrelated should be responsible to control these two processes. Usually, the first entity is responsible for verifying the credentials of the voter and give permission to vote, while the latter recognizes and accepts this permit voter to vote. Turn should be taken proper precautions to prevent collusion between the two entities can help to establish the relationship between vote and voter.

In addition, any voting system should prevent a voter from voting more than once. The solution to this problem is obtained from the agency responsible for verifying the credentials of the voter, by simply marking the card as used and check the condition before granting permission to vote.

 

2.2. Threats arising from the use of computer systems and networks

Apart from the above conditions to be met by any system of voting [1] [2] [3] [4], telematics voting systems must meet specific threats originating on the one hand, the fact of using communication networks devices connect voters with the ballot box remote and, secondly, by the use of computer systems for casting ballots and counting procedures are carried out. Both institutions are other possible attacks on the confidentiality of information and its integrity, making it feasible that an attacker could modify or delete the votes legally cast by the voter or find your content (a way of attacking a telematic voting system can be through the introduction of malicious programs on personal computers of the voters or public places where they could vote, able to change the vote cast by the voter or prevent vote.)

To counter those attacks on such networks, the most advanced voting systems include encryption of voting procedures, usually by the application of a public key encryption, which ensure the confidentiality and integrity of information, and provide a evidence about the actual origin of it.

These threats must be added the real possibility that the communications infrastructure suffers a denial of service attack on the vote, so as to prevent legitimate voters the right to exercise their vote. One of the common ways in which this type of attack is that, before the conclusion of the event noted, Trojans have been introduced on a large number of computers, and the day on which it takes place, the Trojan is activated and computers generate enough traffic to cripple the communications infrastructure.

This problem is very difficult to resolve if the vote is done from home via the Internet, given the openness and universality of this network, so the usual countermeasure to prevent this threat are based on constraining the scope of voters : vote only from specific locations and use of virtual private networks.

 

2.2.1. Telematics and altering vote results

Besides the mentioned risks and threats, telematic voting systems have, a priori, a greater risk than conventional voting is an alteration of the results from within the system, given the ease with which data can be modified or eliminated in electronically, without leaving any record of it.

This threat is ignored in most current telematic voting systems, where the publication of results does not imply any evidence of their validity and therefore provides no evidence from which a claim can be made (unlike the Conventional vote in which ballots there.) This approach may be sustainable when voting systems are used to consult children, but of course it is risky for a vote whose outcome could be considered critical.

Therefore, a telematic voting system that aspires to one day replace conventional voting must include verification mechanisms to provide robust evidence that the published results correspond to the votes cast.

 

3. Generic description of system VOTESCRIPT

As mentioned, the VOTESCRIPT voting system developed by this research group as well as troubleshoot common problems associated with voting telematics, addresses the problem of verification. In this section and the following is a description of this system, indicating the reasons for the solutions adopted and the benefits involved.

The considerations discussed in the previous section, it was found that the vote from home via the Internet, today presents risks arising mainly from the difficulty of determining the freedom of action of the person using the ID card. This coupled with the serious threats to the system arising from a denial of service attack, caused by hackers, which prevented the holding of the vote, led to consider the system with more expectations of success in the medium term was that in which Voting would be used for points that communicate with a central urn using a virtual private network.

In this design, we chose a system in which the voter must use a smart card into a voting booth to cast his vote, moving into an Electoral College, rather than at home over the Internet. Thus, we have tried to more adequately meet the security requirements and to minimize the problem of vote buying, coercion at the time of voting and the ability to link the vote with the physical location voter. Also taken into consideration the negative contribution to the so-called digital divide that would result in giving access to the electoral process to people who have the resources and knowledge to the detriment of those who do not have the economic, social or cultural.

 

3.1. System Architecture

The proposed scenario VOTESCRIPT consists of a set of automatic systems (telematics agents). These are (Fig. 1):

Points booths Authentication Authentication or who comes to voter identification.

Voting booths or polling place, where the voter casts the vote.

Manager authentication system that identifies and authenticates the voter.

Intervention System authentication each of the different applications to be determined to be involved to monitor the voting phase.

An urn that will receive the votes cast. The contents of the urn is not known until election day ends.

A counter that counted the votes once the period of receiving them and publish the results.

Verification points that you can turn the voter to verify the treatment given to their vote.

 

Fig 1.

VOTESCRIPT System Architecture

All these agents telematics have a pair of asymmetric keys for the different processes of signing and encryption-decryption of data required.

The system also contemplates the existence of people directly involved in the process of voting and counting:

* Voter equipped with a voting card.

* Election Authority, head of the proper functioning of the entire system.

* Auditors responsible for each of the Intervention Systems.

* A system manager Administrator, together with the auditors, initiates distinct phases.

 

All these people have a smart card that identifies them with the system and also contains the necessary public and private keys in the different phases of voting in which they participate.

 

3.2. Generic process of voting

The following summarizes the most important steps of the proposed process for conducting a vote electronically (not a detailed description of cryptographic protocols and security mechanisms implemented at each step as it would require an extensive explanation [5]) :

As a prelude to the commencement of voting, will have been sent voters a smart card and voter ID should be known by some of the automated agents involved in the election.

The smart card, designed especially for this project, is able both to generate keys and perform many of the cryptographic processes necessary for the safety of the system. It implements many additional algorithms for addition to the usual and cryptographic cards.

In a first phase, which might call identification phase, the voter interacts, through the point of authentication, the system administrator and this with the Intervention Systems to verify the identity of the voter and proceed to authentication (verify who is authorized to vote.)

It should be noted here that the software on this point does not have any authentication of the cryptographic capability and all needed at this stage and in the other phases (key generation, encryption and decryption of data, and verifying signatures signatures, etc.), the smart card performs.

The second phase would be the actual voting phase in which the voter is sent from the polling place, with the necessary security guarantees, the vote to the ballot box where it is stored until the end of the voting process. At this stage, the Shrine returns a cryptographic Room (receipt), which is stored in the voter’s card, which will help the Election Authority to resolve future claims.

After the period provided for voting phase starts counting and publication of results by the process counter. The lists are published include cryptographic parts necessary to verify the proper functioning of the process.

Following the publication of the results, both voters and response systems can make a verification of the correctness of the process is what we call the verification stage. If as a result of this verification, there is any complaint, the Election Authority may, with cryptographic evidence stored in the system and the voter’s card, check whether there is any discrepancy and identify the component responsible for it.

 

4. Detailed Description

Described below in more detail some of the components of the system and security mechanisms that implement and guarantees they provide.

It goes without saying that prior to any election, all resources, both software and hardware must have passed technical inspection and certification tests by both the administration in charge of organizing the process as part of applications.

 

4.1. Points Points Authentication and Voting

Authentication Points (APs) are a type of kiosk or booth, equipped with a card reader through which voters are authenticated to the system as a first step of the voting process.

Voting Points are also booths equipped with a card reader, allowing the voter to vote and protect you from any observer could see it.

In VOTESCRIPT system, the voter can choose the authentication process for any of the many existing PAs may vote in any of the PVs available.

 

4.2. Systems Administrator and System Intervention

The Administrator and Intervention Systems will have access to voter database that includes their public key and its identifier. This information is needed to determine the validity of a credential to permit or deny the right to vote.

Administrator’s computer resources and Intervention Systems will meet in a local area network, in which only the Administrator have any connection with the Points of Authentication. Intervention Systems will contact the point of authentication through the intermediation of the Administrator that they forward all authentication requests received by voters. It also provides that the programs can be audited by experts of confidence of the nominations before voting process.

Most of the process entrusted to the Administrator, is monitored by the controllers of the applications through the execution of parallel processes that should lead to identical results. Any jarring event, however slight, must be registered. The Administrator and Systems Intervention signed authorization must include the voter to vote that sends the ballot box.

Specifically, the Administrator of the voter receives a packet that is encrypted with the Administrator’s public key so that only he can know its contents: the identification of voters with a piece of information. This piece of information is the key to be subsequently used by the counter to open (decrypt) the vote. If this key should be known by the Administrator, or response systems, it would break the anonymity of the vote, so that the voter sends the vote overshadowed key for each of the entities that must approve. Before the public key encrypted with the Administrator, all information is signed by the voters to testify to the Administrator and to the Intervention Systems, that’s it, and not another, who requested the authorization.

Upon receiving the information packet is decrypted by the Manager using its private key to give it entirely to each of the Intervention Systems. Thanks to voter identification, both the Administrator and response systems verify that the voter identified is the same as signing and that he was not yet signed the authorization to vote. After which the Administrator signs the vote overshadowed key that corresponds with the Administrator password to return it then the voter as “authorization.”

The same process is done by each and every one of the Intervention Systems. Intervention Systems return their signatures to the Administrator. This is a response packet with all the signatures received appended his signature. Finally, the Administrator signed the entire package of information that has just formed, with the aim of providing proof of origin. The signed information is then encrypted with the public key of the voter to ensure the confidentiality of the information flowing through the network.

When this information reaches the voter may, by his voting card and after verifying the correct source of information and different signatures, it proceeds to desopacar information, which is in possession of the decryption key signed by all and each Intervention Systems and the System Administrator. This key is signed as an authorization to vote and sent to the ballot box with votes.

Corresponds to the controllers, therefore, the task of overseeing, on behalf of the applications, the cleaning process. One of the fundamental weaknesses of most electronic voting systems proposed is the danger that any element of the system has the ability to add votes or deny the right to vote in an arbitrary manner. If allowed to vote issued by the Administrator is supervised by the controllers, and there will be no arbitrarily deny the right to vote, or to add missing voter votes, without being immediately detected by the Intervention Systems.

The System Administrator and Systems Intervention, as mentioned above, have no vote at any time in its possession, therefore it is a hazard that can break the key long-term, since the only information it would be the knowledge of those keys, but not votes. The risk to unveil in the near or distant future, the vote of a voter is one of the strongest criticisms that make electronic voting systems [6].

 

4.3. Urn

Authorizations received by the voter from the Administrator and response systems along with the vote properly encrypted with the encryption key is delivered by the card to the urn. The information that the voter takes the ballot box delivery guards to prevent the contents of your vote can be revealed while the polls remain open to receive votes. This is achieved by including such information in a safe on the counter can only open. The urn returns a proof (which contains all the information received from the voter) that could be used, a posteriori, by a vote in case of complaint to verify the good or malfunction of the ballot box. Confidentiality by encrypting the proof is completed with the public key of the Election Authority and the voter can not prove their vote to others.

We must say at this point that the decryption key with the encryption key, forming a pair of asymmetric keys that are generated within the card. The encryption key never leaves the card which avoids the risk that third parties could meet her and sign her score.

Collusion between the Administrator and enter the ballot box fails votes, to be published enough information to show that the votes are from legitimate voters and the work of the Administrator is supervised by the auditors. Both the operating records of the Administrator and the urn must be accessible during a certain period of time to audit the process if necessary.

If you force the Administrator to make public the number of voters who have requested authorization to vote, the total amount of authorizations should be equal to or greater than the total number of valid votes that appear at the time of scrutiny. This check acts as a deterrent to temptation, they may have the ballot box or the meter, adding votes without the mediation of a voter’s request (done this already in itself quite difficult if we analyze the composition and format of information receive the ballot box and counter from the voter).

Moreover, the possession of the receipt by the voter should deter the urn temptation to destroy votes, since this situation could be easily detectable after individual verification process.

 

4.4. Counter

Once the collection period of votes is necessary, by a shared secret process involving Smart Card Manager and all intervenors, the opening of the urn and the procurement by the Accountant of the key needed to get the votes.

The counter receives the contents of the urn, decrypts it with the newly acquired key, getting a list of pieces of information related to each vote. For each of them finds that the decryption key is properly signed by the Administrator and response systems and serves to open the encrypted vote. This decryption key is signed by all security for the counter any of the entities participating in the election, except an authorized voter, is the origin of the ballot is processed. Once the count, the auditor issues a results list that includes, besides the vote itself, other information necessary for verification.

 

4.5. Voter Card

Basic cryptographic algorithms required that the card must implement are those that help encrypt, decrypt, dull or desopacar messages, verify signatures and make secure storage of information. Orders to run one or another algorithm with certain parameters are received from the appropriate peripherals. You must also be capable of generating different symmetric and asymmetric keys that during the various stages of the process are needed.

The card is a peripheral autoprotegera to try to know the value of the private key, or try to record information on it, thereby protecting people against the possibility that they are obliged to provide and present information to third parties as critical.

Could be scheduled before the peripheral point of authentication or polling place the voter returns the card, it blocked any possibility of returning to perform these operations so that the voter is unable, even by mistake or by bad intention to use the same authorization to send more than one vote.

 

5. Review of results of vote

Throughout this process it is important to the way it makes the verification of the results of the vote. The traditional voting schemes studied represent all agents operate honestly telematics system so that almost no attention is paid to verification, making it relatively easy to manipulate the outcome of the vote, and there was nothing of this detection method such actions.

Key elements for such verification are the keys, proof that are stored on the card and the information made public by the various automated agents. The information should be disclosed together with the results of the poll, before opening the period of inquiry and as a tool to ensure that no entity has the ability to modify the tests as a result of a request for verification.

The verification process of the election results is particularly challenging because, first, the voter must provide convincing evidence about the treatment suffered by their vote and, secondly, it must take all precautions (both cryptographic and procedural) for the voter can not use that verification to prove to others what was the content of his vote. This failure to obtain a reliable relationship between voter and vote should be absolute. That is, obtaining that information or even power of the voter can be as it could act under coercion of any kind to prove to others what was their behavior in elections.

On the card are stored certain pieces of information necessary for the subsequent verification, the decryption key vote, the same key signed by the Administrator and Systems Intervention and the proof presented by the ballot box. The latter two pieces of information, the signature of the Administrator and Systems Intervention (in one case) and the ballot box (in the other) is proof irrefutable and verifiable cryptographic origin.

The receipt signed by the ballot box in turn is encrypted so that only the Election Authority to disclose its contents. The only proof that the proof of the urn belongs to the voter is present in your own card, because the proof does not contain any identification of the voter.

Complete the reception of votes, the ballot made public a list containing all the information that will be scrutinized in the counter. This list is ordered according to some criterion to facilitate the discovery of pieces of information, and does not allow inferences about the orientation of the voters vote for the position in the list and the time or place from where they voted, etc. ., when compared with the list published by the Administrator.

This publication will aim to enable definition of responsibilities in case a voter to submit a claim for not finding their vote included in the count. The voter may submit as evidence the proof that the ballot has been sent to your card which is signed by the box and inside should contain the same information it contains one of the posted field.

 

5.1. Individual Verification

Once you have completed voting, each voter can independently verify that their vote has been properly taken into account. For this it suffices that the voter is directed to a checkpoint and provided individually, use your card and ask to be shown voting partner.

The system located in the Check Point is able to read the decryption key stored in the Voter card, so that, after obtaining that key card access electronically to the list of key pairs generated clear-vote by the counter and shows the associated voting so that voters and only he can read it.

In the event that the voter does not agree with the displayed option, may initiate a complaint to the Election Authority, which will discover and compare all cryptographic tests in the system as well as proof on the card for check the validity of the survey. In this way the voter provides tools to counteract the criticism that there is no way to provide security to the voter that the vote has been recorded as it has been issued, or that the count is correct [6].

Election Authority, after receiving the card Voter can prove unambiguously correct or incorrect treatment of the vote, it has access to:

* The vote decryption key stored on your Voter’s card.

* The receipt sent by the Voter Urn (signed by the urn and its inviolability guaranteed by the public key of the Election Authority) which contains the votes cast.

* The counter records relating to the decryption key of the vote signed by the Administrator and Systems Intervention, the decryption key vote in clear and encrypted with her vote.

With all this, the Election Authority, based on strong cryptographic evidence, opinion on whether the voter has no reason or whether there has been a forgery by the system.

 

5.2. Overall verification

As for the overall verification, once published the results of the vote, with the intention that the various applications obtained proof of proper functioning of the auditor at the time of opening and counting votes, allowing each check the procedure. Each candidate is able, through a series of specific procedures that are designed, to compare its information with which it has obtained final result of the counting process. If both data do not correspond, could come to challenge the vote by filing robust cryptographic tests. These tests cryptographic audit elements are introduced into the system which ensure the validity of the whole process, responding to one of the criticisms that often make the electronic voting systems.

The procedure proposed in VOTESCRIPT is that once the vote count and published the result, with the intention that the various Auditors obtain evidence of the proper functioning of the counter, is given to each of them a copy of some of pieces of information obtained by the counter after opening the various insurance received from the urn.

Each auditor will have its own machine where the copy will be charged. This machine will be pre-audited by trusted experts to ensure total security that can only perform the recount. Making use of this copy, each of the Controllers you can check if the counting procedure in the counter has taken place or not properly, and if the results achieved in line with the published count.

Both lists of records received by the auditor and for lists of information given to each candidate shall provide a term of validity so that, after the stipulated time and considered valid the election, must be destroyed.

 

6. VOTESCRIPT project contributions to traditional voting

This section highlights the main contributions of the project VOTESCRIPT to electronic voting, comparing the proposed solutions to the major schemes included in voting today are a reference in this area.

This project deals with the development of the system from an interdisciplinary perspective, both sociological and telematics, which has led to the voting system has been designed in different phases based on requirements demanded by citizens and determined by the sociological research. It should be noted that some of these requirements were initially identified rather as procedural, but in light of social research, listed as guarantors of the voting system to meet demands that emerge strongly in the field work. These requirements demanded by voters included the need for tools to verify the proper functioning of the system, not only globally, but also a particular level.

In most systems shows that there is no possibility to verify that the system operates correctly, ie as a result of malicious behavior of some agent telematic system (Bureau of Elections, Urna or counter) or the collusion of several agents within the system is not producing an alteration of the results of the vote. The designed system is designed to allow verification at both global and individual levels.

VOTESCRIPT system provides a single verification system that allows each voter to check in specific places and for a time determined whether your vote has been taken into account and has been successfully posted. The novelty compared to other solutions is that the verification process is private, so that at no time the voter can prove to unauthorized third parties what they have voted, thus preventing the buying and selling of votes or extortion. This represents a significant improvement even with respect to conventional voting systems, in which, through options such as the delegate voting or voting by mail, is made possible this kind of massive attacks on popular sovereignty.

The existence of Intervention Systems is one of the main contributions of this system, since it allows the control of the entire electoral process by the grouping of citizens or candidates authorization. In addition, it gives them the ability to easily make an audit not only the final result but the whole process. The global verification, provision of financial controllers, provides strong cryptographic evidence, which demonstrated without any ambiguity if the system has operated or fraudulently.

Each controller has the ability, through a series of specific procedures have been designed to compare the information it holds its Intervention System which was obtained as a final result of the counting process. If both data do not correspond, could come to challenge the vote by filing robust cryptographic tests. These tests cryptographic audit elements are introduced into the system which ensure the validity of the whole process.

In developing the project VOTESCRIPT was decided to use cryptographic cards specifically designed for this project, which not only guarantees the identity of the voter but perform all encryption / decryption, key generation and signature verification session in-house card in order to prevent access to critical information from malicious users. Also, the card stores certain information associated with the voting process, proof, with a view to possible subsequent verification.

There is an Election Authority responsible for overall system control, to ensure their proper functioning, by addressing any complaints that voters made. In the event that there is a complaint by a voter on the treatment of their vote, it will discover and compare all cryptographic tests in the system to check the validity of the survey.

 

The designed system also hinders the votes cast can be known in the future. The traditional voting schemes are analyzed based on the submission of the vote properly withheld from the Administrator (and intervention systems, if any) for a time to verify that the voter has the right to vote and who has not done so, return the signed vote as authorization mechanism. Presenting the hidden vote using cryptographic algorithms now ensure that they can not know its content, but does not guarantee that with the advancement of this cryptanalysis techniques can not be known in the future. The system developed in the project proposes a novel VOTESCRIPT that the voter’s authentication phase that is presented cryptographically hidden Administrator and Systems Intervention is not the vote but the key is to be used later to decrypt it, avoiding the Administrator (or Intervention Systems) will be saved for the future (the only vote is sent to the ballot box).

 

7. Conclusions

The technical solutions to be adopted when designing a voting system have a very important social impact with regard to maintaining and improving the rights and freedoms of citizens and, consequently, the development of democracy in Society Information.

The design of Digital Democracy must be based on critical analysis and depth of experience and proposals already made and incorporate multidisciplinary methodologies (technological, socio-political and legal) to determine both the requirements and conditions for the evaluation of the final system to develop.

VOTESCRIPT system, using this multidisciplinary approach has achieved better solutions than previous proposals, providing valid procedures for the resolution of objections which disqualified the overall viability of electronic voting (Mercury Report [6], for example).

According to the authors of this article, all intellectual and material effort poured into this area makes sense if it results in a qualitative improvement of democracy to strengthen its legitimacy. We understand that this improvement lies mainly in studying the potential of telematic networks to facilitate and develop citizen participation. Ie dynamic deepening of participatory democracy, to educate, enable and accelerate the participation of citizens through discussion and resolution of issues that are common.

Proliferates today the completion of telematic voting experiences in which, as always finding highlights the benefits to the voter being able to cast their vote from any computer connected to the Internet. However, the euphoria that often accompanies this type of experience often makes us forget, both organizers and voters, the inability of these systems to demonstrate that the published results have not been tampered with before disclosure .

VOTESCRIPT system presented in this paper, was conceived from the outset as a system should be fully verifiable, by voters who should be confident that their vote was counted properly and that auditors should audit the proper functioning of the system, and they currently do with conventional voting.

The result of the development is a fully verifiable, noting that the strength of the system is based on obtaining, by different actors (which are mainly voters and auditors) of pieces of information cryptographically strong and secure which may present as evidence to third parties in case of dispute or disagreement with the results of the process.

All the above leads to the conclusion that only those voting systems that include verification capabilities will guarantee future success.

 

8. References

* Fujioka, T. Okamoto, K. Otha. A Practical Secret Voting Scheme for Large Scale Elections, Advances in Cryptology, AUSCRYPT’92, Lecture Notes in Computer Science 718. Verlang Springer, Berlin, pp.244-251 (1993).

* M. Ohkubo, F. Miura, M. Abe, A. Fujioka, T. Okamoto. An Improvement on a Practical Secret Voting Scheme. Lecture Notes in Computer Science 1729, Springer-Verlag, Berlin, pp. 225-234 (1999).

* Cranor, Lorrie F. and Cytron, Ronald K. Design and Implementation of a Practical Security-Conscious Electronic Polling System, WUCS-96-02, Department of Computer Science, University of Washington, St. Louis (1996).

* I Riera Jorba, Andreu. Solutions for Design of Large Scale Easy to implement Easy to implement Voting Schemes, PhD Thesis Universidad Autonoma de Barcelona, 1999.

* Carracedo J., Gomez A. and Carracedo J.D., (2003). VOTESCRIPT System: An innovative approach developed to solve the classic problems of electronic voting.Mexico D.F.

* R. Mercuri Testimony in U.S. House of Representatives Committee on Science, May 2001.

 

Notes

[1] – The VOTESCRIPT project (TIC2000-1630, TIC2002-4223 and TIC2003-2141) has been funded by the Ministry of Science and Technology within the National R + D + I (2000-2003).

 

The content of this work is governed by the following Creative Commons license: see

Jes’us Moreno Blazquez / / Sergio Sanchez Garcia / / Jose David Carracedo Verde