Virtual Election Booth
This project implements the secure election protocol described in
[SCHN96], p. 127 (Voting with Two Central Facilities). A more
theoretical discussion is found in [SALO96]. The implementation will
provide a secure way for people to vote online, which eliminates the
hassle of physically being present at designated election locations.
Since computerized voting will not replace general elections unless
there is a protocol that both maintains individual privacy and prevents
cheating, the ideal protocol must meet these requirements:
- Only authorized voters can vote.
- No one can vote more than once.
- No one can determine for whom anyone else voted.
- No one can duplicate anyone else's votes.
- Every voter can make sure that his vote has been taken into
account in the final tabulation.
- Everyone knows who voted and who didn't
Your design should use two central facilities: Central Tabulating
Facility (CTF) and Central Legitimization Agency (CLA). CLA's main
function is to certify the voters. Each voter will send a message to the
CLA asking for a validation number, and CLA will return a random
validation number. The CLA retains a list of validation numbers as well
as a list of validation numbers' recipients to prevent a voter from
voting twice. Then, the CLA completes its task by sending the list of
validation number to the CTF. CTF's main function is to count votes. CTF
checks the validation number against the list received from the CLA. If
the validation number is there, the CTF crosses it off (to prevent
someone from voting twice). The CTF adds the identification number to
the list of people who voted for a particular candidate and adds one to
the tally. After all the votes have been received, the CTF publishes
The following excerpt from [SCHN96], p. 127 describes the secure voting
protocol. It is recommended that you read the chapter for more
discussion and background.
The following protocol uses a Central
Legitimization Agency (CLA) to vertify voters and a seperate CTF to
- Each voter sends a message to the CLA asking for a validation
- The CLA sends the voter back a random validation number.
The CLA maintains a list of validation numbers. The CLA also
keeps a list of the validation number's recipients, in case someone
tries to vote twice.
- The CLA sends the list of validation numbers to the CTF.
- Each voter chooses a random identification number. He
creates a message with that number, the validation number he received
from the CLA, and his vote. He sends this number to the CTF.
- The CTF checks the validation number against the list it received
from the CLA in step 3. If the validation number is there, the CTF
crosses it off (to prevent someone from voting twice). The CTF
adds the identification number to the list of people who voted for a
particular candidate and adds one to the tally.
- After all votes have been received, the CTF publishes the
outcome, as well as the lists of identification numbers and for whom
their owners voted.
The system should be implemented using your choice of C, C++, or Java.
(and maybe dot net, we're thinking about it) It will consist
of 3 independant programs that communicate over the network using an
XML based protocol. Two of these programs implement the CLA and CTF.
The third is the user interface. This can be implemented
either as a traditional GUI program, or as a web server serving HTML
pages. Of course, all communications should be secured using SSL.
the resources page
[SCHN96] Applied Cryptography,
Bruce Schneier, John Wiley and Sons, New-York, 1996.
Cryptography, Arto Salomaa, Springer Verlag, New-York, 1996.
[STAL99] Cryptography and
Network Security: Principles and Practice, William Stallings (2nd
edition), Appendix A, Upper Saddle River, NJ: Prentice-Hall, 1999.