Podcast
Root Causes 425: PQC Requirements for Voting Systems
Hosted by
Tim Callan
Chief Compliance Officer
Jason Soroko
Fellow
Original broadcast date
September 27, 2024
In honor of the upcoming US elections, we describe the six main requirements for a post-quantum voting system.
Podcast Transcript
Jason SorokoTim, today, let's look in the news. You might have noticed that this year in the United States is an election year. And guess what? This podcast is not going to be about politics, but it is definitely going to be about voting technology.
Tim CallanVoting. Big, big topic, by all means. Every election year in the last few years, the cyber security of the voting system gets a lot of discussion.Jason SorokoAbsolutely. And so what I would like to talk about is, let's look into the deeper future. Probably not this election, but in a future election for any country who's looking to do digital voting of some kind. And I'm going to suspect, Tim, that, as you know, we are eventually going to have elections in a post-quantum world.Tim CallanYou bet we will.Jason SorokoWe will. And so, there are a lot of papers right now in the scientific world, peer reviewed journal articles that are floating around. And I wanted to bring to attention just some of the real basic thinking, because you and I and a lot of the listeners here are very familiar with the advantages of PKI for document signing and concepts such as non-refutability and all these kinds of good things.What I would like to do in this podcast very rapidly, is rhyme off the six main things, security aspects, to what would be required from a post- quantum voting system.
So there's many, many peer reviewed journal articles out there. There's one written out of a university in India, Quantum Enhanced Secure Approval Voting Protocol. And it's a mouthful, but I just want to point it out that I think it's worth reading along or looking at articles like that, because not only is this interesting for voting, but it is very interesting for anybody looking to build multi-party post-quantum encrypted systems, Tim. So that's a more general aspect than just voting.
So number one, with any form of voting, you need anonymity. And so your unique ID, if you will, that would be presumably supplied by some sort of a voting registration system would probably need to be hashed. So, in other words, the insurance of anonymity, probably coming from a hash function from a unique ID of an individual. Just number one.
Number two - This is kind of interesting one. Let's call it binding. And this is where, strangely enough, with any of these kinds of systems that are digital, you do not want any of the players, whether it's Alice, Bob or Charlie, if you will, you do not want them able to alter a voter's choice due to the encoding of the vote, because you could easily make mistakes in the encoding of a vote. And this is where - connected to post-quantum - this is where you could actually start to use security layers such as entanglement and traditional digital signatures. But entanglement is an interesting one with respect to post-quantum voting, Tim. And this is where things get really, really interesting. And that's number two, binding.
Number three. Of course, in a voting system, you want a vote to be non- reusable. And once again, that comes from a double check of the hash of that ID that came from the anonymity in number one. So it's almost like a special case of number one. And then not only does the hash function have to provide anonymity, it also has to provide a non-reusability. So there's a double check within the system.
Number four is verifiability. And this is an interesting one, where wouldn't it be nice if we could have the voter have the ability to verify if their vote has reached the voting authority without tampering?
Tim CallanSo this is not verifiability of the voter’s right to vote? This is verifiability of the vote being cast and recorded?Jason SorokoCorrect. And what you've just said, eligibility, is number five. I love it. I love it. So that's cool. But then again, here's another one, Tim. Because there's third parties potentially involved. In other words, can you have a third party verify that a tally was real? The authors of this paper call it fairness. It could be labeled, I'm sure, other things. But I think that the ability to have a third party tally. So not just the government in question, but a third party. Maybe a third party government or third party auditing agency of some kind, able to authenticate itself within the system and do a tally of these anonymous votes. And Tim, those are the six security aspects of post-quantum voting. And I thought that just calling those out was kind of interesting.Tim CallanI think that's super interesting. And as you're describing this, my mind is going back to the 2000 election in the US and all of the extreme scrutiny that went into Florida in particular, and discussions of hanging chads and dimpled chads and pregnant chads and, pictures of the news of plastic bags full of these tiny little bits of paper that had been knocked out. And, if a system like this is reliable, it's just so much better. There's no half casting a vote. And, it's all computer managed and all that. But on the other hand, and this is what worries people, if a system like this is not reliable and you just plain have wholesale misreporting of the actual numbers, either maliciously or not, then that's potentially disastrous.Jason SorokoAbsolutely.Tim CallanSo to have this kind of framework, I think, is really helpful.Jason SorokoSo, Tim, exactly. So even things like verifiability, and I love how you called out that that could easily be thought of as eligibility. Verifiability - like that hanging chad, a lot of people in Florida, in 2000, I remember that election as well. And a lot of people wondered, was my vote wasted?Tim CallanAbsolutely. Was my vote not counted?Jason SorokoAnd so this is an attempt to try to call out what are all the security concerns and privacy concerns within voting. And I think that this covers it pretty well.Tim CallanI think that's great. And then you can imagine the ways all of these ideas get applied. Like having independent third parties be able to go in and audit the results and agree that the results are correct or challenge them if they don't agree without compromising any of these other things. So an individual voter’s anonymity is still preserved, for instance. Being able to tie those votes back to genuine eligibility and knocking out the concerns that come up every election about voter fraud and people voting more than once. Verifiability, like you said not having to wonder was my vote counted? These are - and of course, anonymity is essential. These are great things to have in a system. And these are really things we're going to need to be able to feel good about purely electronic voting. And like you said, voting in the post- quantum era.Jason SorokoExactly, Tim and as well as going beyond just post-quantum algorithms, which has been all the news that we've been reporting lately. This even goes a little beyond that in looking at what kind of other quantum principles can we start to use, including utilizing things such as entanglement.Tim CallanYou mentioned entanglement.Jason SorokoAnd I think a lot of people listening to this podcast might go, geez, Jay, that's a long ways away. That's crazy talk. Well, at the very least, we're talking about how to do binding in a way that we've never done before. In other words, the ability to have non-interference, or detectable, detectable interference in a post-quantum world. And this is what's interesting, Tim. This article did not come from a public policy, department of a university. It didn't come from a cryptography or mathematics. It came from a physics department.And I think that that's why they’re looking at the deep far horizon about how to utilize quantum in the future, and that does interest me because the ways in which we do things today will probably be different, quite different, when quantum computers are truly available to us, and things like quantum memory are available to us, and things like entanglement are not just Star Trek subjects. They’re something that are computable and usable. And I don't know, I just, I think that looking at the horizon is interesting because even if it's not something we implement today, from an engineering standpoint, it should help to inform us for how to build systems thinking about the future.
Tim CallanI agree, Jay. Very cool.Jason SorokoThat's it, Tim.Tim CallanThank you, Jay.Jason SorokoThank you.Tim CallanThis has been Root Causes.Stay informed with expert insights
Subscribe to Root Causes for engaging discussions on PKI, digital security, and best practices for protecting your organization's critical assets. Don’t miss an episode!
