Cryptography Reference
In-Depth Information
FIGURE 12.17
Each trustee strips one layer of the doll (represented by the barcode) and uses
it to modify the image. The order is randomly permutated.
and uploaded to the ocial election website. Furthermore, the voter keeps her
slide as her receipt.
For confidentiality, the voter has to trust that the voting machine has no
memory. But how can the results be computed only from the scanned slides?
To make this possible, the slide cannot be completely random (as usual in
visual cryptography) but is produced by a pseudorandom generator from the
cryptographic version of a nested doll that contains the necessary information
to reproduce the ballot image inside. This means that confidentiality is not
information theoretically secure but only computationally secure under the
usual cryptographic assumptions.
The cryptographic version of a nested doll is produced by the voting ma-
chine from the serial number of the ballot by successively encrypting with the
public keys of a sequence of trustees and printed on the slide as a barcode.
Only all trustees together would be able to compute the ballot image using
their secret keys. The result of the election is computed by a sequence of mix-
operations as described in [5]: The first trustee gets a batch of scanned slides
as input. For each vote, he removes the first layer of the doll and modifies
the encrypted image using the removed layer of the doll. Then he uploads a
batch containing a random permutation of the results to the ocial election
website. All other trustees do the same with the batch from their predecessor
(see Figure 12.17). In the batch produced by the last trustee, the dolls were
used up and the image became the original ballot image, which can be seen
(and thus counted) by anyone.
To verify that the trustees worked properly, a public random choice is
 
Search WWH ::




Custom Search