Poorvi L. Vora - Research: E2E-V Voting

In voting system design, our focus has been on the new class of voting systems known as end-to-end independently verifiable (E2E) voting systems, where voters and observers can audit an election without being required to trust election officials or voting system software. This property is achieved through the use of a digital audit trail made available by the voting system---on a secure bulletin board such as a website---which can be checked by software written by anyone. Thus, while a certain degree of sophistication is necessary in the software used to perform the checks, access to the information and authorship of the software is not restricted. Note that the assumptions of classical cryptographic voting protocols are not valid in this setting: the voter does not trust the machine she votes from, and the voter is not a probabilistic-polynomial-time Turing machine. Our work is distinguished from much other work on E2E-V systems in that our protocols possess the dispute resolution property, where, if a voter observes a problem, she can prove it.

We developed the first non-commercial prototype of an E2E-V system (Citizen-Verified Voting, WOTE II 2004, of Chaum's "visual cryptography'' scheme), organized the first workshop on the evaluation of voting systems, VSRW 2006, participated in the development and deployment of (a) the first E2E-V system with ballot privacy ever used in a governmental election, Scantegrity, (b) the first accessible prototype of an E2E-V system, Audiotegrity and (c) the first prototype of an E2E-V remote voting system, Remotegrity. Our most recent work proposes a remote E2E-V voting system, Apollo, that addresses the credential stealing attack; note, however, that much work remains before internet voting is secure enough for use in governmental elections.

Our work in voting has been both constructive and analytical.
Constructive Contributions: Doctoral student Ben Hosp led the development of what might be the first non-commercial prototype of an E2E-V system (Citizen-Verified Voting, WOTE II 2004, of Chaum's "visual cryptography'' scheme). Doctoral student Stefan Popoveniuc (co-guided with David Chaum and Jonathan Stanton; first with NIST, then Amazon and now at Google) was a key member of the Scantegrity team, see [19,13] for descriptions of Scantegrity I and II respectively. The City of Takoma Park used Scantegrity II to hold the world's first governmental secret ballot E2E-V election in November 2009, see [9,10]. Takoma Park used Remotegrity [6] (remote E2E voting, led by then post-doctoral scientist Filip Zagórski, now faculty member at Wroclaw Institute of Technology, Poland) and Audiotegrity [5] (accessible E2E-V voting, led by then undergraduates Tyler Kaczmarek and John Wittrock, see undergraduate presentations) for the municipal election of 2011. Collaborating with Chaum, my research group also proposed the use of an untrusted computational assistant in the voting booth [7]; the protocols were prototyped by (then) undergraduates Alex Florescu and Jan Rubio. More recently, doctoral student Hua Wu, now at Google, led our work on Apollo [1,3], a remote voting system that addresses the credential stealing attack.
Analytical Contributions: Ben Hosp proposed information-theoretic measures for voting systems, and demonstrated related impossibility results [17]. Stefan Popoveniuc proposed an overall framework for looking at the many different cryptographic voting systems that used paper ballots [12]. After his doctorate, he proposed a concrete definition of E2E systems [11]. With Lana Lowry at NIST, I proposed high-level definitions for desired properties of voting systems [14].
I have also worked with others in trying to present the properties of E2E-V systems to a non-technical audience [4], and to review the open problems remaining in voting system security [2].
My voting research has been sponsored in part by NSF Awards 1421373 , 1137973, 0937267, 0831149, 0505510 and the Maryland Procurement Office under contract H98230-14-C-0127.

[17, 22] are also listed as part of my applied information theory research.

  1. Hua Wu, Poorvi Vora and Filip Zagórski. Voting '19 Priv-Apollo - Secret Ballot E2E-V Internet Voting
  2. Matthew Bernhard, Josh Benaloh, J. Alex Halderman, Ronald L. Rivest, Peter Y. A. Ryan, Philip B. Stark, Vanessa Teague, Poorvi L. Vora, Dan S. Wallach. Public Evidence from Secret Ballots. E-Vote-ID 2017. Full version of the paper is at CoRR abs/1707.08619, 2017.
  3. Dawid Gawel, Maciej Kosarzecki, Poorvi Vora, Hua Wu and Filip Zagórski. Apollo--End-to-end Verifiable Internet Voting with Recovery from Vote Manipulation. E-Vote-ID 2016. Also on the IACR ePrint Archive, Report 2016/1037.
  4. Josh Benaloh, Ronald L. Rivest, Peter Y. A. Ryan, Philip B. Stark, Vanessa Teague, Poorvi L. Vora. End-to-end verifiability. CoRR abs/1504.03778, 2015.
  5. Tyler Kaczmarek, John Wittrock, Richard T. Carback, Alex Florescu, Jan Rubio, Noel Runyan, Poorvi L. Vora and Filip Zagórski. Dispute Resolution in Accessible Voting Systems: The Design and Use of Audiotegrity. VoteID 2013. LNCS Volume 7985, 2013, pp 127-141.
  6. Filip Zagórski, Richard T. Carback, David Chaum, Jeremy Clark, Aleksander Essex, and Poorvi L. Vora. Remotegrity: Design and Use of an End-to-End Verifiable Remote Voting System. ACNS 2013. LNCS Volume 7954, 2013, pp 441-457. If publisher link doesn't work
  7. David Chaum, Alex Florescu, Mridul Nandi, Stefan Popoveniuc, Jan Rubio, Poorvi L. Vora and Filip Zagórski Paperless Independently-Verifiable Voting. VoteID 2011. LNCS Volume 7187, 2012, pp 140-157
    • The protocols were first presented as: David Chaum, Stefan Popoveniuc, Poorvi L. Vora. eTegrity and ePunchScan. NIST End-to-End Voting Systems Workshop, Washington DC, October 13-14, 2009
  8. Mridul Nandi, Stefan Popoveniuc and Poorvi L. Vora. Stamp-It: A Method for Enhancing the Universal Verifiability of E2E Voting Systems. ICISS 2010. LNCS Volume 6503, 2011, pp 81-95
  9. Richard Carback, David Chaum, Jeremy Clark, Aleksander Essex, Travis Mayberry, Stefan Popoveniuc, Ronald L. Rivest, Emily Shen, Alan T. Sherman, Poorvi L. Vora. Scantegrity II Municipal Election at Takoma Park: The First E2E Binding Governmental Election with Ballot Privacy. USENIX Security 2010, Washington, D.C., 11-13 August, 2010.
  10. Alan T. Sherman, Richard Carback, David Chaum, Jeremy Clark, Aleksander Essex, Paul S. Herrnson, Travis Mayberry, Stefan Popoveniuc, Ronald L. Rivest, Emily Shen, Bimal Sinha, Poorvi Vora, Scantegrity Mock Election at Takoma Park. EVOTE2010, Bregenz, Austria, 21-24 July 2010.
    • A summary was first presented as a position paper at NIST End-to-End Voting Systems Workshop, Washington DC, October 13-14, 2009, with the author list: Alan T. Sherman, Richard Carback, David Chaum, Jeremy Clark, John Conway, Aleksander Essex, Paul S. Herrnson, Travis Mayberry, Stefan Popoveniuc, Ronald L. Rivest, Anne Sergeant, Emily Shen, Bimal Sinha, Poorvi Vora.
  11. Stefan Popoveniuc, John Kelsey, Andrew Regenscheid, Poorvi Vora. Performance Requirements for End-to-End Verifiable Elections. EVT/WOTE 2010, Washington, D.C., 9-10 August, 2010.
  12. Stefan Popoveniuc and Poorvi L. Vora. A framework for secure electronic voting. Cryptologia vol. 34, no. 3, pp. 236-257, 2010
  13. David Chaum, Richard T. Carback, Jeremy Clark, Aleksander Essex, Stefan Popoveniuc, Ronald L. Rivest, Peter Y. A. Ryan, Emily Shen, Alan T. Sherman, and Poorvi L. Vora. Scantegrity II: End-to-End Verifiability by Voters of Optical Scan Elections Through Confirmation Codes. IEEE Transactions on Information Forensics and Security, special issue on electronic voting, vol. 4, no. 4, part I, pp. 611-627, December 2009
  14. Svetlana Z. Lowry and Poorvi Vora. Desirable Properties of Voting Systems, NIST Publication 2009.
  15. David Chaum, Ben Hosp, Stefan Popoveniuc and Poorvi L. Vora. Accessible Voter Verifiability. Cryptologia, vol. 33, no. 3, pp. 283-291, July 2009.
  16. Stefan Popoveniuc and Poorvi L. Vora. Secure voting using infected computers. 8th Annual Security Conference, Las Vegas, Nevada, April 2009
  17. Ben Hosp and Poorvi L. Vora. An Information-Theoretic Model of Voting Systems. Mathematical and Computer Modelling. Special issue on: Mathematical Modeling of Voting Systems and Elections: Theory and Applications. Vol. 48, nos.9-10, pp. 1628-1645, Nov 2008.
    • An early draft was presented at both VSRW 2006 , Washington, D.C., 8-9 June 2006 and WOTE 2006, Cambridge, UK, 29-30 June, 2006.
  18. Rahul Simha and Poorvi L. Vora. Vote Verification using Hard AI Problems. Journal of Information Assurance and Security, vol. 3, no. 4, pp. 270-278, 2008.
  19. David Chaum, Aleks Essex, Richard Carback, Jeremy Clark, Stefan Popoveniuc, Alan T. Sherman, Poorvi Vora. Scantegrity: End-to-End Voter Verifiable Optical-Scan Voting. IEEE Security and Privacy, Vol 6., No. 3, pp. 40-46, May/June 2008
  20. David Chaum, Jeroen van de Graaf, Peter Y. A. Ryan and Poorvi L. Vora. Secret Ballot Elections with Unconditional Integrity. Also available as Report 2007/270, cryptology eprint archive.
  21. Poorvi L. Vora. David Chaum's Voter Verification using Encrypted Paper Receipts. IACR eprint archive, no. 2005/050. Submitted 20 Feb., 2005.
  22. Lillie Coney, Joseph L. Hall, Poorvi L. Vora, David Wagner. Towards a Privacy Measurement Criterion for Voting Systems. National Conference on Digital Government Research, Atlanta, May 2005.
  23. P.L. Vora, B. Adida, R. Bucholz, D. Chaum, D.L. Dill, D. Jefferson, D.W. Jones, W. Lattin, A.D. Rubin, M.I. Shamos, and M. Yung. Evaluation of Voting Systems. Inside Risks Column. Communications of the ACM, vol. 47, no. 11, November 2004.