In certain codification schemes, users are required to provide messages encoded in a specific way for further processing. Users, as humans, may not always be able to generate such encoding. Therefore, the use of an encoding device is required to generate it.
However, a corrupted encoding device can misbehave, so that an encoding of a message different than the one intended by the user is produced. Depending on the encoding, the user may not detect this misbehavior by inspecting the encoded message, even if (s)he inspects the encoded message using an alternative device.
This is for example the case occurring in some electronic voting schemes. The voter uses a voting device to navigate through the possible voting options, select some voting options and generate an encoding of such selected voting options. All these actions are performed prior to casting her/his vote. In this case, the voting device provides the functionality of an encoding device but also other features such as an interface for selecting the message to be encoded.
Generally, the encoding of the voting options is an encryption of them. A corrupted voting device could change the voting options to be encoded, and the voter, on view of the encoded options, might not be able to detect this modification. For example, when encryption schemes with randomization are used for such encoding, no information about which voting options have been encrypted is leaked from such encryption.
Cast-as-intended verification is a feature of some electronic voting schemes which allows the voter to detect such modification. Because only the voter knows which are the voting options that (s)he originally chose, this verification is generally intended to be performed only by her. In fact, this kind of mechanisms is known as individual verification mechanisms in the literature.
However, this means that the effort and responsibility of the verification process relies only on the voter, and this presents several drawbacks. For instance, in some cast-as-intended verification mechanisms the voter may require an audit device different from the voting device to verify the verification information. For instance, the Helios voting system, the Estonian voting system, the Wombat voting system or the Univote voting system. In addition, this audit device has to provide strong security features so that it cannot be corrupted, which is complex in practice. Moreover, this audit device might need to have some computational power. Assuming that all voters have access to such device is a strong assumption.
Cranor L. F. et. al. “Sensus: a security-concious electronic polling system for the Internet” discloses a practical, secure and private system for polling (conducting surveys and elections) over computer networks. Sensus uses blind signatures to ensure that only registered voters can vote and that each registered voter only votes once, while at the same time maintaining voters' privacy. In addition, Sensus allows voters to verify independently that their votes were counted correctly and to anonymously challenge the results should their votes be miscounted. Contrary to the present invention, in Sensus proposal the code is not associated with the message (selected by the voter/user). In addition, present invention to verify that a generated encoding corresponds to the encoding of the content of the message doesn't use the aforementioned message, that is, in present invention the verification is done without knowing which the original message was.
Ben Adida “Helios: Web-based Open-Audit Voting” discloses Helios, a web-based, open-audit voting system, in which anyone can create and run an election, and any willing observer can audit the entire process. Contrary to Helios, present invention does not perform any decryption on the encoded message.
Besides that, David Chaum et. al. “A Practical Voter-Verifiable Election Scheme” discloses a practical verifiable e-voting protocol in which voters are provided with means to verify that their vote has been included in the tally. The proposal of this document provides means for verification of the correct content of a cast vote (that is, that matches the voter's intention). Moreover, it does nor require the participation of the voter, since the verification can be done by any other third party without compromising the voter's privacy.
US-A1-2012144186 of the applicant of present invention describes a verification method which allows ensuring that the decryption process has been done honestly by the entity in charge of that. The method described in this invention is characterized by basing the verification of the correctness of the decryption of a set of encrypted messages in a proof demonstrating that the result of the operation with an operator [phi] of blocks of encrypted messages is equal to the encryption of the result of operating with the operator [Theta] blocks composed by the same messages, decrypted. In order to do that, a first input integrity proof is generated for each block of encrypted messages based on the operation [phi] of the encrypted messages, and the link with the output integrity proofs generated with the operation [Theta] of the decrypted messages composing each block is verified.
On the contrary of those known proposals, in present invention, a user chooses a message to encode, and then the encoding computer device creates an encoding, which allegedly is an encoding of the message chosen by the user and some verification information. The receiver of the encoded message—which is not necessarily the user who chose the message to encode—validates the verification information, in order to ensure that the generated encoding is in fact the encoding of the message chosen by the user.
Present invention can be applied in the field of electronic voting: an auditor validating the verification information can detect if a generated encoding produced by the voting device is in fact the encoding of the voting options chosen by the voter.
Present invention, therefore, provides a novelty in the fact that the cast-as-intended verification mechanism is not restricted to the voter anymore, since is the auditor, and with this it is meant any third party (or even the voter herself), who verifies the cast-as-intended property. Therefore, the cast-as-intended verification becomes universal, in the sense that it can be performed by anyone.
This provides the advantage of being able to perform a more systematic verification: all the cast votes can be verified, instead of trusting that the voter will verify her own vote.
Another advantage is that the kind of devices to perform the audit (audit devices) is not restricted to the devices a voter has access to. Therefore, specific audit devices with more computational capabilities and security features can be used.
Finally, the verification is not restricted to a sole entity (the voter) so in fact several parties may participate in the audit in order to provide more robustness to the process: in case one refuses to inform in case of some incident during the verification, other entities will do so.