ABSTRACT
CONTENTS 1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.2 Problem: Software Complexity of Voting Systems . . . . . . . . . . . . . . . . . . 4
1.2.1 The Difficulty of Evaluating Complex Software for Errors . . 5 1.2.2 The Need for Software-Independent Approaches . . . . . . . . . . . 6
1.3 Definition and Rationale for Software Independence . . . . . . . . . . . . . . . . 6 1.3.1 Refinements and Elaborations of Software Independence . . . 7 1.3.2 Examples of Software-Independent Approaches . . . . . . . . . . . . 8
1.4 How Does One Test for Software Independence? . . . . . . . . . . . . . . . . . . . . 9 1.5 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.5.1 Implications for Testing and Certification . . . . . . . . . . . . . . . . . . 10 1.5.2 Related Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
. . . . . . . . . . . . . . . . . 1.7 The Use of a Public Ledger . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 1.8 End-to-End Verifiable Voting Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 1.9 Program Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 1.10 Verifiable Computation and Zero-Knowledge Proofs . . . . . . . . . . . . . . . . 16 1.11 Conclusions and Suggestions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
1.1 Introduction Democracy depends on elections, yet elections are complex but fragile processes involving voters, election officials, candidates, procedures and technology. Voting systems are evaluated in terms of their security, usability, efficiency, cost, accessibility and reliability. A good voting system design should be based on sound principles.
