More Like this

1. VoteXX: A Solution to Improper Influence in Voter-Verifiable Elections

   Chaum, David; Carback, Richard T.; Clark, Jeremy; Liu, Chao; Nejadgholi, Mahdi; Preneel, Bart; Sherman, Alan T.; Yaksetig, Mario; Zagorski, Filip; Zhang, Bingsheng (October 2022, E-VOTE-ID 2022)

   We solve a long-standing challenge to the integrity of votes cast without the supervision of a voting booth: ``{\it improper influence},'' which typically refers to any combination of vote buying and voter coercion. Our approach allows each voter, or their trusted agents (which we call ``{\it hedgehogs}''), to {\it ``nullify''} (effectively cancel) their vote in a way that is unstoppable, irrevocable, and forever unattributable to the voter. In particular, our approach enhances security of online, remote, public-sector elections, for which there is a growing need and the threat of improper influence is most acute. We introduce the new approach, give detailed cryptographic protocols, show how it can be applied to several voting settings, and describe our implementation. The protocols compose a full voting system, which we call {\it {\votexx}}, including registration, voting, nullification, and tallying---using an anonymous communication system for registration, vote casting, and other communication in the system. We demonstrate how the technique can be applied to known systems, including where ballots can be mailed to voters and voters use codes on the ballot to cast their votes online. In comparison with previous proposals, our system makes fewer assumptions and protects against a strong adversary who learns all of the voter's keys. In {\votexx}, each voter has two public-private key pairs. Without revealing their private keys, each voter registers their public keys with the election authority. Each voter may share their keys with one or more hedgehogs. During nullification, the voter, or one or more of their hedgehogs, can interact through the anonymous communication system to nullify a vote by proving knowledge of one of the voter's private keys via a zero-knowledge proof without revealing the private key. We describe a fully decentralizable implementation of {\votexx}, including its public bulletin board, which could be implemented on a blockchain. 

   more » « less
2. The Swing Voter Paradox: Electoral Politics in a Nationalized Era

   Shiro Kuriwaki (January 2021, Ph.D. Dissertation, Department of Government, Harvard University)

   With each successive election since at least 1994, congressional elections in the United States have transitioned toward nationalized two-party government. Fewer voters split their tickets for different parties between President and Congress. Regional blocs and incumbency voting --- a key feature of U.S. elections in the latter 20th century --- appear to have given way to strong party discipline among candidates and nationalized partisanship among voters. Observers of modern American politics are therefore tempted to write off the importance of the swing voter, defined here as voters who are indifferent between the two parties and thus likely to split their ticket or switch their party support. By assembling data from historical elections (1950 -- 2020), surveys (2008 -- 2018), and cast vote record data (2010 -- 2018), and through developing statistical methods to analyze such data, I argue that although they comprise a smaller portion of the electorate, each swing voter is disproportionately decisive in modern American politics, a phenomenon I call the swing voter paradox. Historical comparisons across Congressional, state executive, and state legislative elections confirm the decline in aggregate measures of ticket splitting suggested in past work. But the same indicator has not declined nearly as much in county legislative or county sheriff elections (Chapter 1). Ticket splitters and party switchers tend to be voters with low news interest and ideological moderate. Consistent with a spatial voting model with valence, voters also become ticket splitters when incumbents run (Chapter 2). I then provide one of the first direct measures of ticket splitting instate and local office using cast vote records. I find that ticket splitting is more prevalent in state and local elections (Chapter 3). This is surprising given the conventional wisdom that party labels serve as heuristics and down-ballot elections are low information environments. A major barrier for existing studies of the swing voter lies in the measurement from incomplete electoral data. Traditional methods struggle to extract information about subgroups from large surveys or cast vote records, because of small subgroup samples, multi-dimensional data, and systematic missingness. I therefore develop a procedure for reweighting surveys to small areas through expanding poststratification targets (Chapter 4), and a clustering algorithm for survey or ballot data with multiple offices to extract interpretable voting blocs (Chapter 5). I provide open-source software to implement both methods. These findings challenge a common characterization of modern American politics as one dominated by rigidly polarized parties and partisans. The picture that emerges instead is one where swing voters are rare but can dramatically decide the party in power, and where no single demographic group is a swing voter. Instead of entrenching elections into red states and blue states, nationalization may heighten the role of the persuadable voter. 

   more » « less
3. BVOT: Self-Tallying boardroom voting with oblivious transfer

   Javani, Farid; Sherman, Alan T. (January 2021, International Journal of Information Security, submitted)

   null (Ed.)

   A boardroom election is an election with a small number of voters carried out with public communications. We present BVOT, a self-tallying boardroom voting protocol with ballot secrecy, fairness (no tally information is available before the polls close), and dispute-freeness (voters can observe that all voters correctly followed the protocol). BVOT works by using a multiparty threshold homomorphic encryption system in which each candidate is associated with a set of masked primes. Each voter engages in an oblivious transfer with an untrusted distributor: the voter selects the index of a prime associated with a candidate and receives the selected prime in masked form. The voter then casts their vote by encrypting their masked prime and broadcasting it to everyone. The distributor does not learn the voter's choice, and no one learns the mapping between primes and candidates until the audit phase. By hiding the mapping between primes and candidates, BVOT provides voters with insufficient information to carry out effective cheating. The threshold feature prevents anyone from computing any partial tally---until everyone has voted. Multiplying all votes, their decryption shares, and the unmasking factor yields a product of the primes each raised to the number of votes received. In contrast to some existing boardroom voting protocols, BVOT does not rely on any zero-knowledge proof; instead, it uses oblivious transfer to assure ballot secrecy and correct vote casting. Also, BVOT can handle multiple candidates in one election. BVOT prevents cheating by hiding crucial information: an attempt to increase the tally of one candidate might increase the tally of another candidate. After all votes are cast, any party can tally the votes. 

   more » « less
4. Boardroom Voting: Verifiable Voting with Ballot Privacy Using Low-Tech Cryptography in a Single Room

   Blanchard, Nikola K.; Selker, Ted; Sherman, Alan T. (October 2020, IEEE Transactions on Systems, Man and Cybernetics: Systems, submitted)

   A boardroom election is an election that takes place in a single room — the boardroom — in which all voters can see and hear each other. We present an initial exploration of boardroom elections with ballot privacy and voter verifiability that use only “low-tech cryptography” without using computers to mark or collect ballots. Specifically, we define the problem, introduce several building blocks, and propose a new protocol that combines these blocks in novel ways. Our new building blocks include “foldable ballots” that can be rotated to hide the alignment of ballot choices with voting marks, and “visual secrets” that are easy to remember and use but hard to describe. Although closely seated participants in a boardroom election have limited privacy, the protocol ensures that no one can determine how others voted. Moreover, each voter can verify that their ballot was correctly cast, collected, and counted, without being able to prove how they voted, providing assurance against undue influence. Low-tech cryptography is useful in situations where constituents do not trust computer technology, and it avoids the complex auditing requirements of end-to-end cryptographic voting systems such as Prêt-à-Voter. This paper’s building blocks and protocol are meant to be a proof of concept that might be tested for usability and improved. 

   more » « less
5. What We Know and Don't Know About Eligible and Registered Voters in the United States: Population, Age, and Race in Census Surveys and L2 Voter Roll Data

   https://doi.org/10.1111/ssqu.70080  

   Fowler, Christopher_S; Southern, Billy (September 2025, Social Science Quarterly)

   ABSTRACT Accurate information on who is eligible to vote—and who is registered—is essential to voting rights enforcement, election reporting, and scholarship on political participation. Yet, the data used to measure eligibility and registration vary in important ways based on how the data were collected and for what purpose. This article compares three federal data sources on citizenship and voter registration, alongside state voter roll data aggregated by a private vendor (L2). We assess their strengths and limitations, helping researchers make informed choices. We review existing research on how individual preferences, policies, and politics shape registration rates across geography and demographic groups. We also explain why some uncertainty in counts of eligible and registered voters is unavoidable. Our side‐by‐side comparison reveals striking inconsistencies. The American Community Survey overstates the citizen voting‐age population. The Current Population Survey and L2 voter file counts of registered voters show a very weak correlation across states. Counts for small geographic areas vary widely. Because we are largely unable to disentangle the source of differences we observe, we recommend using multiple data sources. We also call for more attention to how voter rolls are maintained at the local level—key to reducing uncertainty. 

   more » « less