A cure-all technology

A concise summary of the multitude of ideas, realized in inventions, that constitute the solution achieving all the set goals. A separate examination of problematic situations at different stages and in different processes of secret remote electronic (online) voting, and of the components that form an inseparable complex, constituting the technology that solves all these problems.

Authentication

The Problem Being Solved

The primary goal of the authentication method we invented was to eliminate the possibility of a voter being replaced by another person or a bot. It counteracts the actions of malicious actors who have gained access to voters’ personal authentication data. The invented method prevents these bad actors from using such authentication data (certificates, tokens, biomarkers, photos, and videos of voters) to create bots impersonating voters or to substitute voters with other people. Specifically, it prevents fraudulent authentication using devices and passwords that have been seized from voters through threats or the application of force.

All existing inventions that propose methods for authenticating a user based on their live reaction to random external stimuli or unpredictable instructions do not protect against collusion between the generator of these factors and the device recording the user’s response (отсылка к патентам). Such collusion allows for pre-recording the reaction and then, at the moment of authentication, presenting the same factors and the pre-recorded reaction to them. We have proposed a method that precludes this possibility.

The Essence of the Invention

To eliminate the aforementioned collusion, we have developed a method of mutual cross-authentication. Instead of a single centralized server that generates stimuli or instructions and evaluates the response from each user device individually, several personal computing devices, equipped with video recording hardware and united in a peer-to-peer overlay network, mutually authenticate each other using short selfie videos. The authentication is based on an analysis of user actions and reactions that are inseparable from their appearance. These actions constitute either their reaction to unpredictable video situations or their actions in accordance with unpredictable instructions.

The cornerstone of the method is authentication within a group of devices. In this group, each device, or some of them, randomly becomes a source for another. The source generates stimuli or instructions that must be presented to the user of the recipient device. The evaluation of the correspondence between the user’s reaction and the stimuli or instructions presented to them, generated by a random source, is performed by all devices in the group.

A detailed description of our developed method can be found in the patent «Cross-authentication with the use of selfie video» [pt1] .

Registration, Accounting, and Access

Identifying the Problem

All known systems that provide for voter registration and the maintenance of voter rolls aim to create computerized records of voters, protect voters’ personal data, and provide registered voters with an anonymous certificate granting them the right and ability to vote. However, there are no known inventions aimed at protecting against malicious actions by the organizers of the vote and those who conduct voter registration and accounting.

The protection we propose relies on separating the persons maintaining the system from the persons conducting voter registration. The persons maintaining the system are responsible for its functioning and for the disclosure of voters’ personal data that is not subject to publication (for example, their place of residence). The persons conducting voter registration are responsible for distorting the voter lists and the positions (e.g., addresses) that voters may occupy. The goal of the invention is to enable public oversight of how voter accounting is conducted without disclosing voters’ confidential data. The system can be used for control that allows, firstly, to identify and hold accountable those who disclose personal data and those who introduce distortions into the voter lists, and secondly, to detect and correct these distortions.

The Essence of the Invention

In elections and referendums conducted by state structures within a certain territory, the persons entitled to vote are all citizens registered at one of the addresses in that territory. If desired, a malicious state structure responsible for accounting for residential addresses and registering citizens at these addresses can either include non-existent addresses among the list of addresses, registering non-existent people at these addresses, or register non-existent people at existing addresses.

The proposed system and method can be effectively used to create electoral communities by any initiative groups acting as founders of a community of voters, whose members occupy positions. The composition and filling of these positions are controlled both by its members and by external observers. In such arbitrary use cases, instead of an address, any position can be specified, the characteristics (parameters) of which are established by the founders.

One position can contain one or several seats that can be occupied by different individuals. A position can be a job title or an address (such a position can have either one or many seats), or it can be the name of a specific person (which always has one seat). It is convenient to use citizens’ registration addresses as their positions, which allows for verifying the reality of such addresses and the absence of non-existent persons registered at them. It is clear that positions can be grouped into hierarchies, and not all seats within a position may be occupied.

The system stores only two unconnected lists: a list of positions indicating the number of occupied seats, and a list of images of the community participants. The use of personal data in the system is not required, which ensures the impossibility of their leakage. To facilitate public oversight, both lists are published.

A detailed description of our proposed method can be found in patent “The system and method for creating, maintaining and verifying voter lists” [pt2] .

The Balloting Process

Set of Objectives

The system and method we have developed comprehensively ensure:

the impossibility of ballot stuffing and vote substitution during secret voting;
the voter’s ability to verify the correct accounting of their cast vote in the results, but only as part of a public procedure, combined with the ability to change their choice during the allotted voting time, which renders vote trading and voting under pressure meaningless;
the simultaneous receipt of results by all voting participants immediately after its conclusion and their verifiability;
obtaining a picture of the social distribution of preferences;
minimization of the computational resources required to achieve the set goals;
low cost of conducting the vote for its organizers.

The combination of simultaneously achieved objectives is a distinctive feature of our development. Some of the means used to achieve them differ only slightly from those proposed in other inventions. However, this slightness does not mean that our development is a compilation or summation of means claimed in other inventions, as this slight difference plays a very substantial role.

The Essence of the Development

The core concept is the use of the voters’ personal computing devices, united in a peer-to-peer network for direct message exchange. A server is attached to this network, which serves to initiate and conclude the voting process, form groups of personal computing devices, orchestrate the anonymizing mailing, and save and publish the consolidated results and final tally after the vote concludes.

The achievement of the stated objectives is based on:

direct message exchange between the devices within this network,
asymmetric multi-stage encryption,
the use of rhythmized anonymizing mailing,
distributed storage of information encrypted with personal keys generated separately by each participant’s device,
the specificity of the encryption, distribution, decryption, and storage procedures performed separately by each device, and
multiple duplication of information and its independent processing by each of these devices.

During the voting process, the participants’ devices join a peer-to-peer hybrid overlay network, which is dynamically formed for the specific current vote from those admitted to it (i.e., those with access who have passed authentication).

A device that has joined the voting network creates a pair of asymmetric encryption keys for the anonymizing mailing and a voting key. These are used to ensure ballot secrecy, the ability to re-vote during the allotted time, and to exclude the loss or substitution of a cast vote, multiple participation by the same individual, and the obtaining of intermediate results before the vote concludes. (A pair of asymmetric encryption keys can be used instead of a single voting key).

Participation in the vote begins with the device of an authenticated voter distributing the generated public key for anonymizing mailing and including it in a list for subsequent verification of results. During the allotted voting time, the voter makes their choice and places it in a voting message. Their device then encrypts this message with its generated voting key, places the encrypted message anonymously into public access (distributes it to other devices and the server) using the anonymizing mailing, and collects encrypted messages from other devices.

Upon the expiration of the voting time, all devices anonymously place their voting keys into public access. Using these keys, they decrypt the collected choices from other devices. In doing so, each device separately verifies the participants and the lists of intermediate and final results, then independently of one another calculates the voting outcome. This outcome can be checked by anyone after its visualization on the website by the server and by each device independently of the others.

A detailed description of the functioning of our proposed system and an explanation of the mechanisms ensuring the achievement of the stated goals can be found in patent «A system and method of secret online voting countering vote stuffing and substitution, vote trading and pressure on voters» [pt3] .

Immanent Protection

Protection Against System Overload

System overload can be caused by either a DDoS attack or a Sybil attack.

Preventing the possibility of a DDoS attack is ensured by input filtering based on stored images and distributed, group-based cross-authentication. These same tools also protect against a Sybil attack.

Protection Against Defamation

To confirm the reliability of the voting results, it is sufficient to verify the accurate reflection of just a few individual votes in these results. For this, only a few voters who have declared their willingness to disclose their voting secrecy are needed. However, they should not have the opportunity to commit forgery and falsely incriminate the system.

To protect the system from accusations of vote substitution, each device repeatedly encrypts its voting message with different published public keys from the asymmetric encryption and sends this message to those devices whose key was not used in the encryption, marking it with their own label in the first cycle of the anonymizing mailing. The devices that receive this message save it.

A voter who has publicly announced their intention to disclose their vote secrecy distributes their label to these devices. The devices that saved the undecrypted voting message with this label send it to the devices that have united in the vote secrecy disclosure mode. Upon receiving such a message, the devices decrypt those messages encrypted with their key. If the message remains encrypted after this, they broadcast it again to the network; if it is already decrypted, they compare it with the message in the final array of decrypted saved voting messages.

A match between the messages confirms the correct accounting of the vote of the voter who disclosed their voting secrecy in the voting results.