Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

To check that a ballot paper hasn’t been rigged, the voter simply scratches off the surface to reveal a number that can be combined with a number corresponding to the order of the names and a publicly available encryption key. In theory, voters could use cryptographic software at the poll to perform these operations; but in practice, trusted third-party organizations could provide a means for voters to check their ballot papers. If the codes match, the “audit” ballot is legitimate, and it should be okay to vote with the other ballot.

An S&V system should also be useful in post-vote auditing, because all of the encrypted votes could be posted online. Once voters cast their ballots, by scanning them into a machine, they keep them as a receipt. Later, they can use this paper to check that their vote has been counted, by simply looking up their vote and seeing that the encryption code matches the one on their ballot paper.

Using scratch surfaces has been proposed before, says Ryan. But with the S&V system the scratch surface serves as a way of voiding the ballot. If it has been scratched off, it ensures that an audited ballot cannot be used.

The success of such a system will depend on more than its security features, however. Ultimately, it must be easy for voters to understand. Adida accepts that their system is complicated – but he’s unapologetic: “All this complexity is not gratuitous, it is necessary to make sure that you have a secret ballot.”

Michael Shamos, who carries out voting system evaluations, and is co-director of the Institute for eCommerce at Carnegie Mellon University in Pittsburgh, PA, says he has high hopes for cryptographic voting schemes like this one. Still, he believes it will be a challenge to get them adopted. Officials will need to understand and accept them and the public need to be persuaded of the benefits. “These are all tall orders,” he says. The cryptographic techniques that underlie them are complicated and may require officials to put their faith in the claims of mathematicians. “I wonder if legislators will ever be willing to do that,” he says.

Rivest is more optimistic. Legislators are already putting their faith in computer software that they don’t understand, he says. There is an irony that using encryption to make elections more transparent could make the underlying processes seem more complex, he says. Even so, Rivest is hopeful. “There is a trend in the U.S. for legislators to move toward paper-verified auditable trails,” he says. And this trend, he believes, is a step in the right direction.

24 comments. Share your thoughts »

Tagged: Computing

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me