History

Voting procedure

This page is a work in progress and will be updated with more information in the near future.

Before Election

Election officials input ballot data (list of questions with possible responses for each) into the ballot generation system. Each voting machine is programmed with the list of questions (but not answers).

A set of printed "ballot keys" is then generated. A ballot key is required for each voter in the district, although enough extras should be produced to cover uneven distribution of voters among polling places. Digital copies of each ballot key are maintained in a centralized database for use during the counting phase.

Each ballot key contains the following information:
  • A serial number uniquely identifying this ballot key (perforated for easy removal)
  • For each question on the ballot: a list of the possible choices, labeled A - n
  • A short (one or two letters) hash identifying the random sequence of responses

TODO: image of sample ballot key

A supply of ballot keys and voting machines is staged for distribution to each polling place.

During Election

After each voter's eligibility is verified, he is handed a ballot key and directed to a machine. He then enters the serial number of his ballot key into the machine (TODO: decide whether to use a keyboard/touch screen or a bar code reader for this) so that his vote can be counted correctly. The machine displays the list of ballot questions, to which the voter responds with the letter next to his choice on the ballot key.

Note that the machine does not know the arrangement of choices on the ballot key and thus cannot determine the actual sequence of choices made by the voter. The ballot key thus functions as a one-time pad, encrypting votes transparently as they are entered into the machine.

The voter then memorizes the hash on the ballot key, tears off the serial number, and destroys the remainder of his ballot key using a shredder provided for this purpose by election officials.

After Election

Setup

The data from all voting machines is merged. One copy of the raw (encrypted) votes is sent to the verification server for testing, while another is sent to the counting system.

Counting (simultaneously with verification)

The ballot key corresponding to each vote is looked up and used to decrypt it. Total counts are tallied and published.

Verification

Not yet written

Also available in: HTML TXT