Just before Christmas, I was invited by my friend and colleague Steve Weis to give a talk about voting with cryptography at Google. I’ve done about 10-15 talks of this kind, but this was a fun challenge: a very talented audience with an introductory understanding of cryptography (Steve had given 3 prior lectures on cryptography). I was able to start at the beginning but go quite a bit deeper than I usually do.
Oh yeah, and the whole thing, all 92 minutes of it, is available on YouTube.
I’ve just watched it: nothing like watching yourself on video to give you a new year’s worth of cringing. I’m particularly annoyed with myself that I gave no credit to Josh Benaloh, and that, while I gave some credit to Ron Rivest, David Chaum and Andy Neff, I did not give them nearly enough. These guys are the fathers of modern cryptographic voting. Nothing I’ve done compares to what they’ve done. Here are a few things I should have said:
- Josh Benaloh came up with the first coercion-resistant voting protocols, the first homomorphic tabulation protocols, and a number of ideas that pre-date and inspire Scratch & Vote.
- David Chaum invented blind signatures, the Punchscan system which pre-dates and inspires Scratch & Vote, and a number of fantastic ideas that are the crux of many voting protocols.
- Andy Neff designed and built the practical human-verifiable interactive protocols I refer to in passing, you know, the protocols that go from the toy-feel of Scratch & Vote and make crypto voting truly workable and practical. He’s thought more about and done more to explain/characterize forced randomization attacks than anyone else.
- Ron Rivest, beyond his numerous contributions to modern cryptography, has been the strongest driving force on the policy front to create a future for cryptographic voting.
Thanks to Steve for the opportunity to give this talk and have it recorded on YouTube for everyone’s benefit/entertainment. And thanks to the Google crowd for a great turn-out (the video doesn’t do it justice, a lot of folks had to leave before the Q&A session and the audience shots in the end), the fantastic questions, and generally the openness to this kind of talk.
(At minute 46, you hear some noise, I make a comment about how “my wife will find this amusing”, and it’s not clear what’s going on: Google is a dog friendly environment, and there was a loose beagle in the crowd. I’m a dog person, so no problem, and the Google work environment is pretty cool, I have to say.)
Benlog 
Comments
13 responses to “Voting @ Google”
I enjoyed your talk. Assuming you don’t have time for more crypto-voting posts, where can we find more?
I enjoyed your talk. Assuming you don’t have time for more crypto-voting posts, where can we find more?
[…] Check out this video of Ben Adida at Google giving an overview of cryptographic voting and read his afterthoughts. […]
Great talk. I especially enjoyed the first half of the talk before you had to dive into deeper mathematics where studying a paper is a better approach to understanding the technique then glancing at slides for a few minutes.
Great talk. I especially enjoyed the first half of the talk before you had to dive into deeper mathematics where studying a paper is a better approach to understanding the technique then glancing at slides for a few minutes.
[…] He also adds a few afterthoughts. […]
Around min 35, when you mention randomization attacks and forced abstaining attacks, just a brief comment: it can be shown that the two attacks are equivalent (to have the same effect they require the same amount of effort)
Around min 35, when you mention randomization attacks and forced abstaining attacks, just a brief comment: it can be shown that the two attacks are equivalent (to have the same effect they require the same amount of effort)
Stefan: that’s probably true in theory, but in practice forced-randomization is easier if you can check the ballot receipt right away: just wait for your voter to come out of the poll and ask to see his receipt.
Stefan: that’s probably true in theory, but in practice forced-randomization is easier if you can check the ballot receipt right away: just wait for your voter to come out of the poll and ask to see his receipt.
[…] I just watched a very good talk on voting cryptosystems and the cryptographic principals and primitives behind them. I found the link here. […]
Very interesting talk, provides a good introduction to the arcana of voting crypto for nonacademics.
Very interesting talk, provides a good introduction to the arcana of voting crypto for nonacademics.