Releases: Election-Tech-Initiative/electionguard
2.1 Election Guard Specification and Serialization Specification
Version 2.1 of the ElectionGuard Design Specification has been significantly extended compared to version 2.0.0 and contains several significant changes.
- Key generation: Three sets of keys are now generated by the guardians in order to support distinct uses; and a guardian record has been created, which the guardians must verify at the end of the key generation process.
- Ballot preparation: a selection encryption identifier is now created for each ballot, which is used to link together all the ciphertexts and proofs associated to a single ballot; signed ElGamal is now used for encrypting all data other than voter selections; the ballot nonce must now be encrypted and included in each ballot.
- Confirmation codes: A voting device information hash has been added; the simple ballot chaining mode has been detailed and refined.
- Tallying operations: Guardians now verify the election record before starting the tallying operations; support for weighting ballots during aggregation has been added; the verifiable decryption process and protocols have been detailed and updated.
- Audit of challenged ballots: The opening of challenged ballots has been made more efficient by releasing relevant encryption nonces instead of performing verifiable decryption.
- Hash computation steps have been revised and updated in many places, and a hash function that maps to integers modulo q has been defined separately.
- Several components have been designated as optional such as supplemental verifiable fields, contest data, and pre-encrypted ballots.
- A concrete list of verification steps for pre-encrypted ballots has been added.
ElectionGuard Serialization Specification
This specification exists to help anyone trying to write a compatible implementation or, crucially, anyone trying to write a verifier. The design says what has to be done, how, and why. The data serialization spec describes the data formats used in the implementation to achieve the design. The data serialization spec currently matches the v2.0 implementation.
2.0 Specification
The 2.0 ElectionGuard specification is a major new release enabling new voting methods and significant improvements in performance and legibility. It includes the following key features:
- The size of the proofs in the election record has been reduced by more than 90% – reducing the size of the full election record by about a factor of 3.
- Computing the proofs takes about 20% less time.
- Placeholder selections have been eliminated entirely.
- Guardians are no longer part of the election record as their partial decryptions and proofs have been administratively combined into single full decryptions and proofs.
- Range proofs are now included to support voting systems like cumulative voting, range voting, STAR-voting, Borda count, and others.
- A new pre-encrypted ballot format is included to support vote-by-mail, central count, and paper-only poll sites.
- Support is now available for instant verification allowing voters to confirm the accuracy of challenge ballots without waiting for the election record to be published.
- New default parameters are used with ln(2) replacing the Euler-Mascheroni constant as the basis for generation of the large prime.
- The data format of hashes has been clearly described to eliminate ambiguities.
1.1 Specification
Update Glossary.md (#287) Add a brief description of STAR Voting Method. Co-authored-by: Lee Richardson <github@leerichardson.com>
1.0 Specification
Updates from previous version
- The large prime
p
and corresponding cofactorr
were changed to correctly match the result of the process for the derivation of the prime. - The equations for generating proofs of ballot correctness have been optimized.
- Auxiliary keys have been eliminated in favor of using the existing keys for both ordinary and exponential ElGamal encryption.
- A more flexible structure of ballot chaining has been introduced to allow for non-linear chaining or no chaining at all.
- Smaller parameters suitable for testing are included.
- The election record of this version should match that of the prior v0.95 and therefore require no verifier changes (with the exception of using the corrected prime).
0.95 Specification
Updates from previous version
- The large prime
p
and corresponding cofactorr
were changed to move the primep
further from2^4096
. - A section specifically about writing verifiers was added.
- Various small clarifications and corrections were included.
0.85 Specification
- Initial public release of specification for ElectionGuard