Practical Quantum Electronic Voting
This example protocol achieves the functionality of Quantum Electronic Voting. In this protocol, an untrusted multipartite entanglement source can be used to carry out an election without any election authorities.
Assumptions
Outline
- In the first phase of the protocol, each agent is assigned a secret unique random index
- Next, we perform multiple rounds of voting, one for each agent. In each round, the following steps are carried out:
- The agent with the same index as the round number is designated the voter for that round
- The source distributes one qubit of a GHZ state to each agent. The voting agent randomly chooses to either verify the GHZ state or vote with a certain probability. This step, including state distribution, is repeated until the voter chooses to vote. Once voting is chosen, the voter anonymously transmits their vote to all agents.
- Finally, all the votes are tallied. All agents have the votes for each round and can thus verify the final tally.
Notation
- : Number of agents
- : The votes
- : Security parameter
- : Distance from the perfect GHZ state
- : Threshold for verification
- Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \eta} : Probability of failure of verification
- B: Bulletin board - x binary matrix. Each row corresponds to one round of voting, and each column contains the output of a single voter across all rounds
- E: Vote vector - The list of votes across rounds. Each element is computed as the parity of a row from B
- T: Final tally
Protocol Description
Protocol 1 : Quantum e-voting
Inputs: - Set of votes; - Security parameter; - Distance from the perfect GHZ state; - Threshold for verification; Probability of failure of verification
Output: The candidate with majority votes or Abort
Resources: Classical communication, random numbers, N-qubit GHZ source, quantum channels
- Phase 1 [getting unique secret indices]
- Agents perform UniqueIndex until each agent has a secret unique random index
- Phase 2 [casting votes]
- For to
- The voting agent is the agent with
- Repeat until Voting is announced
- The source distributes to each of the N agents one qubit of the GHZ source
- All agents set rejections trials
- The voting agent tosses logln
- The agents perform LogicalOR, where output 1 indicates Verification and output 0 indicates Voting. Everyone except the voting agent inputs 0; if the coin toss is 'all heads' the voting agent also inputs 0, otherwise the voting agent inputs 1
- If Verification is chosen, the agents perform RandomAgent and the voting agent anonymously picks an agent to be the verifier. Agent updates trials and if Verification outputs reject: rejections
- If for any , the protocol Aborts
- Perform Voting. The outcome is one row of the Bulletin Board B. The parity of the row gives one entry in the vote vector E.
- Given the votes E, the tally T can be computed.
- For to
- Phase 3 [Verification of results]:
- All agents perform LogicalOR with security parameter , and input 1 if their vote is not the same as the entry in E for the round in which they voted, and 0 otherwise.
- If LogicalOR outputs 1, Abort the protocol. Else output the candidate with the most votes according to the tally T.
Protocol 2 : UniqueIndex
Input: Security parameter to be used in LogicalOR, random boolean variables .
Output: Each agent has a secret unique index .
Resources: Classical communication and random numbers.
- Beginning of round R = 1
- Agents perform LogicalOR with inputs if they already have an index and if they do not.
- If , repeat from step 2
- If an agent has a bit and they know they are the only one and has been assigned the secret index corresponding to the round , otherwise there is a collision.
- [notification] Everybody performs a LogicalOR with input 0, unless they received the index in this round, in which case they input 1.
- If the output of LogicalOR is 0, no index was assigned and we repeat from step 2.
- If the output of LogicalOR is 1, the index was assigned and we repeat from step 2 with R+ = 1.
- Repeat from step 2 until all indices have been assigned.
Protocol 3 : Verification
Input: A quantum state distributed and shared by parties, security parameter for RandomAgent.
Output: If the state is a GHZ state YES.
Resources: Classical communication, random numbers, quantum state source, quantum channels.
- Everyone executes RandomAgent to choose uniformly at random one of the voters to be the verifier.
- The verifier generates random angles for all agents including themselves, such that the sum is a multiple of . The angles are then sent out to all the agents.
- Agent measures in the basis and publicly announces the result
- The state passes the verification test when the following condition is satisfied: if the sum of the randomly chosen angles is an even multiple of , there must be an even number of 1 outcomes for , and if the sum is an odd multiple of , there must be an odd number of 1 outcomes for
Protocol 4 : Voting
Input: Voting agent preference .
Output: All agents get one row of the bulletin board.
Resources: Classical communication, GHZ source, quantum channels.
- Each agent measures the state they received in the Hadamard basis and records the outcome.
- The outcomes of the measurement of each voter is . Then we know that mod
- The voting agent performs an XOR between the outcome and their vote : . However, this alone will still appear as a random string.
- Every agent publicly broadcasts which gives one line of the bulletin board B
Protocol 5 : LogicalOR
Inputs: agents, boolean variables , security parameter
Output:
Resources: Classical communication and random numbers
- Decide random orderings, such that each voter is the last once. For each ordering repeat \Sigma times the following.
- Each voter gives an input
- If , set , otherwise toss coins and set to if the result is ‘all heads’ and to otherwise
- Then each voter generates uniformly at random an -bit string , such that
- Voter sends to voter for all , keeping
- Each voter sums the received bits and broadcasts the parity according to the ordering.
- Compute the parity of the original bits
- From this everyone can also compute the parity of all other inputs except their own
- Repeat times from step 4: each time repeat with as new inputs
- If at least once in the repetitions for the various orderings , this is the output of the protocol, otherwise it is
Protocol 6 : RandomBit
Input: Security parameter S to be used in LogicalOR, voting agent: probability distribution D.
Output: The voting agent anonymously announces a random bit according to D.
Resources: Classical communication and random numbers.
- Perform LogicalOR with security parameter S where the voting agent inputs a random bit according to D and the other agents input 0.
Protocol 7 : RandomAgent
Input: Security parameter S to be used in RandomBit, voting agent: probability distribution D.
Output: The voting agent anonymously chooses a random agent according to D.
Resources: Classical communication and random numbers.
- Repeat RandomBit log2 N times.
Properties
- -Correctness: This notion of approximate correctness includes two properties:
- -Completeness: If all agents are honest, the election is accepted with probability more than - Pr[election accepted]
- -Soundness: the probability that the election result is accepted, given that the set of the votes E computed from the bulletin board B resulting from the election is more than away from the real votes V, is smaller than -
- Pr[election accepted V - E
- This particular protocol is -correct, for a small constant
- -Privacy: The privacy of the election scheme implies that for any voter , the probability that any subset of malicious parties that deviates from the honest protocol can guess the vote of the voter is at most more than in the case they just have access to the bulletin board and to their own votes -
- Pr Pr V
- This particular protocol is -private with
- Authentication: This e-voting protocol does not provide authentication, which should be taken care of by the physical implementation of the protocol.
- Double voting: Each voter can vote at most once. Since the number of voters is known in advance for this protocol, double voting is easily taken care of.
- Verifiability: Each voter can verify that their vote has been counted correctly. In this protocol, the tally is performed by the voters themselves. The bulletin board produced as an output of the protocol is public and can always be checked by everyone, while still appearing random.
- Receipt freeness: In order to prevent vote-selling, voters should not be able to prove how they voted. As the unique indices stay secret, voters cannot produce a receipt of their vote.
- Additional candidates: The protocol described here only allows an election consisting of 2 candidates. This can be extended to more candidates by repeating the protocol multiple times in sequence. In particular, if there are K candidates, we can express each of them using logK bits and repeat the election as many times so that each vote set corresponds to one bit. This however does affect the correctness and privacy.