Abstract
Generation of random numbers is a critical component of existing post-election auditing techniques. Recent work has largely discouraged the use of all pseudorandom number generators, including cryptographically secure pseudorandom number generators (CSPRNGs), for this purpose, instead recommending the sole use of observable physical techniques. In particular, simple dice rolling has received a great deal of positive attention [4, 6, 9]. The typical justification for this recommendation is that those less comfortable with mathematics prefer a simple, observable technique. This paper takes a contrary view. Simple, observable techniques like dice rolling are not necessarily robust against sleight of hand and other forms of fraud, and attempts to harden them against fraud can dramatically increase their complexity. With simple dice rolling, we know of no techniques that provide citizens with a reasonable means of verifying that fraud did not occur during the roll process. CSPRNGs, used properly, can be simple, robust, and verifiable, and they allow for the use of auditing techniques that might otherwise be impractical. While we understand initial skepticism towards this option, we argue that appropriate use of CSPRNGs would strengthen audit security.
Original language | English (US) |
---|---|
State | Published - 2008 |
Event | 2008 USENIX/ACCURATE Electronic Voting Technology Workshop, EVT 2008, co-located with the 17th USENIX Security Symposium - San Jose, United States Duration: Jul 28 2008 → Jul 29 2008 |
Conference
Conference | 2008 USENIX/ACCURATE Electronic Voting Technology Workshop, EVT 2008, co-located with the 17th USENIX Security Symposium |
---|---|
Country/Territory | United States |
City | San Jose |
Period | 7/28/08 → 7/29/08 |
All Science Journal Classification (ASJC) codes
- Computer Science Applications
- Human-Computer Interaction
- Electrical and Electronic Engineering
- Public Administration