Pvote, Secure Voting with Python

Ka-Ping Yee wrote is PhD dissertation (University of Waterloo, Ontario) on Pvote. A secure voting software written in 460 lines of Python Code.
Ping's blog post
and part of the abstract is below.
I examine the question of how to design election-related software, with particular attention to the threat of insider attacks, and propose the goal of simplifying the software in electronic voting machines. I apply a technique called prerendering to reduce the security-critical, voting-specific software by a factor of 10 to 100 while supporting similar or better usability and accessibility, compared to today's voting machines. Smaller and simpler software generally contributes to easier verification and higher confidence.

I demonstrate and validate the prerendering approach by presenting Pvote, a vote-entry program that allows a high degree of freedom in the design of the user interface and supports synchronized audio and video, touchscreen input, and input devices for people with disabilities. Despite all its capabilities, Pvote is just 460 lines of Python code; thus, it directly addresses the conflict between flexibility and reliability that underlies much of the current controversy over electronic voting. A security review of Pvote found no bugs in the Pvote code and yielded lessons on the practice of adversarial code review. The analysis and design methods I used, including the prerendering technique, are also applicable to other high-assurance software.
The PDF of his thesis, is quite enjoyable to read. I also downloaded and ran the software and the sample ballot, it's all pretty neat. I like the idea of using a write only PROM to store the results and the separation of voting and display.
He also did Pthin, a subset of Python that has only the methods needed for Pvote mentioned in this separate tech report.


Anonymous said…
>a vote-entry program that allows a high degree of freedom in the design of the user interface and supports synchronized audio and video,

That is exactly the wrong mindset. A voting system must be as reliable as possible, not as funny-looking-as-possible. Make it as simple as possible, so that you can PROVE correctness.
People are making very important decisions, they are not just wasting a few bucks when the software is incorrect.
Scott Kirkwood said…
Please read the article.

pvote is only 460 lines of code. A typical voting system (Diebold) is 64,000-120,000 lines of code.

The reason you need flexibility is you often vote for several things, not just for one candidate and there are rules about which combination of things you can vote for.

The reason you need audio and video is because some voters are blind (audio) and some have difficulty reading tesxt and need a picture as confirmation.

Popular posts from this blog

Seven Segment Display in Inkscape

Shortest Sudoku solver in Python