Abstract
The correctness of vote counting in electronic election is one of the main pillars that engenders trust in electronic elections. However, the present state of the art in vote counting leaves much to be desired: while some jurisdictions publish the source code of vote counting code, others treat the code as commercial in confidence. None of the systems in use today applies any formal verification. In this paper, we formally specify the so-called Schulze method, a vote counting scheme that is gaining popularity on the open source community. The cornerstone of our formalisation is a (dependent, inductive) type that represents all correct executions of the vote counting scheme. Every inhabitant of this type not only gives a final result, but also all intermediate steps that lead to this result, and can so be externally verified. As a consequence, we do not even need to trust the execution of the (verified) algorithm: the correctness of a particular run of the vote counting code can be verified on the basis of the evidence for correctness that is produced along with determination of election winners.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Arkoudas, K., Rinard, M.C.: Deductive runtime certification. Electr. Notes Theoret. Comput. Sci. 113, 45–63 (2005)
Arrow, K.J.: A difficulty in the concept of social welfare. J. Polit. Econ. 58(4), 328–346 (1950)
Beckert, B., Goré, R., Schürmann, C., Bormer, T., Wang, J.: Verifying voting schemes. J. Inf. Secur. Appl. 19(2), 115–129 (2014)
Bertot, Y.: Coinduction in Coq. CoRR, abs/cs/0603119 (2006)
Bertot, Y., Castéran, P., Huet, G., Paulin-Mohring, C.: Interactive Theorem Proving and Program Development: Coq’Art the Calculus of Inductive Constructions. Texts in Theoretical Computer Science. Springer, Berlin (2004). doi:10.1007/978-3-662-07964-5
Carré, B.A.: An algebra for network routing problems. IMA J. Appl. Math. 7(3), 273 (1971)
Chaum, D.: Secret-ballot receipts: true voter-verifiable elections. IEEE Secur. Privacy 2(1), 38–47 (2004)
Cochran, D., Kiniry, J.: Votail: a formally specified and verified ballot counting system for Irish PR-STV elections. In: Pre-proceedings of 1st International Conference on Formal Verification of Object-Oriented Software (FoVeOOS) (2010)
Hemaspaandra, L.A., Lavaee, R., Menton, C.: Schulze and ranked-pairs voting are fixed-parameter tractable to bribe, manipulate, and control. Ann. Math. Artif. Intell. 77(3–4), 191–223 (2016)
Kozen, D., Silva, A.: Practical coinduction. Math. Struct. Comput. Sci. 1–21 (2016)
Kumar, R., Myreen, M.O., Norrish, M., Owens, S.: CakeML: a verified implementation of ML. In: Jagannathan, S., Sewell, P. (eds.) Proceedings of POPL 2014, pp. 179–192. ACM (2014)
Letouzey, P.: Extraction in Coq: an overview. In: Beckmann, A., Dimitracopoulos, C., Löwe, B. (eds.) CiE 2008. LNCS, vol. 5028, pp. 359–369. Springer, Heidelberg (2008). doi:10.1007/978-3-540-69407-6_39
Necula, G.C.: Proof-carrying code. In: Lee, P., Henglein, F., Jones, N.D. (eds.) Proceedings of POPL 1997, pp. 106–119. ACM Press (1997)
Pattinson, D., Schürmann, C.: Vote counting as mathematical proof. In: Pfahringer, B., Renz, J. (eds.) AI 2015. LNCS, vol. 9457, pp. 464–475. Springer, Cham (2015). doi:10.1007/978-3-319-26350-2_41
Rivest, R.L., Shen, E.: An optimal single-winner preferential voting system based on game theory. In: Conitzer, V., Rothe, J. (eds.) Proceedins of COMSOC 2010. Duesseldorf University Press (2010)
Schulze, M.: A new monotonic, clone-independent, reversal symmetric, and condorcet-consistent single-winner election method. Soc. Choice Welf. 36(2), 267–303 (2011)
Schürmann, C.: Electronic elections: trust through engineering. In: Proceedings of RE-VOTE 2009, pp. 38–46. IEEE Computer Society (2009)
Stoltenberg-Hansen, V., Lindström, I., Griffor, E.: Mathematical Theory of Domains. Cambridge Tracts in Theoretical Computer Science, vol. 22. Cambridge University Press, Cambridge (1994)
Tarski, A.: A lattice-theoretical fixpoint theorem and its applications. Pac. J. Math. 5(2), 285–309 (1955)
The Wikimedia Foundation. Wikimedia Foundation Board Election Results (2011). https://meta.wikimedia.org/wiki/Wikimedia_Foundation_elections/Board_elections/2011/Results/en. Accessed 30 May 2017
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Pattinson, D., Tiwari, M. (2017). Schulze Voting as Evidence Carrying Computation. In: Ayala-Rincón, M., Muñoz, C.A. (eds) Interactive Theorem Proving. ITP 2017. Lecture Notes in Computer Science(), vol 10499. Springer, Cham. https://doi.org/10.1007/978-3-319-66107-0_26
Download citation
DOI: https://doi.org/10.1007/978-3-319-66107-0_26
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-66106-3
Online ISBN: 978-3-319-66107-0
eBook Packages: Computer ScienceComputer Science (R0)