Post-Election Audits: Restoring Trust in Elections

With the intention of assisting legislators, election officials and the public to make sense of recent literature on post-election audits and convert it into realistic audit practices, the Brennan Center and the Samuelson Law, Technology and Public Policy Clinic at Boalt Hall School of Law (University of California Berkeley) convened a blue ribbon panel (the "Audit Panel") of statisticians, voting experts, computer scientists and several of the nation's leading election officials. Following a review of the literature and extensive consultation with the Audit Panel, the Brennan Center and the Samuelson Clinic make several practical recommendations for improving post-election audits, regardless of the audit method that a jurisdiction ultimately decides to adopt

Trap Me If You Can -- Million Dollar Curve

A longstanding problem in cryptography is the generation of publicly verifiable randomness. In particular, public verifiability allows to generate parameters for a cryptosystem in a way people can legitimately trust. There are many examples of standards using arbitrary constants which are now challenged and criticized for this reason, some of which even being suspected of containing a trap. Several sources of public entropy have already been proposed such as lotteries, stock market prices, the bitcoin blockchain, board games, or even Twitter and live webcams. In this article, we propose a way of combining lotteries from several different countries which would require an adversary to manipulate several independent draws in order to introduce a trap in the generated cryptosystem. Each and every time a new source of public entropy is suggested, it receives its share of criticism for being easy to manipulate . We do not expect our solution to be an exception on this aspect, and will gladly receive any suggestion allowing to increase the confidence in the cryptosystem parameters we generate. Our method allows to build what we call a Publicly verifiable RNG, from which we extract a seed that is used to instantiate and initialize a Blum-Blum-Shub random generator. We then use the binary stream produced by this generator as an input to a filtering function which deterministically outputs secure and uniformly distributed parameters from uniform bitstreams. We apply our methodology to the ECDH cryptosystem, and propose the Million Dollar Curve as an alternative to curves P-256 and Curve25519