How to choose a fair delegation?

This paper analyzes how to choose a delegation, a committee to represent a society such as in a peace conference. We propose normative conditions and seek Pareto optimal, consistent, neutral, and non-manipulable ways to choose a delegation. We show that a class of threshold rules is characterized by these criteria. The rules do not choose a fixed number of delegates, but instead require different sizes of delegations, depending on the heterogeneity in society. Therefore the resulting delegations are very inclusive, and with t delegates the ratio of individuals whose opinions are not included is always below 0.5. For instance, a delegation of size two should have at least 75% support from the society and therefore only less than 25% of the opinion pool can be neglected

Delegációk igazságos kiválasztása társadalmi választások elméletével

Gyakran felmerül az a kérdés, hogy hogyan válasszunk igazságos delegációt, olyan bizottságot, amely például békekonferencián, társadalmi, vállalati vagy akár egyetemi döntés-előkészítésben reprezentálja az érintettek véleményét. Can és szerzőtársai [2017] olyan delegációkiválasztási szabályokat vizsgál, amelyek eleget tesznek a Pareto-hatékonyság, a konzisztencia, a szavazatprofil-semlegesség és a csalásbiztosság axiómájának. A tanulmány szerzői belátják, hogy ezek az axiómák egy küszöbön alapuló szabálycsaládot karakterizálnak, amelyben a legtöbb szavazatot kapó vélemény mindig bejut a bizottságba, utána viszont a konkrét szabálytól és a szavazatoktól függően két extrém helyzet alakulhat ki. Vagy minden véleményt reprezentálnak, vagy t delegált esetén azoknak az egyéneknek az aránya, akiknek a véleménye nem reprezentált, mindig 0,5t alatt van. Tanulmányunkban a társadalmi választások elméleti keretét használva illusztráljuk az axiómákat és az eredményeket.* Journal of Economic Literature (JEL) kód: C70, D71

Optimizing positional scoring rules for rank aggregation

Nowadays, several crowdsourcing projects exploit social choice methods for computing an aggregate ranking of alternatives given individual rankings provided by workers. Motivated by such systems, we consider a setting where each worker is asked to rank a fixed (small) number of alternatives and, then, a positional scoring rule is used to compute the aggregate ranking. Among the apparently infinite such rules, what is the best one to use? To answer this question, we assume that we have partial access to an underlying true ranking. Then, the important optimization problem to be solved is to compute the positional scoring rule whose outcome, when applied to the profile of individual rankings, is as close as possible to the part of the underlying true ranking we know. We study this fundamental problem from a theoretical viewpoint and present positive and negative complexity results and, furthermore, complement our theoretical findings with experiments on real-world and synthetic data

Majority rule in the absence of a majority

Which is the best, impartially most plausible consensus view to serve as the basis of democratic group decision when voters disagree? Assuming that the judgment aggregation problem can be framed as a matter of judging a set of binary propositions (“issues”), we develop a multi-issue majoritarian approach based on the criterion of supermajority efficiency (SME). SME reflects the idea that smaller supermajorities must yield to larger supermajorities so as to obtain better supported, more plausible group judgments. As it is based on a partial ordering, SME delivers unique outcomes only in special cases. In general, one needs to make cardinal, not just ordinal, trade- offs between different supermajorities. Hence we axiomatically characterize the class of additive majority rules, whose (generically unique) outcome can be interpreted as the “on balance most plausible” consensus judgment

Random mechanism design on multidimensional domains

Ministry of Education, Singapore under its Academic Research Funding Tier

Formal Methods for Trustworthy Voting Systems : From Trusted Components to Reliable Software

Voting is prominently an important part of democratic societies, and its outcome may have a dramatic and broad impact on societal progress. Therefore, it is paramount that such a society has extensive trust in the electoral process, such that the system’s functioning is reliable and stable with respect to the expectations within society. Yet, with or without the use of modern technology, voting is full of algorithmic and security challenges, and the failure to address these challenges in a controlled manner may produce fundamental flaws in the voting system and potentially undermine critical societal aspects. In this thesis, we argue for a development process of voting systems that is rooted in and assisted by formal methods that produce transparently checkable evidence for the guarantees that the final system should provide so that it can be deemed trustworthy. The goal of this thesis is to advance the state of the art in formal methods that allow to systematically develop trustworthy voting systems that can be provenly verified. In the literature, voting systems are modeled in the following four comparatively separable and distinguishable layers: (1) the physical layer, (2) the computational layer, (3) the election layer, and (4) the human layer. Current research usually either mostly stays within one of those layers or lacks machine-checkable evidence, and consequently, trusted and understandable criteria often lack formally proven and checkable guarantees on software-level and vice versa. The contributions in this work are formal methods that fill in the trust gap between the principal election layer and the computational layer by a reliable translation of trusted and understandable criteria into trustworthy software. Thereby, we enable that executable procedures can be formally traced back and understood by election experts without the need for inspection on code level, and trust can be preserved to the trustworthy system. The works in this thesis all contribute to this end and consist in five distinct contributions, which are the following: (I) a method for the generation of secure card-based communication schemes, (II) a method for the synthesis of reliable tallying procedures, (III) a method for the efficient verification of reliable tallying procedures, (IV) a method for the computation of dependable election margins for reliable audits, (V) a case study about the security verification of the GI voter-anonymization software. These contributions span formal methods on illustrative examples for each of the three principal components, (1) voter-ballot box communication, (2) election method, and (3) election management, between the election layer and the computational layer. Within the first component, the voter-ballot box communication channel, we build a bridge from the communication channel to the cryptography scheme by automatically generating secure card-based schemes from a small formal model with a parameterization of the desired security requirements. For the second component, the election method, we build a bridge from the election method to the tallying procedure by (1) automatically synthesizing a runnable tallying procedure from the desired requirements given as properties that capture the desired intuitions or regulations of fairness considerations, (2) automatically generating either comprehensible arguments or bounded proofs to compare tallying procedures based on user-definable fairness properties, and (3) automatically computing concrete election margins for a given tallying procedure, the collected ballots, and the computed election result, that enable efficient election audits. Finally, for the third and final component, the election management system, we perform a case study and apply state-of-the-art verification technology to a real-world e-voting system that has been used for the annual elections of the German Informatics Society (GI – “Gesellschaft für Informatik”) in 2019. The case study consists in the formal implementation-level security verification that the voter identities are securely anonymized and the voters’ passwords cannot be leaked. The presented methods assist the systematic development and verification of provenly trustworthy voting systems across traditional layers, i.e., from the election layer to the computational layer. They all pursue the goal of making voting systems trustworthy by reliable and explainable formal requirements. We evaluate the devised methods on minimal card-based protocols that compute a secure AND function for two different decks of cards, a classical knock-out tournament and several Condorcet rules, various plurality, scoring, and Condorcet rules from the literature, the Danish national parliamentary elections in 2015, and a state-of-the-art electronic voting system that is used for the German Informatics Society’s annual elections in 2019 and following