A verifiable secret shuffle and its application to e-voting C. Andrew Neff, Proceedings of the 8th ACM conference on Computer and Communications Security Philadelphia, PA 2001 Summary: [Prepared by David Warden] This paper presents an algorithm for a random, verifiable permutation of an input sequence. The probability of cheating is close to the number of elements to be shuffled k divided by the size of the subgroup of the multiplicative group of units modulo a large prime in which the elements are encrypted q. The algorithm requires 8k+5 exponentiations, which is a significant improvement over prior algorithms. This algorithm provides utility for solving the problem of holding a universally verifiable secure election protocol. In particular, it provides assurance that the voters came from a set of authorized principals, while providing computational privacy with respect to how any particular individual voted. Pros: [Prepared by Christina Abad and Cigdem Sengul] The algorithm presented in the paper protects individual privacy with a higher degree of assurance than previously offered. It also is more efficient in terms of operations performed and proof size then other algorithms it is compared with. The paper provides detailed proofs resulting in a convincing argument for the claims made. Cons: [Prepared by Joel Hegg] The level of detail in this paper is below the threshold which many computer scientists typically want to consider ideas. As discussed in prior sessions, when selecting and using an algorithm more abstraction is desirable. The paper requires a great deal of mathematical background which makes this paper inappropriate for the conference in which it was accepted. Costs of modifying election systems on a national basis are prohibitive and face political challenges. There are concerns about the reliability and security of the system. The nature of electronic votes alters the nature of the auditing process in that there is no physical record of the votes. Discussion: The discussion began with a discussion of the technical issues. The group did not have sufficient mathematical background to fully consider the technical merits of the specific proofs; however the general claims were seen as important to secure election schemes. The nature of zero knowledge proofs was discussed with respect to the roles of the verifier and the prover, including the problems that can be introduced with dishonest verifiers. The group proceeded to discuss the general feasibility of electronic and internet voting. There were several advantages to electronic voting when compared with the accuracy of manual voting machines. As illustrated in the most recent presidential election, voting equipment is dependent on physical environmental factors such as humidity, so the results are not consistent. The physical counting and auditing processes are expensive. For this reason any electronic system could be beneficial. There are several options on how to implement such as system; besides the proposed algorithm smart cards could be used in conjunction with a physical polling place. In the case of Internet voting it would be unfeasible to protect the system from all forms of attack. Any such system could be subjected to distributed denial of service attacks. The public confidence may be insufficient for a national election scheme, although internet elections have been used for corporate stockholder and other elections. One major concern with any change to the election system is that it might affect the results with respect to the proportion of votes going to the largest political parties. For that reason at least one party would oppose the change and be able to prevent it from being instituted. Conclusions: The group weakly rejected the paper as it was not appropriate for the conference in which it was presented. Some members felt unqualified to judge the merits of the paper and it was resolved to discuss zero knowledge proofs at a future meeting.