The U.S. Election Assistance Commission (EAC), in collaboration with the National Institute of Standards and Technology (NIST), is initiating a process to publicly solicit, evaluate, and approve protocols used in end-to-end cryptographically verifiable voting systems for conformance to the recently revised Voluntary Voting System Guidelines, Version 2.0. This announcement describes the scope, properties and evaluation criteria that will be used as part of this process.
The EAC was established by the Help America Vote Act of 2002 (HAVA). EAC is an independent, bipartisan commission charged with developing guidance to meet HAVA requirements. An essential aspect of these requirements is adopting the Voluntary Voting System Guidelines (VVSG). On February 10, 2021, the EAC adopted VVSG version 2.0. These new voting system guidelines have been written with consideration for modern technology and will inform design of the next generation of voting systems.
Principle 9 ‘Auditable’ of VVSG 2.0 states that voting systems be auditable and enable evidence-based elections. This principle is supported through the concept of software independence (SI), meaning that an undetected error or fault in the voting system’s software is not capable of causing an undetectable change in election results. The VVSG 2.0 requirements specify that software independent voting systems must produce voter-verifiable paper records or implement an approved cryptographic end-to-end (E2E) verifiable voting protocol.
The scope and purpose of this effort is to establish a public process to solicit, evaluate, and approve cryptographic E2E verifiable voting protocols. EAC-approved protocols that satisfy the relevant requirements and evaluation criteria could be used by voting systems intended to undergo certification to the VVSG 2.0 requirements.
This initial process is focused on evaluation of the mathematical algorithms and techniques used to specify a cryptographic E2E verifiable voting protocol. While the evaluation process will consider the suitability of submitted protocols for use in voting systems, many critical properties and requirements will depend on how a particular protocol is implemented and used by a voting system. As part of the voting system certification process, voting systems using cryptographic E2E verifiable voting protocols to achieve SI will be evaluated against all applicable requirements from the VVSG 2.0 to ensure the system is usable, accessible, reliable, and secure.
The EAC will solicit cryptographic E2E verifiable voting protocols through a Call for Proposals that describes the requirements for submission packages, the properties that must be provided by these protocols to be consider E2E verifiable, and the criteria that will be used to evaluate submissions.
Submission packages are expected to include a complete written specification of the protocol, as well as supporting documentation describing design rationale, properties, security analysis, and intellectual property held by, or known to, the submitters. In addition, packages are expected to include source code providing a reference implementation of all aspects of the submitted protocol.
Proper submission packages will be posted online for technologists, implementers, election officials, and other stakeholders to review, analyze, and provide public comments as input to the evaluation and approval process. The public evaluation and approval process will be split into multiple rounds, each expected to last approximately one year. At the end of each round, the EAC, with technical support from NIST, will evaluate and adjudicate submissions, based upon its own analysis and public feedback received. Submissions that demonstrate conformance to the requirements, and a favorable adjudication of the evaluation criteria, may be approved for use with the VVSG 2.0. Submissions that are non-compliant with those requirements, or otherwise unsuitable for use, may be removed from consideration. Promising candidates may be held over for additional rounds of review. Technical rationale for decisions will be publicly documented.
Required properties of cryptographic end-to-end verifiable voting protocols will be developed based on the related requirements from the VVSG 2.0. The following properties will be refined and extended based on public feedback prior to releasing a Call for Proposals.
Submitted protocols must support the properties of E2E verifiable voting:
- Cast as Intended: Allow voters to confirm the voting system correctly interpreted their ballot selections while in the polling place via a receipt and provide evidence such that if there is an error or flaw in the interpretation of the voters’ selections.
- Recorded as Cast: Allow voters to verify that their cast ballots were accurately recorded by the voting system and included in the public records of encoded ballots.
- Tallied as Recorded: Provide a publicly verifiable tabulation process from the public records of encoded ballots.
Submitted protocols must facilitate dispute resolution of claims of a flaw or error in the voting system, with submission documentation providing procedures for collecting, investigating, and adjudicating such claims.
Submitted protocols, elections records, and supporting auditing and verification processes must preserve voter privacy and ballot secrecy. The receipt must not display any ballot selections made by the voter or otherwise enable the voter to prove their selections on the cast ballot to others.
Submitted protocols must facilitate usable and accessible methods for all aspects the ballot marking, casting, and verification processes.
Evaluation criteria for protocol approval will be based on a summation of consideration for the following metrics:
- Suitability of the protocol to support VVSG 2.0 requirements, including usability, accessibility, and security requirements.
- Ease of use and understanding of their expected implementation within a voting system.
- Maturity of cryptographic primitive utilized within the protocol.
- Practicality and cost effectiveness of the solution.
- Intellectual property and encumbrance of the solution.
The EAC and NIST will hold a public meeting to discuss the plan and further develop the protocol requirements and evaluation criteria. Following the public meeting, the EAC will establish a public mailing list to share information and facilitate discussion of the E2E evaluation process.
Please email [email protected] with questions on the E2E protocol evaluation process.