coq-club AT inria.fr

Subject: The Coq mailing list

List archive

Re: [Coq-Club] Electronic Voting Machines in French Elections

From: Dominic Mulligan <dominic.p.mulligan AT googlemail.com>
To: coq-club AT inria.fr
Subject: Re: [Coq-Club] Electronic Voting Machines in French Elections
Date: Wed, 27 Apr 2022 10:19:03 +0100
Authentication-results: mail2-smtp-roc.national.inria.fr; spf=None smtp.pra=dominic.p.mulligan AT googlemail.com; spf=Pass smtp.mailfrom=dominic.p.mulligan AT googlemail.com; spf=None smtp.helo=postmaster AT mail-yb1-f176.google.com
Ironport-data: A9a23:5KIIrqv2OPcIJQNwzxk/tGCbDOfnVI5YMUV32f8akzHdYApBsoF/q tZmKT/SMvbYNGanfdgkPdu08k5XvpKBnd83GgRkpC1kH34UgMeUXt7xwmXYb3rDdJWbJK5Ex 5xDMYeYdJhcolv0/ErF3m3J9CEkvU2wbuOgTraCYEidfCc8IMsboUsLd9UR38g52bBVPyvX4 Ymo+5GFZgf+s9JJGjt8B5yr+EsHUMva42twUmwWPZina3eD/5W9JMt3yZCZdxMUcKEMdgKJb 7qrIIWCw4/s10xF5uVJPVrMWhZirrb6ZWBig5fNMkSoqkAqSicais7XOBeAAKtao23hojx/9 DlCnb7oTC0FJ6Dyodw+XEl5MjpgPohDwKCSdBBTseTLp6HHW37lwvErHUtveINBpbgxDmZJ+ vgVbjsKa3hvhcrsmOP9GrQq3J1yapC0YuvzuVk4pd3dJfohRJHFQq6M/ZldwTM0h89HG97RY M0WbTdqZRXEJRZIPz/7Dbplx7rx3COjIlW0rnrNq44t8XODyDZT1ZXqG8Dzd/evBvtsyxPwS mXupjylWHn2Lue3wj2ct3mom+XnhjL+QItUFbui9/csjkf7+4AIIBgfVF/+sPPgz0DnBIwZJ EsT9S4j66M18SRHU+URQTWa+HuukgcRZeNoMOJqySCW1Knx5j6GUz1soiF6VPQqs8o/RDoP3 1CPns/0CTEHjFFzYSLMnltzhWPiURX5PVPudgdfElRYu4iLTJUby0OQHow6QcZZm/WsQWmoq w1muhTSkFn6sCLm/6Cy/FSCkjj145aQEVBz6QLQUWaoqAh+YeZJhrBEC3CLvJ6sz67DFjFtW UTofeDAsYji6rnTyESwrB0lRu3B2hp8GGS0baRTN5cg7S+x3HWoYJpd5jpzTG8wbJtcKGSwM BGO5lwMjHO2AJdMRf8mC25WI5R6pZUM6fy4PhwpRoEeOcguL1/vEN9GPBbLjzG1+KTTrU3PE c7DLZzE4YcyBqNgwz67L9rxIpd6rh3SMVj7HMihpzz+ieT2TCfMFd8tbQXTBshks/vsiFiEq 753aprRoz0CAb2WSneNreY7cwtRRVBlXsCeliCiXrTcSuaQMDpxVaG5LHJIU9ANopm5Yc+Vo CHgAhMIlAuXaL+uAVziV02PoYjHBf5XxU/X9wR2Vbpx83R8M4up8okFcJ47Iesu+OB5lKImQ P4CdMGNB/1OTnLM/DFENcvxq4lrdRKKgwOSPnv0PWRiJMI+GgGZqMX5egbP9TUVCnXluMY7p Yqm3FyJTJcGQTNkE8uLOumkyEm8vCRGle8rBxnIL9BfdV/C6o9vLyCt3PY7L9tVdUfMwTyV0 wuTCBYc4+LKptZtotXOgKmFqaavEvd/TxsHQzSAsejrOHCDrGS5wIJGXOKZRhznVTv5qPe4e OFY7/DgK/lYzltHtoxLFbw0n68z4t3YoaADklZpEXDNWFScCr16J06A08QS5LZGwaVUuFfvV 0+CpotaNLGONJ+3GVIdPlB5POGK1PVRizOLqPpsfxu86yhw876KF05VOkDU2iBaKbJ0NqIjw Psg6JFKsV3h0kJyP4bUlD1Q+kSNMmcED/ctuKYcDdK5kQEs0FxDPcHRB3Ok+p2JcNkQYEAmL iXO2PjHjrVYg1vIKj89TCeTm+VagpsKtVZBy1pbfwaFnd/Mh/kW2hxN8GRoEl4EkE0fi+8ja HJ2M0BVJLmV+2s6jsZ0WW3xSRpKAweU+xCsxlYE/IEDo5JEioAQwKwB1eexEIQx9mtden1K9 ujdxj+6D3Dle8b+2iZ0UklgwxAmoRqd6SWa8P1L3ezcd3X5XdYhqqCpYmUMph7uAMd3j0rCz QWv1PglcrX1bEb8vIViY7R3Ft0spNSsK2tFTvVs+aoIGSfXfzTaNf1i7ayuUpslGsEmOnNUx yCjygyjmvh+OOuzQugnOJMx
Ironport-hdrordr: A9a23:tYyUZaMIAJlch8BcTvijsMiBIKoaSvp037BL7TEJdfUxSKalfq +V7ZEmPHPP+VQssTQb6LO90cq7IE80l6QFhbX5VI3KNGLbUSmTTL2KhrGSpAEIdReOkNK1Fp 0NT0G9MrDN5JRB4voSKTPXL+od
Ironport-phdr: A9a23:AGxHNRwMLhDKdeHXCzKOw1BlVkEcU1XcAAcZ59Idhq5Udez7ptK+Z heZvKgm1A6BHd2Cra4e0ayO6+GocFdDyK7JiGoFfp1IWk1NouQttCtkPvS4D1bmJuXhdS0wE ZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZrKeTpAI7SiNm82/yv95HJbAhEmjSwbalvI Bi2ogndqs0bipZmJqot1xfFuHRFd/pIyW9yOV6fgxPw7dqs8ZB+9Chdp+gv/NNaX6XgeKQ4Q 71YDDA4PG0w+cbmqxrNQxaR63UFSmkZnQZGDAbD7BHhQ5f+qTD6ufZn2CmbJsL5U7Y5Uim/4 qhxSR/ojCAHNyMl8GzSl8d9gr5XrA6nqhdixYPffYObO+dkfq7FctwaS2hOUMZfWSJCH42yc ZcAAvEbMupEtYTwvUcCoQe8CASqGejhyiVIhnjz3aAi3eohFgTG3A0mH9IPrHvfsdL7NLoWU eCxzanIwi/Mb/VL0jr69YfIdRUhofCKXbJxbcXd01EvGxnAjlWNrYzlOzKV1usXvGid9OdgW uWvi2koqwF1vDevw90jiojNho4P1l/E8iB5zZ8zKNalR0F1fcSqH4FMtyGGKYR2WMUiTnl2t Som17EKpYK3cScExpkowxPSa+KKfYaK7x7+W+ucICl1iG9mdb+xiRu/7Eetx+z/W8Wp31tGs yhIn9rQunwT0RHY98uJSuNl80u/xTqC0xrf5+JELEwui6bXNposzqQtmpcRsEnOGDL9ll/sg 6+MbEok//Cl6+T5bbXioZ+RL4p0hRv/MqQqg8C+Af83PhUXU2iV5Oix1rzu8Vf2QLVNif02n a3Zv47AKcsHoa65BhdZ0ocl6xmhEzeryMoUkWUDIV5fex+Kj5LlN0/TLP38F/uznlahnTZzy /DDJLLhA5HNLnbZkLfmeLZw81NTyA02zdBe4ZJUC60OLOjrWkPrsdzYExs5Mwi1w+boEtp90 JgTWW2IAq+eP6PStUGH5uc1LOmNYI8ZoiryK/8g5/L2i382gkcSfbO10psPdHC4AvNmLl2Eb Xb0mNcODX8KvhYiTOztkFCNTTlTZ2+rU60g4jE7FZmpAJzYRoGthbyBxD20EodXZmBAEFCME G3ne5+KW/cWO2quJZpqlSVBXry8Qacg0wuvvUn00elJNO3RrwEfsJPl1dM9wvDXkRA9/Do8W 8ia1mCLTmoyhiUNWjsy3a92p2RyzVCM1aV9iv1cU9dU4qUaAU8BKZfAwrkiWJjJUQXbc4LRI L7HatCvADVrC8k038dLeUF2XdOrkhHE2SOuRb4Tjb2CQpIuoerHx3akAcF7xj7d0bU5yUE8S 55DMmingK90sRCVApPNl0SWnqCCeqMb0yrA8W6CySyFu0QLGBVoX/D9VGsELlDTscy/40rDS 7G0DrFyPgxEyMiDIe1SLNj0iVFHS/7lENvZZG21lmK5BBLOzbSJP8LxY2tI+iLbBQAflhwLu 3aLMQ9rHiC6v2fXFyBjD3rqakLotPh08Ta1FxBqiQ6NaEJl2vy+/Rt9aeW0bfQV0/pEvS4gr 28xB1Ohx5fMDNHGoQN9faJaaNd74VFd1GufuRYvdpqnZ7tvgFITaWEV9wvnygl3B4NckMMrs GJizQx8Lrid2U9AcDXQ1I75O7neIG3/tB61bKue1lbb2deQsqABjZZw41nkuQCvF0Fk6zNiz t1R0nSV4L3FCw0dVZ/0W0czsRN9ovCSYyUw4Z/VyWw5KbO94Vqgk5oiAOoozArlfs8KavvVU l+vVZdDVo73d7J5/jrhJggJN+1T6qMuasavdv/cnbWuIP4lhjWty2JO/IF61EuIsSt6UO/Bm ZgfkJT6lkOKUSnxiFC5v4X5g4dBMHseGW++zynvQpYXY7B2eYcEAGGGLMqwydFzgpfsXzhT8 1vpVDZkkIe5PAGfaVDwx1ga2UMSoHqmkm2giTlplzUooaOZ9CPJxOvmeR8OO2oNT25nxwSJQ 8D8n5URW06maBIsnR2u6BPhxqRVk694KnHaXUZCeyWew3hKaqKrrfLCZsdO7MltqiBLSKGmZ lvcTLfhohwc2ielHm1ExTl9eSv48pn+mhV7jiqaIhMR5DLVfsRxwxbUosSaQONV2jsJTS9Qh j7QCVyxOtCo+ZOfkJKLvu2lVm2nX4FeamGxldLG5Hb9vzQ7R0TgwZXR0pXuCkAi3DX+1sV2W CmAtxv6boTxluy7Pe9hYkh0FQr54st+FJt5l9hV5tlY0nwbi5OJuHsfxD2rYJMLhOSkNStLH GFVkLu3qED/1UZuL2yE3df8X3SZmI56YsWiJ3kR0WQ75txLD6Gd6PpFmzF0qxy2t1G0A7A1k zEDxP8p8HNfjfsOvV9nwiKYA7YTFg9AeynxkxCJ4Nm4hKpQY2mrfL251U44ltekRuLnwEkUS DPid5EuEDUlpMl4NVPK0Xa18sfhZd3UbN0asDWblBDPi+VQIZM10PENgGA0XAC19W1gwOk9g xt02Ji8t4XSMGRh8pWyBRtAPyH0bcceqXn9yLxTlcGM08WzD41sT38VCYDwQ6viQ1dw/bz3c hyDGzompjKHFKrDSEWBvVx+oSuHEoj3ZSrKYiBIlZM4GEbbfAsF3EgVRGlowMJ/TFvxgpW/K AEhoWlAgzyw4hpUlrA2aV+mCj2Z/EHwLW1sAJmHcEgIsEcYuxaTYZTYtqUpR2lZ5sHz81bLc zDdPlUSSzlOAxzhZRirP6Hyt4actbHCW6zmaaOJOOvGqPQCBa7QldT2jdQgr3DUcZ/Wdnh6U 69ihREFBCElXZyfw3JWFUl132rMd5LJ/k/tvH0q6JnloLKzH1uwrYqXV+kIaIsppkDw2PbZc bbX3XcxKC4EhMlVmzmSk+lZhwRU02Y3JlzPWfwWvCrJBso8g4dxCBgWI2N2PcpMtecn2xVVf NTcgZXz36J5ifg8DxFEU0bgk4enf55CJWb1L17BCEuRUdbObTTW38H6Z7+9QrxMna1VsRO3o zOSD07kOHyKiTDoUxmlNewEgjucOVRSv4S0cxAlDmaGLpquchqgLNp+liE725Uxj3LOcH8Wa H1yKhwT6LKX6ixcj7N0HGkApntpIO+YmjqIuunVLpFF1JkjSi9wlu9c/DE70+4PtHACFKEzw nKD6Icx/QLD8KHH0DdsXRtQpywegYuKuR8nIqDF7txaXn2C+hsR7GKWAhBMpt1/C9SptboDr 7qH3K/1NjpG9MrZuMUGAM2BYs6ANXsnMBGvAHjREQ8BTDGiM0nQgEtSlPyX/3yR6JM9r9K// fhGAq8eT1EzGv4AXw59G8ceJZ5sQj4+ubuSjcpN9HDn6ReIG5scsZfAWfafR/7oLXzK6NsML wtNyrT+I4MJM4T90EE3cVh2krPBHE/IVMxMqClsBufViEBE8Xw7X2dqnky8NV3r73gUGvq52 BUxj1kmCQzI3Djr5FgzK1/DpS92m040y42Nad+5fzn2I6O9WIhXD2z/sE1ja/vG
Ironport-sdr: PfodNRuyTswUsp6Yx/gn7wd3ZQ2gVbpU/CxKSpa6s4vUOqzRT6eIoDyIZZ96Sqz7YNipql8NLo nrk4gwWFdSv4Q16AmH81tFJ1NFqcZ4fU54VsP/QPPMU1iOViRqtyEeKMmtXIR9bHItpI09grON 9hwfOwnc5mT/0CHx3aZk6qEHfptLPPG3GM6VjexncP139U50yJp0J7Ev6FcXN4dlkd5lcJeWzB CFfRTQjJH8It1icGNYONB2RUqnPhXde2vPBxKPqCekMgDyYB/yePkmklKkQ9rz3RvpgZAKF37k /5DLI0f2vymN82L21SSwzb7R

I don't see what harm there is in applying formal verification techniques to voting machines. However, I also don't see it as some killer application of formal verification: ultimately, as a voter, even if I go along with the idea of verifying the tabulating code installed on these machines, why should I trust that verified tabulating code is indeed installed on the voting machine that I am about to use? Sure, there are technical ways you could do this (using e.g., trusted hardware, cryptographic code measurement, open and freely auditable code, and reproducible builds of the verified code). However, this hints at a problem common to all proposals, that I have seen anyway, for "provably secure" electronic voting: they quickly explode in complexity, bringing in baroque combinations of cryptography, formal specification and verification, and trusted hardware. Not only is this a nightmare to explain to the generally technically savvy, but the layperson unwilling or incapable of understanding these proposals ultimately has to trust a relatively small number of people that the entire system is safe. Even worse, we already have access to a known technique, in manual counting, that is easy to understand by all, trivial to perform and audit, efficient enough for its intended application, and with little evidence of widespread fraud (at least in the type of society that would likely deploy formally verified voting machines).

On Wed, 27 Apr 2022 at 09:28, Mario Carneiro <di.gama AT gmail.com> wrote:

I think that as long as people feel this way (including formal methods experts), then we haven't really accomplished our job as formal verification researchers. Electronic voting is a perfect example of a system that really puts the purported advantages of formal verification and TCB concerns to the test: if we can't convince ourselves that this can be done safely and securely, then it seems hypocritical to advocate for formal methods elsewhere in safety-critical and security-critical areas.

An effective solution to the problem requires many things:
* Software and hardware with open and accessible specification and implementation (except for cryptographic keys, of course)
* Formal verification of the implementation (also publicly available)
* Simple documentation of the process, not written for experts
* Public support by experts and government officials

The consequences of a failure in electronic voting systems are much more severe than paper ballot processes, but human error and collusion are also a thing, and it is clear to me that the local optimum of paper voting is not as good as the local optimum of electronic voting, but there is a huge gulf of bad implementations in between and formal verification is a necessary (but not sufficient) component to actually avoid the failure cases.

Mario Carneiro

On Wed, Apr 27, 2022 at 3:48 AM Jean-Francois Monin <jean-francois.monin AT univ-grenoble-alpes.fr> wrote:
+1

Low-tech paper solutions are robust and easily understood by everybody,
as well as attacks and countermeasures, so much better for confidence
and democracy.
Complicated technologies are just the opposite.

JF

On Tue, Apr 26, 2022 at 11:19:09PM -0400, Stefan Monnier wrote:
>
> The way I see it, the more people who participate (i.e. more eyes),
> the safer.
>
>
> Stefan
>
>
> > On Tue, Apr 26, 2022, 18:22 Stefan Monnier <monnier AT iro.umontreal.ca> wrote:
> >
> >> > But imagine that voting machines are formally verified from hardware
> >> > to software,
> >>
> >> What problem do electronic voting machines solve?
> >>
> >>
> >> Stefan
> >>
> >>
>

--
Jean-Francois Monin
Verimag
Universite Grenoble Alpes

[Coq-Club] Electronic Voting Machines in French Elections, mukesh tiwari, 04/26/2022
- Re: [Coq-Club] Electronic Voting Machines in French Elections, Stefan Monnier, 04/27/2022
  - Re: [Coq-Club] Electronic Voting Machines in French Elections, Sam Kuper, 04/27/2022
  - Re: [Coq-Club] Electronic Voting Machines in French Elections, Agnishom Chattopadhyay, 04/27/2022
    - Re: [Coq-Club] Electronic Voting Machines in French Elections, Stefan Monnier, 04/27/2022
      - Re: [Coq-Club] Electronic Voting Machines in French Elections, Jean-Francois Monin, 04/27/2022
        
        Re: [Coq-Club] Electronic Voting Machines in French Elections, Xavier Urbain, 04/27/2022
        
        Re: [Coq-Club] Electronic Voting Machines in French Elections, Mario Carneiro, 04/27/2022
        
        Re: [Coq-Club] Electronic Voting Machines in French Elections, Dominic Mulligan, 04/27/2022
        
        Re: [Coq-Club] Electronic Voting Machines in French Elections, Jean-Francois Monin, 04/27/2022
        
        Re: [Coq-Club] Electronic Voting Machines in French Elections, martin, 04/27/2022
        
        Re: [Coq-Club] Electronic Voting Machines in French Elections, Sylvain Boulmé, 04/27/2022
  - Re: [Coq-Club] Electronic Voting Machines in French Elections, mukesh tiwari, 04/27/2022
    - Re: [Coq-Club] Electronic Voting Machines in French Elections, Stefan Monnier, 04/29/2022
      - Re: [Coq-Club] Electronic Voting Machines in French Elections, Rajeev Gore, 04/30/2022
      - Re: [Coq-Club] Electronic Voting Machines in French Elections, Abhishek Anand, 04/30/2022
  - Re: [Coq-Club] Electronic Voting Machines in French Elections, Timothy Carstens, 04/27/2022
- Re: [Coq-Club] Electronic Voting Machines in French Elections, Pierre-Marie Pédrot, 04/27/2022