next up previous
Next: Other Polling Protocols Up: Sensus Modules Previous: Validator


The tallier is responsible for collecting the voted ballots and tallying the results of the election or survey. Voters first submit encrypted ballots, signed by the validator to the tallier. The tallier checks the authenticity of the validation and verifies that the encrypted ballot is unique among the encrypted ballots received thus far. If the ballot is valid and unique, the tallier issues a signed receipt to the voter. The voter then submits the ballot decryption key. The tallier uses the key to decrypt the ballot. After the election, the tallier publishes a list of encrypted ballots, decryption keys, and decrypted ballots, allowing for independent verification of election results.

Our tallier computes a 16-byte digest of each encrypted ballot received and uses it to index the encrypted ballots and receipts. A hash table could be added for greater efficiency in looking up encrypted ballots. This modification is probably necessary to accommodate large-scale elections.

Note that there is a very small chance that two or more voters may submit identical encrypted ballots. If this were to occur, only one of these ballots would get counted.

Lorrie Faith Cranor
Sun Nov 5 20:54:12 CST 1995