BackgroundEnsuring that the outcome of an election is demonstrably correct while maintaining ballotprivacy and minimising the dependence on election officials has been a challenge since thedawn of democracy. For over a century the US has experimented with various technologies totry to make voting easier and more secure. All of these have proved problematic, most notablythe more recent use of touch screen machines. The danger here is that the outcome is criticallydependent on the correct execution of the code running on the voting devices.Recent research has explored the use of modern cryptography to address this challenge.Significant advances have been made, in particular advancing the notion of “voter-verifiability”:allowing voters to confirm that their vote is accurately counted while avoiding threats of votebuying or coercion. Notable amongst such schemes is the Prêt à Voter system, proposed bythe PI in 2004 and subsequently developed to make it more usable, secure and flexible. ThePrêt à Voter approach is widely regarded as one of the most secure and useable of suchschemes and is arguably the most promising in terms of providing a practical scheme for realworlduse.Despite the successes achieved in this field, the issues of robustness and trustworthinessremain open. Verification procedures are a part of most proposed systems, intended to offertrust. However, systems universally lack procedures in case the verification finds errors and thecomplexity of the verification procedures often undermines trust instead of bolstering it.This proposal is based on the Newcastle component of a successful EPSRC1 proposalsubmitted jointly by the PI along with Steve Schneider and James Heather of Surrey Universityand Mark Ryan of Birmingham University, while the PI was still at Newcastle University. The UKproposal is for ~£1.5m for 4 years and was ranked top in panel. It is expected to have its formalkick-off meeting in the autumn of 2009.AimsThis proposal will develop and evaluate designs for practical, secure and trustworthy votingsystems. Such schemes should yield a demonstrably correct outcome of the election whileguaranteeing ballot privacy. Furthermore, such systems must be sufficiently simple to use andunderstandable as to gain widespread acceptance by voters and other stakeholders.The starting point will be the existing Prêt à Voter and Pretty Good Democracy schemes.Vulnerability or deficiencies identified during the evaluation will be addressed by enhancementsto the scheme.To date, very little has been done to investigate robust recovery mechanisms for voting systems. The project will develop effective recovery mechanisms and strategies.The project will also investigate the issues of public perception and trust of verifiable systems. Itis not enough for the system to be trustworthy; it must also be universally perceived astrustworthy. A goal therefore is to measure and advance public understanding and trust in suchschemes.