New paper: On the Security of Election Audits with Low Entropy Randomness

| Comments (0) | Voting
I've been thinking lately about the security impact of using AMRD-style tables for audit unit selection. The concern here is that an attacker might be able to pre-analyze the table and gain an advantage. After some thought and burning a bunch of computrons, I think the answer is provisionally "yes":

On the Security of Election Audits with Low Entropy Randomness
Eric Rescorla
ekr@rtfm.com

Secure election audits require some method of randomly selecting the units to be audited. Because physical methods such as dice rolling or lottery-style ping pong ball selection are inefficient when a large number of audit units must be selected, some authors have proposed the use of randomness tables or random number generators which can be seeded by a small amount of randomness generated by physical methods. We analyze the security of these methods when the amount of input entropy is low and the attacker can choose the audit units to attack and find that audits do not necessarily provide the level of confidence implied by the standard statistics. This effect is most pronounced for randomness tables, where significantly more units must be audited in order to achieve the same level of security that would be expected if the audit units were selected by a truly random process.

PDF version here.

Of course, it's still possible I'm totally wrong about all this. Alternately, it's possible everyone but me already knows. Hopefully not, though.

Leave a comment