BatchVote: Voting Rules Designed for Auditability

Abstract

We propose a family of novel social choice functions. Our goal is to explore social choice functions for which ease of auditing is a primary design goal, instead of being ignored or left as a puzzle to solve later.

Our proposal, “BatchVote,” creates a social choice function f from an arbitrary “inner” social choice function g, such as instant-runoff voting (IRV), and an integer B, the number of batches.

We aim to preserve flexibility by allowing g to be arbitrary, while providing the ease of auditing of a plurality election.

To compute the winner of an election of n votes, the social choice function f partitions the votes into B batches of roughly the same size, pseudorandomly. The social choice function g is applied to each batch. The election winner, according to f, is the weighted plurality winner for the B outcomes, where the weight of each batch is the number of votes it contains. The social choice function f may be viewed as an “interpolation” between plurality (which is easily auditable) and g (which need not be).

Auditing is simple by design: we can view f as being a (weighted) plurality election by B “supervoters,” where the bth supervoter’s vote is determined by applying g to the votes in batch b, and the weight of her vote is the number of votes in her batch. Since plurality elections are easy to audit, the election output can be audited by checking a random sample of “supervotes” against the corresponding paper records.

Appendices

Appendix A. Possible Details of Batch Assignment Method

We illustrate the proposed procedure with an example. Suppose the random seed K is the string of 24 decimal digits

$$ K = \texttt {067541877022641091953584} $$

and suppose that a ballot has the 37-character ballot ID

$$ \text {ID} = \texttt {2016-11-08-maricopa-az-1562-7631-5515} . $$

Then the batch to which this ballot is assigned is starting with the concatenation of these two strings—that is:

$$ K || ID = \texttt {0675418770226410919535842016-11-08-maricopa-az-1562-7631-5515} . $$

Applying SHA256 to this byte string yields the hexadecimal result

$$ \texttt {db5d8603dcf6e4e122e7b0ff231d4069cb4626f45ab1686cb1b6dd9d424480d9} $$

which, when interpreted as a base-16 integer, yields

$$ \texttt {99221755554920309225844359348330608520995333449296550547451312649783275192537} $$

(decimal). Finally, we take the result modulo B, the number of batches, and add one. Suppose \(B=10000\). Then the batch number for this ballot is

$$ \texttt {2538}\ . $$

Because the result is obtained modulo B, plus one, the batches are numbered 1 to B, inclusive.

Appendix B. Guidelines for Breaking Ties

We provide each of the B invocations of g with its own random number seed to use in tie-breaking. Suppose the overall election-random seed is

$$ \texttt {067541877022641091953584}. $$

Suppose we wish to provide the 15th invocation of g with its own tie-breaking seed. Then the tie-breaking seed \(K^{(b)}\) provided will be

$$ K^{(b)} = \texttt {067541877022641091953584:batch:15}. $$

That is, the overall election seed, followed by “:batch:”, followed by the batch number b in decimal, for \(b=1, 2, \ldots , B\). This seed can be concatenated with other values within g to break ties, and then SHA256 may be applied to the result.

Of course, the specification of g needs to clearly specify how ties are to be broken, given the tie-breaking seed \(K^{(b)}\). (We have, for example, python code that illustrates this for various social choice functions g.)

Each instance of g receives a different tie-breaking seed \(K^{(b)}\), to remove the possibility of obviously correlated tie-breaking between the various batches. Although the seeds for different batches are related, they are nonetheless different, and the pseudo-random character of SHA256 makes it computationally infeasible to find statistical correlations in their tie-breaking use.

Notation

This note summarizes notational conventions we use in this paper.

• B Number of batches.

• b A particular batch. \(b = 1, 2, \ldots , B\).

• \(\mathcal {C}\) The set of candidates.

• C Number of candidates (possible election outcomes.

• c A particular candidate. (Also w, \(\ell \) sometimes, for winner, loser.)

• n Number of cast votes.

• T Replication factor; how many times each vote is replicated.

• N Number of ballots being tabulated; \(N = nT\).

• \(N^{(b)}\) Number of ballots in batch b (so \(\sum _b N^{(b)} = N\)).

• \(\lambda \) Average batch size (\(\lambda = N/B\)).

• \(R_c\) Total reported tabulation in favor of candidate c. (i.e. electronic tabulation)

• \(A_c\) Total actual tabulation in favor of candidate c (i.e. paper ballot tabulation)

• \(R_c^{(b)}\) Reported tabulation for candidate c in batch b (Either \(N^{(b)}\) or 0).

• \(A_c^{(b)}\) Actual tabulation for candidate c in batch b. (Either \(N^{(b)}\) or 0).

• \(R_{w\ell }\) Reported margin of candidate w over candidate \(\ell \) (\(R_{w\ell } = R_w - R_\ell \)).

• \(A_{w\ell }\) Actual margin of candidate w over candidate \(\ell \) (\(A_{w\ell } = A_w - A_\ell \)).

• \(R_{w\ell }^{(b)}, A_{w\ell }^{(b)}\) Margins particularized to batch b.

• \(t^{(b)}\) True winner of batch b.

• \(w^{(b)}\) Reported winner of batch b.

• K Random number seed for the election.

• \(K^{(b)}\) Random number seed for batch b.

• \(\mathbb B\) A randomly selected batch, with \(\Pr \{\mathbb B= b\} = N^{(b)}/N\).