Originally posted by Tore on Loomered.com November 19th, 2019.

Serious fraud concerns were recently raised during the gubernatorial elections in the state of Kentucky. People who don’t have the right to vote were registered as Democrats, people voted in the name of other people, ballots were being shuffled and couriered around, as well as the revelation that the OWNER of Harp Enterprises that runs the elections in the state of Kentucky is ALSO the owner of a company that installs, maintains, and has access to the state of Kentucky county clerks networking systems. The one aspect of this election and the Louisiana election that just happened, that sadly has not been analyzed and or examined, is the strange number patterns we observe in voting across these states. Not just in the governor race, but in all the races that ran simultaneously.

Around the world people have been up in arms about e-voting and results they can’t seem to accept. Most governments such as the United Kingdom, Germany, and Australia (the United States as well) responded to the questions their citizens raised by claiming “we have received verification that the election is valid”. One government took the complaints seriously and invited “hackers” to examine their side of the e-voting to satisfy their constituents. That country was Switzerland and those “hackers” were upset Australian researchers.

Personally, I spent hours speaking with “hackers” and cryptographers from around the world. Many shared mock code with me to work with and studied the numbers with me, which helped in coming to a conclusion. This determination was based on the whistleblower documentation, mock code, what code we know of Scytl, and the documented communications between Scytl and researchers.

Having crunched numbers, re-reviewing all documents and logs, and reading published academic papers, the results were obvious. In this report I will be discussing some math, crypto, and coding terms to prove that the integrity of our vote is compromised.

Most of what is in this report is way over the average person’s knowledge base (even mine) but the bottom line is the same. We should not be allowing these companies to facilitate our elections because their programming is not universally verifiable. Verifiability is another way of saying being able to prove something with math proofs.

Honestly, I am very frustrated. It is evident that NO ONE bothered to look into it. It took me a week of casual brush-up and crunching some proofs with what I have for a determination to be made. I am an investigative journalist, I don’t sit in Arlington being paid top tier salary with federal taxpayer dollars as a cryptographer or “hacker” – who should be doing this work. My findings have made me VERY angry because this illustrates complacency or severe negligence by our government in respect to protecting the integrity of our vote. This has been going on for almost a decade and that speaks volumes.

The University of Melbourne, Parkville, Australia : Ceci n’est pas une preuve The use of trapdoor commitments in Bayer-Groth proofs and the implications for the verifiability

Can’t Prove Fraud and Can’t Prove No Fraud

I am going to take the leap and say I determined the issue. The issue is very similar to that which occurred in Switzerland. When the issue I found was brought to the attention of the Swiss Federal Chancellery, they ceased e-voting operations and demanded that “Swissport” (the Swiss version of KY’s Harp Enterprises) was suspended until they remedied the issue. In addition, the Swiss government determined that their version of “Harp Enterprises” was unable to access source code! Transparency is obviously not a priority.

UNIVERSAL VERIFIABILITY: Votes cast are the votes counted and integrity of the vote is verifiable (the vote was tallied for the candidate selected). SCYTL FAILS UNIVERSAL VERIFIABILITY because no mathematical proofs can determine if any votes have been manipulated.

INDIVIDUAL VERIFIABILITY: Voter can check if their ballot was correctly counted. For example, if they cast a vote for ABC they want to verify it was ABC. That notion clearly discounts the need for anonymity in the first place.

The graphic below shows you the process of tallying votes. It ends in a process called the DECRYPTION PHASE where the tallies in PLAIN TEXT are produced to country clerks, media, and Harp Enterprises via Clarity, which is a reporting service.

The “Barrier” in the graphic I created separates the front end and the back end of the process of counting the votes.

Both ends have issues of concern, but the BACK END (which is handled 100% by Scytl), is the major concern.

FRONT END

Harp Enterprises Prints ALL Ballots

  • Problem: The bar codes may contain code that aligns with ballot scanners to flip straight party tickets.
  • Remedy: This can be remedied with random samples from a third party.

Harp Enterprises Provides All E-Voting Machines

  • Problem: Scripts being run on the front end as voters choice is flipped.
  • Remedy: Inspection by third party.

Harp Enterprises Uses Hart Intercivic Software & Scytl

  • Problem: Piggyback scripts on export.
  • Remedy: Cannot be determined; Zero knowledge (can’t prove funny business or can’t prove no funny business).

BACK END

During the recent Kentucky elections, the website redirect code indicated that the information coming from Harp Enterprises (that uses Hart Intercivic Ballot Scanners and Software) were sending their information to SCYTL which is a FOREIGN company that “tallies” the votes, and then after tally and decryption, sent the results back through Clarity for reporting.

Here is how the process goes step-by-step, so that as a VOTER, you can understand exactly where the issue is.

STEP 1 | Config Data

  • All non e-voting data is sent to Scytl (offshore) for CONFIGURATION OF DATA.
  • All e-voting sent to CONFIGURATION OF DATA is then sent back to the e-voting machine and onto the next phase called CLEANSING.
  • CONCERNS: Here we see an “OR PROOF” in regards to Online Voting. This makes absolutely no sense. It’s as if it’s pre-tallying then goes back to “check” or rectify. Pretty bizarre.

STEP 2 | Cleansing

Invalid votes and valid votes are separated into two groups and processed separately but in the same manner.

STEP 3 | Shuffling/Mixing

This step is the most nefarious and exactly where the issues arise, carrying over into the decryption phase. Simply put, the software takes all the votes, literally mixes them about like you would a bag of scrabble tiles and then re-encrypts them. The math used to prove the issue at hand, even though it looks scary, is just algebra. That being said, the graphic below is needed to decipher the math proofs I will be talking about.

When the votes are transferred to Scytl they are coming in as ciphertexts (encrypted). Those ciphertexts are re-encrypted, but are able to be decrypted with the same key. That is what makes this process attractive. They offer security and impenetrability by external threats.

Because this process occurs, there must be certain PARAMETERS set to show that this mixing and shuffling doesn’t REPLACE a vote with a vote that the administrator or software carrier inject for determined lead. In essence, this is how votes among ALL pools and simultaneous races can be fixed.

Example: There are 3 races. Governor, Attorney General and Secretary Of State. The powers that be want the Governor to be Andy and so they take votes away from Governor and add them to the AG Democrat and take votes from SOS Democrat and add them to Governor Andy, but then shuffle back some votes from Governor Matt from the SOS Democrat to balance it out. Hypothetically, such scripts are run to “shuffle the votes” to get their desired result.

HOW TO PROVE THAT ORIGINAL VOTES ARE THE SAME AS WHAT YOU TALLY UP

In order to “make sure” Scytl isn’t replacing votes that Scytl had re-encrypted during the mix, Scytl must prove that votes A, B, C are indeed X, Y, Z under their new coding respectively. This is done by Scytl and in this case, Harp Enterprises by agreeing to certain “Generators” and therefore together building “commitments”.

Without delving too much into cryptography, a commitment is a set of values agreed upon that are based on encrypted data that agree “number wise”. You still don’t know what you are seeing, but you are shown “proof” that ABC is XYZ respectively.

Scytl’s proof is skewed and simply prove what they want to prove. For all my coders – this is what it would look like. For those that don’t understand, allow me to explain.

Going back to the notion of agreeing on generators and commitment parameters:

To this, Scytl and Harp Enterprises both have to find a number with factors selected independently as input NOT run through a common script. That way, the selected number factors don’t have any way to be related with the commitment parameters. It’s imperative that the commitment parameters are VERIFIABLY random. This is important because if you know the relationship between the two generators then you can manipulate the values.

Scytl and Harp Enterprises generated a random number and generated generators from those random numbers that they knew the relationship of. In other words, Scytl knew exactly what the relationship between the numbers would be. It was FIXED, and thus CRYPTOGRAPHY fails. In non-technical terms, Scytl could see, access, and manipulate from both ends.

TRAPDOOR

What I just describe is coined a “trapdoor”. Trapdoor is a cryptotech term that describes a state of a program that knows the commitment parameters and therefore is able to change the value of the commitments however it likes. Simply put, this is the tool for the fix. Scytl can take all the votes and give them to anyone they want. If they have a total of 1000 votes, Scytl can distribute them among all races as it deems fit to achieve the goals it wants. (Case Study: Estonia)

The math is straightforward algebra, but what it demonstrates is the ability to move goalposts without being acknowledged as having moved the goalposts. Below is how the math would look when stealing an election.

More Math

This is how a vote would be garnered, slotted into a neat math equation. During the mixing phase, this is how you would replace or “reallocate” votes.

STEP 4 | Decryption

In this final phase, and before public release, the tallies are released from encrypted format into plain text. As previously explained, those that know the trapdoor can easily change any votes. The known relationship of the randomness is applied and used to generate the tally vote ciphertext. In this case, Scytl, who is the mixer, can collude with their vote company clients (like Harp Enterprises) to change votes and get away with it.

In this stage, Scytl can decrypt the results, look at them, and if they don’t like them, they can fabricate them. This is because the receiver doesn’t have the decryption key so they rely solely on Scytl to be honest. This method, when tested by those testing integrity of Scytl systems, indicate that change would be evident after about 86% of the votes have been tallied, where greater delay in reporting finalizing numbers is expected. This is the point that you would see a flip in the race. This was observed in both the Kentucky and the Louisiana election.

To recap, if during the mixing phase the script or vote “re-allocation” (theft) isn’t enough to provide the outcome desired, Scytl has the opportunity – close to the end of the tallying of votes – to remedy that. This could be why last minute changes are observed.

Zero-knowledge proofs of knowledge allow a prover to convince a verifier that she holds information satisfying some desirable properties without revealing anything else.

How Not to Prove Yourself: Pitfalls of the Fiat-Shamir Heuristic and Applications to Helios

More simply put, Scytl can convince you with a proof complementary to the generators and commitments it can manipulate BECAUSE they know the relationship (TRAPDOOR), therefore they can prove it is accurate but can’t prove the integrity of how they arrived at those tallies that they report.

Surmising, there is no ability to detect FRAUD with this system in place.

After decryption, if challenged, the administrator or software company that knows the trapdoor can provide you proof that would be able to pass verification. This was demonstrated in the case study by The University of Melbourne in March 2019.

THE PROBLEM IDENTIFIED AND IGNORED

All elections being held in our nation for years are completely broken. Harp-Scytl is one of few partnerships of private companies with companies like Scytl or Smartmatic that have the same ISSUE. When reviewing their training codes (that are publicly available) it was evident.

It seems like the state of Kentucky has blind trust in a group of companies both foreign and domestic. Why haven’t they challenged to test? They didn’t bother to examine or test for universal verifiability. One can speculate that they are complacent in allowing these companies, or who ever is FUNDING THEM, to continue this usurpation.

Switzerland found that the issue I have identified was concerning in respects to determining universal verifiability. Verifiability is simply what it means: the ability to verify with mathematical proofs if votes have been manipulated. Even though this trapdoor doesn’t give rise to a breach in security, its lack of verifiability means that there are NO MEANS to detect if votes have been tampered with.

A team of researchers tested the same notion I am making now and determined that the PROOFS Scytl was providing were simply complementary to the generators and commitments it could manipulate and therefore weren’t really proofs! During their research, they purposely changed votes and still could not find a way to identify those changes. That’s just how iron clad the trapdoor cloak is. They fake a proof of ciphertexts with known randomness.

RELATED ARTICLE: Hackers uncover ‘significant’ flaw in Swiss e-voting

Thus, since Scytl-Harp don’t have verifiability how do we get this into the right hands and explain to every American that their idea of a Democratic vote has been a lie for a while now?

Luckily, an investigative journalist isn’t the only one that discovered this. In fact, it was the work of a group of Aussies that helped me maneuver the mock code floating around in corners of the internet, which allowed me to come to the same conclusion, even though I am a novice cryptographer.

The University of Melbourne, Parkville, Australia : Ceci n’est pas une preuve The use of trapdoor commitments in Bayer-Groth proofs and the implications for the verifiability

If I were the administration, the state of Kentucky, Louisiana, Indiana,…all those that use Scytl, I would be emailing these amazing researchers to parse through and ensure complete verifiability. OUR VOTE is the most important right we have and it should be protected at any cost.

Think about it. Every single election that has happened since about 2010 cannot be audited and election tampering cannot be detected. This should concern every single American citizen, especially with the upcoming presidential elections.

If You Identify A Problem, Might As Well Offer A Solution

I believe the solution for this is to go back to paper ballots that are monitored by CCTV. Below is a little graphic indicating a process that can be implemented, leaving little room for external threats.

This would mean that the only person in and out of the facility with marked ballots would be the voters. Ballots provided upon entry at the “voting reception” can be weighed to measure quantity before polls, upon, and immediately after the polls close. The difference in weight should match the weight of the ballots in the ballot boxes. Once that is confirmed, ballots are manually counted under CCTV. This process would be similar to a dealer in a casino being watched by their pit boss through CCTV, checking that they are allocating the votes accurately.

This may be more time consuming, but there are MANY citizens who would volunteer to count ballots in order to ensure election integrity. Some things don’t need to be modernized or reinvented.

Concluding, the problem with these e-voting machines and companies “scanning” and tallying our votes is that we can’t prove they are manipulating results but we can’t prove they aren’t either.

Like my work you can tip me or support me via PAYPALVENMO and CASH APP or support me on Subscribestar!

Advertisements
1 comment
  1. With this information there is no future in electronic voting and any past election now stands in question using these machines, and any future election with these machines being unverifiable is useless to conduct. There will be no public confidence of the results given, or the candidate selected. Paper ballot is our only way out as you propose. The stalling is to not have time to institute a vote by any other means than the voting machines.

Leave a Reply

Sign Up for Our Newsletters

Subscribe to newsletters to get latest posts in your email.