Abstract: A facility for conducting a financial transaction is described. The facility receives a purchase order identifying a customer and an amount of a payment to be made by the identified customer to a payee. The customer identified by the purchase order has an individual account. The facility selects an account from a pool of accounts designated as being shared by a number of customers including the identified customer. The shared pool does not include the identified customer's individual account. The facility transfers the identified amount from the identified customer's individual account to the selected account of the shared pool. The facility causes information identifying a credit card number for the selected account of the shared pool to be provided to the payee for use in effecting the payment.

Abstract: A facility for conducting a financial transaction is described. The facility receives a purchase order identifying a customer and an amount of a payment to be made by the identified customer to a payee. The customer identified by the purchase order has an individual account. The facility selects an account from a pool of accounts designated as being shared by a number of customers including the identified customer. The shared pool does not include the identified customer's individual account. The facility transfers the identified amount from the identified customer's individual account to the selected account of the shared pool. The facility causes information identifying a credit card number for the selected account of the shared pool to be provided to the payee for use in effecting the payment.

Abstract: A facility for discerning corruption of an electronic ballot is described. The facility sends from a first computer system to a second computer system an encrypted ballot that reflects a ballot choice selected by a voter. The facility then sends a confirmation from the second computer system to the first computer system, which serves to convey the decrypted contents of the encrypted ballot as received at the second computer system, and which is generated without decrypting the encrypted ballot. In the first computer system, the facility uses the confirmation to determine whether the decrypted contents of the encrypted ballot as received at the second computer system match the ballot choice selected by the voter.

Abstract: A facility for conducting a coercion-resistant electronic collection is described. The facility receives from the voter a first voter conformation value. At a later time, the facility receives from the voter an encrypted ballot and a second voter confirmation value. Without regard for the value of the received second voter confirmation value, the facility adds the received ballot to a publicly-available list of cast ballots. After the addition, members of the public are able to verify the addition of the received ballot to the list without being able to determine whether the ballot will be counted. The facility counts the ballot if and only the second voter confirmation value received with the ballot matches the received first voter confirmation value.

Abstract: We present a mathematical construct which provides a cryptographic protocol to (verifiably shuffle) a sequence of (k) modular integers, and discuss its application to secure, universally verifiable, multi-authority election schemes. The output of the shuffle operation is another sequence of (k) modular integers, each of which is the same secret power of a corresponding input element, but the order of elements in the output is kept secret. Though it is a trivial matter for the “shuffler” (who chooses the permutation of the elements to be applied) to compute the output from the input, the construction is important because it provides a linear size proof of correctness for the output sequence (i.e. a proof that it is of the form claimed) that can be checked by one or more arbitrary verifiers. The protocol is shown to be honest-verifier zeroknowledge in a special case, and is computational zeroknowledge in general.

Abstract: A facility for discerning corruption of an electronic ballot is described. The facility sends from a first computer system to a second computer system an encrypted ballot that reflects a ballot choice selected by a voter. The facility then sends a confirmation from the second computer system to the first computer system, which serves to convey the decrypted contents of the encrypted ballot as received at the second computer system, and which is generated without decrypting the encrypted ballot. In the first computer system, the facility uses the confirmation to determine whether the decrypted contents of the encrypted ballot as received at the second computer system match the ballot choice selected by the voter.

Abstract: A cryptographic process permits one to verifiably shuffle a series of input data elements. One or more authorities or individuals “shuffle,” or “anonymize” the input data (e.g. public keys in discrete log form or ElGamal encrypted ballot data). The process includes a validity construction that prevents any one or more of the authorities or individuals from making any changes to the original data without being discovered by anyone auditing a resulting proof transcript. The shuffling may be performed at various times. In the election example, the shuffling may be performed, e.g., after ballots are collected or during the registration, or ballot request phase of the election, thereby anonymizing the identities of the voters.

Abstract: A facility for conducting a coercion-resistant electronic collection is described. The facility receives from the voter a first voter conformation value. At a later time, the facility receives from the voter an encrypted ballot and a second voter confirmation value. Without regard for the value of the received second voter confirmation value, the facility adds the received ballot to a publicly-available list of cast ballots. After the addition, members of the public are able to verify the addition of the received ballot to the list without being able to determine whether the ballot will be counted. The facility counts the ballot if and only the second voter confirmation value received with the ballot matches the received first voter confirmation value.

Abstract: A facility for transmitting a ballot choice selected by a voter is described. The facility encrypts the ballot choice with a first secret known only to the client to generate a first encrypted ballot component. The facility also encrypts the ballot choice with a second secret known only to the client, the second secret chosen independently of the first secret, to generate a second encrypted ballot component. The facility then generates a proof demonstrating that the first and second encrypted ballot components are encrypted from the same ballot choice. The facility sends the first and second encrypted ballot components and the proof to a vote collection computer system.

Abstract: A facility for discerning corruption of an electronic ballot is described. The facility sends from a first computer system to a second computer system an encrypted ballot that reflects a ballot choice selected by a voter. The facility then sends a confirmation from the second computer system to the first computer system, which serves to convey the decrypted contents of the encrypted ballot as received at the second computer system, and which is generated without decrypting the encrypted ballot. In the first computer system, the facility uses the confirmation to determine whether the decrypted contents of the encrypted ballot as received at the second computer system match the ballot choice selected by the voter.

Abstract: A facility for conducting an election is described. The facility establishes a public key infrastructure for use in the election. The facility then employs the established key infrastructure in the operation of a voting site.

Abstract: A cryptographic process permits one to verifiably shuffle a series of input data elements. One or more authorities or individuals “shuffle,” or “anonymize” the input data (e.g. public keys in discrete log form or ElGamal encrypted ballot data). The process includes a validity construction that prevents any one or more of the authorities or individuals from making any changes to the original data without being discovered by anyone auditing a resulting proof transcript. The shuffling may be performed at various times. In the election example, the shuffling may be performed, e.g., after ballots are collected or during the registration, or ballot request phase of the election, thereby anonymizing the identities of the voters.