The crypto technology that prevents counterfeiting mail ballots

A chorus of Republican politicians, from President Trump on down, are trying to cast doubt on the security of vote-by-mail elections. Here's why one of their biggest "concerns" is completely wrong.

First, I'll note that 5 states use mail ballots exclusively: Colorado, Hawaii, Utah, Oregon and Washington (where I live). As far as I know, there have been no credible allegations of election fraud in these states, and in fact mail ballots are in important ways more secure than the widely-criticized voting machines. I'll leave it to others to list the many advantages of voting by mail. My purpose is to show you that the "threat" of nefarious parties flooding an election with counterfeit mail ballots is bogus.

The basic solution is to use well-known cryptographic techniques and bar-coded ballots. In fact, a reasonably bright Computer Science undergraduate could design a hack-proof system with these tools.

I'm not an expert in cryptography, but I've used it for years and understand enough to realize how it can make counterfeit ballots effectively impossible. I'll describe a couple of basic ways, and an actual expert could refine them even further.

Both of these schemes start with printing a unique, random bar code number on every ballot that's sent to voters. So every voter knows what their unique ballot number is (it would be duplicated on a tear-off stub that the voter could retain). We wouldn't use sequential ballot numbers because they could potentially be matched with a list of voters, allowing individual voters' ballots to be traced to them.

Technique 1

A list of these random ballot numbers is put in the registrar's computer. Every time an incoming ballot is tallied, its number is "checked off" in the computer. If another ballot with the same number is submitted, we know it's counterfeit. Likewise, if a ballot with a number that's not in the list comes in, we know it has to be bogus. Simple as that: only legit ballots can be counted.

Technique 2

This technique is a bit fancier, but doesn't require keeping a master list of valid ballot numbers. Each ballot is "self-validating".

The basic idea exploits a cryptographic technique called "hashing". Starting with a number, or a chunk of text, or any other block of data, it's easy to compute its hash—which looks like a big, completely random number. But this is a "one-way" process: if you know the hash, it is virtually impossible to discover the data that was used to create it. And if the tiniest change in the source data is made, the new hash will come out completely different, making it easy to detect tampering.

Each time we tally a ballot, we enter its number into a database, so if someone tries to submit an exact duplicate, we'll know and can reject it. The problem arises with hackers trying to create totally new ballots with unique new numbers, and that's where hashing can stop them.

Here's a simple version of how it works; I'm using small numbers to illustrate the process, but in practice really big numbers are used to make it impractical to guess them.

• To begin, we need to choose a secret number, the "key". Let's pick 391.
• Now take a ballot that has a unique random number, say 742.
• Multiply the ballot number by the secret key: 742 x 391 = 290122.
• Now take the hash of this answer. Let's imagine that the hash of 290122 is 6704. And remember, there's no way to recover the number just by knowing the hash, except to compute the hash of every possible number until we happen to hit on the one that produces the hash value 6704. With really large numbers, this is impractical to do in the time before the election.
• When we print each ballot, its bar code consists of 2 parts: the random ballot number (here, 742) and the hash we just calculated (6704).
  
• To validate the ballot, we multiply the ballot number by the secret key (391) and check that the hash of the answer is indeed 6704.
• If the hash in the bar code doesn't match the hash we just computed, it means that we used the wrong key to generate the bar code—and the ballot is rejected as a fake.
• Bottom line: you can't create valid counterfeit ballots without knowing the secret key.

This is a very basic system and there are many ways of making it even more secure. But the point should be clear: IN A PROPERLY-DESIGNED SYSTEM, THERE IS ZERO RISK OF BALLOT COUNTERFEITING.

No matter what Bill Barr may try to tell you.