pr êt à voter a brief (heavily biased) history of verifiable voting
DESCRIPTION
Pr êt à Voter A brief (heavily biased) history of verifiable voting. Peter Y A Ryan University of Luxembourg. Outline. The problem. Brief history of verifiable voting Voter-verifiability. Overview of the Pr êt à Voter approach. Vulnerabilities Evolution and counter-measures Conclusions. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/1.jpg)
Prêt à Voter
A brief (heavily biased) history of verifiable voting
Bertinoro 2010 P Y A Ryan Prêt à Voter 1
Peter Y A RyanUniversity of Luxembourg
![Page 2: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/2.jpg)
Outline• The problem.• Brief history of verifiable voting• Voter-verifiability.• Overview of the Prêt à Voter approach.• Vulnerabilities• Evolution and counter-measures• Conclusions.
Bertinoro 2010 P Y A Ryan Prêt à Voter 2
![Page 3: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/3.jpg)
Secure, distributed computing
• Abstractly, secure, verifiable elections can be regarded as a special case of secure, distributed computation.
• But “real” elections are different:– Voters typically won’t have computation power
or expertise.– Elections need to be scalable, usable,
understandable,…….
Bertinoro 2010 P Y A Ryan Prêt à Voter 3
![Page 4: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/4.jpg)
The Problem• From the dawn of democracy it was recognised that
people would be tempted to try to corrupt the outcome of elections.
• Highly adversarial: system trying to cheat voters, voters trying to cheat the system, coercers trying to influence voters, voters trying to fool coercers etc.
• In the US they have been using technological devices for voting for over a century: e.g., level machines since 1897, punch cards, optical scans, touch screen etc. Prompted by high instance of fraud with paper ballots.
• All have problems, see “Steal this Vote” Andrew Gumbel.
Bertinoro 2010 P Y A Ryan Prêt à Voter 4
![Page 5: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/5.jpg)
The problem!
Bertinoro 2010 P Y A Ryan Prêt à Voter 5
![Page 6: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/6.jpg)
“The Computer Ate my Vote”• In the 2004 US presidential election, ~30% of
the electorate used DRE, touch screen devices.• Aside from the “thank you for your vote for Kerry,
have a nice day” what assurance do they have that their vote will be accurately counted?
• What do you do if the vote recording and counting process is called into question?
• Voter Verifiable Paper Audit Trail (VVPAT) and “Mercuri method”. But paper trails are not infallible either.
Bertinoro 2010 P Y A Ryan Prêt à Voter 6
![Page 7: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/7.jpg)
Remote vs Supervised• Important to draw a clear distinction between
supervised and remote voting.• In the former the voter casts their vote in
enforced isolation, e.g., in a booth in a polling station.
• Remote voting, e.g., internet, postal etc. such isolation cannot be enforced.
• Hence dangers of coercion.• The bulk of the talk will be about supervised, but
we will venture into remote voting later.
Bertinoro 2010 P Y A Ryan Prêt à Voter 8
![Page 8: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/8.jpg)
Bertinoro 2010 P Y A Ryan Prêt à Voter 9
Hazards of e-voting!
![Page 9: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/9.jpg)
Technical Requirements• Key requirements:
– Integrity/accuracy– Ballot secrecy– Receipt freeness– Coercion resistance– Voter verifiability: the voter should be able to confirm that their
vote is accurately included in the count.– Universal verifiability: everyone should be able to verify the
count.– Eligibility verifiability.– Availability– Ease of use, public trust, cost effective, scalable etc. etc…..
Bertinoro 2010 P Y A Ryan Prêt à Voter 10
![Page 10: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/10.jpg)
Assumptions
• For the purposes of the talk we will make many sweeping assumptions, e.g.,:– An accurate electoral register is maintained.– Mechanisms are in place to ensure that voters can be
properly authenticated.– Mechanisms are in place to prevent double voting and
ballot stuffing.– Existence of a secure Web Bulletin Board.– Crypto algorithms we use are sufficiently secure.– Etc.
Bertinoro 2010 P Y A Ryan Prêt à Voter 11
![Page 11: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/11.jpg)
Brief history – 1981: Chaum: anonymising mixes and suggest
application to voting.– 1994(?) Benaloh/Tunistra: receipt-free scheme.– 2003/4: Chaum: visual crypto scheme– Neff: VoteHere and MarkPledge.– 2004: Ryan: Prêt à Voter– 2005: Chaum: PunchScan– 2007: Chaum: Scantegrity I– 2007: Rivest: ThreeBallot– 2008: Scantegrity II
Bertinoro 2010 P Y A Ryan Prêt à Voter 12
![Page 12: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/12.jpg)
Internet
• 2001: Chaum: SureVote-code voting.• 2005: Juels et al: definition of coercion-
resistance and token mechanism.• 2007: Clarkson et al: Civitas• 2008: Adida: Helios• 2008/9: Ryan/Teague: Pretty Good
Democracy.
Bertinoro 2010 P Y A Ryan Prêt à Voter 13
![Page 13: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/13.jpg)
Voter-verifiability in a nutshell • Voters are provided with an encrypted “receipt”.• Copies of the receipts are posted to a secure web
bulletin board. Voters can verify that their receipt is correctly posted.
• A (universally) verifiable tabulation is performed on the receipts.
• Checks are performed at each stage to detect any attempt to decouple the encryption of the receipt from the decryption performed by the tellers.
• But, proofs provided to the voter of correct encryption of their vote must not be transferable.
Bertinoro 2010 P Y A Ryan Prêt à Voter 14
![Page 14: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/14.jpg)
Design philosophy
– “Verify the election, not the system!”– Assurance of accuracy should be based on
maximal transparency and auditability– Not on (claims of) correctness of code etc.– End-to-end verifiability.– Software independence.– Assurance by the people for the people!– As simple and understandable as possible.
Bertinoro 2010 P Y A Ryan Prêt à Voter 15
![Page 15: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/15.jpg)
Prêt à Voter• Ballot forms encode the vote in familiar form
(e.g. a against the chosen candidate).• The candidate list is (independently) randomised
for each ballot form.• Information defining the candidate list is buried
cryptographically in an “onion” value printed on each ballot form.
Bertinoro 2010 P Y A Ryan Prêt à Voter 16
![Page 16: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/16.jpg)
Prêt à Voter• Each ballot form has a unique, secret, random
seed s buried cryptographically with threshold public keys of a number of tellers in an “onion” printed on the form.
• For each form, a permutation of the candidate list is computed as a publicly known function of this seed.
• The seed can only be extracted by the collective actions of tellers, or suitable subset if a threshold scheme is used.
Bertinoro 2010 P Y A Ryan Prêt à Voter 17
![Page 17: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/17.jpg)
Typical Ballot SheetObelix
Asterix
Idefix
Panormix
Geriatrix
$rJ9*mn4R&8
Bertinoro 2010 P Y A Ryan Prêt à Voter 18
![Page 18: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/18.jpg)
Voter marks their choiceObelix
Asterix Idefix
Panoramix
Geriatrix
$rJ9*mn4R&8
Bertinoro 2010 P Y A Ryan Prêt à Voter 19
![Page 19: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/19.jpg)
Voter’s Ballot Receipt
$rJ9*mn4R&8
Bertinoro 2010 P Y A Ryan Prêt à Voter 20
![Page 20: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/20.jpg)
Florida 2000
Bertinoro 2010 P Y A Ryan Prêt à Voter 21
![Page 21: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/21.jpg)
The voting “ceremony”• Can be varied, but possible scenario:
– Voter enters the polling station and takes a ballot form at random, sealed in an envelope.
– The voter goes to a booth, extracts the ballot form and makes their mark.
– LH strip is destroyed/discarded.– The voter leaves the booth with the RH strip, which
forms the receipt, and registers with an official.– A digital copy, (r, Onion), of the receipt is made. The
receipt is digitally signed and franked. Additionally, a paper audit copy can be made.
– The voter exits the polling station with their receipt.
Bertinoro 2010 P Y A Ryan Prêt à Voter 22
![Page 22: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/22.jpg)
Checking and tabulation– Digital copies of the “protected receipts” are posted to
the Web Bulletin Board.– The voters, or proxies, can visit the WBB and confirm
that their receipt appears correctly. – An anonymising tabulation is performed on posted
receipts: re-encryption mixes followed by threshold decryption.
Bertinoro 2010 P Y A Ryan Prêt à Voter 23
![Page 23: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/23.jpg)
Remarks • The receipt reveals nothing about the vote• Voter experience simple and familiar.• No need for voters to have personal keys or computing
devices.• Votes do not communicate their choice to any device.• Vote casting can be in the presence of an official (à la
Française).• Voters could be allowed to audit ballots of their choice.• An encrypted paper audit trail can be incorporated.• Works for ranked, STV etc (module “Italian” style
attacks).
Bertinoro 2010 P Y A Ryan Prêt à Voter 24
![Page 24: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/24.jpg)
In Maths We Trust!• All this is fine as long as we are happy to trust “The
Authority”, the tellers etc. • But we want to trust nobody, just trust in
maths/cryptography.• For the accuracy requirement:
– Ballot forms may be incorrectly constructed, leading to incorrect encoding of the vote.
– Ballot receipts could be corrupted before they are entered in the tabulation process.
– Tellers may perform the decryption incorrectly.
• We now discuss the corruption/fault detection mechanisms.
Bertinoro 2010 P Y A Ryan Prêt à Voter 25
![Page 25: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/25.jpg)
Open audit
• A random selection of ballots are audited for well-formedness.
• Voters, or proxies, check that receipts are correctly posted on the BB.
• A verifiable, anonymous tabulation is performed on posted receipts, using partial random checking of Neff style ZK proofs.
Bertinoro 2010 P Y A Ryan Prêt à Voter 26
![Page 26: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/26.jpg)
Evolution
• Prêt is actually a suite of designs, driven by the identification of vulnerabilities and the search for greater flexibility, usability etc.
• Co-evolution of threats and requirements.
Bertinoro 2010 P Y A Ryan Prêt à Voter 27
![Page 27: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/27.jpg)
Decryption vs re-encryption mixes
• Early versions of Prêt use decryption mixes. Good for handling full permutations, but lack flexibility etc.– Re-encryption mixes are much more flexible
and robust. – Can be rerun or run in parallel.– Mixers don’t need secret keys etc– Clean separation of mix and decryption.
• Newer versions use re-encryption mixes.Bertinoro 2010 P Y A Ryan Prêt à Voter 28
![Page 28: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/28.jpg)
Vulnerabilities• Chain of custody of ballots• Ballot stuffing• Chain voting• “Italian” style attacks• Retention of LH side• Randomisation • “social-engineering”• psychological• Kleptographic • Key/entropy generation…….
Bertinoro 2010 P Y A Ryan Prêt à Voter 29
![Page 29: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/29.jpg)
Chain of custody
• Procedural mechanisms• Need to protect secrecy and integrity• Envelopes• Anti-counterfeiting• On-demand creation:• Voter auditing, multiple auditing, dual
ballots
Bertinoro 2010 P Y A Ryan Prêt à Voter 30
![Page 30: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/30.jpg)
Chain-voting
• Conceal “onion”, e.g. with scratch strip.• Verified re-encryption of “onion”.• On-demand generation of ballots along
with logging serial numbers.• Etc
Bertinoro 2010 P Y A Ryan Prêt à Voter 31
![Page 31: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/31.jpg)
Destruction of the LH side
• Procedural mechanisms• Mechanical mechanisms• Presence of decoy strips• Slotted LH strip that falls apart.• Markpledge style mechanism?-but hard to
achieve without having to communicate choice to the device.
Bertinoro 2010 P Y A Ryan Prêt à Voter 32
![Page 32: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/32.jpg)
Randomisation
• Attacker demands the receipt has a special form, e.g. X in first place.
• Counter: have multiple ballots available, e.g. via “Benaloh” style auditing.
Bertinoro 2010 P Y A Ryan Prêt à Voter 33
![Page 33: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/33.jpg)
“social-engineering”
• Example: cut-and-choose into choose-and-cut.
• Counter: better user understanding, training.
• Simpler ceremonies.• ….
Bertinoro 2010 P Y A Ryan Prêt à Voter 34
![Page 34: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/34.jpg)
Psychological
• Attackers convince voters that their receipt can be read.
• Counters:• Educate voters• Farnel/twin mechanism.
Bertinoro 2010 P Y A Ryan Prêt à Voter 35
![Page 35: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/35.jpg)
Kleptographic
• Device exploits some freedom in randomness to leak information via subliminal channels.
• Counters:• Distributed generation of entropy.• Pseudo-random, e.g. signature over serial
number.
Bertinoro 2010 P Y A Ryan Prêt à Voter 36
![Page 36: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/36.jpg)
Socio-technical aspects
• Never achieve absolute security.• Not enough to analyse the technical core.• Need to balance technical and procedural
mechanisms.• Need to account for the “whole” system.• Current systems not perfect-new systems
need to be at least as good.
Bertinoro 2010 P Y A Ryan Prêt à Voter 37
![Page 37: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/37.jpg)
Conclusions
• Secure voting systems a dynamic area of research.
• Lots of open questions!• Highly socio-technical in nature.• Possibility of highly modular designs.
Bertinoro 2010 P Y A Ryan Prêt à Voter 38
![Page 38: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/38.jpg)
Future work
• On the current model:– Determine exact requirements.– Formal analysis and proofs. – Construct threat and trust models.– Investigate error handling and recovery strategies.– Develop a full, socio-technical systems analysis.– Develop prototypes and run trials, e.g., e-voting
games!– Investigate public understanding, acceptance and
trust.
Bertinoro 2010 P Y A Ryan Prêt à Voter 39
![Page 39: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/39.jpg)
Future work
• Beyond the current scheme:– Finalise remote, coercion resistant version (using
“capabilities”).– Re-encryption mixes for general electoral methods.– Establish minimal assumptions.– Alternative sources of seed entropy: Voters, optical
fibres in the paper, quantum…?– Alternative robust mixes.– Quantum variants.– Unconditional schemes?
Bertinoro 2010 P Y A Ryan Prêt à Voter 40
![Page 40: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/40.jpg)
OpenVeto (Hoa, Zielinski)
• Boardroom style: only open authenticated channels-no private channels.
• Suppose n members Pi.• Choose large prime p and a generator g of
a subgroup order q of Zp*, q|(p-1). In which taking discrete logs is intractable. i.e. Usual El Gamal setting.
Bertinoro 2010 P Y A Ryan Prêt à Voter 41
![Page 41: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/41.jpg)
OpenVeto
• Pi chooses xi at random and broadcasts:
i:=gxi plus ZK proof of knowledge of xi.• After all have broadcast, each checks the ZK
proofs and Pi computes:i := j=1 i-1 j / j=i+1 n j
• Pi now broadcasts:
i := ixi + ZK proof if no veto
:= iri + ZK proof random ri if veto
Bertinoro 2010 P Y A Ryan Prêt à Voter 42
![Page 42: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/42.jpg)
The outcome
• All compute:j=1 n i
=1 if no veto1 if >0 veto
• If all choose ri=xi, the terms in the exponent cancel out.
• Note: could use crypto commitments in place of ZK proofs, but extra rounds.
Bertinoro 2010 P Y A Ryan Prêt à Voter 43
![Page 43: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/43.jpg)
OpenVote (Hoa, Ryan, Zielinski)• Again Pi broadcasts:
i:=gxi plus ZK proof of knowledge of xi.• After all have broadcast each checks the ZK proofs
and Pi computes:i = gyi := j=1 i-1 j / j=i+1 n j
• But nowi := i
xi gvi + + ZK proof vi=01
with vi=1 for Yes, vi=0 for No. Bertinoro 2010 P Y A Ryan Prêt à Voter 44
![Page 44: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/44.jpg)
OpenVote
• ZK proof: need to show that vi = 0 or 1 without revealing which.
• Form the ElGamal encryption of gvi with PK i=gyi and randomisation xi:
• zi:= (i, i ) = (gxi , gyixi gvi )• Now use the Cramer, Damgård,
Schoenmakers technique to prove that zi is an encryption of 1 or g.
Bertinoro 2010 P Y A Ryan Prêt à Voter 45
![Page 45: Pr êt à Voter A brief (heavily biased) history of verifiable voting](https://reader034.vdocuments.site/reader034/viewer/2022051316/56815a8a550346895dc7ff09/html5/thumbnails/45.jpg)
Tabulation
• All can compute:j=1
n i = gvi
• vi is the number of “Yes” votes.• Can be extended to handle >2 candidates
using trick due to Baudrot et al, using a super-increasing sequence to encode the candidates: 20, 2k, 22k, ....with 2k > v, the number of voters.
Bertinoro 2010 P Y A Ryan Prêt à Voter 46