Machine-Checked Reasoning About Complex Voting Schemes Using Higher-Order Logic

  • Jeremy E. Dawson
  • Rajeev GoréEmail author
  • Thomas Meumann
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9269)


We describe how we first formally encoded the English-language Parliamentary Act for the Hare-Clark Single Transferable Vote-counting scheme used in the Australian state of Tasmania into higher-order logic, producing SPECHOL. Based on this logical specification, we then encoded an SML program to count ballots according to this specification inside the interactive theorem prover HOL4, giving us IMPHOL. We then manually transliterated the program as a real SML program IMP. We are currently verifying that the formalisation of the implementation implies the formalisation of the specification: that is, we are using the HOL4 interactive theorem prover to prove the implication IMPHOL \(\rightarrow \) SPECHOL.


Vote Scheme Counting Program Australian Capital Territory Sanity Check Functional Programming Language 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



We are extremely grateful to the many suggestions for improvement from the reviewers of VoteID 2015. We have tried to take every comment into account, and have even used some of the suggested prose verbatim.


  1. 1.
    AAP. AEC costs WA Senate election at \({\$}\)20M, February 2014.
  2. 2.
    Abate, P., Dawson, J., Goré, R., Gray, M., Norrish, M., Slater, A.: Formal methods applied to electronic voting systems (2003).
  3. 3.
    ACTEC. Hare-Clark electoral system (2015).
  4. 4.
    Arrow, K.J.: A difficulty in the concept of social welfare. J. Polit. Econ. 58(4), 328–346 (1950)CrossRefGoogle Scholar
  5. 5.
    Beckert, B., Börmer, T., Goré, R., Kirsten, M., Meumann, T.: Reasoning about vote counting schemes using light-weight and heavy-weight methods. In: VERIFY 2014: Workshop Associated with IJCAR 2014 (2014)Google Scholar
  6. 6.
    Beckert, B., Goré, R., Schürmann, C., Bormer, T., Wang, J.: Verifying voting schemes. J. Inf. Sec. Appl. 19(2), 115–129 (2014)Google Scholar
  7. 7.
    Benaloh, J., Moran, T., Naish, L., Ramchen, K., Teague, V.: Shuffle-sum: coercion-resistant verifiable tallying for STV voting. IEEE Trans. Inf. Forensics Secur. 4(4), 685–698 (2009)CrossRefGoogle Scholar
  8. 8.
    Bennett, S.: Inglis Clark’s other contribution: a critical analysis of the Hare-Clark voting system.
  9. 9.
    Cochran, D.: Formal specification and analysis of danish and irish ballot counting algorithms. Ph.D. thesis, ITU (2012)Google Scholar
  10. 10.
    Cochran, D., Kiniry, J.R.: Formal model-based validation for tally systems. In: Heather, J., Schneider, S., Teague, V. (eds.) Vote-ID 2013. LNCS, vol. 7985, pp. 41–60. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  11. 11.
    DeYoung, H., Schürmann, C.: Linear logical voting protocols. In: Kiayias, A., Lipmaa, H. (eds.) VoteID 2011. LNCS, vol. 7187, pp. 53–70. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  12. 12.
    Farrell, D.M., McAllister, I.: The Australian Electoral System: Origins, Variations and Consequences. University of New South Wales Press, Sydney (2006)Google Scholar
  13. 13.
    Gordon, M.J.C., Melham, T.F.: Introduction to HOL: a theorem proving environment for higher order logic. CUP (1993)Google Scholar
  14. 14.
    Goré, R., Meumann, T.: Proving the monotonicity criterion for a plurality vote-counting program as a step towards verified vote-counting. In: 6th International Conference on Electronic Voting: Verifying the Vote, pp. 1–7 (2014)Google Scholar
  15. 15.
    Hill, I.D., Wichmann, B.A., Woodall, D.R.: Algorithm 123: single transferable vote by Meek’s method. Comput. J. 30, 277–281 (1987)CrossRefzbMATHGoogle Scholar
  16. 16.
    Kumar, R., Myreen, M.O., Norrish, M., Owens, S.: CakeML: a verified implementation of ML. In: POPL, pp. 179–192 (2014)Google Scholar
  17. 17.
  18. 18.
    NSWEC. Enrolment statistics. New South Wales Electoral Commission (2014).
  19. 19.
    Poppleton, M.: The single transferable voting system: functional decomposition in formal specification. In: IWFM (1997)Google Scholar
  20. 20.
    Community Z tools. Accessed 2 June 2015
  21. 21.
    TEC. Annual report 2013–2014. Tasmanian Electoral Commission (2013)Google Scholar
  22. 22.
    Teague, V., Halderman, J.A.: Thousands of NSW election online votes open to tampering (2015).
  23. 23.
    Wen, R.: Online elections in Terra Australis. Ph.D. thesis, University of New South Wales (2010)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Jeremy E. Dawson
    • 1
  • Rajeev Goré
    • 1
    Email author
  • Thomas Meumann
    • 1
  1. 1.Research School of Computer ScienceAustralian National UniversityCanberraAustralia

Personalised recommendations