On the Security of Election Audits with Low Entropy Randomness

Secure election audits require some method of randomly selecting the units to be audited. Because physical methods such as dice rolling or lotterystyle ping pong ball selection are inefficient when a large number of audit units must be selected, some authors have proposed to stretch physical methods by using them to seed randomness tables or random number generators. We analyze the security of these methods when the amount of input entropy is low under the assumption that the attacker can choose the audit units to attack. Our results indicate that under these conditions audits do not necessarily provide the detection probability implied by the standard statistics. This effect is most pronounced for randomness tables, where significantly more units must be audited in order to achieve the detection probability that would be expected if the audit units were selected by a truly random process. It is still unclear whether there are practical methods for safely using such tables for this application.