User: Password:
|
|
Subscribe / Log in / New account

Security quotes of the week

Security quotes of the week

Posted Feb 9, 2013 19:34 UTC (Sat) by nix (subscriber, #2304)
In reply to: Security quotes of the week by ghane
Parent article: Security quotes of the week

Having a public record of the vote is extremely dangerous, since it means that you can prove to other people how you voted.

Let's rephrase that. It means that other people can demand you prove to them how you voted, and punish you if you didn't vote the way they wanted you to.

Having a public record of the vote is only acceptable if you are permitted to forge it freely, and no record of that forgery is kept. Then you could vote one way and tell your coercer that you voted the other, and the coercer would be none the wiser. (This only works as long as the ballot is secret too, of course.)

This sort of thing is why a lot of countries make it a criminal offence to take photographs inside the voting booth.


(Log in to post comments)

Security quotes of the week

Posted Feb 9, 2013 20:25 UTC (Sat) by apoelstra (subscriber, #75205) [Link]

> Having a public record of the vote is extremely dangerous, since it means that you can prove to other people how you voted.

On the other hand, having no public record means that the vote-counters can change your vote and you'd be none the wiser.

> Having a public record of the vote is only acceptable if you are permitted to forge it freely, and no record of that forgery is kept. Then you could vote one way and tell your coercer that you voted the other, and the coercer would be none the wiser. (This only works as long as the ballot is secret too, of course.)

I'd bet money there's some combination of asymmetric crypto and hash tricks that would let you:

1. Vote as many times as you want, choosing which vote is the "real" one.
2. Publicize the entire voting record so that it's possible for anyone to sum all real votes.
3. Despite (2), nobody can tell which votes are real, even their own, nor can anyone tell how many times somebody voted.

Then if the algorithm and voting record were both publicized, you'd be assured that your vote was correctly counted (because you trust the algorithm, not because you can read the record).

With only these three points, maybe the government could drop votes from the record selectively. (Drop vote, recount. Didn't help me? Put it back, drop the next one, recount...).

But this could be solved if you could also "vote" a signature of others votes. You'd encrypt this signature with some secret. Then, say, your local watchdog group could sign the votes of you and all of your friends. If your votes go missing or the signature goes missing, the watchdog will notice and publicize the secret needed to verify this. Otherwise, the watchdog does nothing and nobody even knows what was signed.

You could even be your own watchdog, though if a lone guy is saying "my signature is bad, they're tampering!" people would likely assume he just did the signature wrong and ignore him. But if the ACLU were to say this, that would be a big deal. And since nobody could match the signature to the watchdog until their secret was published (after the election), any tampering would therefore run a risk of being noticed.

Security quotes of the week

Posted Feb 9, 2013 21:50 UTC (Sat) by renox (subscriber, #23785) [Link]

>On the other hand, having no public record means that the vote-counters can change your vote and you'd be none the wiser.

which is why on 'normal' votes, you can attend the vote-counting..
Not possible of course with 'Internet' votes or machine voting, both are of course very bad ideas.

Security quotes of the week

Posted Feb 11, 2013 23:56 UTC (Mon) by nix (subscriber, #2304) [Link]

Yes, there are indeed such crypto tricks. Unfortunately, they fall foul of another requirement of voting systems: that they must be understandable by the common voter. If only Ron Rivest and his fellow crypto deities can understand said system and be satisfied that it is secure, then the thing is useless, be it ever so wonderful.

Security quotes of the week

Posted Feb 12, 2013 2:18 UTC (Tue) by Cyberax (✭ supporter ✭, #52523) [Link]

It's pretty simple - the system randomizes the order of candidates and you get only one part of it.

Security quotes of the week

Posted Feb 10, 2013 0:01 UTC (Sun) by Cyberax (✭ supporter ✭, #52523) [Link]

There are systems that allow to check that all votes are registered correctly and that can't be used to identify individual voters.

Security quotes of the week

Posted Feb 14, 2013 17:05 UTC (Thu) by davidescott (guest, #58580) [Link]

Very Complex systems. ie most people won't check, and it would be reasonably easy to predict those who might check.

In a country where 50% of the people don't vote and don't care because they recognize it doesn't make a difference who they vote for this means that:
a) You can fraudulently insert votes from individuals who didn't vote and expect them not to check and verify that there vote was not recorded.
b) [Potentially] Change votes of some voters who match certain criteria (unemployed, not connected to a politically active group, low education) and reasonably expect that they will not attempt to verify their vote matches what they claim to have voted for.
c) If anyone does step forward brush them aside as a crackpot.

There is also a strong incentive for a reverse attack on the system from the losing side.
a) If you know you will lose cast the wrong vote (ie vote for the winner or somehow spoil your vote).
b) Complete the protocol for the correct vote to try and introduce an inconsistency in the tabulation.
c) Complain that the election is rigged. Most people won't understand the arguments one way or the other and come down on the side of their party in believing that either the voter screwed up (if they favor the winner) or that the election is rigged (if they favor the loser).


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds