User: Password:
|
|
Subscribe / Log in / New account

Security quotes of the week

Security quotes of the week

Posted Feb 9, 2013 20:25 UTC (Sat) by apoelstra (subscriber, #75205)
In reply to: Security quotes of the week by nix
Parent article: Security quotes of the week

> Having a public record of the vote is extremely dangerous, since it means that you can prove to other people how you voted.

On the other hand, having no public record means that the vote-counters can change your vote and you'd be none the wiser.

> Having a public record of the vote is only acceptable if you are permitted to forge it freely, and no record of that forgery is kept. Then you could vote one way and tell your coercer that you voted the other, and the coercer would be none the wiser. (This only works as long as the ballot is secret too, of course.)

I'd bet money there's some combination of asymmetric crypto and hash tricks that would let you:

1. Vote as many times as you want, choosing which vote is the "real" one.
2. Publicize the entire voting record so that it's possible for anyone to sum all real votes.
3. Despite (2), nobody can tell which votes are real, even their own, nor can anyone tell how many times somebody voted.

Then if the algorithm and voting record were both publicized, you'd be assured that your vote was correctly counted (because you trust the algorithm, not because you can read the record).

With only these three points, maybe the government could drop votes from the record selectively. (Drop vote, recount. Didn't help me? Put it back, drop the next one, recount...).

But this could be solved if you could also "vote" a signature of others votes. You'd encrypt this signature with some secret. Then, say, your local watchdog group could sign the votes of you and all of your friends. If your votes go missing or the signature goes missing, the watchdog will notice and publicize the secret needed to verify this. Otherwise, the watchdog does nothing and nobody even knows what was signed.

You could even be your own watchdog, though if a lone guy is saying "my signature is bad, they're tampering!" people would likely assume he just did the signature wrong and ignore him. But if the ACLU were to say this, that would be a big deal. And since nobody could match the signature to the watchdog until their secret was published (after the election), any tampering would therefore run a risk of being noticed.


(Log in to post comments)

Security quotes of the week

Posted Feb 9, 2013 21:50 UTC (Sat) by renox (subscriber, #23785) [Link]

>On the other hand, having no public record means that the vote-counters can change your vote and you'd be none the wiser.

which is why on 'normal' votes, you can attend the vote-counting..
Not possible of course with 'Internet' votes or machine voting, both are of course very bad ideas.

Security quotes of the week

Posted Feb 11, 2013 23:56 UTC (Mon) by nix (subscriber, #2304) [Link]

Yes, there are indeed such crypto tricks. Unfortunately, they fall foul of another requirement of voting systems: that they must be understandable by the common voter. If only Ron Rivest and his fellow crypto deities can understand said system and be satisfied that it is secure, then the thing is useless, be it ever so wonderful.

Security quotes of the week

Posted Feb 12, 2013 2:18 UTC (Tue) by Cyberax (✭ supporter ✭, #52523) [Link]

It's pretty simple - the system randomizes the order of candidates and you get only one part of it.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds