Re: electronic voting system
From: Bill Unruh (unruh_at_string.physics.ubc.ca)
Date: 11/18/04
- Next message: vigalchin_at_gmail.com: "RSA's C_ImportPKCS12 function"
- Previous message: Johannes Gerster: "Generator of the group of quadratic resudues"
- In reply to: Zeljko Vrba: "electronic voting system"
- Next in thread: mechmech: "Re: electronic voting system"
- Reply: mechmech: "Re: electronic voting system"
- Reply: Michael Amling: "Re: electronic voting system"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 18 Nov 2004 19:15:56 GMT
Zeljko Vrba <ime.prezime@oss.unist.hr> writes:
]-----BEGIN PGP SIGNED MESSAGE-----
]Hash: RIPEMD160
]What is wrong with the following electronic voting scenario:
]1. The government issues as many blank smart-cards as there are registered
] voters. Each card has a unique serial number that is made public.
]2. There are two state-wide lists: one of registered voters, and one with
] serial numbers of issued cards.
]3. Each voter picks up his card at a government office. This is recorded in
] the voters list (which must be always online) so that he can't pick up a
] card at another office. He is allowed to choose an arbitrary unmarked card
] from a pile of cards. That way the serial number of the card can't be
] linked to the voter so that his vote remains unknown to anyone but himself.
]4. At the office, the voter inserts the card into the provided terminal
] equipment to generate a public/private key pair (this is to ensure that the
] private key is not known to the card manufacturer beforehand). The
] goverment publishes the 'certificate' for the registered voter's card
] containing (public key, card serial number) pair as the only information.
]5. When it comes to elections, the voter signs the (choice, card serial#)
] with his on-card private key.
]This scenario has the following properties:
] - anonimity (public card data and voter's choice can't be linked to the
] real person)
] - votes can't be forged
] - votes can be easily verified to be authentic
] - it is possible to prevent a single voter to vote multiple times
] - it is not possible to insert additional cards in the list to fake votes
] because there is a state-wide list of serial numbers. votes with card
] serial number not appearing on the government list of serials are
] discarded (unless someone tampers with the list, which should be protected
] against modification).
And it is impossibly complicated. Even getting voters to register is hard.
To have them spend an hour or two going through this palaver to get a card
which they can then at a later date use to vote is hopeless. It is another
example of technical fixes which correspond in no way to human behaviour.
]
]One problem with this scheme that comes to mind is with lost cards: a voter
And that is another problem.
]can't request a replacement card without proving that he lost the previous
](otherwise, he could lie that he lost the card and thus obtain the right to
]two votes). However, the proof would reveal all of his past votes.
How would the proof do that?
And when your neighbourhood goon comes around and demands your public key,
how do you stop him?
Secret ballot should mean that the way a person votes should be kept secret
under a whole variety of threat models.
]What else needs to be fulfilled to have fair anonymous elections? This scheme
]seems simple, so it could lead to system where the majority of CITIZENS decide
]about laws, regulations and THEIR interests, not the majority of CONGRESS and
]congressmen's interests.
It is neither simple, anonymous or fair.
- Next message: vigalchin_at_gmail.com: "RSA's C_ImportPKCS12 function"
- Previous message: Johannes Gerster: "Generator of the group of quadratic resudues"
- In reply to: Zeljko Vrba: "electronic voting system"
- Next in thread: mechmech: "Re: electronic voting system"
- Reply: mechmech: "Re: electronic voting system"
- Reply: Michael Amling: "Re: electronic voting system"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
