[ale] OT: Electronic Voting in GA
Joe Knapka
jknapka at kneuro.net
Fri Oct 31 01:46:52 EST 2003
"Michael D. Hirsch" <mhirsch at nubridges.com> writes:
> On Tuesday 28 October 2003 02:12 pm, Jeff Hubbs wrote:
[scissors of brevity]
> > Say all you want about quantum cryptography, but how to you keep it or any
> > other mechanism from being perverted or subverted?
>
> Hell if I know. Voting mechanisms have so many possible failure points that
> the security of the transmission is probably the part I worry about least.
> Given the insecurities of recording the proper vote initially, insecure
> storage mechanisms, no audit trail, etc, why would anyone bother trying to
> crack the transmission security?
The point of secure voting protocols is not (merely) transmission
security. Rather, it is to make the voting process:
(1) Incorruptible, in that the vote counts cannot be manipulated,
even by an "insider", without that manipulation being obvious, and
(2) Transparent, in that the voter can positively verify that
his vote was properly tabulated.
In this regard, the use of PKC in secure voting protocols is not (or
not only) to obscure the content of the messages being passed among
the various entities involved in the voting process. Instead, it is to
insert "tags" into the data stream that enable the data to be tracked
and verified at every stage. For example, one step of a secure voting
protocol might be to take the cleartext of one's vote and append to it
a hash value derived by applying some one-way function to the vote
data and one's private key, then pass that cleartext data and the hash
along to the vote-counting authority. If that hash value doesn't turn
up in some form among the tabulated vote data, that constitutes
evidence that one's vote was maliciously altered. The point of that
application of a PKC technique isn't to make one's vote hard to read;
rather it's to make it possible to verify that one's vote was counted
properly.
If you read some of the literature about this subject (and again, the
relevant sections of Schneier's "Applied Cryptography" are very good),
you'll find that even in the presence of a potentially "corrupt"
infrastructure, it's still possible to build a voting system that's
provably secure and transparent *in principle* -- ASSUMING that the
cryptographic techniques employed are really as secure as they are
believed to be. Naturally, that assumption may be wrong, in the
absence of formal proofs of correctness; nonetheless, such a system
would be far better than the fecal matter Deibold is promulgating.
Cheers,
-- Joe Knapka
More information about the Ale
mailing list