FC: E-voting paper analyzes "usability" problems of currentsystems
Ed Gerck
egerck at nma.com
Wed Jun 19 20:42:17 EDT 2002
[Moderator's note: I'm not sure I agree with Mr. Gerck's conclusion,
given that I don't think the proof is incorrect, but... --Perry]
> Forwarded below is an email from Dr. Rebecca Mercuri whose
> PhD dissertation contained a proof that an electronic voting
> system can be either secure (tamper proof) or anonymous
> (as in secret ballot), but NOT BOTH, "The requirement for
> ballot privacy creates an unresolvable conflict with the
> use of audit trails in providing security assurance".
The conclusion is incorrect. There is actually more than one way
to provide for ballot privacy and use effective audit trails in
electronic voting systems.
One way is to have a (sufficiently redundant) witness system
that records what the voter sees and approves as the ballot
is cast by the voter, without recording who the voter is. The
witness system can include independent witnesses controlled
by every party or observer of the election. The vote tally result
can be verified with a confidence level as close to 100% as desired
by tallying a percentage of those witness records. The theoretical
basis for such a system is Shannon's 10th theorem. For a presentation,
see http://www.vote.caltech.edu/wote01/pdfs/gerck-witness.pdf
Another way is to provide each voter with a double-blind
digital certificate that includes a nonce, and using homomorphic
enccryption for further protecting the voting pattern from
disclosing the voter's indentity (the Mafia attack) . The nonce
allows for an effective audit trail per voter without disclosing the voter's
identity. See http://www.vote.caltech.edu/wote01/pdfs/gerck.pdf
Cheers,
Ed Gerck
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list