voting
l.crypto at stewart.org
l.crypto at stewart.org
Thu Apr 8 11:15:52 EDT 2004
Having a paper ballot printed by machine (and checked by the votor) before
being dropped in a box may permit some additional cross-checks:
* Put serial numbers or something like them, on each ballot, so that
missing or added ballots can be detected.
* Put check digits on each ballot, so that alterations can be detected.
In order to avoid a big key management problem, perhaps each machine
could generate its own key-pair, and print the public half on each
ballot. Perhaps the check digits could be chained through the whole
sequence of ballots so that adversaries have to modify the whole
tail sequence to change one. Perhaps at the end of the sequence, the
machine could generate a known set of void ballots, making changing the
tail after the fact impossible.
* Print a receipt for the actual votor that can be used by the votor
to check that her vote was actually recorded. Ideally, the receipt
should also be able to confirm that the actual intended votes were recorded.
It should not be possible to compute the votes from the receipt.
It should not be possible for an inquiry about a vote from the receipt
holder to tie the identity of the votor to the votes.
This last item would help my degree of confidence - I'd like to be able
to independently confirm, myself, that my vote was accurately recorded.
Naturally, the sequence information must not be traceable to an individual -
this is usually the case in manual sign-in systems that match votors to
registration books. I would be skeptical about automated sign-in.
-Larry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list