voting

Trei, Peter ptrei at rsasecurity.com
Fri Apr 9 11:05:40 EDT 2004 

	"privacy" wrote:
	[good points about weaknesses in adversarial system deleted]

> It's baffling that security experts today are clinging to the outmoded
> and insecure paper voting systems of the past, where evidence of fraud,
> error and incompetence is overwhelming.  Cryptographic voting protocols
> have been in development for 20 years, and there are dozens of proposals
> in the literature with various characteristics in terms of scalability,
> security and privacy.  The votehere.net scheme uses advanced cryptographic
> techniques including zero knowledge proofs and verifiable remixing,
> the same method that might be used in next generation anonymous remailers.
> 
Our anonymous corrospondent has not addressed the issues I raised in my 
initial post on the 7th:

1. The use of receipts which a voter takes from the voting place to 'verify'
that
their vote was correctly included in the total opens the way for voter
coercion.

2. The proposed fix - a blizzard of decoy receipts - makes recounts based
on the receipts impossible.

> Given that so many jurisdictions are moving towards electronic voting
> machines, this is a perfect opportunity to introduce mathematical
> protections instead of relying so heavily on human beings.  I would
> encourage observers on these lists to familiarize themselves with the
> cryptographic literature and the heavily technical protocol details
> at http://www.votehere.com/documents.html before passing judgement on
> these technologies.
> 
Asking the readers of this list to 'familiarize themselves with the
cryptographic
literature', is, in many cases,  a little like telling Tiger Woods that he 
needs to familiarize himself with the rules of golf. We know the 'advanced 
cryptographic techniques' you refer to. We also know what their limitations
- 
what they can and cannot do. This is not the appropriate forum to try to say

"trust me".

Answer this:

1. How does this system prevent voter coercion, while still allowing receipt
based recounts? Or do you have some mechanism by which I can
personally verify every vote which went into the total, to make sure they
are correct?

2. On what basis do you think the average voter should trust this system,
seeing as it's based on mechanisms he or she cant personally verify?

3. What chain of events do I have to beleive to trust that the code which
is running in the machine is actually and correctly derived from the 
source code I've audited? I refer you to Ken Thompsons classic paper 
"Reflections on trusting trust", as well as the recent Diebold debacle
with uncertified patches being loaded into the machine at the 
last moment.

This last is an important point - there is no way you can eliminate the
requirement of election officials to behave legitimately. Since that
requirement can't be done away with by technology, adding technology
only adds more places the system can be compromised.

Based on the tone of this letter, I'd hazard a guess that 'privacy' has a
vested interest in VoteHere. If this true, it's a little odd that they are
willing to expose their source code, but not their name. We don't
bite, unless the victim deserves it :-) Opening your source is an
admirable first step - why not step out of the shadows so we can
help you make your system better?

I fear a system which does not have a backup mechanism that the
average voter can understand. While it's true that non-electronic
systems are subject to compromise, so are electronic ones, 
regardless of their use of ZK proofs, or 'advanced cryptographic
techniques".

I do think electronic voting machines are coming, and a good
thing. But they should be promoted on the basis that they 
are easier to use, and fairer in presentation, then are manual
methods. Promoting them on the basis that they are more
secure, and less subject to vote tampering is simply false.

Peter Trei
Cryptoengineer
RSA Security

Disclaimer: The above represents my personal opinions only.






---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list