PunchScan voting protocol

John Denker jsd at av8n.com
Wed Dec 12 09:55:16 EST 2007

Hi Folks --

I was wondering to what extent the folks on this list have taken
a look the PunchScan voting scheme:


The site makes the following claims:

>> End-to-end cryptographic independent verification, or E2E, is a
>>  mechanism built into an election that allows voters to take a 
>> piece of the ballot home with them as a receipt. This receipt 
>> does not allow voters to prove to others how they voted, but it
>>  does permit them to:
>> * Verify that they have properly indicated their votes to 
>> election officials (cast-as-intended).
>> * Verify with extremely high assurance that all votes were
>> counted properly (counted-as-cast).
>> Voters can check that their vote actually made it to the tally,
>> and that the election was conducted fairly.

Those seem at first glance to be a decent set of claims, from
a public-policy point of view.  If somebody would prefer a
different set of claims, please explain.

PunchScan contains some nifty crypto, but IMHO this looks like
a classic case of too much crypto and not enough real security.

I am particularly skeptical of one of the FAQ-answers

Several important steps in the process must be carried out in
secret, and if there is any leakage, there is unbounded potential
for vote-buying and voter coercion.
  The Boss can go to each voter and make the usual silver-or-lead
  proposition:  Vote as I say, and then show me your voting receipt.
  I'll give you ten dollars.  But if I find out you voted against
  me, I'll kill you.

The voter cannot afford to take the chance that even a small
percentage of the ballot-keys leak out.

1) It would be nice to see some serious cryptological protection
of election processes and results.

2a) I don't think we're there yet.

2b) In particular I don't think PunchScan really solves "the"
whole problem.

3) I'd love to be wrong about item (2).  Does anybody see a way
to close the gaps?

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list