PunchScan voting protocol
John Denker
jsd at av8n.com
Wed Dec 12 09:55:16 EST 2007
Hi Folks --
I was wondering to what extent the folks on this list have taken
a look the PunchScan voting scheme:
http://punchscan.org/
The site makes the following claims:
>> End-to-end cryptographic independent verification, or E2E, is a
>> mechanism built into an election that allows voters to take a
>> piece of the ballot home with them as a receipt. This receipt
>> does not allow voters to prove to others how they voted, but it
>> does permit them to:
>>
>> * Verify that they have properly indicated their votes to
>> election officials (cast-as-intended).
>> * Verify with extremely high assurance that all votes were
>> counted properly (counted-as-cast).
>>
>> Voters can check that their vote actually made it to the tally,
>> and that the election was conducted fairly.
Those seem at first glance to be a decent set of claims, from
a public-policy point of view. If somebody would prefer a
different set of claims, please explain.
PunchScan contains some nifty crypto, but IMHO this looks like
a classic case of too much crypto and not enough real security.
I am particularly skeptical of one of the FAQ-answers
http://punchscan.org/faq-protections.php#5
Several important steps in the process must be carried out in
secret, and if there is any leakage, there is unbounded potential
for vote-buying and voter coercion.
The Boss can go to each voter and make the usual silver-or-lead
proposition: Vote as I say, and then show me your voting receipt.
I'll give you ten dollars. But if I find out you voted against
me, I'll kill you.
The voter cannot afford to take the chance that even a small
percentage of the ballot-keys leak out.
1) It would be nice to see some serious cryptological protection
of election processes and results.
2a) I don't think we're there yet.
2b) In particular I don't think PunchScan really solves "the"
whole problem.
3) I'd love to be wrong about item (2). Does anybody see a way
to close the gaps?
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list