Intuitive cryptography that's also practical and secure.

Andrea Pasquinucci liste at
Mon Feb 5 03:08:30 EST 2007

On Sat, Feb 03, 2007 at 08:52:35PM -0800, Joseph Ashwood wrote:

----- Original Message -----
From: "Andrea Pasquinucci" <cesare at>
To: "Cryptography" <cryptography at>
Sent: Tuesday, January 30, 2007 12:33 PM
Subject: Re: Intuitive cryptography that's also practical and secure.

* >I have been working for
* >the last 2 years on a project about web-voting
* >(
* >PS. any comment on my protocol/system is greatly appreciated.
* If I'm reading the design correctly, the biggest failure I see is that it 
* is open to coersion. It is possible to hold someone's family or other 
* personally important stuff for ransom for a receipt that reflects voting 
* "correctly."
*                    Joe 

Yes it is by design, and I state it very clearly. 

Even if I would use biometrics for authentication I cannot prevent a 
voter at home in front of her PC to take a picture of the screen when 
she is voting as a proof of what she has voted for, or to sit next to a 
coercer with a gun watching her voting. 

The fact that the voter is remote and outside a controlled location 
makes it impossible to guarantee incoercibility and no-vote-selling. 
This is not a crypto or IT problem. I do not think (correct me if I am 
wrong) that it is possible to design a web-voting system where you can 
vote from any PC in the world which guarantees against this.

Consider that in Italy in normal political elections with only paper 
ballots (no voting machines) it happened that the mafia gave voters 
mobile phones with cameras or mini cameras to take a picture of the 
paper ballot when the voter was in the booth as a proof of the vote.
And this with armed police just outside the booth. What can I do when 
it is possible to vote from home?

Concerning a technical point on my system, the receipt that my system 
gives to the voter has data which allow easily to learn the vote, 
actually this is part of the procedure to check the correctness of the 
result. I know that there are protocols which aim to give receipts such 

1. the voter can check that her vote has been counted correctly

2. she cannot prove to a third person how she has voted

(see for example Rivest "Three-ballot voting system") but I haven't 
found one which fits in with my system and at the same time is easy 
enough so that people can use it (they complain already that my system 
is too complicated...).


Andrea Pasquinucci                     liste at -

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list