Intuitive cryptography that's also practical and secure.

Ed Gerck edgerck at nma.com
Mon Feb 5 17:05:13 EST 2007 

Andrea Pasquinucci wrote:
>or to sit next to a 
> coercer with a gun watching her voting. 
> 
> The fact that the voter is remote and outside a controlled location 
> makes it impossible to guarantee incoercibility and no-vote-selling. 
> This is not a crypto or IT problem. I do not think (correct me if I am 
> wrong) that it is possible to design a web-voting system where you can 
> vote from any PC in the world which guarantees against this.

It is possible and has been done by Safevote, the first time in 2001.
The solution also prevents vote selling. The solution was verified and
approved by the Swedish Ministry of Justice.

This is how it works. Voters are allowed to cast as many ballots as
desired but only the last ballot is counted (this is called the CL product
option). If anyone forces or rewards the voter for voting in a certain way,
and even watches the voter vote, the voter may always vote again afterwards
and effectively erase the former vote when in privacy. The coercer would have
to follow the voter 24/7 to prevent this.

There is a second method, also used by Safevote in 2001 and positively
evaluated by the Swedish Ministry of Justice. Voters can use the
Internet to vote but also in a supervised environment, a precinct, where the
voter is alone to vote. The vote cast at the precinct trumps the vote
cast elsewhere, which allows the voter an easy recourse in case of
difficulty (spouse, etc.).

This is often ignored by opponents of online voting, that online voting
does not eliminate precinct voting; it just allows it to be sent online
as well in a controlled environment. This also means that no one
needs to buy a computer or have Internet connection to vote -- there's
no "digital divide". People can continue to use the precinct and vote
as usual.

About the screen picture issue, Safevote allows voters to print all
pages of the ballot, and all ballot choices made by the voter. However,
the server provides the ballot pages in such a way that the voter cannot
prove (except to himself when voting) how the voter actually voted. This
procedure also helps prevent vote selling and coercion. The voter cannot
produce a non-repudiable proof of how the voter voted.

Best,
Ed Gerck

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list