Intuitive cryptography that's also practical and secure.

Ed Gerck edgerck at
Sat Jan 27 14:46:17 EST 2007

[Perry, please use this one if possible]

Matt Blaze wrote:
> an even more important problem
> than psychic debunking, namely electronic voting. I think "intuitive
> cryptography" is a very important open problem for our field.


You mentioned in your blog about the crypto solutions for voting and
that they have been largely ignored. The reason is that they are either
solutions to artificially contrived situations that would be impractical
in real life, or postulate conditions such as threshold trust to protect
voter privacy that would not work in real life. Technology-oriented
colleagues are not even aware why threshold trust would not work in

Thus, the first problem of voting is that neither side (paper vote vs
e-vote accepts that voting is hard to do right -- and that we have not
done it yet.

The real-world voting problem is actually much harder than people think.

Voting is an open-loop process with an intrinsic "vote gap", such that
no one may know for sure what the vote cast actually was -- unless one
is willing to sacrifice the privacy of the vote. This problem is

A solution [1], however, exists, where one can fully preserve privacy
and security, if a small (as small as you need) margin of error is
accepted. Because the margin of error can be made as small as
one needs and is willing to pay, it is not really relevant. Even when
all operational procedures and flaws including fraud and bugs are
taken into account.

The solution seems fairly intuitive. In fact, it was used about 500
years by the Mogul in India to prevent fraud.

The solution is also technologically neutral, but has more chances for
success, and less cost, with e-voting.

Ed Gerck

[1] In Shannon's cryptography terms, the solution reduces the probability
of existence of a covert channel to a value as close to zero as we want.
The covert channel is composed of several MITM channels between the voter
registration, the voter, the ballot box, and the tally accumulator. This
is done by adding different channels of information, as intentional
redundancy. See
I can provide more details on the fraud model, for those who are

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list