Intuitive cryptography that's also practical and secure.
Andrea Pasquinucci
cesare at ucci.it
Tue Jan 30 15:33:52 EST 2007
On Fri, Jan 26, 2007 at 05:58:16PM -0500, Matt Blaze wrote:
*
* It occurs to me that the lack of secure, practical crypto primitives and
* protocols that are intuitively clear to ordinary people may be why
* cryptography has had so little impact on an even more important problem
* than psychic debunking, namely electronic voting. I think "intuitive
* cryptography" is a very important open problem for our field.
I can bring you my personal experience on this. I have been working for
the last 2 years on a project about web-voting
(http://eballot.ucci.it/), the system is now up and running and one
election has been already done with it. I tried the best I could to make
it simple and understandable, but people reactions have been worse than
what I expected. Even if I tried to explain how the system works, how is
the protocol, where cryptography enters etc.etc., I received comments
like:
- please remove all these comments about digital certificates etc., just
write in the first page "protected by 128bit SSL" as everybody else does
- there are too many pages, can't you give in the first page the form to
vote and ask the credentials for voting, and a second page of
acknowledgment that the vote has been received?
- this receipt stuff and checking the votes are dangerous, please give
only the totals at the end and no receipts
and so on (I spare you the 'graphical design is lousy', which it is, and
similar).
After having talked with some people, my feeling is that the averge guy
feels more confident to vote in a web-site "protected by 128bit SSL",
a lot of logos, javascripts, moving objects etc. (the more stuff there
is on the web site, the more impressive are the guys who made it) and a
big database (better if Oracle) to store your votes. Unfortunately the
voting experience on my system is exactly the opposite :-(
Andrea
PS. any comment on my protocol/system is greatly appreciated.
--
Andrea Pasquinucci cesare at ucci.it
PGP key: http://www.ucci.it/ucci_pub_key.asc
fingerprint = 569B 37F6 45A4 1A17 E06F CCBB CB51 2983 6494 0DA2
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list