Intuitive cryptography that's also practical and secure.

Andrea Pasquinucci cesare at ucci.it
Tue Jan 30 15:33:52 EST 2007 

On Fri, Jan 26, 2007 at 05:58:16PM -0500, Matt Blaze wrote:
* 
* It occurs to me that the lack of secure, practical crypto primitives and
* protocols that are intuitively clear to ordinary people may be why
* cryptography has had so little impact on an even more important problem
* than psychic debunking, namely electronic voting. I think "intuitive
* cryptography" is a very important open problem for our field.

I can bring you my personal experience on this. I have been working for 
the last 2 years on a project about web-voting 
(http://eballot.ucci.it/), the system is now up and running and one 
election has been already done with it. I tried the best I could to make 
it simple and understandable, but people reactions have been worse than 
what I expected. Even if I tried to explain how the system works, how is 
the protocol, where cryptography enters etc.etc., I received comments 
like:

- please remove all these comments about digital certificates etc., just 
write in the first page "protected by 128bit SSL" as everybody else does

- there are too many pages, can't you give in the first page the form to 
vote and ask the credentials for voting, and a second page of 
acknowledgment that the vote has been received?

- this receipt stuff and checking the votes are dangerous, please give 
only the totals at the end and no receipts

and so on (I spare you the 'graphical design is lousy', which it is, and 
similar).

After having talked with some people, my feeling is that the averge guy 
feels more confident to vote in a web-site "protected by 128bit SSL", 
a lot of logos, javascripts, moving objects etc. (the more stuff there 
is on the web site, the more impressive are the guys who made it) and a 
big database (better if Oracle) to store your votes. Unfortunately the 
voting experience on my system is exactly the opposite :-(

Andrea

PS. any comment on my protocol/system is greatly appreciated.

--
Andrea Pasquinucci                     cesare at ucci.it
PGP key: http://www.ucci.it/ucci_pub_key.asc
fingerprint = 569B 37F6 45A4 1A17 E06F  CCBB CB51 2983 6494 0DA2

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list