[Cryptography] Questions about crypto that lay people want to understand

Michael Kjörling michael at kjorling.se
Sun Dec 20 17:21:05 EST 2015 

On 20 Dec 2015 01:55 -0800, from bear at sonic.net (Ray Dillinger):
>> * If HTTPS is good enough for my bank account, how come I can't use
>> it to vote? Why do I have to vote in person?
> 
> Your bank only accepts https because they have insurance that will
> reimburse them if their certificate gets spoofed.  There isn't any
> insurance that can give us back democracy, and the attackers are
> willing to devote a lot more resources to stealing it than thieves
> are willing to devote to stealing from banks.

Additionally, your bank has very different requirements for secure
identification of the person performing a transaction than those
involved, for example, in voting. This comes down not really to
confidentiality, as much as anonymity and auditability.

Your bank wants to make sure that you and only you (and those you
authorize, but that's in some ways the same thing and in other ways
completely unrelated) are able to take action with regards to your
bank account. An easy way to do that is to have some secure method of
identification.

In this case, HTTPS is nothing more than the transport, just like
signed forms can be sent back and forth in the mail (hopefully within
envelopes).

A basic set of requirements for the voting process in most democratic
systems is that we can, at a minimum, ensure that:

1. a single person can cast no more than one vote in a given election,
2. that only people authorized to vote in the election are able to
   vote or otherwise influence the outcome,
3. that the final results are auditable,
4. that anyone can review the process,
5. _and_ at the same time that it is not possible to tell how (e.g.,
   for which candidate) any one specific voter _actually voted_
   (unless they disclose it themselves, but even then, there should be
   no way for a third party to _verify_ the claim)

I think most people can agree that these are all goals worth striving
for in a pick-your-government kind of voting process, regardless of
how it is implemented.

This set of requirements is fairly trivial to meet when using a
physical process like voting in person at a voting station of some
kind, but is decidedly non-trivial in an electronic process,
particularly one performed remotely such as from one's home over the
Internet.

For a start, when voting remotely, no matter how secure the transport
(postal mail or HTTPS over TCP/IP alike), you can give no _guarantees_
that the person voting is alone (or at the very least offered a
realistic choice of being alone) when they commit to their choice. Not
being able to guarantee confidentiality in one's choice when voting,
even if all else is _perfect_, means that several of the listed
requirements are violated. Specifically in the list above, it casts
serious doubt on #1 and #2, and outright fails #5.

Of course in an ideal world, we would also like to be able to verify
that _our particular vote_ was included in the final results, without
violating any of the other requirements listed above.

-- 
Michael Kjörling • https://michael.kjorling.semichael at kjorling.se
                 “People who think they know everything really annoy
                 those of us who know we don’t.” (Bjarne Stroustrup)

More information about the cryptography mailing list