[Cryptography] securing the ballot scanners

[Natanael]

Den 12 nov 2016 23:06 skrev "John Denker" <jsd at av8n.com>:
>
> I wrote:
> >> I reckon there is a role for cut-and-choose at some point: pick
> >> some subset of the machines and tear them down to bare metal and
> >> bare silicon.

In the model of paper and pen, 3-ballot already fixes it. Omission of votes
is provable, and voting is easy, yet anonymity is preserved even if
somebody gets your voting receipt paper (it alone doesn't reveal what your
vote was).

http://rangevoting.org/RivSmiPRshort.html

You don't need to trust the counting machines, because the result is
auditable.

If you're really paranoid, put votes on a conveyor belt under glass and let
multiple independent machines photograph them. Hash and timestamp the
images and checkpoint them in public (Bitcoin blockchain?).

Of course the votes would be sealed after filled in, then scrambled once
put in the box (lottery style), then only get unsealed and counted in
batches (resists timing attacks to some degree).

---

The electronic voting model is much harder, the one in which the voters has
personal cryptographic keypairs to sign the votes with.

You have to limit the power of coercion, so remote voting that can't be
overridden by an in-person vote in a voting booth is ruled out. As an
example, blockchain voting doesn't make much sense for anything where the
vote contents is sensitive.

You have to make it auditable, and allow people an ability to trust that
their votes was correctly processed. Yet it must remain anonymous - a vote
receipt must not reveal what your vote was, and still provide confidence to
the voter that everything was handled correctly.

If votes are submitted in plaintext, they must be submitted anonymously
with timing attack resistance. This is very difficult to guarantee.

If votes are encrypted, you need advanced crypto like homomorphic
encryption or secure multiparty computation to count the votes - this hurts
transparency in the process (from the perspective of the average voter),
although a combination with zero-knowledge proofs would make the guarantee
of correctness stronger - assuming you trust the algorithms!

You need to guarantee to the voter that their vote ciphertext corresponds
to their intended vote, and that it was counted correctly (signed and
timestamped?), and that votes can't be individually decrypted and traced to
them.

With multi-part votes (to resist tracking), you need to confirm the parts
were all counted and yet not linkable to each other and/or linkable to you.

The input hardware must be secure and privacy preserving. You don't want a
machine that can spy on the voters. Multiple voting machines that people go
between only makes it worse (if entering the full vote in plaintext on
each) .

Potentially you can divide the electronic vote in 3-ballot style for using
multiple machines to enter the vote (except electronically), but that hurts
usability severely.

So ideally you want personal hardware to enter the votes, but how do you
get that hardware to voters? How do you make it cheap, yet secure? You can
piggyback on existing ID card issuance processes (which would suddenly
become a much higher value target), make the ID:s smartcards and then
provide hardware with some interface for voting - but what if security
holes are found in these devices?

And then you want to only use them inside the voting booth during the vote
(to resist coercion). You need strong Tempest resistance, but is that even
plausible (both button pressed and capacitive screens can be spied on, as
can reflections of the screen image)? And then you hand the vote to a
machine that records it (perhaps display an encrypted Qr code to it?).

My prior writings on the topic:

https://roamingaroundatrandom.wordpress.com/2014/06/16/an-mpc-based-privacy-preserving-flexible-cryptographic-voting-scheme/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161115/dc0deda8/attachment.html>