Re: Proposed Electronic Ballot Image Format

From: David Mertz <voting-project_at_gnosis_dot_cx>
Date: Mon Aug 25 2003 - 02:07:15 CDT

Arthur Keller wrote:
|>What, if any, digital signatures of ballot bar codes are needed to
|>help prevent forgeries?

Last month I wrote what I still strongly believe is the correct approach
to cryptographic security of ballots (and equally of electronically
transmitted voting results--the same method applies in both cases, and
consistency between the two can be checked). See:

    http://gnosis.python-hosting.com/voting-project/initial-digests/0109.html

There were some clarifying followup questions, but I believe a careful
reading of the original post shows it remains correct.

Dennis Paull <dpaull@svpal.org> wrote:
|Since ballots are secret, how and for what purpose would a forgery
|be created? A voter only gets to cast a single ballot, so it might
|as well be the correct one.

Here is one extremely plausible attack scenario for an EVM+Paper system;
one that the security meausre I point to will guard against.

An inside attacker, Mallory, wishes for a precinct to cast extra
(fictictious) votes for Zachary. For example, Mallory might be a poll
worker (approximately that degree of inside access would suffice).
Mallory creates a number of false Zachary paper ballots, specifically
ones that purport to have been cast on Machine One. Before the close of
voting, Mallory inserts those false paper ballots into the ballot box;
AND Mallory damages Machine One to a degree sufficient that its accuracy
cannot not trusted. The attach on the EVM may be electronic, or it may
simply be physical (e.g., acid spilled on the HDD).

During tabulation, electronic records from Machine One can no longer be
trusted. Therefore, tabulators must resort to counting the paper
ballots (allegedly) produced by Machine One. However, since Mallory has
also inserted overvotes into the ballot box, the polling place contains
a surplus of votes for Zachary by every reproducible count.

...unless, of course, the cryptographic procedure I recommend was used.
Then Mallory is entirely thwarted.

Yours, David...

--
    _/_/_/ THIS MESSAGE WAS BROUGHT TO YOU BY: Postmodern Enterprises _/_/_/
   _/_/    ~~~~~~~~~~~~~~~~~~~~[mertz@gnosis.cx]~~~~~~~~~~~~~~~~~~~~~  _/_/
  _/_/  The opinions expressed here must be those of my employer...   _/_/
 _/_/_/_/_/_/_/_/_/_/ Surely you don't think that *I* believe them!  _/_/
==================================================================
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
==================================================================
Received on Sun Aug 31 23:17:15 2003

This archive was generated by hypermail 2.1.8 : Sun Aug 31 2003 - 23:17:18 CDT