Re: Critical analysis of VoteHere

From: Amit Sahai <sahai_at_CS_dot_Princeton_dot_EDU>
Date: Sat Dec 20 2003 - 01:10:27 CST

Clay and others,

> I am going to say it. I'm getting the impression that the off-list
> security wiki is a ploy to avoid discussing these issues. Clearly these
> things are finalized in Alan's eyes. (I hope I am wrong. Please let me
> know otherwise.)

I assure you that I have no such ulterior motives in proposing the move to
a wiki-based discussion (and I have detected no such motives in my
conversations with Alan). My hope is that, rather than the very
interesting but mostly conclusion-less discussion currently underway, all
these same issues will be hashed out in a more constructive and organized
manner. But we need to start with the basics, which is understandably
boring, but necessary in any serious attempt at analyzing and designing a
secure system.

With that, I encourage you to contribute your thoughts below into the
wiki. Even partial additions to the description and security assessment
would be quite useful. The text I used to start the discussion is only a
guideline. Feel free to add descriptions and discussions about other
systems there if you wish. This wiki is an experiment, let's see if it
will actually yield something useful.

If we are only willing to throw out ideas, but not analyze a full proposal
carefully, these discussions won't help (at least with regard to security

Amit Sahai
Prof. Amit Sahai
Department of Computer Science
Princeton University

> With the idea that these things are not finalized, I'll start with the
> pros and cons of Alan's proposed system.
> Pros:
> * Easy for party officials to understand what needs to be protected
> (paper ballots and CDs).
> * Party officials understand *well* the procedures to protect paper
> ballots. This knowlegdge is useful for protecting CDs.
> Cons:
> * Comparing paper ballots, CDs, and pub/priv key signatures: CDs take
> less time to verify the electronic copy than paper ballots, but take
> longer than pub/priv key signatures, b/c with CDs, you have to
> physically move them to a location.
> * CDs would not allow anyone to verify an election, while pub/priv keys
> signatures have that opportunity. Allowing non-partisan individuals,
> activists, and journalists verify the elections will lead to a safer
> election.
> -Clay
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Wed Dec 31 23:17:15 2003

This archive was generated by hypermail 2.1.8 : Wed Dec 31 2003 - 23:17:19 CST