Re: open-audit elections

From: Ben Adida <ben_at_eecs_dot_harvard_dot_edu>
Date: Wed Dec 13 2006 - 01:16:53 CST


You're now making a number of implementation assumptions and fairly deep
threat analysis against crypto voting. That's certainly fair, but you
don't seem to go nearly as deep in analyzing the many issues of
chain-of-custody-based voting systems.

This is what worries me most about the state of things: new systems are
placed under intense scrutiny, which is good, but existing
chain-of-custody systems are not, which is disastrous.

Regarding your specific points:

> This is yet another layer of testing that ordinary citizens won't understand
> the need for, and that must, therefore, be delegated to experts. The deeper
> you go, the more complex it gets, as with chain-of-custody e-voting systems.

Testing that a machine presents the right ballot is too complicated for
ordinary citizens to understand? I disagree. It seems fairly

> Not so impossibly hard. It's really quite easy for auditors to slip up and do
> something that permits a sufficiently crafty attacker to distinguish an
> auditor from a real voter, e.g., using the same voter cards over and over.


Sure, good points. To address this, the machines should be isolated in a
Faraday cage (fairly easy). Recall that they require no
voter-identifying information. Since they're not the ballot casting
machine, they just help you prepare an un-identified ballot. The machine
can't tell the difference between a voter and an auditor.

The separation of ballot preparation and casting tends to make things
quite a bit simpler on the implementation front, actually.

> Cryptographic systems do nothing to end this game of cloak and dagger.

No, this is incorrect. That's exactly the point of cryptographic
systems. I think there's a major gap in understanding that I'm trying to
bridge here. This is *very* different from the usual cloak-and-dagger
situation that is, indeed, typical of all chain-of-custody systems like
paper ballots or optical scan.

I'll continue to think of other ways to explain this. But the point is,
with an end-to-end verification, you don't have to worry about the
cloak-and-dagger stuff nearly as much.

> Instead, like all e-voting systems, they open attack vectors that are
> ill-understood and easy to stab yourself upon.

so you're proposing paper only?

> I still need to plow through the VHTI paper to better understand what
> guarantees crypto systems really provide. Before I do that, I will not venture
> an opinion on the relative merits of crypto systems' auditability versus that
> of chain-of-custody systems.

Okay, I can summarize it for you (though you shouldn't take my word for
it, do go read the papers):

- you get a personal guarantee that your vote was properly captured by
the machine by checking a short two-letter code next to the candidate of
your choice.

- you can check your receipt against the posted ballots.

- everyone gets a guarantee that posted ballots are tallied correctly
(irrespective of any cryptographic assumption, it's like 2+2=4, it can't
be wrong.)

> Um, your explanation is a gloss over a very complex machine. I need to
> understand the machine to judge the gloss.

Again, I'm not asking for a complete analysis in a handful of emails.
I'm just gauging whether this direction is interesting to the group, or
whether it's already been dismissed and there's no use even debating it.

OVC-discuss mailing list
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Sun Dec 31 23:17:12 2006

This archive was generated by hypermail 2.1.8 : Sun Dec 31 2006 - 23:17:16 CST